We do not intend to collect personal data of children or persons under the age of 13 (thirteen) years old.
Accordingly, the purpose of this Policy is to set out the basis on which we will process your Personal data when:
We collect the following categories of personal data:
We never collect sensitive data. We do not use automated decision making or any kind of automated profiling. The recipients of the collected data are
(1) the highest management level of our company for whom it is necessary to process personal data for the functionality of the company and
(2) third-party service providers
Our third party service providers are indicated below:
There are legal grounds necessary for the processing of personal data and we count on them to process your personal data.When we process personal data, we have obligations according to the applicable laws. We act as a data controller when we determine the purposes and means of the processing of your personal data. We use the main four grounds to process your personal data: consent, contract, legal obligation, and legitimate interests.
Consent – the freely given, informed, and unambiguous indication of your wishes to the processing of your personal data for a specific purpose which signifies agreement to the processing of personal data.
Contract – a legal ground for the processing of your personal data necessary for us to perform a contract or terms and conditions to which you are a party or in order to take steps at your request prior to entering into the contract or terms and conditions.
Legal obligations – a legal ground for the processing of your personal data when it is necessary for compliance with a legal obligation to which we are subject;
Legitimate Interests – a legal ground for the processing of your personal data when it is based on our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests and those interests have a specific purpose, they are necessary, and they are balanced.
We process the data for:
|DATA PROCESSING||LEGAL BASIS|
|Providing services. We need to provide services via the Website||Contract|
|Accepting payments and provision of the services||Contract|
|Providing newsletters/offers/updates which may be interesting to you||Consent for newsletters; Legitimate Interests for offers and updates.|
|Registering you as a user||Contract|
|Compliance with applicable anti-money laundering and know your client rules||Legal obligation|
|Keeping the Website running (managing your requests, remembering your settings, hosting, and back-end infrastructure)||Legitimate Interests|
|Improving the Website (testing features, interacting with feedback platforms, managing landing pages, heat mapping the Website, traffic optimization, and data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using third parties to do this)||Legitimate Interests|
|Customer support (notifying you of any changes to the Website, services, solving issues, any bug fixing)||Legitimate Interests|
You can exercise the following rights by contacting us.
The right to access information may be performed only by you or your legal representative. In case if you request the right to access information via a legal representative, you have to provide proof of whether such a person may represent you.
Once we receive any of your requests we will consider and decide on it within one month unless there is a justified requirement to provide such information faster. This term may be extended according to the applicable law. We may request specific information from you to confirm your identity when necessary and reasonable. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. You do not need to pay a fee to access information or other rights but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.
We store personal data as long as we need it and the retention practice depends on the type of data we collect, regulatory burden, and how we use the personal data. The retention period is based on criteria that include legally mandated retention periods, pending or potential litigation, tax and accounting laws, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.
In some circumstances, we may anonymize your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. For the purposes of the KYC/AML, we will store and process your personal data for 5 (five) years.
We have security and organizational measures and procedures to secure the data collected and stored and to prevent it from being accidentally lost, used, altered, disclosed, or accessed without authorization. We allow disclosure of your personal data only to those employees and companies who have a business need to know such data. They will process the personal data on our instructions and they are obliged to do it confidentially.
You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks. You are responsible for your login information and password. You shall keep them.
If you still have any question or need clarification with regard to our privacy practice, please contact us: Guardarian OÜ, a private limited company incorporated in Rotermanni 2-9, 10111, Tallinn , Estonia. Email: [email protected]