Privacy Policy - .
This Privacy Policy explains how . collects, uses, stores, shares and protects personal data in compliance with the EU General Data Protection Regulation (GDPR). This policy applies to all customers in the area and governs processing of personal data when you interact with our services, products, applications and related communications. The terms used below are intended to be clear and accessible; where legal terms are used, plain-language explanations are provided.
1. Data We Collect
We collect and process personal data necessary to provide and improve our services. Categories of personal data we may collect include:
- Identity data: name, date of birth, identifiers used for authentication.
- Contact data: email address, postal address, telephone numbers.
- Transactional and financial data: payment details, billing information and purchase history (processed securely and only as required).
- Technical data: IP address, device identifiers, browser type, operating system, log files and connection information.
- Usage data: service activity, preferences, features used and interaction history.
- Marketing and communication preferences: consents, opt-in status and subscription settings.
- Sensitive data: we do not routinely collect special category data (such as health or racial information). If such data is submitted voluntarily, we will only process it with explicit consent or where another lawful basis applies and additional safeguards are in place.
2. Lawful Basis for Processing
We rely on one or more of the following lawful bases to process personal data under the GDPR. We will make the relevant lawful basis clear when we collect your personal data.
- Performance of a contract: Processing necessary to provide services, manage accounts, deliver orders and respond to requests (e.g., account setup, billing and fulfilment).
- Legal obligation: Processing required to comply with laws, regulations, tax and accounting obligations or to respond to lawful requests by public authorities.
- Consent: Where we rely on consent (for example, for direct marketing communications or optional features), you may withdraw consent at any time without affecting processing conducted prior to withdrawal.
- Legitimate interests: Processing necessary for our legitimate interests, such as fraud prevention, improving our services, network and information security, and enforcing our terms, provided such interests are not overridden by your rights and freedoms.
Examples of lawful basis by purpose
- Account management and service delivery: Contract.
- Transactional communications and billing: Contract and Legal obligation.
- Newsletters and promotions: Consent.
- Fraud detection and security monitoring: Legitimate interests.
3. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected and to meet legal, regulatory and contractual obligations. Criteria used to determine retention periods include:
- Duration of the customer relationship and any active contractual obligations.
- Whether retention is needed to comply with legal, tax or accounting requirements.
- Whether retention is necessary to establish, exercise or defend legal claims.
- Business needs for analytics, product development and fraud prevention, balanced against individuals’ privacy rights.
Typical retention examples: account data while the account is active; transactional records retained for up to seven years for tax and audit purposes; marketing consents retained until withdrawn. Where we anonymize data so you can no longer be identified, that anonymized data may be retained indefinitely.
4. Use of Processors and Third Parties
We may engage third-party service providers ("processors") to perform functions on our behalf. These may include cloud hosting providers, payment processors, analytics and monitoring services, customer support platforms and professional advisors. We:
- Only share the personal data necessary for the processor to perform its service.
- Enter into written Data Processing Agreements that require compliance with GDPR standards and security controls.
- Conduct due diligence and implement contractual safeguards to ensure processors provide adequate protection.
Where personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards such as adequacy decisions, Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms to ensure continued protection of your data. We will inform you of such transfers where required by law.
5. Your Rights
Under the GDPR you have the following rights in relation to your personal data. You may exercise these rights using the mechanisms and interfaces we provide within our services or account settings, or through the channels made available to you when you interact with our service.
- Right of access — request a copy of personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure (right to be forgotten) — request deletion of your data where there is no overriding legal reason to retain it.
- Right to restriction of processing — request temporary limitation of processing where accuracy is contested or processing is unlawful.
- Right to data portability — obtain and reuse your data for your own purposes across different services where processing is based on consent or contract and carried out by automated means.
- Right to object — object to processing based on legitimate interests or to direct marketing processing.
- Right to withdraw consent — where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint — you have the right to lodge a complaint with a supervisory authority if you consider our processing violates applicable data protection laws.
Responding to requests
We will respond to requests to exercise your rights in accordance with GDPR timeframes. We may need to verify your identity and, where legally permitted, may refuse or restrict requests that are manifestly unfounded or excessive, always providing an explanation.
6. Security
We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. These measures include encryption, access controls, regular security assessments and staff training. However, no transmission over the Internet or storage system can be guaranteed 100% secure.
7. Automated Decision-Making and Profiling
We may use automated systems for operational purposes such as fraud detection and service personalization. You have rights regarding automated decision-making, including a right to request human intervention, express your point of view, and contest decisions where applicable under the GDPR.
8. Children
Our services are not intended for children under applicable minimum age thresholds. We do not knowingly collect personal data from children without parental or guardian consent. If we become aware that we have collected personal data of a child without appropriate consent, we will take steps to delete that information.
9. Changes to This Policy
We may update this policy to reflect changes in legal or business requirements. When material changes occur, we will provide notice through the service or other appropriate means. Continued use of our services after changes indicates acceptance of the updated policy.
10. Additional Information
Data minimization: We collect only the personal data necessary for the purposes described. Purpose limitation: we use data only for purposes communicated in this policy or as otherwise communicated at the time of collection. Accountability: we maintain records of processing activities and regularly review our procedures to ensure compliance.
Scope: This policy applies to all personal data processing activities carried out by us in relation to customers in the area. It does not create contractual rights beyond those in any written agreements you may have with us. For specific requests or to exercise your rights, use the user-facing mechanisms available through the service or account settings.
Effective Date: This policy is effective as of the date it is published in the service and remains in effect until superseded by a revised policy.
End of Policy