Privacy
Policy

Effective date: August 10, 2020

1. Who are we and how to find us

The name of our business is Deltabadger OÜ and we are the controller of your personal data. Our office is located in Estonia (address: Pärnu mnt 158/2-88, 11317 Tallinn).

This privacy policy applies to the use of the website and the application available at the address: https://deltabadger.com (hereinafter referred to as the ‘Service’).

This document explains what information is collected by the Service – how we secure and use it.

We have decided not to appoint a personal data protection officer due to the fact that in our situation this is not mandatory.

If you have any questions regarding this privacy policy you may contact us via e-mail to the address: dgerbct@deltcont.

2. How and why we process your personal data

Users of our service

We process data of each user characterizing the way he uses our Service (these are so-called operating data).

This processing includes an automatic reading of a unique identification identifying the end of the telecommunications network or IT system you use (i.e. your IP address), the date and time of the server, information about the technical parameters of the software and the device you use (e.g. whether you use your laptop or phone for browsing our site and the place from which you connect to our server. We may use this information for market research purposes and to improve the performance of the Service. The data stored in the server logs is not associated with specific people using the website. The server logs are the only auxiliary material used to administer the Service.

This data is processed on the basis of Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). This legitimate interest is to enable the diagnosis of errors in the Service and the improvement of its quality.

Maintaining an account in our service

We process your personal data in order to carry out the agreement concluded by you for keeping an account in the Service.

The legal basis for the processing of your personal data is, therefore, Article 6 item. 1(b). GDPR (processing is necessary for the performance of the agreement to which the data subject is a party or to take action at the request of the data subject prior to the conclusion of the agreement), and Article 6. item 1(c). GDPR (processing is necessary to fulfill a legal obligation on the administrator).

We also process your personal data on the basis of Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). It is a legitimate interest for the processing of your personal data that we are able to prove the content of the agreement between us and you in case of a dispute and that we have performed it properly.

Analytical tools

On the basis of legitimate interest, we use such analytical tools as Google Analytics, Facebook Analytics, and Mixpanel, which allows us to view the use of your accounts on our site (functions you use, pages viewed, subscriptions). This allows us to provide support services for you and improve the operation of the Service. However, we do not monitor your behaviour on an ongoing basis and we do not process this data in any way.

Contact

By contacting us, you provide us with your personal data, including those contained in the content of the correspondence, in particular the email address, name, and surname. Providing this data is voluntary, but necessary to contact us.

The legal basis for the processing of your personal data that you provide by contacting us is Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party). The “legitimate interest for the processing of your personal data” in this case is the possibility for us to contact Service users and answer questions asked by persons interested in the operation of the Service.

Newsletter

Using the Service you may order a newsletter to be sent to your e-mail.

In such case, the legal basis for processing your personal data is point (b) of Article 6(1) of GDPR (processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract), as the newsletter is delivered to you based on an agreement that we enter into.

Investigation of claims

The legal basis for processing your personal data after you have finished contacting us is also our legitimate interest in archiving correspondence for the purposes of ensuring that you can prove certain facts in the future. So we can process your personal data for the purpose of pursuing and defending against claims pursuant to Article 6 item. 1(f). GDPR (processing is necessary for purposes arising from legitimate interests pursued by the administrator or by a third party).

Online payment services

Should you decide to pay for our services through an online payment system, your data will be made available to us by the supplier of the online payment processing services for the purpose of enabling us to comprehensively manage such payments by means of an integrated platform. We undertake these actions in order to improve billing control and contact with you in this regard, therefore the legal basis for these activities is art. 6 par. 1 lit. f. of GDPR (processing is necessary for purposes arising from legitimate interests pursued by the controller or by a third party).

Cookies policy

We process completely anonymous data of each user of the Service, which characterizes the way they use our Service (these are the so-called exploitation data). This processing includes an automatic reading of a unique identifier identifying the termination of the telecommunications network or ICT system you are using (i.e. your IP address), as well as the date and time of the server, information about technical parameters of the software and device you use (e.g. whether you are using a laptop or a telephone while browsing our Service) and the place from which you are connecting to our server. Data stored in server logs are not associated with specific people using the service. Server logs are only an auxiliary material used to administer the Service.

Like almost all websites and applications, we use cookies. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our ICT system.

Cookies allow us to:

ensure proper functioning of the Service (durability of the session when you are logged in),

increase the convenience, speed, and safety of using the Service,

obtain statistical information about visits to our Service.

The cookies we use do not collect any personal data from you. Anonymous data is completely sufficient for the purposes mentioned above. If we process your personal data for other reasons (e.g. you have an account on our Service and there you provided us with your data), we do not combine them in any way with anonymous data obtained by means of cookies.

Consent to cookies. During your first visit to our Service, you will be informed about the use of cookies. You can always withdraw your consent by deleting cookies and changing the settings of cookies in your browser. Remember, however, that disabling cookies may cause difficulties in using the Service, as well as many other websites that use cookies. Consent to use cookies may be necessary for the proper use of your account on the site (cookies allow the software of our site to ‘see’ that you are logged in and maintain the continuity of your session when you jump between subpages).

Own Cookies. Cookies can be divided into own and coming from third parties. As far as our own cookies are concerned, we use them in order to improve the functioning of the Service and to enable proper use of accounts (session maintenance).

Cookies of third parties. Our Service uses third party cookies only to create anonymous statistics of visits.

3. What personal data we process

We process the following personal data:

People who enter the Service without registration

  • device IP address,
  • device screen resolution,
  • device type (unique device identifiers), operating system and browser type,
  • geographic location (country only),
  • preferred language (device interface language),
  • mouse events (movements, location, and clicks),
  • keypresses,
  • referring URL and domain,
  • pages visited,
  • server date and time,
  • location of the terminal device from which the user connects to the service,
  • UTM tags, determining from which network location the user arrived
  • online identifiers, including cookie IDs, web protocol addresses and device identifiers.

People who register on the Service and use its free version

  • all data indicated in the above point,
  • e-mail address,
  • API keys.

People who register on the Service and use the paid functions of the Service

  • all data indicated in the above points,
  • billing information such as: first name and last name, date of birth, the country of residency if the user comes from the European Union, or the information that the user comes from outside of the European Union.

People who contact us

  • e-mail address,
  • other personal data that could potentially be included in the message by the sender.

People who order the Newsletter

  • e-mail address,
  • data measuring Newsletter performance.

4. To whom we disclose your personal data

The data of all users of the Service are processed in the IT system, located in part in the so-called public cloud computing provided by third parties (responsible for hosting the Service).

Personal data of people using the contact form are also processed in the IT system, located in part in the so-called cloud computing provided by third parties responsible for hosting the email that we use. Due to the location of these entities' servers, this data may be transmitted, stored and processed in third countries. These entities, however, guarantee an adequate level of data protection.

Our IT systems are serviced by an external specialized entity. When providing services to us, it may have access to your personal data.

Some of the operations described above involve sending your personal data to so-called third countries (outside the European Economic Area) where GDPR does not apply. However, this always happens based on the legal instruments provided for in the GDPR, guaranteeing adequate protection of your rights and freedoms. Detailed information in this regard can be found in the privacy policies posted by providers on their websites.

We entrust the processing of personal data to:

  1. Amazon Web Services, Inc. (USA)

    We entrust the processing of personal data to Amazon Web Services, Inc. in order to store data on the server. Our services are located on these servers, so everything you type in our forms must appear there. Your data is stored on secure servers in the USA. The connections we use to connect to the server are encrypted.

    According to the information from Amazon Web Services, Inc. privacy policy:

    ‘Amazon Web Services, Inc. is located in the United States, and our affiliated companies are located throughout the world. Depending on the scope of your interactions with AWS Offerings, your personal information may be stored in or accessed from multiple countries, including the United States. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Notice and as permitted by applicable data protection laws.’

    More information about the processing of personal data by Amazon can be found here:

    https://aws.amazon.com/privacy/?nc1=f_pr

    Amazon Web Services, Inc. participates in the EU-US and Swiss-US Privacy Shield frameworks. Click here to learn more:

    https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202135380

  2. Proton Technologies AG (Switzerland)

    We entrust the processing of personal data to Proton Technologies AG in order to support the mail server. We use ProtonMail to handle our email correspondence, and store data in the cloud.

    You can read more about ProtonMail's privacy policy here: https://protonmail.com/privacy-policy

    All data storage infrastructure is also located solely within Switzerland, and thus governed by the laws and regulations of Switzerland. Additional information about the legal framework can be found in ProtonMail’s Transparency Report: https://protonmail.com/blog/transparency-report/

  3. SendGrid, Inc. (USA)

    We entrust the processing of personal data to SendGrid, Inc. in order to handle transactional emails (setting up an account on the Service, recalling passwords, etc.).

    You can read more about SendGrid's privacy policy here: https://sendgrid.com/policies/privacy-2016/ and here: https://www.twilio.com/legal/privacy

    SendGrid, Inc. (as part of Twilio Inc.) participates in the EU-US and Swiss-US Privacy Shield frameworks, what you can check here:

    https://www.privacyshield.gov/participant?id=a2zt0000000TNLbAAO&status=Active

  4. LunaNode Hosting Inc. (Canada)

    We entrust the processing of personal data to LunaNode Hosting Inc. in order to store payment processing data on the server. Our payment processor is located on these servers, so everything you type in our forms our paywall at pay.deltabadger.com must appear there. Your data is stored on secure servers in the Canada. The connections we use to connect to the server are encrypted.

    You can read more about privacy policy of LunaNode Hosting Inc. here: https://www.lunanode.com/privacy

Google LLC and Google Ireland Limited (Google Analytics)

The information collected by this tool is completely anonymous and does not allow your identification, but under GDPR it may still be treated as personal data. For this purpose, Google LLC cookies are used for the Google Analytics service. The use of Google Analytics services involves the implementation of the tracking code in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies.

The anonymous data of all Service users (in relation to Google Analytics services) contained in cookies are disclosed to Google LLC and Google Ireland Limited providing us the Google Analytics service on the terms set out here: https://privacy.google.com/businesses/processorterms/ and here: https://privacy.google.com/businesses/controllerterms/

The servers of these companies are located in different parts of the world, which means that these data can be transferred outside the European Economic Area. However, Google LLC guarantees an adequate level of data protection. Google LLC joined the EU-US-Privacy Shield program which can be verified here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can check the location of Google LLC servers here:

https://www.google.com/about/datacenters/inside/locations/?hl=pl

You can prevent the processing of personal data in this way (block Google Analytics) by making the appropriate choices on the site available here: https://tools.google.com/dlpage/gaoptout

Facebook Ireland Limited (Facebook Analytics)

The anonymous data of all Service users (in relation to Facebook Analytics services) contained in cookies are disclosed to Facebook Ireland Limited providing us the Facebook Analytics service on the terms set out here: https://www.facebook.com/privacy/explanation and here: https://www.facebook.com/policies/cookies/

Facebook uses typical contractual clauses approved by the European Commission ‘(What is a standard contract clause?’ - https://www.facebook.com/help/566994660333381?ref=dp) and is based on the decisions of the European Commission stating an adequate level of data protection in relation to specific countries, where applicable, in the scope of data transfer from the European Economic Area to the United States and other countries (‘Adequacy decisions’ - https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

Mixpanel Inc. (Mixpanel)

The information collected by this tool is completely anonymous and does not allow your identification, but under GDPR it may still be treated as personal data. For this purpose, Mixpanel Inc. cookies are used for the Mixpanel service. The use of Mixpanel services involves the implementation of the tracking code in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies. Detailed information about Mixpanel can be found here: https://mixpanel.com/legal/privacy-overview/ and here: https://mixpanel.com/legal/privacy-policy/

You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page: https://mixpanel.com/optout/

For more information on what type of information Mixpanel collects, please visit the Terms of Use page of Mixpanel: https://mixpanel.com/terms/

External services supporting our business

Please bear in mind that in running our business we use the support of specialized external entities which may or must have access to some of your data - these are the entities which provide us with services in the field of:

  • accounting and bookkeeping services,
  • IT services,
  • payment service providers,
  • state administration bodies authorised to do so by law (e.g. tax authorities, self-government bodies of legal advisers, offices, courts),
  • service providers related to the so-called re-marketing (as Google and Facebook).

In our agreements with these entities, we have ensured that your personal data will not be transferred to so-called third countries (outside the European Economic Area), where the GDPR does not apply.

In addition, personal data of Service users contained in cookies may also be disclosed to entities with which the administrator has undertaken affiliate cooperation.

5. How long we process your personal data

Maintaining an account on our Service

We will process your personal data for as long as it is necessary to maintain an account on our Service for you. If the statute of limitations for claims related to our Service is longer than the retention period for maintaining an account on our Service for you, then this longer period shall apply.

Contact

Personal data provided in order to contact us will be stored for no longer than is necessary to answer you, and after that time may be stored in the event of potential claims for the limitation period specified by law.

Billing information

The billing information will be stored for 7 (seven) years from the end of the accounting year from which the specific transaction was made. The billing information is proof of payment and an obligation to their storage results indirectly from the Tax Law.

Cookies

The processing of your personal data contained in cookies lasts until you disable their use. You can do this by deleting cookies and changing cookie settings in your browser.

Newsletter

Personal data processed for purposes of sending you newsletter will be processed as long as the agreement regarding sending the newsletter is in force (which is, until it is terminated by either of the parties) and after that time may be stored in the event of potential claims for the limitation period specified by law.

Api Keys

API keys can be deleted by the user at any time.

6. How do we enable you to realize your rights

We make our best efforts to ensure that you are satisfied with working with us. Please bear in mind, however, that you are entitled to a number of privileges that will allow you to have an influence on the manner in which we process your personal data, and in some cases, you may stop such processing.

If you are a person to whom the GDPR applies, these rights include:

  • the right to access the personal data (regulated in Art. 15 of the GDPR)

    Article 15

    Right of access by the data subject
    1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
      1. the purposes of the processing;
      2. the categories of personal data concerned;
      3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
      4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
      5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
      6. the right to lodge a complaint with a supervisory authority;
      7. where the personal data are not collected from the data subject, any available information as to their source;
      8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
    2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
    3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
    4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
  • the right to rectify the data (regulated in Art. 16 of the GDPR)

    Article 16

    Right to rectification

    The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • the right to erase the data (regulated in Art. 17 of the GDPR)

    Article 17

    Right to erasure (‘right to be forgotten’)
    1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
      1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
      3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21(2);
      4. the personal data have been unlawfully processed;
      5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
      6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
    2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
    3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
      1. for exercising the right of freedom of expression and information;
      2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
      3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
      4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
      5. for the establishment, exercise or defence of legal claims.
  • the right to restrict the processing of data (regulated in Art. 18 of the GDPR)

    Article 18

    Right to restriction of processing
    1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
      1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
      2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
      3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
      4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
    2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
    3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
  • the right to object to the processing of data (regulated in Art. 21 of the GDPR)

    Article 21

    Right to object
    1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
    2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
    3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
    4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
    5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
    6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
  • the right to transfer data (regulated in Art. 20 of the GDPR)

    Article 20

    Right to data portability
    1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
      1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
      2. the processing is carried out by automated means.
    2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
    3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

If you are not a person to whom the GDPR applies, these rights include all the rights granted to you under the applicable data protection law in your country.

In order to exercise any of the rights above described, please contact us by sending an e-mail to the address we have first contacted you from, or the address: dger b ct@delt cont

7. Lodging a complaint to the supervisory authority

If you are the person to whom the GDPR applies pursuant to Art. 77 of the GDPR you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place where the alleged violation has been committed, if you believe that processing of your personal data violates the provisions of the GDPR.

If you are not the person to whom the GDPR applies, you are entitled to lodge a complaint with the office dealing with the protection of personal data in your country in accordance with applicable law.

8. Is submitting personal data necessary for concluding an agreement with us

Maintaining an account in our Service

We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. Some data is also necessary for us to fulfill the obligations arising from the law (tax regulations, accounting regulations). Failure to provide your data will, unfortunately, prevent the conclusion and implementation of the agreement.

Online payments

Failure to provide personal data required to perform online payments will prevent the service provider from carrying out the payment process, which will make the performance of the agreement impossible. As a result, you will have to choose a different payment method.

Newsletter

We collect your personal data primarily to the extent necessary for the conclusion and performance of the agreement. If you do not provide us with personal data (in particular e-mail address) it will make it impossible to cooperate with you.

Contact

We do not conclude any agreement with you at this stage. Some of your details (as an email address) are necessary for us to answer your question.

Cookies

Consent to use cookies may be necessary for the proper use of your account on the site (cookies allow the software of our site to ‘see’ that you are logged in and allow you to access the account content).

9. How do we obtain your personal data

We obtain your personal data directly from you (including automated methods).

Data regarding the payment process is provided to us by GoBee. - the provider of online payment processing services and an online platform for managing them.

10. Automated processing and profiling

Exploitation data and data related to using cookies are processed in an automated way (however, they are not subject to profiling, as understood based on GDPR).

Other data is not subject to automated processing or profiling.