Privacy Policy

Last updated: 17.12.2019

Since your use of the Website or the Services requires processing of your personal data (or “data”), we are committed to being fully transparent with you in regard to our practices. We prepared this Privacy Policy as our appropriate measure to fulfill such commitment.

The terms in this document shall have the same meanings assigned to them in our Terms of Use.

In this document, we will explain to you the following issues:

  • what data we process, how we process them and for which purposes; 
  • who have access to each type of your data; 
  • how long we retain each type of your data;
  • our protection measures to keep each type of your data secure; 
  • your rights in respect of the processing of your data.

If you are under 16, or if the laws of your country set a lower age for us to process your data based on your consent, you will need to get your parent’s or guardian’s permission before giving us any personal data. In any case, our Services are not intended for children under 16.

What data we process, how and for what purposes

Offering our Services

Scope. We collect and use the email addresses of our potential users from publicly available sources (e.g. social media, web-site contacts etc.). 

Lawful basis. Since you make your email address publicly available and since this is data about your professional capacity, we reasonably expect that you do not object to collecting and using such data. In such case, it is our legitimate interest, as such processing is necessary to achieve our sales purposes and there is no clear negative impact or threat of data breach due to such processing. 

Purpose. We process these data for offering our Services (cooperation) and provide other information, relevant to our core business activities by sending you email letters. If you don’t want to receive such emails, let us know and we will never disturb you again.

Retention period. We store these data until a person opts-out from receiving our letters or object to our processing in any other way. 

Access. Our employees and reliable third-party marketing automation service (located in the USA and compliant with both GDPR and EU-U.S. and Swiss-U.S. Privacy Shield Framework) access these data. 

Protection measures. For these data, we use the same protection measures as for the data obtained from the user account (see below).

Data from the user account

Scope. We collect, store and use the data you provide us while completing registration on the Website, namely your full name, email address, phone number, and currency preference. 

Lawful basis. We process the data because you share these data with us voluntarily. By your clear affirmative action you grant us consent to process these data. 

Purpose. In general, we need these data to identify you amongst other users. Identification is required as a pre-condition for using the full range of our Services. Based on the data provided, we will create and maintain your user account. This, in turn, help other users and us to understand with whom they or we interact on the Website. The same deal with giving public feedback on the Website or commenting on our blog.  

Additionally, we may use your email for our newsletters. If you don’t want to receive them, let us know and we will not disturb you until you subscribe for the newsletters again. 

Retention period. Since we are obliged to maintain your account, data are stored at least for the period of your account activity, as it is required by the purpose of processing. However, we may store your data up to 12 months after account deactivation, to be able to reactivate it without delay or without new account registration, or to be able to reach you in case of any dispute arising from or in relation with the use of our Services.  

After the expiration of the before-mentioned period, we shall terminate the processing of your personal data and erase such data as soon as possible, unless the law requires otherwise.  

Access. We expect that you understand that our Website doesn’t work autonomously. Our employees or contractors are involved in operations conducted on the Website, and therefore, they have access to your data. 

Apart from our employees and contractors, we use some external services for better performance of our Website and Services. These services are customer messaging platform (located in EU), customer feedback service (located in EU), customer relationship management system (located in the USA) and newsletter service (located in the USA). As you may observe, all our external services are located either in the European Union area, or in the USA. This means that the providers of such services are subject to either GDPR or the EU-U.S. and Swiss-U.S. Privacy Shield Framework, which sets the best worldwide standards of data protection. We work only with reliable and battle-tested services, so you don’t need to worry about third-party access.

Protection measures. Despite the fact that we share access to your data with other persons, you shouldn’t worry about privacy violations. As it is required by law, we provide both technical and organizational measures for data protection. 

To prevent data stealing when you interact with the Website, we use Hypertext Transfer Protocol Secure (HTTPS) using certificates for keeping your data secure and communication encrypted. We implemented password hashing for additional security to help you to avoid any unauthorized use of your user account.

In regard to data storage, we decided to trust this issue to the professionals. Technically, the data we collect are stored in secure places such as on the Hetzner Online GmbH servers, located in Germany. Moreover, we have database backup because we additionally use cloud computing platforms of Amazon Web Services based in the USA.

As to the organizational measures, we sign non-disclosure agreements both with our employees and contractors. In regard to our contractors located outside the EU, we adopt appropriate safeguards for such data transfers ensuring full compliance with the GDPR. 
 

Billing

Scope. We may collect and use your payment requisites when you request replenishment or withdrawal from balance in your user account. These data include the first and the last name or business name, tax identification number, registered address, a contact phone number. 

Be sure that we don’t collect or process your payment details when you decide to replenish of or withdraw the means from your balance in the user account by cashless payment method. For such operations your data are collected by the third party payment providers, and you are free to choose which one to use. If you want to be aware of how these payment providers process your data, please refer to their privacy policies. Be sure, we don’t work with suspicious payment providers, so if payment provider is available on our Website, it is someone whom you can trust.

Lawful basis. We process the data to perform our contractual obligations under the terms of use. Also you share these data with us voluntarily. By your clear affirmative action you grant us consent to process these data. 

Purpose. These data are collected and used for billing purposes, in particular for issuing the invoice, which we will send you as the payment confirmation. After the first submission of your payment requisites, we will store such data for further similar operations for your convenience so that you wouldn’t need to submit them again. 

Retention period. We retain these data until you request to erase them or until your account is deactivated. 

Access. Only our employees and local partners have access to these data. As we previously stated, we sign non-disclosure agreements with our employees. 

Protection measures. We don’t consider that these data are less important than the data from your user account. That is why, in regard to payment requisites, we implement the same technical and organizational measures as we indicated above. 

Automatic collection

The other important thing you need to know is that we use cookies on the Website, which collect some of your personal data. For more details, please refer to our Cookie Policy.

Your rights

The right to access your data
The right to rectification
The right to erasure (‘right to be forgotten’)
The right to restriction of processing
The right to withdraw your consent
The right to object to the processing
The right to data portability
How to exercise your rights

The right to access your data. You can ask us to confirm whether we process your personal data or not. If we do, you may ask us everything concerning such processing, for example, the categories of data, specific processing operations with your data, period of processing, protection measures or access to your personal data. We will provide this requested information in a structured, commonly used and machine-readable format. 

The right to rectification. You can require all the inaccurate personal data concerning you being corrected. You may also complete your personal data if you consider that something is missed. 

The right to erasure (‘right to be forgotten’). You can ask us to erase personal data if its processing is no longer necessary to achieve the purposes for which it was collected as well as if there are no legal grounds for the processing. In most cases, you don’t need to contact us asking for such action because we systematically examine what data we no longer need for the provision of our Services, unless otherwise required by law. Anyway, your rights are above all things, so don’t hesitate to contact us. 

The right to restriction of processing. In some cases, prescribed by law you will also be able to restrict the way of processing your data. For example, if you contest the accuracy of your personal data being processed or if we are not interested in our processing of your personal data any longer, but you want us to do this for other reasons, for example, to bring some claim for somebody - then, instead of the erasure of information, its processing will be restricted.

The right to withdraw your consent. You can withdraw your consent for the processing of your personal data if it was given at any time by contacting us, without affecting the lawfulness of processing based on consent before its withdrawal. After receiving such requests, we will stop processing. 

The right to object to the processing. You can object to the processing of your personal data when the processing is related to the performance of our task carried in the public interest or in the exercise of official authority vested in us; or if we process your data to pursue our or third party’s legitimate interests, and you believe that such interests are overridden by your interests or fundamental rights and freedoms.

If you make a request objecting to processing, we will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing. Please note that when we process your personal data for direct marketing purposes, you have the right to object at any time to such processing without providing any justification. We will no longer process your data for such direct marketing purposes. 

The right to data portability. You also have the right to transmit data we process to another controller, if the processing is based on your consent or on contract and the processing is carried out by automated means.

How to exercise your rights. Your request in relation to your personal data may be submitted through the contact details specified below by any means. These requests are free of charge. We are obliged to reply to your request within one month of receipt of the request for the longest. This period may be extended by two further months if we are overwhelmed by the number of requests, or if the request at issue is complicated and requires a lot of actions. We will inform you of any such extension within one month of receipt of the request, together with the reasons.  

We indicated other rights in regard to your privacy in our Cookie Policy.

Breach notifications

If any of your personal data would be under the breach, we would inform you and the respective data protection agencies as to the accidents without undue delay, if there are high risks of violation of your rights as a data subject. We also do our best to minimize any such risks.

Changes to this Privacy Policy

We may amend or update this Privacy Policy from time to time, updating “Last updated” date at the top of this Privacy Policy and adding the details to the “Key changes” section above. We will notify you about any changes in 7 days before such changes come into force. Should you continue  using our Website or the Services after changes in the Privacy Policy, we will consider this as the acceptance of such changes. If you don’t agree with the changes, you should stop using our Website or the Services. If the changes would be substantial to such an extent that we are required to ask for your consent again, we will do that.

Contacts

We hope that this Privacy Policy has answered all the questions regarding your privacy on our Website and we expect you will trust us. 

But if you still feel abra-cadabra with your privacy, feel free to ask us:

I.M. COLLABORATOR LTD 
Company registered under the laws of Cyprus, 
Located at Peiraios, 30, 1st floor, Flat/Office 1, Strovolos, 2023, Nicosia, Cyprus, 
Company number: ΗΕ 403087
Email for privacy issues: [email protected]

For users from Estonia, these details apply:
Collaborator OÜ, company registered under the laws of Estonia,
Located at Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152
Company number 16384422 
Email for privacy issues: [email protected]