Last update: 10 December 2020
1. GENERAL INFORMATION
1.2 Data controller. 303031.com is owned and operated by imppact media OÜ having a registered business address at Sepapaja 6, Tallinn 15551, Estonia, and the company registration number 14531054
(“we”, “us”, or “our”).
1.3 Minors. 303031.com is not intended for use by persons under the age of 18. We do not knowingly collect minors’ personal data. If you become aware that a minor has provided us with his or her personal data and you are a parent or a legal guardian of that minor, please contact us immediately and we will remove the minor’s personal data from our systems.
2. WHAT DATA DO WE COLLECT?
- Enquiries. When you contact us by email, we collect your (i) name, (ii) email address, and (iii) any information that you decide to include in your message. When you contact us by using the contact form available on 303031.com, we collect your (i) name, (ii) email address, (iii) profession, (iv) company name, (v) country, and (vi) any information that you decide to include in your message, including unsolicited domain name offers. We use such data to respond to your enquiries and provide you with the requested information. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).
- Newsletter. When you subscribe to our newsletter, we collect your email address. We use your email address to send you information about our new services, special offers, and other marketing materials that may be of interest to you. The legal basis on which we rely is ‘your consent’.
- IP address. When you browse 303031.com, we or our third-party analytics service providers (as explained in below) collect your IP address. We use your IP address to analyse the technical aspects of your use of 303031.com, prevent fraud and abuse, and ensure the security of 303031.com. The legal basis on which we rely is ‘pursuing our legitimate business interests’ (i.e., to analyse and protect 303031.com).
- Services. When you use our services, you may share with us some service-related information, including personal data, at your sole discretion. We will use such data to fulfil our contractual obligations to you. The legal bases on which we rely are ‘your consent’ and ‘performing a contract’.
2.2 Sensitive data. We do not collect or use any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, religious and political beliefs, racial origins, membership of a professional or trade association, or sexual orientation.
2.3 Refusal to provide personal data. If you refuse to provide us with your personal data when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of 303031.com, receive our services, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.
2.4 Collection of non-personal data. When you browse 303031.com, we automatically collect certain technical non-personal data related to your use of 303031.com. Such data does not allow us us to identify you in any manner. The non-personal data includes the following information:
- Your activity on 303031.com;
- Your browser type and version;
- Your operating system;
- URL addresses from which you access 303031.com;
- The date and time when you access 303031.com;
- Your internet service provider; and
- Your other online behaviour.
2.5 Purposes of non-personal data. We will use non-personal data for the following purposes:
- To perform our contractual obligations;
- To maintain our business records;
- To analyse what kind of users use 303031.com;
- To examine the relevance, popularity, and engagement rate of the content available on 303031.com;
- To investigate and help prevent security issues and abuse; and
- To develop and provide additional features to 303031.com.
2.6 Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response. Where possible, we will de-identify your personal data (i.e., we will remove all personal data that is not necessary for keeping such records).
2.7 Aggregated and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.
2.8 Service-related notices. If necessary, we will send you important informational messages, such as confirmation receipts, payment information, technical or administrative emails, and other administrative updates. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.
3. HOW LONG DO WE STORE YOUR DATA?
3.3 Storage as required by law. In instances when we are obliged by law to store your personal data for certain period of time (e.g., for business records purposes), we will store your personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
4. HOW DO WE DISCLOSE YOUR DATA?
4.1 Disclosure to data processors. If necessary for the intended purpose of your personal data, we will disclose your personal data to the service providers with whom we cooperate (our data processors). Your personal data may be shared with entities that provide technical support services to us, such as hosting and email distribution services. We do not sell your personal data to third parties and do not intend to do so in the future. The disclosure of your personal data is limited to the situations when it is required for the following purposes:
- Ensuring the proper operation of 303031.com;
- Ensuring the delivery of services requested by you;
- Responding to your enquiries;
- Pursuing our legitimate business interests;
- Enforcing our rights, preventing fraud, and security purposes;
- Carrying out our contractual obligations;
- Law enforcement purposes; or
- If you provide your prior consent to such a disclosure.
- Our hosting service provider SiteGround (https://www.siteground.com) located in Bulgaria;
- Our email and cloud service provider Google Workspace (https://workspace.google.com) located in the United States;
- Our analytics service providers Google Analytics (https://analytics.google.com/analytics) located in the United States;
- Our payment facilitation service provider Escrow.com (https://www.escrow.com) located in the United States; and
- Our independent contractors and consultants.
4.3 International transfers. If you reside in a country belonging to the European Economic Area (EEA), we may need to transfer your personal data outside the EEA. In case it is necessary to make such a transfer, we will make sure that the country in which our data processor is located guarantees an adequate level of protection for your personal data or we conclude an agreement with it that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).
4.4 Disclosure of non-personal data. Your non-personal data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving 303031.com, responding to lawful requests from public authorities or developing new products and services.
4.5 Legal requests. If requested by a public authority, we will disclose information about the users of 303031.com to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
4.7 Domain name enquiries. If you send us an enquiry regarding a domain name, we may share your personal data with the owner of the domain name, to the extent necessary to forward your enquiry to the respective owner and to respond to the enquiry. We will not repurpose your personal data.
4.8 Domain name disputes and legal proceedings. If necessary, we may share your personal data with third parties (e.g., advisors, attorneys, and dispute resolution bodies) in case of legal proceedings or domain name dispute resolution process. When sharing your personal data, we will comply with data minimisation principles; the sharing will be carried out to the extent necessary for fulfilling our contractual obligations or as required by the applicable law.
5. HOW DO WE PROTECT YOUR DATA?
5.1 Security measures. We implement technical and organisational information security measures that protect your personal data from loss, misuse, unauthorised access and disclosure. The security measures taken by us include secured networks, strong passwords, limited access to your personal data by our staff, and anonymisation of personal data (when possible).
5.2 Security breaches. Although we put our best efforts to protect your personal data, given the nature of communication and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
6. HOW CAN YOU MANAGE YOUR PERSONAL DATA?
6.1 The list of your rights. You have the right to control how we process your personal data. Subject to any exemptions provided by law, you have the following rights:
- Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
- Right to rectification: you can rectify inaccurate personal data that we hold about you;
- Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
- Right to restriction: you can ask us to restrict the processing of your personal data;
- Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
- Right to object: you can ask us to stop processing your personal data;
- Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
- Right to complaint: you can submit your complaint regarding our processing of your personal data.
6.2 How to exercise your rights? If you would like to exercise any of your legitimate rights, please contact us by email at email@example.com and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we can identify you in our system. We will answer your request within a reasonable time frame but no later than 2 weeks. 6.3 Complaints. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 2 weeks). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority. In Estonia, the Data Protection Inspectorate (https://www.aki.ee/en) defends your constitutional rights.
- Email: firstname.lastname@example.org
- Postal address: imppact media OÜ, Sepapaja 6, Tallinn 15551, Estonia