2. DATA WE COLLECT
We have set out in the table below the categories of personal data we collect and use about you:
When you visit our Website or contact with us:
|Category of personal data||Data collected|
|Technical Data||Upon visiting our Website, we process technical data related to your usage of the Website, including but not limited to IP address, location data (down to city level), access-provider, referring URL, date, time, session key, browser type and version, browser language, operating system. This information can be related to you, therefore, Personal Identification Information can be processed as well. These data may also be processed as anonymized statistical data.|
|Communication Data||In case you interact with us via e-mails and/or by any official social media account, we process, in addition to Personal Identification Information (limited in case of contacting via social media), also the contents of your message.|
When you use the Software:
|Category of personal data||Data collected|
|Personal Identification Information||IP address,Google Analytics|
The personal data we process is collected from one of the following sources:
- the data is disclosed by you directly to us;
- we receive Technical Data automatically from your browser, our servers and systems;
3. What we use your personal data for
We have set out in the table below the reasons why we process your personal data:
|Purpose for processing||Category of personal data processed||Legal basis|
|Sending newsletters to your e-mail||Personal Identification Information||Consent|
|Providing you with notifications via your chosen channel||Personal Identification Information||Consent given for the specific notification channel|
|Diagnosing and repairing technical issues related to the Software and the Website||Technical Data||Our legitimate interest in providing data security and preventing fraudulent actions related to the Software and the Website; ensuring the functioning of the Software and the Website|
|Storing information containing personal data in backup systems||All of the data categories indicated in Section 2 above||Our legitimate interest in ensuring the security of data processing operations|
|Data disclosures to potential acquirers of DeCommas business, including legal advisors, auditing service providers in case of a merger, acquisition or selling the whole or part of our business||All of the data categories indicated in Section 2 above||Our legitimate interest in ensuring proper due diligence process and business continuity|
|Mandatory disclosures to law enforcement and data protection authorities||All of the data categories indicated in Section 2 above||Performance of our legal obligation|
|Blockchain||Transaction Data||Given that the blockchain is a public record, the transaction records associated with any transactions you make using the Service will be publicly available on the blockchain.|
We may process your personal data for other purposes, provided that we disclose the purposes and use to you at the relevant time, and that you either consent to the proposed use of the personal data, other legal grounds exist for the new processing purposes or the new purpose is compatible with the original purpose brought out above.
4. SHARING YOUR PERSONAL DATA
Any data you provide will not be publicly displayed or shared to other Website visitors or clients. Certain employees of DeCommas have access to personal data to the extent necessary for the performance of their work duties.
We use third party processors and separate data controllers to help provide our service. They will have access to your personal data as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
We have set out in the table below the reasons why and with whom we share your personal data:
|Categories of Recipients||Reason for sharing||Type of recipient|
|Professional advisors (legal advisors, accounting etc. bound to confidentiality)||In case not operating as data processors, the legitimate interests in conducting and supporting our regular business activities.||Data Processors|
|Potential business acquirers and business transferee(s)||If necessary and required for successfully transferring our business or for the purposes of mergers and acquisitions, your Personal data may be disclosed to the specified acquirers and their representatives and / or legal counsels. This is done based on our legitimate interests to sell and reorganize our business activities.||Separate data controllers|
5. ENSURING THE SECURITY OF PERSONAL DATA
We have taken necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against the unauthorized disclosure, abuse or other processing in violation of applicable law. We also encourage you to take measures to ensure the safety of your personal data. In particular, we advise you not to share your personal data with us or any of our partners via any public forums or other public channels, unless you acknowledge and accept that relevant data will be publicly accessible.
6. RETENTION AND DELETION OF PERSONAL DATA
Your personal data (all data categories mentioned in Section 2) shall be stored insofar as reasonably necessary to attain the objectives stated in Section 3 above, or until the legal obligation stipulates that we do so. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the personal data, we take into account the viable need to resolve disputes and enforce the contract between us or anonymize your personal data and retain this anonymized information indefinitely.
In case you are Client, as a general rule we will retain all your data for 7 days after the termination of the Client Agreement in a manner that would allow you to re-activate the Client Account. Otherwise, please see the following non-exhaustive summary on storing your personal data:
|Purpose of Processing||Category of Personal Data||Retention Time|
|Client Agreement or the to protect ourselves against potential disputes or enforce claims||Personal Identification Information||The whole period when the respective agreement is in force and at least 3 years from the moment of termination of the respective agreement. In case we have a reasonable doubt that a party has acted in bad faith, has breached any obligations intentionally or has threatened us with a dispute, we may prolong such retention period for a maximum of 10 years.|
|Providing the Software and services||Technical Data||30 days as of the collection of such data|
|Providing the Client support related to the Software and services||Communication Data||3 years from the moment the respective communication-flow has been closed|
In case any of the data stipulated in Section 2 above is needed for purposes of protection against ongoing or threatened disputes, we shall retain the related data as long as the dispute is solved.
After the expiry of the retention period determined above or the termination of the legal basis for processing purpose, we may retain the materials containing the personal data in the backup systems, from which the respective materials will be deleted after the end of the backup cycle. We ensure that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond use.
7. YOUR RIGHTS AND PREFERENCES
Under data protection law, you have rights including:
- Right to be informed and to access. You may get information regarding your personal data processed by us.
- Right to data portability. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format. Moreover, you may request that the personal data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible.
- Right to erasure. You the right to have personal data we process about you erased from our systems if the personal data are no longer necessary for the related purposes.
- Right to object and restrict. You have the right to object to the processing of your personal data and restrict it in certain cases.
- Right to rectification. You have the right to make corrections to your personal data.
- Right to withdraw consent. When you have given us consent to process your personal data, you may withdraw said consent at any time.
- Right to contact the supervisory authority. If you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can submit your claim with the Estonian Data Protection Inspectorate (in Estonian: Andmekaitse Inspektsioon) at [email protected] (https://www.aki.ee/).
To exercise any of the abovementioned rights, please contact our customer support team via e-mail indicated in Section 8 below.
8. OTHER IMPORTANT INFORMATION
Newsletter, notifications and direct marketing campaigns
With your explicit consent, you may be subject to direct marketing campaigns, we may send you our newsletter or provide you with notifications. You may opt out of the direct marketing campaigns, newsletters and notifications on your account settings. We may also provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
Please note that email marketing messages include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you). Clicking on the link in an email will opt you out of further messages of that category. You can use the Account Settings page to exercise choices about all categories of email and push marketing communication.
We do not knowingly collect any information from individuals under 18 years of age. If we discover a user of being younger than 18 years old we will require the user to stop their actions on our website and we will take steps to delete any collected information as soon as possible.
8. CALIFORNIA PRIVACY RIGHTS
This section describes how we collect, use and share Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act of 2018 (“CCPA”), and their rights under the CCPA.
This section applies only if you are a California resident. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act (“CCPA”).
This section does not apply to:
- information exempted from the scope of the CCPA;
- information collected in a business-to-business context, namely, where the information reflects our communications or transactions with you in the context of performing due diligence on, providing services to, or receiving services from, a company, partnership, sole proprietorship, non-profit or government agency where you are an employee, controlling owner, director, officer or contractor of that organization;
- activities governed by a different privacy notice, such as notices we give to California personnel or job candidates; or
Personal Information we collect, use, and share on behalf of our customers as a “service provider” under the CCPA. You have the following rights:
- Right to Know – Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
• The categories of Personal Information we have collected.
• The categories of sources from which we collected the Personal Information.
• The business or commercial purpose for collecting and/or selling Personal Information.
• The categories of third parties with whom we share the Personal Information.
• The categories of Personal Information that we sold or disclosed for a business purpose.
• The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
- Right to Know – Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Right to Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Right to Opt-Out. You have the right to opt-out of any “sale” of your Personal Information as defined in the CCPA.
- Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination prohibited by the CCPA.
How to exercise your rights
We will need to verify your identity to process your information, access, and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may provide government identification, give a declaration as to your identity under penalty of perjury, and/or provide additional information. These rights are not absolute, and in some instances, we may decline your request as permitted by law.
Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of the valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity and provide us with written confirmation that you have given the authorized agent permission to submit the request.
Personal information that we collect, use and disclose
The categories of Personal Information we collect are described below by reference to the statutory categories of Personal Information specified in the CCPA (California Civil Code section 1798.140):
- Online identifiers, such as operating system type and version number, manufacturer and model; browser type; screen resolution; IP address; unique device identifiers;
- Geographical data, such as city of your location identified by your IP address;
We do not sell your personal information to third-parties and share such data only if it is directly necessary to provide you our services.