Compaha

DATA PROTECTION POLICY

Introduction

  1. While using compaha.com (hereinafter – website), belongs to company Crafts Marketing SPRL(hereinafter – Company), and sending data via website, you (hereinafter – User) confirm that you have read this Data Protection Policy (hereinafter – Policy) and agree for your personal data processing in accordance with Policy.
  2. Policy sets methods of work with personal data which were collected by the Company while using Website´s. While using the Website User agrees for his personal data processing in accordance with Policy and affirms that. In case when the User does not agree with the Policy partially or fully, he must stop using the Website. All data collected before above-mentioned refusal will be processed in accordance with Policy until the direct User prohibition is received.

Definitions

Company – legal entity, which has following data:

  1. company name: Crafts Marketing SPRL;
  2. registration country: Belgium;
  3. registration number: 0552640573;
  4. address: 14 Rue Grand Bigard, 1082 Brussels, Belgium
  5. email: [email protected]
  6. service provider website: https://compaha.com/


Personal data
– means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

User – natural or legal entity using the Website.

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Personal data and processing methods

Company collects personal data in next cases:

  1. when filling out and submitting forms on the Company’s website;
  2. when the User uses the functionality of the Company’s website.


Targets and legal basis for personal data processing

Company processes data in accordance with next targets and legal grounds:

  1. to enable the use of the functionality of the Company’s website;
  2. to provide the User with information related to the services used;
  3. to provide the User access to the functionality of the Company’s website.
  4. to send and display advertisements to the User that are relevant (in the Company’s opinion);
  5. to send commercial offers from the Company;
  6. for the justified interest of the Company, for the purpose of fulfilling a contract, including for establishing violations of the contract or legislation, as well as to confirm such violations. In such case, the Company has a legitimate interest in protecting its rights;
  7. to collect statistical or technical non-personalized data about the use of the Company’s website;
  8. in order to comply with legal requirements.


Personal data transfer to data Processor

Company has a right to use data processors for data processing without User permission. Company is convinced of Processor’s reliability and responsible to the User for their activities.

Company use next data Processors:

  1. server rental and cloud services providers;
  2. agents, translators, lawyers and other persons through whom the Company provides services.
  3. User has a right to receive information about data processors responsible for his/her personal data processing.


Personal data transfer to the third parties

Company transfers User’s personal data to the third parties only in certain cases like:

  1. its necessity follows from the Law;
  2. it is necessary to execute the agreements between Company and User;
  3. Company has a justified interest;
  4. User gave a permission for data transfer.


Personal data transfer to the third Country

Company transfers personal data to the third countries (countries not included in EEC) only in cases when it is provided on the grounds of Law. In case when recipient country can’t provide required personal data protection measures, Company provide personal data on the condition that required personal data protection measures will be applied for data in accordance with Estonian and EU legal acts.

Personal data storage

Company stores User’s personal data while it is necessary to process data, to protect Company interests or on the grounds provided by legal acts requirements;

Depending on the type of personal data, the Company store data for the following time:

  1. for accounting documents: 7 years from the end of the fiscal year in accordance with the Law;
  2. within the period set by law;
  3. in other cases: 10 years after agreements termination (including User Agreement) between User and Company.


Security

Company takes organizing, physical and measures IT solutions to provide personal data security.
Company is not responsible for the User personal data protection measures violations if such violations caused by actions performed by User or third persons.

User’s rights and obligations

In accordance with relevant legal acts (primarily – GDPR) user has a right to perform next rights for personal data processing:

  1. request an access to his/her own personal data;
  2. request changes in his/her own personal data;
  3. request removing his/her own personal data;
  4. request portability of his/her own personal data
  5. submit objections to his/her own personal data processing on any grounds.

Policy changing

Policy can be changed to comply with changes in Law, personal processing or under instructions of supervisory authorities. In this case Company notifies User about by notification on Company´s website