Privacy Policy
This Privacy Policy explains how personal data is collected, used, disclosed, stored, and protected when services are provided to customers in the relevant area. This policy applies to all customers in the area and is intended to meet applicable data protection requirements, including the General Data Protection Regulation (GDPR) where it applies.
1. Who We Are
For the purposes of data protection law, the organization responsible for deciding how and why personal data is processed is the data controller. We are committed to handling personal data in a lawful, fair, and transparent manner. We only collect data that is relevant and necessary for providing services, meeting legal obligations, and operating our business responsibly.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity data, such as name and title.
- Contact data, such as address, email address, and telephone number.
- Transaction data, such as payment status, service history, and records of purchases or orders.
- Account and communication data, such as messages, preferences, and service requests.
- Technical data, such as device identifiers, browser type, and usage information generated through digital systems.
- Compliance data, such as records needed for legal, tax, accounting, or audit purposes.
We do not intentionally collect special category data unless it is necessary and lawful to do so. If such information is ever processed, it will receive additional protection under applicable law.
3. How We Use Personal Data
Personal data may be used for the following purposes:
- Providing and managing services to customers.
- Processing transactions and maintaining business records.
- Communicating service-related information.
- Handling requests, inquiries, complaints, and support matters.
- Improving service quality, business operations, and customer experience.
- Detecting and preventing fraud, misuse, or security incidents.
- Meeting legal, regulatory, tax, and accounting obligations.
We ensure that personal data is used only for specific and legitimate purposes and not in a way that is incompatible with those purposes.
4. Lawful Basis for Processing
Under GDPR, we rely on one or more of the following lawful bases when processing personal data:
- Contract: Processing is necessary to enter into or perform a contract with a customer.
- Legal obligation: Processing is necessary to comply with a legal requirement.
- Legitimate interests: Processing is necessary for our legitimate business interests, provided those interests are not overridden by the rights and freedoms of individuals.
- Consent: In limited cases, we may rely on consent, which can be withdrawn at any time where processing is based on consent.
When consent is used, it is obtained freely, specifically, informed, and unambiguously.
5. Sharing and Processors
We may share personal data with trusted third-party service providers who act as processors on our behalf. These processors are only permitted to process personal data according to our written instructions and are required to apply appropriate technical and organizational security measures.
Typical categories of processors may include:
- Payment processing providers.
- Information technology and hosting providers.
- Administrative and communication service providers.
- Professional advisers, such as legal, accounting, or audit professionals.
- Security and fraud-prevention service providers.
We do not sell personal data. Where disclosure is necessary for legal reasons or to protect rights, safety, or security, data may be shared with public authorities or other relevant third parties in accordance with applicable law.
6. International Transfers
If personal data is transferred outside the area where the GDPR applies, we ensure that appropriate safeguards are in place. These safeguards may include adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms approved under applicable data protection law.
Such transfers are carried out only when necessary and with suitable protections to preserve a level of data protection consistent with GDPR requirements.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, tax, or reporting obligations. Retention periods may vary depending on the type of data, the nature of the service, and applicable legal requirements.
When determining retention periods, we consider:
- The amount, nature, and sensitivity of the data.
- The risk of harm from unauthorized use or disclosure.
- The purposes for which we process the data and whether those purposes can still be achieved.
- Applicable legal and regulatory requirements.
When personal data is no longer required, we will securely delete, anonymize, or otherwise irreversibly dispose of it.
8. Data Security
We use reasonable and appropriate security measures to protect personal data from accidental loss, unauthorized access, disclosure, alteration, or destruction. These measures may include access controls, encryption, secure storage, and internal policies designed to limit access to authorized personnel only.
Although no system can be guaranteed completely secure, we continually review and improve safeguards to reduce risk and protect personal data.
9. Your Rights Under GDPR
Where GDPR applies, individuals may have the following rights in relation to their personal data:
- Right of access: The right to obtain confirmation and a copy of personal data we hold.
- Right to rectification: The right to request correction of inaccurate or incomplete data.
- Right to erasure: The right to request deletion of data in certain circumstances.
- Right to restriction: The right to request limitation of processing in certain cases.
- Right to data portability: The right to receive data in a structured, commonly used, machine-readable format where applicable.
- Right to object: The right to object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: The right to withdraw consent at any time where consent is the lawful basis.
We may need to verify your identity before responding to a rights request. We will respond within the time limits required by law and will explain any limitation or refusal where applicable.
10. Automated Decision-Making
We do not rely on automated decision-making that produces legal or similarly significant effects on individuals unless such processing is lawful and appropriate safeguards are in place. If this changes, relevant information will be provided in accordance with GDPR requirements.
11. Cookies and Similar Technologies
Where digital services use cookies or similar technologies, these may be employed for essential functionality, security, and usage analysis. Any non-essential tracking technologies will be used only where permitted by law and, where required, with appropriate consent.
Preferences regarding cookies may be managed through the applicable device or browser settings where supported.
12. Children’s Data
Our services are not directed to children unless expressly stated otherwise. We do not knowingly collect personal data from children without appropriate authorization or legal basis. If we become aware that such data has been collected inappropriately, we will take steps to delete it or obtain the necessary permission where lawful and appropriate.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service developments. Any revised version will apply from the date it is made effective. We encourage individuals to review this policy periodically to remain informed about how personal data is processed.
Summary of Key Principles
- Transparency: We explain what data we collect and why.
- Purpose limitation: Data is used only for legitimate and specified purposes.
- Data minimization: We collect only what is necessary.
- Security: We protect data with appropriate safeguards.
- Accountability: We maintain records and controls to meet GDPR obligations.
By using our services, customers in the relevant area acknowledge that their personal data will be processed in accordance with this Privacy Policy and applicable data protection law.