Privacy Policy – Xstreamora

1. INTRODUCTION

The group entity, the details of which are indicated in the Terms of Service, provides you with web-hosting, domain name registration, and related products and services.

The entity seeks to ensure the highest level of data privacy when offering its variety of quality products and services to customers and subscribers (“Subscribers”) (collectively, “You” or “Users”).

At the entity, the privacy and security of Users is of paramount importance. The entity is committed to protecting the data you share.

When this Policy mentions “we,” “us,” or “our,” it refers to the entity responsible for the protection of your personal information in line with this Privacy Policy (“Data Controller”).

This Privacy Policy (“Policy”) explains how the entity processes information that can be used to directly or indirectly identify an individual (“Personal Data”) collected on the Site, services (“Service”), forums, and mobile applications (“Platform”).

All personal data are processed in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

For any questions regarding this Policy or any requests regarding the processing of personal data, please contact us at the provided email address.

2. GENERAL PRINCIPLES. CONFIDENTIALITY

The entity shall process all Personal Data adhering to the general data processing principles:

Lawfully, fairly, and in a transparent manner in relation to the data subject (lawfulness, fairness, and transparency);
Collect and process Personal Data only for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation);
Ensure that Personal Data is adequate, relevant, and limited to what is necessary for the purposes for which they are processed (data minimization);
Ensure that Personal Data is accurate and, where necessary, kept up to date (accuracy);
Ensure that Personal Data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (storage limitation);
Process Personal Data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (integrity and confidentiality).

All and any information stored on the Platform is treated as strictly confidential. All information is stored securely and is accessed by qualified and authorized personnel only.

3. INFORMATION WE COLLECT

3.1. Information You Provide to Us

Information necessary for the use of the Platform The entity asks for and collects the following personal information about you when you use the Platform. This information is necessary for the adequate performance of the contractual arrangement in place between you and the entity and to allow compliance with legal obligations. Failing to provide any of this data or deciding to delete or object to the processing of any such data may result in the deactivation of your Account.

Account signup information. When you sign up, the entity requires you to provide minimum information: email address and password. In some cases, more information may be requested, such as your first and last name, identity verification, and contact details. Such information is required when you are applying for the registration of a domain name and is indicated as the WHOIS information.
Login information. The entity collects Login scope and Email scope from Google, and email, name, and surname (depending on your choice) from Facebook (Meta).
Identity verification. To comply with the rules set forth by the Internet Corporation for Assigned Names and Numbers (“ICANN”) before the registration of a new domain name, the entity may collect identity verification information (such as images of your passport, national ID card, valid driving license, or other documents as required or permitted by applicable laws).
Payment information. To order and use features of the Platform (such as web-hosting, domain name registration), the entity may require you to provide certain financial information to facilitate the processing of payments. Third-party (payment processor) services are used, so credit card information is not collected or stored (only information about the payment status and the last 4 credit card digits are stored).
Communications, chats, messaging. When you communicate with the entity (including by using general inquiries windows, chat windows, or chatbots), information about your communication and any information you choose to provide or disclose is collected. To respond to your request, the entity may also access information provided in your Account, purchase history, etc.
Job applicants’ information. Information that you provide by applying to any open career positions published, by email, or otherwise is also collected. For more details, see Section 5 below.
Visitors and users of User’s websites or services. Information pertaining to visitors and users of User’s websites or services (“Users-of-Users”) may be collected solely for and on Users’ behalf.

You may also choose to provide information when you fill in a form, conduct a search, update or add information to your Account, respond to surveys, post to community forums, participate in promotions, or use other features of the Platform. It is advised against posting any information you don’t wish to make public on the Platform. If you upload any content to your account or post it on your Website and provide it in any other way as part of the use of any Service, you do so at your own risk.

The entity processes information you provide on the legal basis of:

Your consent, expressed when voluntarily submitting and filling your Personal Data details in sign-up forms, by email, request, or inquiries window, etc.;
Conclusion and performance of contractual arrangements and obligations between the entity and the User;
Pursuance of legitimate interests of the entity, as Data Controller and manager of the Platform;
Compliance with a legal obligation to which the entity is subject, including, but not limited to, ICANN rules.

Disclaimer Please always take care and observe at least the following minimum requirements for the protection of your personal information:

Please omit using your name, address, telephone number, email, personal identification number, date of birth, bank account number, card number, or other special (sensitive) data in the subject of the request or file name;
Please omit using your personal code, payment card number, and other financial information and details, health, family member details, or other specific (sensitive) data in the texts of requests, emails, or similar communication;
Please make sure that the remaining personal data is only indicated to the extent necessary for the purposes for which the letter, request, or inquiry is sent.

Right to delete your data You may at any time access and edit, update, or delete your contact details by logging into your Account.

Please note that you will only be able to delete your email during deactivation of your Account. To deactivate your Account, please send your request to the provided email address, and you will be provided with further guidance.

Information related to the calls or meetings you participate in In cases where you call the entity or schedule an appointment for a meeting, such conversations will be recorded for quality management purposes. As a result, the entity will be able to maintain and improve the quality of services based on quality standards and policies. For this purpose, the following data will be processed: email address, date and time of conversation, its duration, audio and/or video recording, and any other personal data provided by you voluntarily during the conversation. The provided email address and/or phone number may be used for the purposes of allowing you to reach the entity or contacting you regarding your matter.

In such cases, processing is necessary for the purpose of the legitimate interests pursued by the entity (under Article 6(1)(f) of GDPR) or is based on your consent, when you consent to video recording by turning video on, or provide certain data voluntarily (under Article 6(1)(a) of GDPR).

The recordings will be kept for up to 30 days and deleted thereafter as soon as technically feasible.

3.2. Information Collected When You Use the Platform

When you use the Platform or contact the entity directly by any communication channel, information, including personal information, about the services you use and how you use them may be collected.

This information is necessary for the adequate performance of the contract between you and the entity, to enable compliance with legal obligations, and given the legitimate interest in being able to provide and improve the functionalities and security of the Platform.

Automatic collection of data

Log data and device information. Log data and device information are automatically collected when you access and use the Platform, even if you have not created an Account or logged in. That information includes, among other things: Internet protocol (IP) addresses, browser information, including its type, Internet service provider (ISP), referring/exit pages, device properties, including its operating system, date/time stamp, and/or clickstream data.
Tracking technologies and cookies. Cookies, beacons, tags, scripts, and other similar technologies, such as CI codes (click tracking), ISC (source tracking), and ITC (item tracking codes) are used. Information about the device’s operating system, phone model, device ID, and customer number is also automatically collected. For more detailed information on the use of these technologies, see the Cookies Policy.
Usage information. A tool called “Google Analytics” is used to collect information about your interactions with the Platform (what pages you visit, such as the pages or content you view, your searches for Listings, bookings you have made, and other actions on the Platform). In consequence, a permanent cookie is planted on your web browser to identify you as a unique user the next time you visit the Site. For more information, please visit Google.
Geo-location data. Information about your approximate location as determined by data such as your IP address is collected to offer you an improved user experience and comply with applicable legal requirements, such as taxes, pricing, etc. Such data may be collected only when you access the Platform using your device.

The entity processes this information on the legal basis of:

Your consent;
Conclusion and performance of contractual arrangements and obligations between the entity and the User;
Pursuance of legitimate interests of the entity, as Data Controller and manager of the Platform.

4. HOW WE USE YOUR DATA

The entity uses, stores, combines, and processes information, including personal information, about you to provide, understand, improve, and develop the Platform, create and maintain a trusted and safer environment, and comply with legal obligations.

To identify. Personal identification information is collected and processed for the purposes of User identification, use of services, and domain name registration. Additionally, this information may be used to provide Users with support, letting them know about upcoming updates or improvements, providing information regarding changes of any Terms of Use (including changes to this Policy), as well as other important information.

To create and maintain a trusted environment. Information or identifications provided by you (such as ID number, email, or phone numbers) are verified or authenticated. Collected information is also used to detect and prevent fraud, spam, abuse, security incidents, and other illegal and harmful activities.

To create aggregated statistical data. To carry out market research and analysis necessary for running the business, to improve services, aggregated and/or inferred non-personal information is used to evaluate customers’ needs, sales, and other trends.

To stay connected. Information about data usage, devices, and operating systems is used to diagnose problems with servers, to administer the Platform, adopt decisions when to retire SDK’s/OS versions, to identify characteristics of major users so that applications and services can be optimized, and to make your browsing and purchasing experience more enjoyable.

To customize marketing. To provide more customized offers to Users, data analysis based on information you provide, your interactions with the Platform, and its Users may be conducted.

To send service and billing messages. The entity may also contact you with important information regarding Services or your use thereof. For example, a notice may be sent (through any of the communication channels available) if a certain Service is temporarily suspended for maintenance; a reply to your support ticket or email; reminders or warnings regarding upcoming or late payments for your current or upcoming subscriptions; forwarding abuse complaints regarding your hosting plan; or notifying you of material changes in Services. Such communication is essential, for this reason, no opt-out possibilities are given to avoid receiving such Service and Billing Messages unless you are no longer a User (which can be done by deactivating your Account).

To inform you about the status of unfinished orders. An email notification about the status of your unfinished order may be sent. Such notifications are based on the legitimate interest in improving your experience and assisting you with any issues related to your orders. You have the full right to opt-out of receiving such notifications at any time through the unsubscribe link provided in the email or your account settings.

To register domains. In certain jurisdictions or pursuant to the rules of ICANN or certain registries, domain name registration information has to be made available and accessible to the public through a “WHOIS” search. The WHOIS database is a publicly accessible database that lists the domain name registration information for a particular domain name, the name server(s) to which the domain name points, and the domain name’s creation and expiration date. The domain name registration information you provide is stored and made available to the public through WHOIS searches. The entity may deposit your domain name registration information with a third-party escrow provider to comply with ICANN requirements. At times, Users may receive solicitations that result from searches of the publicly available WHOIS database by other companies or individuals. Any such solicitations or email communications do not come from the entity, and the entity is not responsible for the use of WHOIS information by third parties. The entity acts only on the basis of ICANN rules and requirements.

To contact you. To notify you regarding your Account, to troubleshoot problems with your Account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about the company, or as otherwise necessary to contact you to enforce the User Agreement, applicable national laws, and any agreement in place. For these purposes, contact may be made via email, telephone, text messages, and portal.

To handle sales-related inquiries. When you reach out with questions about Services or potential purchases without logging into your Account (e.g., as a prospective customer), the entity will handle your requests. If you agree to provide your email address and other information (such as your needs and preferences), this data will be used to provide you with personal assistance, also to email you with information related to your inquiry and follow-up communication. Communication data will be kept for up to 90 days and deleted thereafter as soon as technically feasible.

To get feedback. Contact may be made via email to invite you to review any services and/or products you received to collect your feedback and improve services. An external company may be used to collect your feedback, which means that name, email address, and reference number will be shared for this purpose.

To provide Dark Web Monitor service. If you activate this service, the verified account email and domains registered will be used to detect potential data breaches involving your data and notify you about this by email and/or through alerts.

To provide, operate, and improve the Services. To enhance data security and to prevent fraud. To comply with applicable laws and regulations.

5. JOB APPLICATIONS

The entity welcomes all qualified Applicants to apply to any of the open positions published by sending contact details and CV (“Applicants Information”) via the relevant Position Application Form on the Website, or through any other means provided.

The entity understands that privacy and discreteness are crucial to Applicants and is committed to keeping Applicants Information private and using it solely for internal and group companies’ recruitment purposes (including for identifying Applicants, evaluating their applications, making hiring and employment decisions, and contacting Applicants by phone or in writing).

The entity may retain Applicants Information submitted for no longer than one year after the applied position has been filled or closed. This information is collected to re-consider Applicants for other positions and opportunities; to use their Applicants Information as a reference for future applications submitted by them; and if the Applicant is hired, for additional employment and business purposes related to their work.

If you previously submitted your Applicants Information but now wish to access it, update it, or have it deleted, please contact the provided email address.

6. INFORMATION PERTAINING TO VISITORS AND USERS OF USER’S WEBSITES OR SERVICES

The entity may collect, store, and process certain information pertaining to visitors and users of User’s websites or services, solely on Users’ behalf and at their direction. Each User is able to collect and manage information, including personal data, via their website. Such information and personal data are then stored with the entity. For such purposes, within the meaning of the GDPR, the entity may in certain limited cases, as specified in the Terms of Service, be considered as a “data processor” of such information pertaining to visitors and users of their websites or services. The Users controlling and operating such User websites shall be considered as the “data controllers” of such information and shall be solely, completely, and fully responsible and liable for complying with all laws and regulations that may apply to the collection and control thereof, including all privacy and data protection laws of all relevant jurisdictions.

Users shall be solely, completely, and fully responsible for the security, integrity, and authorized usage of information related to visitors and users of their websites or services, and for obtaining consents, permissions, and providing any fair processing notices required for the collection and usage of such information.

The entity has no direct relationship with the individual visitors and users of User’s websites or services whose personal data it processes. If you are a customer of any User and would like to make any requests regarding your personal data, please contact such User(s) directly.

For more information about data processing arrangements, please see the Terms of Service.

7. DIRECT MARKETING AND SERVICE EXPIRATION NOTICES/RENEWAL REMINDERS

When creating an Account on the Platform or thereafter, subject to the available functionalities, you are free to manage your preferences regarding receipt of various communications, including marketing offers and other marketing information, or service expiration reminders, through your email, phone (SMS and/or WhatsApp messages), or in your Account.

Marketing communication and quality surveys via email. Marketing communication (e.g., newsletters, special offers, and other information related to Services) may be sent to your email based on legitimate interest, provided you have used or signed up for a Service (including used a free trial). This allows keeping you informed about products, Services, and updates that may be relevant to you. Contact may also be made via email with surveys or feedback requests to better understand your needs and improve the quality of Services. This communication is based on the legitimate interest in improving user experience and understanding customer needs.

Above communications may be sent during your active use of the Service and for up to 90 days after your last interaction (e.g., subscription expiration or termination). After this period, such communication can be sent in cases where consent for such purpose is received.

You are free to opt-out of such communications at any time after the creation of your Account.

Marketing communication via phone (SMS and/or WhatsApp). Such communication (e.g., special offers) will only be sent if you have given consent. You have the right to withdraw your consent and stop receiving communications via SMS and/or WhatsApp at any time. Your consent will be valid for a period of 36 months after your last interaction, unless you withdraw it earlier. After this period, consent will be requested again before continuing to send marketing messages.

Transactional messages via phone (SMS and/or WhatsApp). Where allowed under applicable laws, important messages may be sent, which fall into one of the following categories: (i) subscriptions and payments (e.g., service expiration reminders, failed payments); (ii) account and its security (e.g., account or its security-related updates and alerts); or (iii) service status and changes (e.g., significant information, which might influence continuous use of the service). These messages are not considered direct marketing. This is based on the legitimate interest in ensuring proper service provision, maintaining account security, and preventing Service disruptions. You are free to opt-out from receipt of such messages anytime or choose which type of messages you want to receive.

Communications, depending on your preferences, may be personalized taking into account any other information which you have provided (e.g., location, social media profile information, purchase history, etc.) or collected or generated from other sources as described below.

Please note that while efforts are made to send service expiration notices via SMS/WhatsApp for all applicable Services, this is done at discretion and there is no obligation to send such notices for every Service. Also, content sent via different communication channels may differ.

Right to object/revoke consent If you wish to change your communication preferences (withdraw your consent or object (opt-out)), you are free to exercise such option at any time by (1) following the instructions to unsubscribe in the received email (usually, by clicking on a link for that purpose at the bottom of the email)/text message; (2) visiting and adjusting your personal account settings (communication preferences).

You may also at any time refuse to receive information by sending an email to the provided address.

8. OTHER USES OF YOUR PERSONAL DATA

Developing the platform. Data, including public feedback, is used to conduct research and development for the further development of the platform to provide you and others with a better, more intuitive, and personalized experience, and to drive membership growth.

Customer support. Data is used to help you and fix problems. The data (which can include your communications) is used to investigate, respond to, and resolve complaints and issues (e.g., bugs).

Aggregate insights. Data is used to generate aggregate insights. Your data is used to produce and share aggregated insights that do not identify you.

Security and investigations. Data is used for security, fraud prevention, and investigations. Your data (including your communications) is used if it is thought necessary for security purposes or to investigate possible fraud or other violations of the Terms of User or this Policy and/or attempts to harm Users.

9. SOURCES OF PERSONAL DATA

Personal data is collected and received from yourself (including your device) as well as from the following sources:

Social network operators (such as Facebook, Google, etc.);
Third-party service providers, suppliers, and partners;
If you activate the Dark Web Monitor service, a third-party provider will be used to access data about you from dark web sites, including details of possible credential leaks, such as the leak date and related website link;
Other legal sources.

10. RETENTION AND DELETION

Personal information is generally retained for as long as is necessary to provide services and to comply with legal obligations. Where personal information is no longer required, it will be securely deleted.

If you would like to stop the use of your personal information, you shall request that personal information be erased and your Account closed.

After deactivation of the Account, the following data will still be retained for the purposes of compliance with applicable legal requirements (such as tax, accounting, legal reporting, AML, other), for as long as legally required:

Profile with de-personalized information (email will be changed to user@deleted.com, name, surname, and contact information erased), like purchased services, login information, payment information, etc.

Please also note that some personal information may be further retained in such cases (i.e., after closure of your Account):

As long as it is necessary for legitimate business interests, such as fraud detection and prevention and enhancing safety. If your Account is suspended for safety reasons, certain information may be retained to prevent opening a new Account in the future;
To the extent necessary to comply with legal obligations. Some information may be kept for tax, legal reporting, and auditing obligations;
Forum posts or other publicly visible information may continue to be publicly available on the Platform, even after your Account is deactivated. However, attribution of such information to you will be removed. Additionally, some copies of your information (e.g., log records) may remain in the database but are disassociated from personal identifiers;
To resolve disputes;
To enforce agreements and/or pursue or protect legitimate interests;
As the Platform is protected from accidental or malicious loss and destruction, residual copies of personal information may not be removed from backup systems for a limited period of time;
Domain name registration data – at the moment of writing this Policy, to register a domain, personal information about the owner of the domain is required; this information is shown in the WHOIS directory and is public.

11. DATA TRANSFERS AND USE OF THIRD-PARTY SERVICES

11.1. With Your Consent or Under Other Legitimate Basis

Personal Data will be shared with companies, organizations, or individuals outside the group of companies when consent is given or under other legitimate basis.

11.2. Where Do We Process Your Personal Data?

Users’ personal information may be maintained, processed, and stored by the entity and authorized affiliates and service providers in the United Kingdom, Netherlands, Lithuania, or Cyprus, and in other jurisdictions as necessary for the proper delivery of Services and/or as may be required by law.

Job applicants’ information will be maintained, processed, and stored in Lithuania, in the applied position’s location(s), and as necessary, in secured cloud storage provided by Third-Party Services.

The entity is based in Cyprus, which is a member of the EU and offers an adequate level of protection for the Personal Information of EU Member State residents.

Affiliates and service providers (such as third-party data centers, servers, website design, administration services, online traffic and website analysis, statistics, direct marketing services, mailers, messengers, email service providers, providers that provide data available on dark web sites, and machine learning or AI-powered service providers, etc.), that store or process personal data as well as personal data of Users on the entity’s behalf are each contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.

Domain name registration data and identification data are shared with third parties in accordance with ICANN rules.

While implementing various fraud detection processes as part of the ordering system, data is shared with a fraud prevention service provider. A copy of the privacy notice is available, which explains how personal data will be used for these purposes.

Non-personally identifiable information may be shared publicly as well as with partners – publishers, advertisers. For example, information may be shared publicly to show trends about the general use of the platform.

If involved in a merger, reorganization, acquisition, or sale, the confidentiality of any Personal Data will continue to be ensured, and all affected Users will be given appropriate notices.

Some servers are located outside the EU or European Economic Area (EEA), such as the US, Brazil, Singapore, Indonesia, therefore, depending on your choice or the Services, personal data as well as personal data of Users might be transferred to processors, sub-processors, or other data recipients established in such third countries (i.e., data centers and servers, located outside EU or EEA). It will be ensured that the said personal data will be transferred only if there is a sufficient basis for this under the GDPR and other applicable legal acts.

Standard contractual clauses for data transfers outside the EU or EEA. For such transfers to be compatible with the requirements of GDPR, relevant agreements on such data transfers outside the EU or EEA have been concluded with the data processors and/or sub-processors, which comply with the European Commission-approved standard contractual clauses for data transfers from data controllers in the EU to data processors and/or controllers established outside the EU or European Economic Area (EEA). For the said purposes and to the extent relevant, it has been deemed that the said agreements were concluded on your behalf and under your instructions, all in line with Art. 46 of GDPR.

Other grounds for data transfers outside the EU or European Economic Area (EEA). Personal data as well as personal data of Users might be transferred to data recipients established in third countries on other legal grounds compatible with the requirements of GDPR (Art. 45-49).

Transfer, disclosure of data to competent authorities. In certain situations, personal data may be disclosed in response to lawful requests by public authorities, other competent authorities, including when it is required to meet national security or law enforcement requirements, and will do so where permitted by local data protection laws.

11.3. Data Localisation Obligations

If you reside in a jurisdiction that imposes “data localisation” or “data residency” obligations (i.e., requiring that Personal Information of its residents be kept within the territorial boundaries of such jurisdiction), and this fact comes to attention, personal information may be maintained within such territorial boundaries, if legally obligated to do so.

You acknowledge that while doing so, personal information may continue to be collected, stored, and used elsewhere.

11.4. Targeting, Advertising

Social media platforms, as well as other advertising and marketing tools, are used. You should carefully read the privacy policy of these service providers. More information on targeted advertising, as well as opt-out rights and other rights, can be found on the respective websites of these service providers.

11.5. Social Media Features

Services include certain Social Media features and widgets, single sign-on features, such as “Facebook Connect” or “Google Sign-in,” the “Facebook Like” button, the “Share this” button, or other interactive mini-programs (“Social Media Features”). These Social Media Features may collect information such as your IP address or which page you are visiting on the Website, and may set a cookie to enable them to function properly. Social Media Features are either hosted by a third party or hosted directly on the Services. Your interactions with these third parties’ Social Media Features are governed by their respective policies.

11.6. Legal Obligation to Use or Disclose Personal Data

Personal Data will be revealed to state and public authorities without prior permission only when legally required to provide information, including taking legal action to defend rights, as well as in cases where there is a belief in good faith that access, use, preservation, or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process, or enforceable governmental request, enforce applicable Terms of Services, including investigation of potential violations, detect, prevent, or otherwise address fraud, security, or technical issues.

11.7. Other

Personal data may be shared in manners other than as described above, pursuant to explicit consent, or if legally obligated to do so.

12. SECURITY

Security measures have been implemented to protect the Personal Information shared, including physical, electronic, and procedural measures. Among other things, HTTPS secure access to most areas on the Services is offered. Systems are regularly monitored for possible vulnerabilities and attacks, and new ways and Third-Party Services are sought for further enhancing the security of the Services and protection of Visitors’ and Users’ privacy.

Regardless of the measures and efforts taken, absolute protection and security of Personal Information, or any other User Content uploaded, published, or otherwise shared, cannot be guaranteed.

It is encouraged to set strong passwords for the User Account and avoid providing anyone with any sensitive information that could cause substantial or irreparable harm.

If you have any questions regarding the security of the Services, you are welcome to contact the provided email address.

13. YOUR RIGHTS

You are entitled to a range of rights regarding the protection of your Personal Data, which are subject to limitations, restrictions, and conditions as laid down in GDPR and applicable law. Those rights are:

The right to access the information processed about you;
The right to rectify incorrect/inaccurate information about you;
The right to transfer all or part of the information collected about you to you or another data controller, where technically feasible (the right to data portability; with limitations and restrictions as specified in the EU General Data Protection Regulation);
The right to erase any data concerning you. Users may demand erasure of data without undue delay for legitimate reasons, e.g., where data is no longer necessary for the purposes it was collected, or where the data has been unlawfully processed;
The right to the restriction of data processing. Users, for legitimate purposes, may obtain restriction of data processing from the controller;
The right to object to the processing of Personal Data when processing is carried out on the basis of legitimate interest, as well as in cases of use of your personal data for direct marketing purposes, as specified above in this Policy.

Some of the rights as above are easy to exercise: i.e., you may at any time access and edit, update, or amend your details, opt out of receiving communications by visiting and adjusting your personal account settings, or by email.

When you object to the processing of Personal Data when processing is carried out on the basis of legitimate interest, the request will be carefully considered, which may result in your Account closure or deactivation.

Users have the right to lodge a complaint with the national Data Protection Agency in their country of residence in the event where their rights may have been infringed. However, it is recommended to attempt to reach a peaceful resolution of the possible dispute by contacting first.

Automated individual decision making, including profiling In certain cases, automated decisions related to you may be made. Technology may be used to assess your personal situation and other factors to predict potential risks or outcomes (this practice is known as profiling). This is implemented to make decisions that are fair, consistent, and informed by accurate data.

In cases where a decision based solely on automated processing produces legal effects concerning you or similarly significantly affects you, you have the right to contest the decision, express your point of view, and request human intervention. You can do this by contacting the Customer Success team or by using the email indicated in this section. The request will be reviewed, and a human review of the decision will be provided, ensuring that your rights are fully respected.

For example, automated decisions and profiling are made in the following cases:

To perform a fraud prevention check before a purchase is accepted. This helps to protect customers and the website from any potential risk of fraud, consumer scam, or abuse. The processing is necessary to fulfill a contract (Art. 6 para. 1 b) GDPR). If based on data and behavior patterns (e.g., your behavior consistency with previous use of services) it is determined that a purchase poses a risk, the purchase will not be completed;
To evaluate whether to apply a discount to the price of the product or service you purchase. This will not be used to increase the price of the product or service you want to purchase. The processing is based on the legitimate interest to enhance customer experience and encourage long-term commitment (Art. 6 para. 1 f) GDPR).

14. ACCEPTANCE OF THIS POLICY

It is assumed that all Users of the Platform have carefully read this document and agree to its contents. If someone does not agree with this Policy, they should refrain from using the website and mobile applications. The right is reserved to change the Policy at any time and inform by using the way as indicated in Section 17. Continued use of the website and mobile applications implies acceptance of the revised Policy.

This Policy is an integral part of the Terms and Conditions.

Consent will be asked for before using information for a purpose other than those set out in this Policy.

15. CONTACTS

For all requests or comments concerned with this Privacy Policy, please contact the provided email address.

16. APPLICATION OF POLICY

The Policy applies to all of the services offered and affiliates, but excludes services that have separate privacy policies that do not incorporate this Policy.

The Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed in search results, sites that may include services, or other sites linked from the services.

17. AMENDMENTS

The Policy may change from time to time. Any Policy changes will be posted on the website, and if the changes are significant, more explicit notice may be provided (including, for certain services, email notification of Policy changes).

18. FURTHER INFORMATION

If you have any further questions regarding the data collected, or how it is used, please feel free to contact the Data Protection Officer at the provided email address.