Effective date: August 10, 2020
The name of our business is Deltabadger OÜ and we are the controller of your personal data. Our office is located in Estonia (address: Pärnu mnt 158/2-88, 11317 Tallinn).
This document explains what information is collected by the Service – how we secure and use it.
We have decided not to appoint a personal data protection officer due to the fact that in our situation this is not mandatory.
We process data of each user characterizing the way he uses our Service (these are so-called operating data).
This processing includes an automatic reading of a unique identification identifying the end of the telecommunications network or IT system you use (i.e. your IP address), the date and time of the server, information about the technical parameters of the software and the device you use (e.g. whether you use your laptop or phone for browsing our site and the place from which you connect to our server. We may use this information for market research purposes and to improve the performance of the Service. The data stored in the server logs is not associated with specific people using the website. The server logs are the only auxiliary material used to administer the Service.
This data is processed on the basis of Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). This legitimate interest is to enable the diagnosis of errors in the Service and the improvement of its quality.
We process your personal data in order to carry out the agreement concluded by you for keeping an account in the Service.
The legal basis for the processing of your personal data is, therefore, Article 6 item. 1(b). GDPR (processing is necessary for the performance of the agreement to which the data subject is a party or to take action at the request of the data subject prior to the conclusion of the agreement), and Article 6. item 1(c). GDPR (processing is necessary to fulfill a legal obligation on the administrator).
We also process your personal data on the basis of Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). It is a legitimate interest for the processing of your personal data that we are able to prove the content of the agreement between us and you in case of a dispute and that we have performed it properly.
On the basis of legitimate interest, we use such analytical tools as Google Analytics, Facebook Analytics, and Mixpanel, which allows us to view the use of your accounts on our site (functions you use, pages viewed, subscriptions). This allows us to provide support services for you and improve the operation of the Service. However, we do not monitor your behaviour on an ongoing basis and we do not process this data in any way.
By contacting us, you provide us with your personal data, including those contained in the content of the correspondence, in particular the email address, name, and surname. Providing this data is voluntary, but necessary to contact us.
The legal basis for the processing of your personal data that you provide by contacting us is Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). The “legitimate interest for the processing of your personal data” in this case is the possibility for us to contact Service users and answer questions asked by persons interested in the operation of the Service.
Using the Service you may order a newsletter to be sent to your e-mail.
In such case, the legal basis for processing your personal data is point (b) of Article 6(1) of GDPR (processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract), as the newsletter is delivered to you based on an agreement that we enter into.
The legal basis for processing your personal data after you have finished contacting us is also our legitimate interest in archiving correspondence for the purposes of ensuring that you can prove certain facts in the future. So we can process your personal data for the purpose of pursuing and defending against claims pursuant to Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party).
Should you decide to pay for our services through an online payment system, your data will be made available to us by the supplier of the online payment processing services for the purpose of enabling us to comprehensively manage such payments by means of an integrated platform. We undertake these actions in order to improve billing control and contact with you in this regard, therefore the legal basis for these activities is art. 6 par. 1 lit. f. of GDPR (processing is necessary for purposes arising from legitimate interests pursued by the controller or by a third party).
We process completely anonymous data of each user of the Service, which characterizes the way they use our Service (these are the so-called exploitation data). This processing includes an automatic reading of a unique identifier identifying the termination of the telecommunications network or ICT system you are using (i.e. your IP address), as well as the date and time of the server, information about technical parameters of the software and device you use (e.g. whether you are using a laptop or a telephone while browsing our Service) and the place from which you are connecting to our server. Data stored in server logs are not associated with specific people using the service. Server logs are only an auxiliary material used to administer the Service.
Cookies allow us to:
ensure proper functioning of the Service (durability of the session when you are logged in),
increase the convenience, speed, and safety of using the Service,
obtain statistical information about visits to our Service.
The cookies we use do not collect any personal data from you. Anonymous data is completely sufficient for the purposes mentioned above. If we process your personal data for other reasons (e.g. you have an account on our Service and there you provided us with your data), we do not combine them in any way with anonymous data obtained by means of cookies.
Own Cookies. Cookies can be divided into own and coming from third parties. As far as our own cookies are concerned, we use them in order to improve the functioning of the Service and to enable proper use of accounts (session maintenance).
Cookies of third parties. Our Service uses third party cookies only to create anonymous statistics of visits.
We process the following personal data:
The data of all users of the Service are processed in the IT system, located in part in the so-called public cloud computing provided by third parties (responsible for hosting the Service).
Personal data of people using the contact form are also processed in the IT system, located in part in the so-called cloud computing provided by third parties responsible for hosting the email that we use. Due to the location of these entities' servers, this data may be transmitted, stored and processed in third countries. These entities, however, guarantee an adequate level of data protection.
Our IT systems are serviced by an external specialized entity. When providing services to us, it may have access to your personal data.
Some of the operations described above involve sending your personal data to so-called third countries (outside the European Economic Area) where GDPR does not apply. However, this always happens based on the legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms. Detailed information in this regard can be found in the privacy policies posted by providers on their websites.
We entrust the processing of personal data to:
Amazon Web Services, Inc. (USA)
We entrust the processing of personal data to Amazon Web Services, Inc. in order to store data on the server. Our services are located on these servers, so everything you type in our forms must appear there. Your data is stored on secure servers in the USA. The connections we use to connect to the server are encrypted.
‘Amazon Web Services, Inc. is located in the United States, and our affiliated companies are located throughout the world. Depending on the scope of your interactions with AWS Offerings, your personal information may be stored in or accessed from multiple countries, including the United States. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.’
More information about the processing of personal data by Amazon can be found here:
Amazon Web Services, Inc. participates in the EU-US and Swiss-US Privacy Shield frameworks. Click here to learn more:
Proton Technologies AG (Switzerland)
We entrust the processing of personal data to Proton Technologies AG in order to support the mail server. We use ProtonMail to handle our email correspondence, and store data in the cloud.
All data storage infrastructure is also located solely within Switzerland, and thus governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in ProtonMail’s Transparency Report: https://protonmail.com/blog/transparency-report/
SendGrid, Inc. (USA)
We entrust the processing of personal data to SendGrid, Inc. in order to handle transactional emails (setting up an account on the Service, recalling passwords, etc.).
SendGrid, Inc. (as part of Twilio Inc.) participates in the EU-US and Swiss-US Privacy Shield frameworks, what you can check here:
LunaNode Hosting Inc. (Canada)
We entrust the processing of personal data to LunaNode Hosting Inc. in order to store payment processing data on the server. Our payment processor is located on these servers, so everything you type in our forms our paywall at pay.deltabadger.com must appear there. Your data is stored on secure servers in the Canada. The connections we use to connect to the server are encrypted.
Google LLC and Google Ireland Limited (Google Analytics)
The information collected by this tool is completely anonymous and does not allow your identification, but under GDPR it may still be treated as personal data. For this purpose, Google LLC cookies are used for the Google Analytics service. The use of Google Analytics services involves the implementation of the tracking code in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies.
The anonymous data of all Service users (in relation to Google Analytics services) contained in cookies are disclosed to Google LLC and Google Ireland Limited providing us the Google Analytics service on the terms set out here: https://privacy.google.com/businesses/processorterms/ and here: https://privacy.google.com/businesses/controllerterms/
The servers of these companies are located in different parts of the world, which means that these data can be transferred outside the European Economic Area. However, Google LLC guarantees an adequate level of data protection. Google LLC joined the EU-US-Privacy Shield program which can be verified here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
You can check the location of Google LLC servers here:
You can prevent the processing of personal data in this way (block Google Analytics) by making the appropriate choices on the site available here: https://tools.google.com/dlpage/gaoptout
Facebook Ireland Limited (Facebook Analytics)
The anonymous data of all Service users (in relation to Facebook Analytics services) contained in cookies are disclosed to Facebook Ireland Limited providing us the Facebook Analytics service on the terms set out here: https://www.facebook.com/privacy/explanation and here: https://www.facebook.com/policies/cookies/
Facebook uses typical contractual clauses approved by the European Commission ‘(What is a standard contract clause?’ - https://www.facebook.com/help/566994660333381?ref=dp) and is based on the decisions of the European Commission stating an adequate level of data protection in relation to specific countries, where applicable, in the scope of data transfer from the European Economic Area to the United States and other countries (‘Adequacy decisions’ - https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
Mixpanel Inc. (Mixpanel)
The information collected by this tool is completely anonymous and does not allow your identification, but under GDPR it may still be treated as personal data. For this purpose, Mixpanel Inc. cookies are used for the Mixpanel service. The use of Mixpanel services involves the implementation of the tracking code in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies. Detailed information about Mixpanel can be found here: https://mixpanel.com/legal/privacy-overview/ and here: https://mixpanel.com/legal/privacy-policy/
You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page: https://mixpanel.com/optout/
External services supporting our business
Please bear in mind that in running our business we use the support of specialized external entities which may or must have access to some of your data - these are the entities which provide us with services in the field of:
In our agreements with these entities, we have ensured that your personal data will not be transferred to so-called third countries (outside the European Economic Area), where the GDPR does not apply.
In addition, personal data of Service users contained in cookies may also be disclosed to entities with which the administrator has undertaken affiliate cooperation.
We will process your personal data for as long as it is necessary to maintain an account on our Service for you. If the statute of limitations for claims related to our Service is longer than the retention period for maintaining an account on our Service for you, then this longer period shall apply.
Personal data provided in order to contact us will be stored for no longer than is necessary to answer you, and after that time may be stored in the event of potential claims for the limitation period specified by law.
The billing information will be stored for 7 (seven) years from the end of the accounting year from which the specific transaction was made. The billing information is proof of payment and an obligation to their storage results indirectly from the Tax Law.
The processing of your personal data contained in cookies lasts until you disable their use. You can do this by deleting cookies and changing cookie settings in your browser.
Personal data processed for purposes of sending you newsletter will be processed as long as the agreement regarding sending the newsletter is in force (which is, until it is terminated by either of the parties) and after that time may be stored in the event of potential claims for the limitation period specified by law.
API keys can be deleted by the user at any time.
We make our best efforts to ensure that you are satisfied with working with us. Please bear in mind, however, that you are entitled to a number of privileges that will allow you to have an influence on the manner in which we process your personal data, and in some cases, you may stop such processing.
If you are a person to whom the GDPR applies, these rights include:
the right to access the personal data (regulated in Art. 15 of the GDPR)
the right to rectify the data (regulated in Art. 16 of the GDPR)
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
the right to erase the data (regulated in Art. 17 of the GDPR)
the right to restrict the processing of data (regulated in Art. 18 of the GDPR)
the right to object to the processing of data (regulated in Art. 21 of the GDPR)
the right to transfer data (regulated in Art. 20 of the GDPR)
If you are not a person to whom the GDPR applies, these rights include all the rights granted to you under the applicable data protection law in your country.
In order to exercise any of the rights above described, please contact us by sending an e-mail to the address we have first contacted you from, or the address: dger b ct@delt cont
If you are the person to whom the GDPR applies pursuant to Art. 77 of the GDPR you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place where the alleged violation has been committed, if you believe that processing of your personal data violates the provisions of the GDPR.
If you are not the person to whom the GDPR applies, you are entitled to lodge a complaint with the office dealing with the protection of personal data in your country in accordance with applicable law.
We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. Some data is also necessary for us to fulfill the obligations arising from the law (tax regulations, accounting regulations). Failure to provide your data will, unfortunately, prevent the conclusion and implementation of the agreement.
Failure to provide personal data required to perform online payments will prevent the service provider from carrying out the payment process, which will make the performance of the agreement impossible. As a result, you will have to choose a different payment method.
We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. If you do not provide us with personal data (in particular e-mail address) it will make it impossible to cooperate with you.
We do not conclude any agreement with you at this stage. Some of your details (as an email address) are necessary for us to answer your question.
We obtain your personal data directly from you (including automated methods).
Data regarding the payment process is provided to us by GoBee. - the provider of online payment processing services and an online platform for managing them.
Exploitation data and data related to using cookies are processed in an automated way (however, they are not subject to profiling, as understood based on GDPR).
Other data is not subject to automated processing or profiling.