Data Processing Addendum of VYKIX
What is Personal Data?
Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website.
Commitment to data protection
However, we reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, we will inform you again about this further data processing to the extent required by law and obtain your consent.
In the next sections we explain when and how we process personal data about you when you visit our website.
Purposes of processing and legal basis
We collect, process and use your personal data for the following purposes:
• Establishment and performance of contractual relationships;
• Customer service and customer support;
• To process orders for our services.
The processing of your personal data may be based on the following legal grounds:
• Consent: the individual has given clear consent to process personal data for a specific purpose (Art. 6 (1) a) GDPR).
• Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract (Art. 6 (1) b) GDPR).
• Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations) (Art. 6 (1) c) GDPR).
• Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests (Art. 6 (1) f) GDPR).
Your data subject rights
You have a number of rights, these rights are standardized in the GDPR and include:
• The right to information (Art. 15 GDPR),
• The right to rectification (Article 16 GDPR),
• The right to erasure (Article 17 GDPR),
• The right to restriction of data processing (Article 18 GDPR),
• The right to data portability (Article 20 GDPR),
• The right to object to data processing (Article 21 GDPR),
• The right to revoke any consent you have given (Art. 7 (3) GDPR), and
• The right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal Personal Data about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it.
We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your Personal Data.
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
We encourage you to get in touch if you have any concerns with how we collect or use your personal data. You do however also have the right to lodge a complaint directly with the Portuguese National Data Protection Commission.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us or through your user account. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.
Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of personal data, notably where such requests would not allow us to provide our service to you anymore.
Purposes of use of personal data and legal basis
The hosting services used by us for the purpose of operating our website is VYKIX. In doing so VYKIX, processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of our website and services, on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services.
b) Collection of access data and log files
We collect data on every access to our website on the basis of our legitimate interest. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.
c) Cookies and similar technologies
d) Contacting us
When contacting us, your details are processed for the purpose of handling the request and its processing and may include your Full Name, E-mail address and other contact details, if provided. Your details may be stored in a customer relationship management system or comparable enquiry system. We delete the enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply. The legal bases for processing are our legitimate interest and the provision of pre-contractual or contractual measures.
e) Account registration
On our website, we offer you the opportunity to register by providing personal data and non- personal data, in particular your email address. The data is entered in the registration form is transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to buy our services. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures. You can delete your customer account at any time on our website either by using the delete function in your account or by contacting us.
f) Purchasing our Services
We collect, process, and use the information you provide in the context of your order for the purpose of executing the contract this may include personal data and non- personal data, in particular your name, billing address and e-mail address, as well as information on the type of payment method you have chosen. We store the information you provide for the period of processing and handling the purchased services. Afterwards, your data will be deleted. Data that we are required to store due to legal, statutory,or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you.
Please note when using our services, you become the data controller and we become the data processor in accordance with Art. 29 of the GDPR, for further information please refer to our Data Processing Addendum.
g) Payment transactions
We do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider (currently PayPal and Stripe).
h) Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our operations, financial accounting, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities. The legal basis for the processing of your personal data is the provision of contractual services.
i) Newsletter registration on our website
On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us, i.e., at least your e-mail address. The registration is carried out by means of the so-called double opt-in procedure.
We also use Google Inc.`s reCAPTCHA to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest in operating a secure and spam free website.
k) Content Management System (CMS)
We also use the Content Management System (CMS) of WordPress a service provided by Automattic Inc, to publish and maintain the created and edited Content and texts on our website and to provide the forms used. This means that all content and texts submitted to us by users for publication is transferred to WordPress. In addition to texts, this also includes, for example your data in our forms. This represents a legitimate interest.
l) Content Delivery Network (CDN)
We also use the content delivery network (CDN) of Cloudflare, Inc. and BunnyWay d.o.o. A content delivery network (CDN) refers to a geographically distributed group of servers which work together to provide fast delivery of Internet content and to protect from common malicious attacks, such as Distributed Denial of Service (DDOS) attacks. This represents a legitimate interest.
Storage and retention
Your personal data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or - if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period (typically 10 years). We then delete your personal data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defense against legal claims against us.
Transfer of personal data
VYKIX will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (please also refer to our Data Processing Addendum), you have consented to the disclosure, or the disclosure of data is permitted by relevant legal provisions. VYKIX is entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors for VYKIX pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfillment of reporting obligations.
The service providers commissioned by VYKIX process your data exclusively in accordance with our instructions. VYKIX remains responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organizational measures, and additional controls by us.
Where we need to transfer your data outside Portugal or the EEA, we will use one of the following safeguards:
• The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
• Transfers to a non-EEA country with privacy laws that give the same protection as Portugal and the EEA.
Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil VYKIX legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).
Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place on the part of VYKIX.
Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, pseudonymous user profiles can be created from the processed data.
The IP address transmitted by your browser will not be merged with other data from Google. You can prevent the storage of cookies by setting your browser accordingly. You can also prevent the collection of the data generated by Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Advertising and Marketing
We use the data you provide to fulfil and process our contract and to respond to your enquiries in or on the basis of your consent. Insofar as you have also given us your separate consent to process your data for consulting, marketing and advertising purposes, VYKIX is entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basisthat you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe (or opt out).
a) Google Remarketing (Google Ads)
As a further tracking technology, we have integrated Google Remarketing services on our website. Google Remarketing is a function of Google Ads that enables a company to display advertisements to Internet users who have previously visited the company's website. The integration of Google Remarketing thus allows a company to create user-related advertising and consequently to display interest-relevant advertisements to the Internet user.
The purpose of Google Remarketing is to display interest-relevant advertising. Google Remarketing enables us to display advertisements via the Google advertising network or to have them displayed on other Internet pages that are tailored to the individual needs and interests of Internet users.
You have the option to object to interest-based advertising by Google. To do this, the data subject must call up the link www.google.com/settings/ads from any of the internet browsers he or she uses and make the desired settings there.
b) Facebook Ads and Conversion
We also place ads on Facebook, and also use the "visitor action pixel" (Conversion Tracking) of Facebook within our website.
We use Facebook Conversion Tracking for marketing and optimization purposes, in particular to analyze the use of our website and to be able to improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we want to improve our offer and make it more interesting for users. This is also our legitimate interest in the processing of the above data by the third-party provider.
You can object to the collection by the Facebook pixel and use of your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page https://www.youronlinechoices.com/.
The settings are platform independent. The settings are platform-independent, i.e., they are applied to all devices, such as desktop computers or mobile devices.
We integrate the fonts of the provider Google Inc, whereby the user's data is used solely for the purpose of displaying the fonts in the user's browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform display and taking into account possible licensing restrictions for their integration. The legal basis for this processing is our legitimate interest.
Security and confidentiality
To ensure the security and confidentiality of the personal data we collect on the Website, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal data, we take appropriate technical and organizational measures to protect your information from loss, misuse, unauthorized access, disclosure, alteration, or destruction and to ensure its availability.
Nonetheless, databases or data sets that include personal data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose personal data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as
expeditiously as possible after which the breach was discovered.
We are present in "social media" (currently, Instagram, YouTube, TikTok and Discord) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers. We would like to point out that you use social media platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). We, as the provider of our Social Media Profile, do not collect and process any data from your use of our social media platforms and beyond this. The processing of users' personal data is based on our legitimate interests in providing users with effective information and communicating with users.
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Do Not Sell
We do not sell data to third parties. However, we might, making available, transfer, communicate electronically, consumer’s personally identifiable information by the business to a business affiliated inclusive with a third party but not for monetary but for other valuable consideration.
Personal data and children
The services available on our website are aimed at people aged 18 and over. We will not knowingly collect, use or disclose personal data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact. The parent or guardian will be provided with (i) information about the specific type of personal data being collected from the minor, (ii) the purpose for which it will be used, and (iii) the opportunity to object to any further collection, use or storage of such information. We comply with youth protection laws.
Links to other website
The website may contain links to another website. We have no control over the privacy practices or the content of those other website. Therefore, we recommend that you carefully read the respective privacy policies of these other website that you visit.
This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.
Who should I contact for more information?
VYKIX, Minho province, Guimarães, Portugal
E-Mail: [email protected]