Last update: 1 of September 2020
We process your personal data for digital marketing and advertising purposes in compliance with the current applicable data protection and e-privacy laws. For example, if you are based in the State of California (US), we will comply with the California Consumer Privacy Act (CCPA); if you are a resident of the EU, we will comply with our obligations set out in the EU General Data Protection Regulation (GDPR).
You may be served targeted interest-based advertisements on this Website and other websites on the Internet by the advertising networks we cooperate with. Such advertisements are generated on the basis of your use of this Website, other websites on the Internet, and the data generated by cookies installed in your browser. You can control how such advertisements are shown to you or opt-out from targeted advertising by consulting the section “Consent and opting-out from advertising and third-party marketing and sale of personal data” below.
We do not directly sell your personal data to third parties. However, some of your personal data, including online identifiers (e.g., cookie-generated data and IP addresses) may be used for advertising, marketing, and monetisation purposes (e.g., programmatic advertising, retargeting, third-party marketing, profiling, or cross-device tracking). To make sure that you have full transparency and control over your personal data, we provide you with a possibility to manage your personal data used for such purposes as described in this notice below.
We obtain your personal data from the following categories of sources:
We regularly collect information that may be associated with you, as a natural person, or your device. We use your personal data only for specified and legitimate purposes that are listed below. In short, we will use personal data collected for advertising and marketing purposes only to provide you with the requested services, create and manage our marketing campaigns, and conduct research about our business activities. Please note that the term “personal data” does not include de-identified information about you (i.e., data that does not allow us to identify you, as a natural person, or your device in any manner). When you visit the Website, we collect certain technical information about your use of the Website and your online identifiers provided by your devices, applications, tools, and protocol. Such information may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create your profile and identify you.
The lawful basis on which we rely when processing such personal data are ‘pursuing our legitimate business interests’ (i.e., to ensure security and analyse and promote our business) and ‘your consent’.
Unique identifiers. When you submit your personal data to us through the Website or by communicating with us directly, it contains your unique identifiers, such as: your name, postal address, email address, phone number, birth date, social security number, driver’s license number, passport number, job history, education history, records of personal property. If you choose to login to the Website by using your social media account, your social media provider may share with us certain information about you as it is permitted by the settings of your social media account (e.g., your full name, email address, birth date, image, and list of your contacts). We use your unique identifiers to:
The lawful bases on which we rely when processing such personal data are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (i.e., to administer, analyse and promote our business).
Geo-location data. If the functionality of the Website permits it, we may collect the physical location of your device, if it is necessary for providing our location-based services or for other legitimate purposes that you will be informed about in advance. Please note that such data will be collected only if you provide us with your prior consent. We do not collect your precise geo-location data without your prior consent or if you disable such a functionality of the Website.
Sensitive data. When you use the Website, we do not collect special categories of personal data (“sensitive data”) from you, such as your health information, opinion about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about your sexual orientation, unless you decide to provide such sensitive data to us, at your own sole discretion. Please note that the provision of sensitive data is optional and you may choose what sensitive data you would like to share. Your sensitive data will be kept in strict confidentiality. The legal basis on which we rely when processing sensitive data (if any) is ‘your consent’.
Children. The Website should not be accessed and used by children under the age of 16. Therefore, we do not knowingly collect personal data from persons under 16.
Aggregated and de-identified data. If we combine your non-personal data with your personal data and such a combination allows us to identify you, we will handle such aggregated data as personal data. If, for security purposes, we remove any identifiable elements from your personal and it becomes impossible to associate such data with an identified or identifiable natural person, the de-identified data will not be considered personal data and we may use it for any business purpose.
Repurposing your personal data. We will not collect additional personal data or use your personal data for purposes that are materially different, unrelated, or incompatible with the initial purposes of your personal data specified in this notice. If we would like to re-purpose your personal data (i.e., to use it for purposes that are different than the purposes for which such personal data was initially colleccted), we will notify you in advance and, if necessary seek your consent for the new purposes.
Failure to provide personal data. If you decide to refrain from submitting your personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of the Website, receive our services, or get our response.
Your personal data will be stored in our databases only as long as such personal data is necessary for its primary purpose. As soon as the data is no more necessary, you request us to delete your personal data, or you opt-out from our advertising and marketing campaigns and there is no other legal basis for storing your personal data (e.g., our legal obligations), we will delete your personal data from our systems in a secure manner. We will also put reasonable efforts to ensure that any third parties that received your personal data from us also delete it from their systems. Your non-personal data may be retained by us for as long as necessary for its purposes.
In certain instances described in this section, we disclose your personal data to third parties, if it is necessary for marketing and advertising purposes. For example, the disclosure may be necessary for
If you provide your prior consent to a specific disclosure, we may disclose your personal data to other third parties that you will be informed about before consenting.
Safeguards that we use when disclosing your personal data to third parties. To make sure that the personal data that we disclose to third parties is safe and secure, we make sure that the recipient third party guarantees an adequate level of protection for your personal data (e.g., the recipient is a Privacy-Shield certified entity, has information security certificates, and adheres to the current data protection laws) or we conclude a data processing agreement with it that ensures such protection.
List of third parties that may have access to your personal data. The third parties that may have access to your personal data used for marketing and advertising purposes include the entities listed at https://iabeurope.eu/vendor-list-tcf-v2-0/.
List of your rights. You have the right to control your personal data used for marketing and advertising purposes. If your personal data is not necessary for any other lawful purpose, you can ask us to:
Consent and opting-out from advertising and third-party marketing and sale of personal data. Depending on the country where you reside, advertisements are served and third-party marketing activities are conducted on an opt-in or opt-out basis. For example:
Exercising your rights. If you would like to exercise any of your rights listed above, please contact us by email at email@example.com and explain in detail your request. When sending your request, please make sure to provide sufficient information that allows us to reasonably verify you and properly understand, evaluate, and respond to your request. To make sure that your request is legitimate, we reserve the right to ask you more information for verification purposes. You will receive our response by email (unless requested otherwise by you) within a reasonable timeframe but no later than 30 calendar days (if more time is reasonably necessary, we will inform you). If your right(s) cannot be exercised, we will inform you about the reasons of our denial. Your requests can be submitted free-of-charge 2 times per calendar year. If your requests are excessive, repetitive, or manifestly unfounded, we will provide you with a cost estimate before completing your request.
Exemptions. You may not be able to exercise your rights listed above, especially the deletion of your personal data, if your personal data is necessary for any legitimate purpose, such as if we need it to:
Please note that we regularly audit our systems and delete personal data that is not relevant for its purpose. Thus, you may not be able to exercise your rights if your personal data has been previously deleted from our systems.
Launching a complaint with a supervisory authority. If you decide to launch a complaint about the way your personal data is processed by us, please contact us first and express your concerns - we will investigate your complaint as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your data protection authority.
Making requests on your behalf (authorised agents). The request to exercise your rights can be submitted to us by you personally or by a person legally authorised to act on your behalf (e.g., an individual registered with the California Secretary of State). You may also make a request on behalf of your minor child.
Non-discrimination. If you decide to exercise any of your rights listed in this section, we will not discriminate against you. It means that we will not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with a lower quality goods and services.
In order to keep your personal data safe and secure, we implement organisational and technical information security measures. They allow us to protect your personal data from loss, misuse, falsification, unauthorised access, and disclosure. We use secured networks, strong passwords, encryption, firewalls, limited access to your personal data by our staff, and anonymisation of personal data. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
You can contact us if you have any questions about our privacy and security practices or if you would like to exercise your rights by using the following contact details: