2. Details of the Data Controller
The Data Controller is the company that determines the purpose and means of personal data processing.
The Data Controller of the personal data we process is PROTECTIMUS LIMITED, Company number 669809, Registered address: Carrick House 49, Fitzwilliam square, Dublin 2, Ireland.
You may contact us for any query related to your data by e-mail at firstname.lastname@example.org
3. Your consent
4. What is personal data?
The General Data Protection Regulation (GDPR) (EU Regulation 2016/679) defines personal data as “any information relating to an identified or identifiable natural person (data subject), directly or indirectly, by reference to an identifier, such as name, an identification number, location data, an online identifier”. Simply put, personal information is any information about you that enables your identification.
The personal data we collect, and use is described in this policy.
5. Personal data we collect and processA. Information that you provide when you:
- Fill in any forms including when you register to use our services, subscribe to our newsletters and report problems;
- Communicate with us;
- Enquire about our products and services
- Your name, surname, e-mail address, phone number;
- Your username, hashed password, alias, language preferences;
- Company name and your relation to the company in case you use corporate servicers;
- Details of your bank account you use to settle the invoices for our services, including the account number, sort code, BIC code and IBAN, details of debit or credit cards that you use to pay our invoices, expiry data and CVC (the last three digits of the number on the back of the card);
- Dispatch details: your postal address;
- Any information you share to customer support in case of queries.
- B. Information received from third parties
- Information received by one of Protectimus Group members;
- Information received by the card schemes (e.g. Visa, Master etc), banks and financial institutions, fraud prevention agencies, credit reference agencies, government and law enforcement agencies;
We could receive your personal data through third parties:
- Information regarding any item purchased including the location of the purchase, the value, the time of the purchase and any additional information in relation to the purchase;
- Automatically generated one-time password you receive to pass 2-factor authentication with our services;
Whenever you use our website, we may collect the following technical information:
- The name of your internet service provider (IP address), environment, log-in information, browser type and settings, time zone, the operating system, the type of device you use, a unique device identifier, mobile network information, mobile operating system and type of mobile browser you are using;
- Date and time of successful and unsuccessful authentication, time and length of your visit, history of modifications in API.
6. Use of your personal data and legitimate basis for that
We only process your personal data where a lawful basis exists. Our legal basis for each processing will be one of the following:
- Contractual obligations
- Legal obligation
- Legitimate interests
We will use your personal data to carry out our obligations arising from any contract entered into between you and us. We shall use your personal data in order to set up and administer your account, to provide 2-factor authentication services, deliver tokens, etc.
We will provide you with important information about the existing products and services, provide technical and customer support.B) Legal obligation
We will use your data to comply with our legal obligations, to assist any authority with their investigation as it may be required by law. We may collect and retain your personal data in order to manage risk, to detect and prevent fraud and other illegal or prohibited activities.C) Legitimate interest
We may monitor and keep record of any communication between you and us and use them to maintain appropriate records, improve the quality of our services and products as well as for training purposes.D) Consent
Where you have explicitly consented, we may use your personal data to contact you via e-mail to provide you with information about products and services or other business news. You may withdraw your consent any time.
7. Automated decision making
We do not apply automated decision making to any process which may affect the way you receive our services. Your user’s profile is reviewed manually in order to conduct risk assessment or fraud prevention.
For information on what cookies are and how we use them please refer to our Cookies Policy.
9. Data security
We are committed to make sure that your personal information is protected. We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
We use data encryption techniques and authentication procedures to prevent unauthorised access to our system and your data.
All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology.
We authorise access to your personal data only for those employees who need it based on their job requirements. We regularly train our employees about the importance of maintaining confidentiality and privacy of personal data.
We revise our security procedures to ensure that we are in line with the best industry standards, thus ensuring high level of protection of your personal data. There are a number of things that you can also do. Always use a strong password and make sure that it is not the same for all your accounts. You may not share it with anyone. Our representatives will never ask you for your password, so any communication containing such requests should be treated as suspicious and forwarded to email@example.com.
10. Data retention
Your personal information will be retained by our company for as long as necessary for the specific purpose or purposes for which it was collected, unless a longer retention is required or permitted by law. When your personal information is no longer needed, we securely delete or destroy it.
11. Disclosure of your personal information to third parties
In order to provide our services, we may be required to share your information with the third parties such as:
|To whom we may share your data?||Why do we share it?|
|SMS distribution service providers||To send to your mobile phone automatically generated one-time password for 2-factor authentication.|
|Third party analytics providers||To collect, metrics and information regarding your use of the Service, including evaluating how Agents and End-Users use the Service (“Usage Data”), to develop new features, improve existing features or inform sales and marketing strategies, based on our legitimate interest to improve the Services. Any personal information in the Usage Data is anonymized.|
|Third-party ticket-system providers||To facilitate our customer support service, and group the related requests sent by one user to the support service. They do not have access to the content of your emails and it is contractually bound to protect and use your information on our behalf for the purposes it was disclosed.|
|Payment services providers who process your payments for our services.||To enable you to pay for our services on website.|
|Other business partners and suppliers (including but not limited to IT suppliers, delivery services, etc.)||To improve our product, to deliver token you order and to perform any contract we enter into with them or you.|
|To prospective or actual sellers or buyers of business||In the event that we buy or sell any business or assets or in case of an actual or potential merger or similar business combination event we may share your data to the new data controller. The basis for this processing is legitimate interest. In such cases sharing personal data is required to facilitate the transaction.|
|To third parties such as courts, law enforcement or governmental authorities, or authorized third parties as required and permitted by law if such disclosure is reasonably necessary.||We may disclose your information to comply with our legal obligations, to respond to requests relating to criminal investigation, alleged or suspected illegal activities, or any other activities that may expose us or other users to legal liabilities, to enforce our site policies or to protect our or others’ rights, property or safety.|
We do not collect or compile personal information for dissemination, rent or sale to external parties for their marketing purposes without your explicit consent.
12. Cross border transfer of data
13. Links to other websites
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Please check their policies before you submit any personal data to these websites.
14. Data subject rightsUnder the General Data Protection Regulation, you have the right to exercise control over the way in which your personal data is processed. You have the following rights:
Right to be informed.You have the right to be informed about the processing (collection and use) of your personal data.
Right of access.You have the right to obtain confirmation whether or not we are processing personal data about you. You may also request information about how we collect, share and use your personal information.
Right to rectification. You have the right to review and amend the record of personal data maintained by us if you believe it may be out of date or inaccurate.
Right to erasure/Right to “be forgotten”. You may request that we erase your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law.
Restrict and object to processing. You have the right to restrict or object to the processing of your personal data, or to using automated decision making.
Right to data portability. When technically feasible, we will, upon request, provide your personal data to you or transmit it directly to another data controller in a structured, commonly used, and machine-readable format.
Right to withdraw consent. Where we have specifically requested your consent to process your personal data and have no other lawful basis to rely on, you have the right to withdraw your consent at any time by changing your account settings or by sending an e-mail to firstname.lastname@example.org specifying which consent you are withdrawing. You can opt out of receiving materials from us electronically by clicking the “unsubscribe” link in any e-mail communications we might send you.
Right to complain. You have the right to lodge a complaint about the data processing activities carried out by the Data Controller before the local data protection authorities. Please refer to Section 15 for further details.
Reasonable access to your personal data will be provided within a month upon receiving your request. If access cannot be provided within the aforementioned period, we will give you the exact date when the information will be provided.
You may exercise your rights described above by sending an e-mail to email@example.com. We may request proof of your identity before we disclose personal information to you.
Any access request may be subject to a fee to meet our costs in providing you with details about the information we hold about you.
Please note that while we will try to accommodate any requests made by you in respect to your rights, there may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. In such circumstances we have to refuse your request or may not be able to comply with it in part.
14. Data subject rights
Under GDPR data subjects have the right to lodge a complaint with a supervisory authority in the Member State of his/her place of residence, place of work or place of the alleged infringement if the data subject considers that the processing of his/her personal data infringes this regulation.
If you are not satisfied with the response received from Protectimus, you may file a complaint with the Data Protection Commission (DPC), located at 21 FITZWILLIAM SQUARE SOUTH DUBLIN 2 D02 RD28 IRELAND
via the link below: