Date: 6 March 2023
“Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified by data such as his or her name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
1. WHAT USER DATA DO WE COLLECT ABOUT YOU
We collect various types of User Data about you (i) from your use of our Beta-Solution, (ii) from your voluntary submission of Personal Data on our Website, and (iii) under certain circumstances, from your interactions with us via our social media pages or via product feedback discussions, including:
- your name, when using the Beta-Solution;
- contact data such as your e-mail address;
- information regarding your device, browser, operating system and IP address;
- usage data (e.g., date and time of access of our Beta-Solution and date and time of certain actions performed on the Beta-Solution).
2. THE WAY WE COLLECT USER DATA ABOUT YOU
If you use our Beta-Solution:
We may collect or receive your User Data when your account is created and when you use the Beta-Solution. We do not collect information about you from third parties in connection with providing the Beta-Solution to you.
If you visit our Website:
If you visit our social media pages:
3. HOW WE RESPOND TO DO NOT TRACK SIGNALS
We treat users the same regardless of their do not track request. That is, we disregard any do not track requests by your browser, operating system or solution, and we do not respond to any do not track requests.
4. PURPOSES FOR USING USER PERSONAL DATA ABOUT YOU
The User Personal Data collected from you will be used for the purposes of:
- management of our users (e.g. registration, account management, answers to user questions and provision of technical support);
- management and improvement of our Beta-Solution;
- research and development purposes (analysis in order to better understand your needs and to better understand our business and develop our Beta-Solution);
- improve and personalize your experience;
- improve the quality of our Beta-Solution;
- archiving and record keeping;
- requesting, collecting and analyzing feedback on your use of the Beta-Solution;
- identifying usage trends to better understand usage and improve the Beta-Solution and/or Website;
- sending marketing and promotional communications and determining the effectiveness of marketing and promotional campaigns, unless you request not to receive marketing material; and
- any other purposes imposed by law and authorities.
Management of our users includes the sending of periodic communication via e-mail. Example e-mails may include a welcome e-mail, verification e-mails, or any other e-mails that are required to operate your account.
5. LEGAL BASIS FOR USING USER PERSONAL DATA ABOUT YOU
We will not use your User Personal Data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we may process your User Personal Data if we have at least one of the following:
- consent (where you or your legal guardian have consented to our use of your User Personal Data);
- contract performance (where your information is necessary for the performance of a contract to which you are a party);
- legal obligations (where we need to use your information to comply with our legal obligations);
- legitimate interests (where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights); and
- legal claims (where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party).
If we learn that your Personal Data was wrongly collected by the Beta-Solution, we will take steps to delete the information as soon as possible.
6. WHO DO WE SHARE YOUR USER PERSONAL DATA WITH
6.1 General provisions
- our personnel;
- our service providers that provide services to us in the context of the Beta-Solution;
- our IT systems providers, cloud service providers, database providers and consultants;
- any third party to whom we assign or novate any of our rights or obligations to in the context of a sale, merger or transfer of any part of our business or assets, or in the unlikely event of bankruptcy;
- our advisors and external lawyers in the context of the sale, merger or transfer of any part of our business or its assets, in the unlikely event of bankruptcy, or if so requested to provide specific advice; and
- any national and/or international regulatory, enforcement, public body or court, where we are required to provide access by applicable law or regulation.
The above third parties are contractually or lawfully obliged to protect the confidentiality and security of your User Personal Data, in compliance with applicable law.
6.2 GDPR provision
If you are a data subject under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the “GDPR”), please note that we intend to transfer your User Personal Data outside of the European Economic Area.
Note that the European Commission has not adopted an adequacy decision regarding the United States and that the United States does not provide for the same level of personal data protection as the GDPR. On 16 July 2020 in the case ECJ C-311/18, Facebook Ireland and Schrems, 2020, the European Court of Justice has stated that the policies of the United States of America enable interference, based on national security and public interest requirements or on domestic legislation of the United States, with the fundamental rights of the persons whose personal data is or could be transferred from the European Union to the United States. In particular, that Court has considered that the law of the United States does not provide for the necessary limitations and safeguards with regard to the interferences authorised by its national legislation and does not ensure effective judicial protection against such interferences, which violates the GDPR.
7. DATA SECURITY
We encrypt your Personal Data at rest using AES-256 encryption on AWS and in transit using TLS. We back up the data periodically and maintain auditable logs of access to your data. Our personnel retain access to your Personal Data for IT and customer support purposes.
8. THIRD PARTIES
We use various third-party service providers to provide optimal Website and Beta-Solution functionality to you and our business operations. These third-party technology service providers have their own privacy policies addressing how they use such information. Not all of these third parties touch your Personal Data in every situation. While we take care in choosing our service providers with our users in mind, we cannot be responsible for the actions of these third parties except to the extent required by law.
As noted above, we compile Website usage statistics from data collected through cookies. We may publish those statistics or share them with third-party technology service providers.
We are not responsible for the conduct of any third parties we may use.
9. STORAGE PERIOD OF YOUR USER PERSONAL DATA
Your User Personal Data will be stored as long as necessary to fulfil the purposes for which it was collected or to comply with legal or regulatory requirements.
What this means in practice will vary depending on the types of data. When we consider the retention duration, we consider any continued need to process the data, together with our legal, regulatory and contractual obligations.
10. YOUR RIGHTS IN RELATION TO YOUR USER PERSONAL DATA
You may be entitled to information or additional rights under applicable privacy and data protection law. Nothing in this section provides rights to individuals not entitled to such information or additional rights.
If you are entitled to these rights, we may require proof of such applicability, such as proof of European, California or other residence before responding to any request made under this section.
This listing of any data protection laws in this Section is not an admission that such laws apply to Skippet
If you have a question or want to exercise these rights, you may send an e-mail to email@example.com.
If you are a data subject under the GDPR, you have:
- the right to request us to provide you with further details on the use we make of your User Personal Data;
- the right to access or receive your User Personal Data as processed by us;
- the right to request the update of any inaccuracies in your User Personal Data;
- the right to request the deletion of your User Personal Data;
- the right to request the restriction of processing to specific categories of your User Personal Data;
- the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
- the right to object, in whole or in part, to the processing of your User Personal Data;
- the right to request the portability of your User Personal Data (i.e., that the User Personal Data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format without hindrance from us and subject to your confidentiality obligations); and
- the right to make a complaint to the competent data protection authority.
10.2 US laws
If you are a user subject to the laws of California, you have:
- the right to receive equal services and prices as other consumers, even if exercising these rights herein, such as opting out of the sale of your data for marketing purposes (which we don’t do);
- the right to opt out of or into the sale or sharing of your User Personal Data (which we don’t do);
- the right to object to the processing of your User Personal Data for direct marketing purposes (we only do this if you voluntarily submit your data on our Website);
- the right to request deletion of your User Personal Data, provided the provision of data is compliant by law;
- the right to get data in an easily accessible format, provided the provision of data is compliant by law; and
- the right to be notified in case of a personal data breach regarding your User Personal Data; and
You should contact us at firstname.lastname@example.org to exercise these rights.
Any destruction of User Personal Data will be performed in accordance with the California Data Protection Act of 2004 (“CDPA”) (§§1798.80-84 of the Cal. Civ. Code).
Other than the categories of information listed above in Section 1, we do not collect Sensitive Personal Information (as defined in the CDPA) about you.
The Beta-Solution or Website are not directed to minors (as defined in the laws applicable to the relevant minors ) (“Minors”). . If you have reason to believe that a Minor has provided Personal Data to us, without consent given by a person with parental authority over such Minor, please email us at email@example.com and we will endeavour to delete that information.
12. JURISDICTION AND APPLICABLE LAW
You agree that the courts of the Grand Duchy of Luxembourg have personal jurisdiction over you (including the parent and the student) for any disputes arising hereunder and hereby waive any claims or assertions to the lack of personal jurisdiction or forum non conveniens in the courts of the Grand Duchy of Luxembourg.