Last updated: July 10, 2024
All data subjects are required to read this privacy and data protection policy to understand how the company collects, uses, processes and stores personal data while conducting its activities and what security measures are being applied.
1. What Is It For?
1.1. Parties to This Policy.
This Privacy and Data Protection Policy (the “Policy”) defines the regulation of the relationship between Nektony LLC, incorporated under the laws of Ukraine (the “Company”) and YOU regarding the use of your personal data.
The Company has a responsibility to ensure that it complies with all relevant legal, regulatory and contractual requirements in the collection, processing, storage, transmission, destruction of personal data, etc. This Policy is constructed and developed in accordance with the EU General Data Protection Regulation (the “GDPR”) and the California Consumer Privacy Act (the “CCPA”) and its requirements concerning the processing of personal data.
This Policy applies to every individual that is a subject of personal data and whose personal data are processed by Company including Visitors, Traffic clients, Users, Licensees, Company’s contractors (including their employees) and other customers (the “Data Subject”).
This Policy also applies to any updates, supplements, Internet-based services, and support services for Company’s applications, products, and services unless otherwise explicitly stated hereunder.
1.2. Purpose of This Policy.
We want to simplify the understanding of this Policy for our customers and provide You with a possibility to understand in a very clear and accessible way what personal data of yours do we collect, why do we do that, in what way do we do that, and what are the consequences of those actions.
For the purposes of this Policy, personal data means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with natural person.
What Happens If You Just Visited the Website?
If You simply entered the Company’s website https://nektony.com or any of its subdomains (the “Website”) with any purpose or without it, You automatically become a Visitor.
2.1. Who Is the Visitor?
The visitor is a person who opens, views, and downloads the Website or any of its subdomains and does not use the Company’s mobile or desktop applications, widgets, add-ons, tools, apps, software, APIs and other services (the “Products and Services”). If the Visitor wants to use the Company’s Products or Services he/she/it needs to become User or Licensee (specified in Sections 3 and 4 respectively hereunder).
2.2. Personal Data of Visitors We Collect.
The Company collects and processes of Visitors’ personal data such as:
- HTTP cookies: data regarding the traffic source; data regarding person’s website session state; data regarding the person’s use of the Website; data regarding the person’s behavior across the websites;
- HTML cookies: information regarding the person’s search results;
- information received through Website contact form, Company’s email (e.g. name, email, phone number, Skype id, description of problem etc.).
You can find more information regarding the cookie files the Company collects about You via the link: https://nektony.com/cookies.
The Company uses Complianz plugin. To know more how this plugin complies with GDPR, visit this page https://complianz.io.
2.3. Purposes Behind the Visitors’ Personal Data Collection.
The Company collects and processes Visitors’ personal data for such purposes as:
- provision of the Company’s Services;
- optimization of the Website’s functionality , performance and accessibility;
- exploring the Visitor’s use of the Website;
- prevention of frauds related to the provision of the Services or use of the Products of the Company;
- corporate marketing development.
The Company uses the Microsoft Clarity analysis tool. You can find more details regarding the data transferred to the Company by Microsoft at https://privacy.microsoft.com/en-us/privacystatement.
2.4. Storage of the Visitors’ Personal Data.
The Company stores the Visitor’s personal no longer than 24 months from the moment of the last Visitor’s visit of the Website.
2.5. Who Controls Collection of the Visitor’s Personal Data?
In a process of the collection of the Visitor’s personal data Company acts as the Controller of personal data, namely the Company unilaterally defines the purposes and means of processing of the Visitor’s personal data (the “Controller”).
3. What Happens If You Accessed the Website via the Link Placed on Another Website?
If the Company receives your personal data despite the fact You have not visited the Website, or after You have been redirected to the Website, You become a Traffic client.
3.1. Who Is the Traffic Client?
Traffic client is a Data Subject whose personal data the Company may receive from its contractors or Data Subjects who accessed the Website via the link placed on the other websites.
3.2. Personal Data of Traffic Clients We Receive.
a. By means of cooperation with the Company, the Company’s contractors may transfer to the Company various personal data of Traffic clients. For example:
i. with respect to Facebook:
- device data;
- history of other websites visits;
- purchases data;
- other ads reviewing data;
- data regarding the use of Services by Traffic client.
You can find more details regarding the types of data transferred to the Company by Facebook at https://www.facebook.com/business/gdpr.
ii. with respect to Google:
- number of Traffic clients and sessions;
- every session duration;
- device technical characteristics related data (model, type of operating systems);
- location data;
- data regarding first launches;
- data regarding opening and updates of other applications;
- data regarding in-app purchases.
You can find more details regarding the types of data transferred to the Company by Google at https://support.google.com/analytics/answer/6318039?hl.
iii. with respect to Impact Radius:
- IP addresses;
- account or membership numbers (without a key to personally-identifying You);
- email addresses.
You can find more details regarding the types of data transferred to the Company by Impact Radius at https://impact.com/privacy-policy/.
The Company may receive personal data of the Traffic clients from other contractors on a basis of the proper agreement between the Company and such contractor. Types of personal data of the Traffic clients which is transferred to the Company by such contractors are defined under the privacy policy of such contractors.
b. After the Traffic clients access the Website, the Company collects such Traffic clients’ personal data as:
- HTTP cookies: data regarding the traffic source; data regarding person’s website session state; data regarding the person’s use of the Website; data regarding the person’s behavior across the websites;
- HTML cookies: information regarding the person’s search results;
- information received through the Website contact form, Company’s email (e.g. name, email, phone number, Skype id, description of problem etc.).
3.3. Purposes Behind the Traffic Clients’ Personal Data Receiving.
The Company receives and processes personal data of Traffic clients for such purposes as:
- provision of the Company’s Services;
- optimization of the Website’s functionality , performance and accessibility;
- exploring the Traffic client’s use of the Website;
- prevention of frauds related to the provision of the Services or use of the Products of the Company;
- corporate marketing development;
- fulfilling the agreement with the contractor.
3.4. Storage of the Traffic Clients’ Personal Data.
The Company stores personal data of Traffic clients no longer than 24 months from the moment their personal data was transferred to the Company or from the moment they accessed the Website.
3.5. Exchange of the Traffic Clients’ Personal data.
According to the appropriate request, the Company may transfer personal data of Traffic clients to the Company’s contractor so that it can better understand the nature and condition of Internet traffic related to its services. The Company has a right to transfer such data to other contractors in order to provide Services.
3.6. Who Controls Collection of the Traffic Clients’ Personal Data?
During the collecting and processing of the Traffic clients’ personal data the Company and the Company’s contractors act as joint controllers, namely they jointly determine the purposes and means of processing of the personal data (the “Joint Controller”).
In every single situation every Company’s contractor guarantees and must receive a consent from its Traffic clients to collect, process, and transmit his/her/its personal data, including consent to the further transfer of data by its contractors, as well as to involve other partners of the Company in the processing of such data.
3.7. Disclaimer.
Company does not represent, warrant or is not responsible for the lawfulness of collecting, processing, using, storing, and other activities related to the personal data of persons whose personal data was transfer to the Company by its contractors or who accessed/were redirected to the Website via the link placed not on the website/any other resource of the Company’s contractor or were placed not by the Company’s contractor.
4. What Happens If You Downloaded Product(s)/Used Service(s)?
If You successfully downloaded and installed the Products from the Website or used the Company’s Services, You become a User.
4.1. Who Is the User?
It is assumed that User is a person that downloads and installs the Company’s Products in order to use the Services of the Company.
4.2. Personal Data of Users We Collect.
If User downloads and installs the Company’s Product, the Company collects and processes the following User’s personal to improve the User experience:
- IP address;
- email address;
- full name;
- type of OS of the User’s device (subject to receipt of the separate User’s consent);
- the user’s device identifier;
- the information about crash logs and other issues;
- the user’s license check for administration purposes;
- list of programs and applications installed at the User’s device (subject to receipt of the separate User’s consent);
- the periods of time in which User uses the Product;
- the events within the Product recorded with analytics;
- start date of the trial version of the Product, User’s evaluation of the trial version of the Product and how the User’s way of the Product’s use;
- information received through the Website contact form, Company’s email (e.g. name, email, phone number, Skype id, description of problem, detailed profile of the User’s device etc.).
Subject to receipt of separate consent from User provided through the Products, Company may collect User’s internal device analytics data, namely the general information regarding the fulfillment of HDD, used applications, number of duplicate files and folders, the sequence of actions during the use of Products and Services, tasks which are most often solved by using Products and Services.
VSD Viewer for iOS app’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
4.3. Newsletter Option.
a. Any User may subscribe to the Company’s newsletter using the option provided in the Product. Subscription to the Company’s newsletter means that the Company will send the periodic newsletter-style emails regarding the special deals and the latest news related to the Products and Services to the User.
b. If User subscribes to the Company’s newsletter using the option provided in the Product, the Company collects and processes such User’s personal data as:
i. email used for subscription;
ii. the Product used by User subscribed to Nektony’s newsletter
c. Company will forward the email addresses specified in clause 4.3(b)(i) hereinabove to email marketing service providers MailChimp and SendinBlue who act as the Processors of the personal data (find more information in this regard in Section 12 below).
4.4. Purposes Behind the Users’ Personal Data Collection.
Company collects and processes Users’ personal data for such purposes as:
- polite appealing to the User;
- communication with the User;
- provision of the support with the use of the Products and Services etc.;
- determination of the User’s country of location in order to understand the scale of Products’ and Services’ distribution;
- performing of the agreement between Company and User;
- prevention of frauds related to the provision of the Services or use of the Products of the Company;
- pursuant to clause 4.3, sending the User the most relevant information regarding current Products and Services;
- analysis of the Services’ quality and forecasting of the Users’ needs;
- conducting of the continuous improvements of the Products and Services;
- provision of more useful information to Users and understanding what parts of the Products Services are the most interesting for Users;
- corporate marketing development.
- regarding the User’s internal device analytics data, analysis of use and improvement of usability of Products and Services.
4.5. Storage of the Users’ Personal Data.
a. Except as provided in clause 4.5(b), the Company stores the User’s personal data for the entire period of use of the Company’s Services, as well as no longer than 6 months from the moment of the last User’s activity.
b. User’s personal data specified in clause 4.3. hereinabove will not be stored within this Company’s database or in any of our internal computer systems. Such data will remain within MailChimp’s and SendinBlue’s database for as long as the Company continues to use these services for email marketing or until You specifically request removal of this personal data from the list.
4.6. Who Controls Collection of the Users’ Personal Data?
In a process of the Users’ personal data, the collection Company acts as the Controller.
5. What Happens If You Purchased Products/Services License?
If You proceeded with the payment and purchased the worldwide, non-exclusive, non-transferable, irrevocable, perpetuity license (the “License”) to use the Products or Services, You become a Licensee.
5.1. Personal Data of Licensees We Collect.
a. If person decides to purchase the License, Company collects such personal information of the Licensee as:
● Licensee’s unique identifier.
b. After the Licensee proceeds with the payment for the License, the payment system provides Company with such Licensee’s personal data as:
● name and surname of the Licensee;
● the email address of the Licensee used for payment;
● IP address of payment;
● payment method (e.g. PayPal, Alipay, etc.).
● information regarding registration or deregistration of License.
5.2. Purposes Behind the Licensees’ Personal Data Collection.
Company collects and processes Licensees’ personal data for such purposes as:
● verifying the fact of the Licensee’s payment;
● tracking the use of the License by the Licensee;
● prevention of frauds related to the provision of the Services or use of the Products of the Company;
● analysis of the Services’ quality and forecasting of the Users’ needs;
● corporate marketing development.
5.3. Storage of the Licensees’ Personal Data.
The Company stores the Licensees’ personal data for the entire period of use of the License, and all the User’s information is deleted within 30 days since the moment of the last use of the License by the User or since receiving a written request.
5.4. Who Controls Collection of the Licensees’ Personal Data?
a. During the collecting and processing of the Licensees’ personal data specified in clause 5.1(a) hereinabove, the Company acts as the Controller.
b. During the collecting and processing of the Licensees’ personal data specified in clause 5.1(b) hereinabove, the Company acts as the Processor of personal data, namely the Company processes personal data on behalf of the payment system who acts as the Controller (the “Processor”).
6. What Happens If You Are the Company’s Contractor?
The company can collect and process the personal data of its contractors (including their employees).
6.1. Who Is the Contractor?
Company has the following contractors:
- DigitalOcean LLC;
- Freshworks Inc;
- The Rocket Science Group LLC d/b/a Mailchimp;
- Sendinblue Simplified Joint Stock Company;
- Bright Market, LLC d/b/a FastSpring;
- PayPro Global, Inc.;
- Amplitude, Inc.;
- Google, Inc;
- Impact Tech, Inc;
- other contractors involved by the Company in order to provide Services;
6.2. Personal Data of Contractors We Collect.
Company collects and processes such personal data of the contractors as:
- full name;
- position of the contact employee/representative;
- email address;
- means of communication.
6.3. Purposes Behind Contractors’ Personal Data Collection.
The company receives and processes personal data of the contractors for such purposes as:
- conducting of conversation regarding the implementation of contracts either regarding other financial/legal matters;
- sending of promotional offers regarding the Services;
- other business purposes specified in the agreement between Company and contractor;
- corporate marketing development.
6.4. Storage of Contractors’ Personal Data.
Company stores personal data of the contractors (including their employees) no longer than 10 years from the moment of termination of the agreement with such contractor.
6.5. Who Controls Collection of Contractors’ Personal Data?
In a process of collecting and processing personal data of the contractors (including their employees) Company acts as the Controller.
7. General Provisions.
7.1. Applicable Legislation.
While collecting and using the personal data the Company becomes subject to various legislation and laws that govern the matters of how such activities may be carried out and the safeguards that must be put in place for data protection. The Company adheres to all conditions and requirements stipulated by the current European legislation including without limitation to the General Data Protection Regulation as well as other international legislative acts concerning data protection.
7.2. Subject Scope of this Policy.
This Policy applies to all Company’s employees, independent contractors, Visitors, Traffic clients, Users, Licenses, interested persons, and all other subjects that directly or indirectly participate in the personal data processing, including Data Subjects who visit the Website.
7.3. Data Subject Consent.
The Company obtains data from Data Subject with his/her/its permission and consent or may receive personal data from its contractors to whom Data Subject has given consent to transfer this information to the Company in accordance with this Policy, including consent to:
- further transfer of such data by the Company to its contractors; and
- involve other partners of the Company in processing of such data.
7.4. Data Protection Authority (DPA).
The Data Subjects have a right to apply to the Company or to the Data Protection Authority about his/her/its personal data breach if he/she/it becomes aware of it earlier than the Company.
Data Protection Authority (the “DPA”) means an independent public authority which is established by a Member State pursuant to the provisions of GDPR. The company has no establishment within the EU. Therefore, for the purposes of this Policy, the DPA means the supervisory authority of a Member State where the Data Subject is active.
The Data Subject has the right to lodge a complaint with a respective supervisory authority if the Data Subject considers that the processing of personal data related to him/her/it infringes the provision of GDPR.
7.5. Third Party Links.
During the use of the Products or provision of the Services, the Data Subject may have a possibility to access third-party websites through the Products and Services. Such third-party websites may collect information about Data Subject. Privacy policies of such third-party websites are applicable to such collection of Data Subject’s information. The aforementioned privacy policies of such third-party websites may differ from this Policy. The company is not responsible for the privacy policies of any third-party website. This Policy does not cover the information practices of any third-party websites linked to the Website. The company encourages Data Subjects to read the privacy policy and privacy statements of any third-party website the Data Subject may visit.
8. Lawfulness of Processing.
8.1. General Rules.
Company processes personal data on the basis of the consent which is provided through the Consent Form.
Consent Form contains general information regarding the processing of personal data of Data Subject. Consent Form enables Data Subject to access this Policy which contains the information on methods of processing as well as on the period for which such personal data are to be stored including the precise information concerning the purposes of the processing.
It is presumed that by giving the consent You acknowledge and accept all terms and conditions specified in the Consent Form as well as all conditions specified in the current Policy.
If required, the Company shall be able to demonstrate that consent was obtained for the personal data processing it conducted.
8.2. Processing of Visitors’ and Traffic clients’ Personal Data.
The company starts to collect personal data of the Visitors when the particular Visitor enters the Website.
Company processes personal data of Visitors on the basis of the consent which is provided by Visitor through pop-up notification ad or consent checkbox. Company provides Visitor with:
i. the pop-up notification ad, at the moment Visitor enters the Website;
ii. the consent checkbox, before Visitor is allowed to send a message in the contact form on the Website.
The company processes personal data of Traffic clients on the basis of the consent as provided in clauses 3.6 and 3.7 provided hereinabove. Personal data of Traffic clients received through the contact form on the Website is processed on a basis of consent which is provided by Traffic client through the consent checkbox as specified herein.
By giving the consent for the processing of his/her/its personal data the Visitor/Traffic client confirms that he/she/it is sixteen (16) years of age or older. For detailed information as to the age of data subjects please address Section 9 below.
8.3. Processing of Users’ Personal Data.
The company starts to collect personal data of Users when a particular User has downloaded and installed the Product or has used the Service.
The company processes personal data of Users on the basis of the consent which is provided by User through the Consent Form checkboxes before downloading and installation of the Product or use of the Service. Company provides User with Consent Form checkboxes at the Website before User is allowed to download the Product or use the Service.
The consent is considered to be provided after the User has pressed the “I give consent” button in the end of the appropriate Consent Form checkboxes at the Website.
In case of subscription to the Company’s newsletter, Company processes personal data of Users on the basis of the consent. Such consent is provided by User through the Consent Form checkboxes before subscribing to the Company’s newsletter. Company provides User with Consent Form checkboxes within the Product before User is allowed to subscribe to the Company’s newsletter.
By giving the consent for the processing of his/her/its personal data the User confirms that he/she/it is sixteen (16) years of age or older. For detailed information as to the age of data subjects please address Section 9 below.
8.4. Processing of Licensees’ Personal Data.
Company processes personal data of Licensees on the basis of:
- regarding the personal data specified in clause 5.1(a), the necessity to take steps at the request of the Licensee prior to entering into a contract to which the Licensee is party;
- regarding the personal data specified in clause 5.1(b), the consent which is provided by Licensee to the payment system in order to proceed with the payment for the License.
By requesting the Company to take steps prior to entering into a contract with it, the Licensee confirms that he/she/it is sixteen (16) years of age or older. Regarding the personal data specified in clause 5.1(b), the payment system warrants that it collects the personal data only of those Licensees who are sixteen (16) years of age or older. For detailed information as to the age of data subjects please address Section 9 below
8.5. Automated Decision-Making.
Data Subjects could be a subject to automated decision-making, including profiling. The company may involve automated decision-making, including profiling, for processing of Personal Data received from Data Subjects for the purposes of corporate marketing development and streamlining personal data within the internal CRM system.
Company may use the results of automated decision-making, including profiling, for targeting of its Services and other marketing purposes.
The automated decision-making, including profiling, is limited by the purposes of receipt of personal data specified in Sections 2-6 provided hereinabove. The automated decision-making, including profiling, does not significantly affects the Data Subject and does not produce legal effects and cannot deprive the Data Subject of its rights.
8.6. Categories of Personal Data Company Does Not Process.
The Company does not collect and/or process the sensitive data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (the “Sensitive Data”).
The Company does not collect and/or process any other personal data of Data Subjects except the data determined under this Policy. The Company also collects personal data strictly within the amount needed for the purposes of processing specified herein.
8.7. Personal Data Breach.
The Company undertakes to reduce the data breach risks that may lead to the breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (the “Personal Data Breach”).
Company selects contractors with an impeccable reputation and concludes confidentiality agreements with them in this regard.
9. Data Subject Age.
9.1. The Company collects the personal data on the basis of consent obtained from the Data Subjects who have reached the age of 16 years, except as provided in clause 8.4. hereinabove.
9.2. After giving the consent to Company, the appropriate Data Subject acknowledges that he/she/it reached the age of 16 years and has all rights to provide the Company with the consent for his/her/its personal data processing.
9.3. If You know that the Company processes data of person under 16 years old, please inform us about this by writing to e-mail address: support@nektony.com or contacting us via phone +1(718)215-99-14.
10. Withdrawing of Consent.
10.1. General Information.
Data Subject is entitled to withdraw the consent at any time he/she/it wishes.
Data Subject is entitled to withdraw any type of consent it provided to the Company, e.g. consent to his/her/its personal data processing for purposes of sending the periodic (approximately one per week) newsletter-style emails regarding the special deals and the latest news related to the Products and Services to the Data Subject based on the profiling of Data Subject’s personal data.
10.2. Request Submitting.
The withdrawal of the consent is considered to be properly made after the Data Subject has sent such letter of withdrawal to the following e-mail address: support@nektony.com or contacted us via Contact Support Form.
10.3. Withdrawal Procedure.
The appropriate request for withdrawing of the consent shall be examined within 72 hours since the moment the respective form of withdrawal is received, and the adequate decision shall be made by the Company.
Regarding the personal data specified in clause 4.3. hereinabove, Data Subject withdraws its consent by unsubscribing from the Company’s newsletter using the unsubscribe links contained in any email newsletters that the Company sends to the Data Subject or by requesting withdrawal of consent via email. When requesting withdrawal of consent via email, Data Subject has to send an email to the Company using the email account that is subscribed to the mailing list.
11. Personal Data Storage.
11.1. After expiration of the period of storage of personal data, the Company is obliged to delete the personal data or ask the Data Subject to provide the Company with a new consent if the necessity of processing remains relevant for the Company or another purpose of processing appears.
11.2. The Company is entitled to stop storing in the future and delete the earlier collected Data Subjects’ personal data at any time if such personal data are not needed anymore. Herewith, the Company is obligated to notify the respective Data Subject that his/her/its personal data are deleted.
11.3. The Company may keep storing the personal data if subsequent processing is foreseen by law and is deemed relevant for a purpose that is not compatible with the original purpose of processing stated in this Policy. Herewith, the incompatible purposes mean the purposes concerning archiving in the public interest, scientific, statistical, or historical use.
12. Processing.
12.1. General Rules.
Every Processor without exception has to be involved by the Company under the same conditions as other and has to act only according to the Company’s instructions and within the scope of the appropriate agreement they concluded.
The Company is responsible for the proper processing of the Data Subjects’ personal data under the GDPR. Herewith, each Processor is responsible for the adherence of the GDPR as well as for other legislative actions concerning data protection while processing the Data Subjects’ personal data.
The Processors are not entitled to define any additional purposes for the personal data processing.
12.2. Who Can Be the Processor?
On the basis of the appropriate Terms of Use/User Agreement, Company involves the following companies as a Processors:
- DigitalOcean LLC (https://www.digitalocean.com), for cloud storing of personal data of Data Subjects;
- Freshworks Inc (https://www.freshworks.com), for maintenance of Data Subjects’ requests and conducting of communication with Data Subjects;
- The Rocket Science Group LLC d/b/a Mailchimp (https://mailchimp.com), for conducting of email marketing activities;
- Sendinblue Simplified Joint Stock Company (https://www.sendinblue.com), for conducting of email marketing activities, marketing automation, customer relationship management, retargeting activities;
- Bright Market, LLC d/b/a FastSpring (https://fastspring.com) and PayPro Global, Inc. (https://payproglobal.com/), for selling the licenses for Products and Services and as a payment system;
- Amplitude, Inc. (https://amplitude.com/) for analyzing marketing and product activities;
- Google, Inc and Facebook, Inc (https://analytics.google.com/analytics/web), for conducting of advertising and marketing activities;
- Impact Tech, Inc d/b/a Impact Radius, for online advertising of Products and Services.
If necessary, the Company may involve other Processors. Other Company’s contractors could act as the Processors in case they provide support with authorization, account managing, account security, system software errors, Services, bans, etc.
13. Data Subjects’ Rights.
13.1. List of Rights.
This Policy provides all Data Subjects with the opportunity to exercise any of the following rights:
a. right to access. The Data Subjects have a right to know whether their personal data are being processed and if so, access such data.
b. right to rectification. If the personal data are inaccurate, the respective Data Subject is entitled to ask the Company to correct them indeed.
c. right to erasure or right to be forgotten. The Data Subjects have a right to obtain from the Company the erasure of the Data subjects’ personal data without undue delay and the Company has the obligation to erase such personal data without undue delay.
d. right to restriction of processing. The Data Subjects have a right to limit the processing of their personal data with several exceptions under the scope of the GDPR.
e. right to be informed. The Company is obliged to inform Data Subjects of what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.
f. right to data portability. The Data Subjects are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that Data Subject has provided the Company with by way of the consent.
g. right to object. Data Subjects can object to the processing of personal data that is being processed by the Company. The Company must stop the processing of personal data unless the Company can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights, and freedoms of the individual or if the processing is undertaken for the establishment or exercise of defense of legal claims.
h. right not to be subject to a decision based solely on automated processing. The Data Subjects have a right to object to any automated profiling which means any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyses or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behavior (the “Profiling”), that is occurring without consent. Herewith, the Data Subjects have a right to request their personal data are to be processed with human involvement.
13.2. How Data Subjects May Exercise These Rights.
The Data Subject can exercise any of described above rights by sending request to the e-mail address: support@nektony.com or contacting us via Contact Support Form. Data Subject request must include name, contact information of the Data Subject, right which Data Subject wants to exercise, personal data processed by the Company, details and reason/justification of such request.
13.3. Period of Rights’ Exercising.
These are the timescales within which the Data Subjects may exercise its rights stated above (the period starts from the moment the Company receives the request):
a. Right to be informed – when data is collected;
b. Right to access – 2 weeks;
c. Right to rectification – 2 weeks;
d. Right to erasure – without undue delay;
e. Right to restrict processing – without undue delay;
f. Right to data portability – 2 weeks;
g. Right to object – on receipt of objection;
h. Rights in relation to automated decision making and profiling – 2 weeks.
14. Data Protection Officer.
The information about Data Protection Officer of the Company is as follows: admin@nektony.com.
15. Security.
15.1. The Company is responsible for ensuring that any personal data that Company holds and for which it is responsible, is kept securely and is not under any conditions disclosed to any persons unless that persons has been specifically authorized by Company to receive that information and has entered into a confidentiality agreement.
15.2. All personal data should be accessible only to those who need to use it. The personal data shall be treated with the highest security and must be kept encrypted.
16. Data Breach Notification.
16.1. Assessment of Risks.
The Company takes all reasonable steps to minimize the risk of the personal data breach while processing the personal data.
The risk assessment the Company has to carry out has to determine whether the risk to the rights and freedoms of the Data Subjects affected is judged to be sufficiently high to justify notification to them.
16.2. Obligation of Company If Data Breach Occurred.
In the case of a personal data breach, the Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the DPA, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of the Data Subjects.
Also, in the case of a personal data breach, which is likely to result in a high risk to the rights and freedoms of the Data Subjects, the Company shall without undue delay notify the appropriate Data Subject of the personal data of which were breached.
If measures have subsequently been taken to mitigate the high risk to the Data Subjects, so that it is no longer likely to happen, then communication with the Data Subject is not required by the GDPR.
The Company documents all personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action is taken. That documentation shall enable the DPA to verify compliance with the GDPR.
17. Data Transfer.
17.1. The Company stores personal data in the United States.
17.2. The Company does not sell or trade personal data to any legal persons or individuals.
17.3. The Company may transfer the personal data to its contractors, specified in this Policy. Company transfers the personal data based on the GDPR and adequacy decision/appropriate safeguards if needed.
17.4. The Company may transfer the personal data to third countries, including the onward transfers of the personal data from the third countries to other third countries. Transfers of the personal data to the third countries as specified hereinabove sometimes may be connected with the possible risks pursuant to the absence of an adequacy decision and appropriate safeguards under the GDPR in this regard. If the adequacy decision and/or appropriate safeguards regarding the transfer of the personal data to third countries are absent, Company transfers the personal data to the third countries based on the consent provided by Data Subject.
17.5. The personal data are being transferred for the purposes and by using the methods defined by this Policy.
18. Non-Discrimination.
18.1. General Information.
Company hereby assures and warrants that it does not involve any discrimination of Data Subjects because of the Data Subjects’ exercising of any of their rights, including, without limitation, by:
- Denying goods or services to Users;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, except as provided under this Policy;
- Providing a different level or quality of goods or services to Users;
- Suggesting that Users will receive a different price or rate for goods or services or a different level or quality of goods or services, except as provided under this Policy.
18.2. Exception.
Notwithstanding clause 18(1), after prior notification, Company may offer a different price, rate, level, or quality of goods or services to Users if that price or difference is directly related to the value provided to Data Subjects by the Data Subjects’ data.
18.3. Disclaimer.
Company’s denial of Data Subjects for reasons permitted by the applicable laws shall not be considered discriminatory.
19. Additional Conditions.
19.1. A current version of this Policy is available to all subjects concerned on the Website.
19.2.Company may revise this Policy from time to time but no less than once every 12 months. If Company makes material changes to this Policy, it will notify the Data Subjects by e-mail or by posting a notice on the Website prior to the effective date of the changes. By continuing to access or use the Website after those changes become effective, Data Subjects agree with the revised Policy.