Effective date: 28th of April, 2023
- who is responsible for the protection of your information;
- the types of Personal Information we may collect about You and how they may be used;
- the sources from which we gather information about you;
- our use of information regarding IP addresses;
- any disclosure of the Personal Information to third parties;
- your ability to correct, update and delete your Personal Information; and
- the security measures we have in place to prevent the loss, misuse, or alteration of the Personal Information under our control.
When processing your Personal Information, Digiotouch is required to follow the requirements stipulated in the Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and other data protection related legal acts which are applicable in a specific case (“applicable data protection laws”).
Sources of Personal Information
Who is responsible for protection of your information? The controller of your Personal Information is Digiotouch OÜ, registry code: 14507464; address: Narva mnt 5, 10117, Tallinn, Harju country, Estonia; email address: firstname.lastname@example.org.
Should You have any questions about how we process your Personal Information, or should You wish to exercise any of your rights as a data subject, You can contact us, using the contact details provided above.
Gathering and Use of Personal Information
We may collect your Personal Information if You open an Account and use our Services. The types of the Personal Information which we collect may include your:
- first name and surname
- date of birth and age
- email address
- phone number
- place of employment
- IP address(es) and geographical location
- device and browser information:
- device model
- software platform
- device software version
- device universally unique identifier (UUID)
- device manufacturer
- device serial number
We may use your Personal Information for the following purposes:
- To allow You to register and use an Account in order to access our Services. The legal basis for processing your Personal Information in this case is GDPR Art 6(1)(b);
- To reply to your queries when You have contacted us. The legal basis for processing your Personal Information is either GDPR Art 6(1)(b) or Art 6(1)(f), depending on the circumstances. If the legal basis is GDPR Art 6(1)(f), then we are processing personal data for the legitimate interest of answering to queries from potential users;
- To analyse the use of our Platform. The legal basis for processing your Personal Information is GDPR Art 6(1)(f). This is for our legitimate interest of improving our Services;
- To provide You with information about products and promotions that may be of interest to you, from ourselves and third parties, although only if You have specifically agreed to receive such information. The legal basis for processing your Personal Information is GDPR Art 6(1)(a);
- For market research, e.g., surveying the users of our Platform and the Services about their needs and opinions. The legal basis for processing your Personal Information is GDPR Art 6(1)(a) or 6(1)(f), depending on the circumstances. If the data processing is done based on GDPR Art 6(1)(f), then it is done for the legitimate interest of improving the quality of our services.
We process your Personal Information only for the purpose(s) for which we have collected the Personal Information. If You object to the processing of your Personal Data that is based on statutory or contractual basis, you may not be able to access our Services.
We collect information about You from several sources including, but not limited to:
- information provided by you to us directly;
- your Account profile on the Platform;
- Google Analytics.
We may collect information about your computer or smart devices, including where available, your IP address, operating system and browser type for system administration. We note that this constitutes statistical data about our users' browsing actions and browsing patterns and it is not possible to identify any individuals.
We use two kinds of cookies:
- Secondly, we use Google Analytics 4 to distinguish between the users and to throttle the request rate. As such, gtag.js, analytics.js and ga.js cookies shall be used. You are able to read more about Google Analytics 4 and the cookies they use here.
Disclosure of Personal Information
Specifically, when it is needed and permitted by applicable data protection laws, we can share information about You with the following parties:
- our service providers;
- government and regulatory authorities, when requested;
Please note that we cooperate with partners in different countries, hence your Personal Information might be processed and stored in different jurisdictions, taking into account all the requirements pursuant to applicable data protection laws.
We are committed to ensuring the safety of your Personal Information at all times by using secured data transfer channels, contractual obligations and other means (i.e. working with only trusted partners that have implemented adequate data protection measures).
No Automated Decision Making
Digiotouch does not carry out automated decisions regarding users. However, we will notify You in writing if this position changes.
Your rights as a data subject:
- right to access – your right to obtain from Digiotouch a confirmation as to whether or not Personal Information concerning You is being processed, and, where that is the case, access to the Personal Information;
- right to the erasure of your Personal Information (“right to be forgotten”);
- right to the correction of any inaccurate Personal Information;
- right to the restriction of our processing of your Personal Information;
- right to data portability;
- right to object to the processing of your Personal Information, including, but not only, to data processing for marketing purposes;
- right to withdraw your consent for data processing, in cases where the legal basis for the processing of your Personal Information is your consent.
You can exercise the abovementioned rights by sending an email to us at: email@example.com.
You may also request the deletion of your Account and Personal Information by sending an email to us at: firstname.lastname@example.org. Digiotouch will accept your request only when this is not inconsistent with its legal and regulatory obligations.
In addition to the above, you have the right to file a claim with your local supervisory authority or with a competent court, if You believe that Digiotouch has infringed your rights as a data subject. Information and contact details about local supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
Digiotouch will not transfer personal data to a third country outside the EEA where data protection laws may be different from the requirements under the GDPR, except if appropriate safeguards such as the model clauses (i.e. standardised clauses approved by the European Commission) are in place, or if You have clearly consented to such transfer.
We have implemented appropriate technical and organisational measures to ensure the confidentiality of your Personal Information and to protect your Personal Information from loss, misuse, alteration or destruction. Only authorized personnel of Digiotouch have access to your Personal Information, and these personnel are required to treat the information as confidential.
The security measures in place will, from time to time, be reviewed in line with legal and technical developments.
Retention of Personal Information
We may store your Personal Information for a period of 5 years if this is required by agreements which we have concluded with third parties (including, but not limited to, European Union funding agreements).