Effective as of 19th December 2019
PERSONAL DATA means data allowing to identify the natural person directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.;
PROCESSING means any operation or set of operations that is performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or destruction;
DATA SUBJECT is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular Personal Data.
1. The ECOMBIX OY shall be considered a data owner and data controller in relationships with Data Subject. We acknowledge the privacy of natural persons and make efforts to protect them against any unlawful Processing by applying relevant technical and organizational measures to protect Personal Data of natural persons in accordance with the effective legislation. Although we will make reasonable efforts to ensure safe Processing, we cannot guarantee it to be 100% secure and risk-free.
2. We process personal data in a way that assures appropriate level of security, including protection against unauthorized Processing, destruction, accidental loss, or damage, while applying suitable organizational and technical measures under industry standards and in compliance with the following principles: (1) lawfully, fairly and transparently; (2) Processing is specified, explicit and only for legitimate purposes; Processing is adequate, relevant and limited to necessary purpose; accurate and kept up to date; limitation of the storage for periods not longer than necessary; Processing is held in a manner that ensures appropriate security of the Personal Data.
3. We Processes Personal Data only when one of the conditions below applies: (1) it is required for the performance of agreement with the Data Subject; (2) it is required for compliance with the law or our legal obligation; (3) Data Subject has provided us with consent for Processing of their Personal Data for one or more specific purposes; (4) Personal data is Processed for our Legitimate Purpose.
4. When it comes to processing, we will not discriminate against Data Subject CCPA rights. Unless permitted by the CCPA, we will not: (1) reject Data Subject’s request for goods or services on the basis of discrimination; (2) provide to California based Data Subject different prices for goods or services, including through granting discounts or other benefits; (3) render to Data Subject different level or quality of goods or services in comparison to our other clients.
5. Notwithstanding the aforementioned, we may, at our own discretion, offer Data Subject certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will contain written terms that describe material aspects.
6. We do not knowingly Process Personal Data that related to, or reveal, racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning the health, sex life or sexual orientation of the natural person.
7. We apply the following principles in order to protect your privacy: (a) we will not sell or lease your Personal Data to third parties; (b) any Personal Data that you provide to us will be secured with industry-standard safety protocols and technology.
Ⅳ. TYPES OF PERSONAL DATA COLLECTED
|Contact data||Email, address and/or mobile phone number|
|Financial data||Bank account and payment card details, tax identifiers (like VAT number)|
|Third-party account data||Third-party account identifiers, third party account login credentials|
|Identity data||First name, last name, username|
|Marketing data||Preferences in receiving marketing from us|
|Communication data||Messages you send to us|
|Technical data||Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system|
Ⅴ. PURPOSE OF PROCESSING
|Purpose/ Activity||Type of data||Lawful basis for Processing|
|To register Data Subject account||Identity data, contact data, third party account data||to perform our contractual obligations with you|
|To provide our services||Identity data, contact data, financial data, marketing data, communication data||(1) to perform contract with Data Subject;
(2) as necessary for our legitimate interest in recovering debts
|To manage our relationship with Data Subject||Identity data, contact data, profile data, marketing data||(1) to perform our contract with You;
(2) as necessary to comply with our legal obligations
|To deliver relevant content/advertisements to Data Subject and measure or understand the effectiveness of our advertising||Identity data, contact data, profile data, marketing data, technical data||(1) as necessary for our legitimate interests in studying how customers use our products/services, to develop them;
(2) to grow our business and to inform Data Subject about our marketing strategy
|To use data analytics to improve our platform, services, marketing, customer relationships and experiences||technical data||to keep our PLATFORM updated and relevant, to develop our business and to inform our marketing strategy|
|To make suggestions and recommendations about goods or services that may be of interest to Data Subject, including promotional offers||Identity data, contact data, technical data, profile data||as necessary for our legitimate interests to develop our products/services and grow our business|
Ⅵ. DISСLOSING OF PERSONAL DATA
We may disclose Personal Data to the following categories of persons:
|Service providers||acting as data processors or data controllers/joint data controllers based in the EEA but also around the world who provide software development services, marketing services, IT and system administration services:
|Professional advisors||acting as data processors or data controllers/joint data controllers including lawyers, bankers, auditors and insurers based in the EEA but also around the world, who provide consultancy, banking, legal, insurance, and accounting services|
|Tax services, regulators and other authorities||acting as processors or joint controllers based in the EEA who require reporting of Processing activities in certain circumstances|
|Third parties||third parties, who may or whom we may purchase|
|Others||market researchers, fraud prevention agencies|
Ⅶ. EEA DATA SUBJECTS RIGHTS EXECUTION
A. Rights of the data subject
1. Right to rectification. Data Subject has the right to request to rectify, without undue delay, any incorrect data pertaining to the respective Data Subject.
2. Right to limitation of processing. Data Subject can limit the use of Personally Data collected.
3. Right of access. User may request a copy of Personal Data collected during the use of Platform.
4. Objecting to or restricting the use of Personal Data. Data Subject can ask to stop using all or some portion of Personal Data or limit the use thereof by requesting its erasure as described above or sending a request at firstname.lastname@example.org.
5. The right to lodge a complaint with a supervisory authority. User has the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where Data Subject resides, work or where the alleged infringement has taken place.
6. The right to data portability. Data Subject can receive Personal Data in a machine-readable format by sending a respective request at email@example.com.
B. Execution of rights
1. Upon Data Subject request we will provide the information free of charge. However, we may charge a reasonable fee if the Data Subject request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the Data Subject request in these circumstances.
2. Data Subjects exercise their rights by filing a written request containing as a minimum the following information: (1) name, postal address, email address and other data allowing identification of the respective natural person; (2) description of the request; (3) signature, date, correspondence address and mobile number.
3. The filing of the request is free of charge.
4. Upon the filing of a request by an authorized person, the notarised power of attorney must be attached to the request.
5. In case of death of the natural person, his / her heirs exercise his / her rights and the certificate of heirs shall be attached to the request.
6. We will review and pronounce on the request within 1 month as of its filing. This period may be extended by further two months, if necessary, for example, if Data Subject request is particularly complex or when Data Subject has made a number of requests. We will inform Data Subject as to any such extension within 1 month as of receipt of the request, stating the reasons for the delay.
7. We will provide an answer to the requesting person taking into account their preferred form for the provision of the information (orally or in writing – as a hard copy of electronically).
8. Where data do not exist or law forbids their provision, access to the requesting party to such data is refused.
9. If the requesting party is not satisfied with the response received and/or believes that their rights related to Personal Data protection were violated, they are entitled to exercise their right to defense.
Ⅷ. EXECUTION OF RIGHTS BY CALIFORNIA DATA SUBJECT
A. Access to Specific Information and Data Portability Rights
1. Data Subject has the right to request information about what information was Processed over the past 12 months. Once we receive and confirm Data Subject verifiable consumer, we will disclose to you:
- The categories of sources for Personal Data we collected about Data Subject.
- The Personal Data we collected about you (also called a data portability request).
2. All other information is already disclosed herein. For the avoidance of doubts, we do not sell Data Subjects Personal Data.
B. Deletion Request Rights
1. Data Subject has the right to request the deletion of Personal Data Processed, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete Personal Data from our records, unless Personal Data is necessary for us or our service provider(s) to (1) complete the transaction for which we collected the Personal Data, provide a good or service that Data Subject requested, take actions reasonably anticipated within the context of our ongoing business relationship with Data Subject, or otherwise perform our contract; (2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) debug products to identify and repair errors that impair existing intended functionality; (4) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) comply with a legal obligation; make other internal and lawful uses of that information that are compatible with the context in which Data Subject provided it.
C. Exercising Access, Data Portability, and Deletion Rights
1. To exercise the access, data portability, and deletion rights described above, Data Subject should submit a verifiable consumer request to firstname.lastname@example.org. Only Data Subject based in California, or a person registered with the California Secretary of State that Data Subject authorize to act, may make a verifiable consumer request related to Personal Data.
2. Data Subject can make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: (1) provide sufficient information that allows us to reasonably verify Data Subject is the person about whom we collected Personal Data; and contain description allowing us to properly understand, evaluate, and respond to it.
3. We cannot respond to the request or provide Data Subject with Personal Data if we cannot verify the Data Subject’s identity or authority to make the request and confirm the relation of Personal Data.
D. Response Timing and Format
1. The verifiable consumer request shall be responded within forty-five (45) days of its receipt. If we require more time, we will inform Data Subject of the reason and extension period in writing. The responding is free of charge unless it is excessive, repetitive, or manifestly unfounded.
Personal Data is processed at our operating offices and in any other places where the parties involved in the processing are located. It may be necessary to transfer collected Personal Data to countries outside of the European Union for Processing purposes.
Ⅹ. RETENTION TIME
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. Personal Data collected for purposes related to the performance of a contract shall be retained until such a contract has been fully performed. Personal Data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfill such purposes. Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.
Ⅺ. AGE LIMITATION
We do not knowingly Process any Personal Data from persons under 18 years of age. If you learn that anyone younger than 18 has provided us with Personal Data, please contact us at email@example.com.
Ⅻ. THIRD-PARTY LINKS
ⅫⅠ. INFORMATION FOR DATA SUBJECT
ⅩⅣ. COOKIES POLICY
Cookies are small text files sent by us to your computer or mobile device. They are unique to your account or your browser. Session-based cookies last only while your browser is open and is automatically deleted when you close your browser. Persistent cookies last until you or your browser deletes them or until they expire. To find out more about cookies, visit http://www.allaboutcookies.org/
See below for the types of cookies we use and their respective purposes.
|Functionality cookies (Necessary cookies)||We use functionality cookies that support certain functionalities of our website, prevent failures and errors.|
For this purpose we use:
|Statistics cookies||Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We use Statistic cookies to recognize visitors who chat with us, identify user’s device, identify what information has been seen by the user, minimize the blocking of legitimate users.
For this purpose we use:
Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers, you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust. By doing so, you may not be able to access all or parts of our website.