DATA PRIVACY PROTECTION POLICY – DPP
The new European Union law concerning the GDPR matter in regards to personal data protection, GDPR (“General Data Protection Regulation”) came into effect on the 25th of May 2016 and it represented a major change in the field of personal data protection conducted over the past 20 years. It hugely surpasses the basic objective of protecting private space.
Protecting your personal data is an issue of great concern to us, and in consequence we’ve started paying the utmost attention to protecting our website visitors private lives, as well as the personal data offered to us by a third party, or to which we have had access through a different source, in conformity to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
We ask you to pay considerable attention to reading the following Policies (that shall be hereinafter “DPP”, in order to understand the manner in which the information concerning yourself will be handled (personal data).
DPP explains the Auvela.Online (named in the following document “Auvela.Online”) practices, in reference to how the GDPR requirements are applied, as well as the rights you have in regard to the processing of your data by Auvela.Online.
Auvela.Online will always process personal data in conformity to the GDPR requirements, as well as with the regulations on personal data processing, specific for the countries where Auvela.Online operates.
Through the DPP, Auvela.Online wishes to inform the concerned individuals on the nature of how we collect and process their personal data, as well as the purpose of the processing. In addition, concerned individuals are informed through the DPP also about the rights they benefit from.
PERSONAL DATA OPERATOR
The personal data operator (mentioned as “the operator” in the following document) is Auvela.Online.
WHAT DOES PROCESSING PERSONAL DATA MEAN?
“Processing” involves any operation or a set of operations performed on the personal data or on sets of personal data, with or without using automation means, like collecting, registering, organizing, structuring, storing, adjusting or modifying, extracting, consulting, utilizing, divulging, disseminating or making available under any form, aligning or combining, restricting, deleting or destructing.
WHAT IS PERSONAL DATA?
Under the “Personal data” construction we can find any information or pieces of information that you can be identified with directly (like your name) or indirectly (as, for example, pseudonym, like o Unique identification number). This means that personal data includes information like email, residence, mobile number, user name, profile photos, personal preferences and buying habits, user generated content, financial information and information about your financial status. These might also include some unique numeric identifiers, like your computer IP address or the MAC address of your mobile device, and even some cookie modules.
WHAT PERSONAL DATA DO WE PROCESS?
The personal data that we are going to process are: name, surname, email address and IP adddress.
RIGHTS OF THE CONCERNED INDIVIDUALS
In conformity to the GDPR law, you possess a series of rights concerning the personal data that WEBSITE_NAME processes:
- The right to access the processed data – You have the right to access the personal data that we own. The first request to access the information comes without any payment. If you still need copies of the provided information, it’s possible we perceive a reasonable fee, considering the administrative costs needed in order to provide those specific data. Obvious unfounded, excessive or repeated solicitations might remain unanswered.
- The right to rectify data – you have the right to request a correction of your data if they’re inaccurate or obsolete and/or add to them if they’re incomplete.
- The right to erasure (“right to be forgotten”) – in some cases, you can attain the right for the deletion or destruction of your data. This isn’t an absolute right, because sometimes we might be forced to keep your data for legal or juridical reasons.
- The right to restriction of processing – you have the right to solicit restrictions for how we process your data. This means that the processing of your data is limited, so while keeping your data we can’t use them or process them. This right is applied in specific circumstances mentioned in the general Regulation on data privacy, such as:
- The accurateness of the data is disputed by the concerned person (in this case, yourself) over a period that allows the operator (in this case, Auvela.Online) to verify the correctness of the Data;
- The processing is illegal and the concerned person (yourself) opposes the deletion of the Data and requests the restriction of its use;
- The operator (Auvela.Online) doesn’t need the processed Data anymore, but the concerned person (yourself) requests them for establishing, exerting or defending some legal claims;
- The concerned person (yourself) has raised objections about the processing based on legitimate reasons that the operator has been using the Data without having the full consent of the concerned person.
- The right to data portability – you have the right to move, copy or transfer the data that is of interest to you from our database to another. This applies only to the data that you have provided, when the processing is based on your consent or based on a contract and is implemented through automated means.
- The right to object – you can object in any moment to the processing of your data when this type of processing is based on an illegitimate interest
- The right to withdraw consent – you can withdraw your consent on the matter of data processing in the case where processing was based on consent. Consent withdrawal doesn’t affect the legality of the data processing that’s been made before the consent was withdrew.
- The right to lodge a complaint with a supervisory authority – you have the right to file a complaint to a data protection authority in your country of permanent or temporary residency to dispute the practices of the data protection offered by Auvela.Online.
- The right to object to processing and marketing – in a certain situation, you can unsubscribe or terminate our direct marketing communication at any time. It’s easy to do, just by clicking the unsubscribe link in every email or form of communication that we send out to you.
- The right to object to processing in public interest or in our legitimate interest or of a third party – you can object at any moment to the processing of your data when this type of processing is based on legitimate interest.
- The right to disable cookies – you have the right to disable the cookie modules. The internet browser settings are usually programmed by default to accept cookie modules, but you can easily adjust the settings of your browser. A lot of cookie modules are used to heighten the use and functionality of the websites/apps, thus disabling them might hinder the use of some parts of our sites and apps. If you wish to restrict or block all of our predetermined cookies used on our websites and apps or any other websites/apps, you can do that by modifying the browser settings. The “HELP” section on your web browser will guide you through it. For more information, visit: http://www.aboutcookies.org/.
You can exert any of these rights concerning the personal data that Auvela.Online processes it by addressing a simple request to Auvela.Online/Contact-Us. It’s highly possible that we require you to send us some form of identification proof.
DATA PROCESSING PRINCIPLES
Auvela.Online commits to respecting the data protection principles (named “Principles” in the following document) referred to in the GDPR regulation, thus making sure that all the data is:
- Processed correctly, legally and transparently
- Collected for specific, explicit and legitimate reasons
- Adequate, relevant and limited in relation to the reason they are being processed for
- Correct and up to date
- Kept under a form that doesn’t allow the identification of the concerned person for a longer period of time than the one needed for the processing purposes
- Processed in accordance with the rights of the concerned person, in a way that guarantees the adequate security of the processing, so that the data is just, confidential and available
THE PRINCIPLE AND PURPOSES OF PERSONAL DATA PROCESSING
- In accordance to art 6, line 1, b. from the GDPR regulation, processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- In accordance to art 6, line 1, c. from the GDPR regulation, processing is necessary for compliance with a legal obligation to which the controller is subject. We request a series of personal data in order to carry out the legal obligations imposed by financial authorities concerning the billing and reports needed for those exact authorities.
- For marketing purposes, in accordance to art 6, line 1, a. from the GDPR regulation, processing will be done only if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. Thus, in some situations, only if you’ve given your consent, your personal data will be used for transmit marketing messages, offers, news, future campaigns, invitations to certain events.
CONTACT FORM PROCESSING
Auvela.Online will use the information that you provide in the corresponding contact section, on the website, exclusively with the purpose of processing your request.
By providing any sort of personal data through the Auvela.Online website, you understand and agree to the processing of these pieces of information in accordance to Auvela.Online’s DPP.
We ask you to consider that in order for us to process the requests sent via online form, it’s possible that, under certain circumstances, we may need to disclose your information to Auvela.Online’s partners, collaborators or third party service suppliers.
Considering all this, Auvela.Online has taken proper technical and organisational measures to insure the security of data transfer, as well as the processing made by these third parties in accordance to the GDPR regulation.
Auvela.Online pledges not to process the personal data provided for another purpose than the one that they were submitted for, the only exception being when you deliberately give us your consent to use then in some other purposes.
Also, it is possible that Auvela.Online has access to other personal data coming from another form of communication that you’ve previously made with Auvela.Online, through the data communicated via phone conversations, email conversations, your presence at our headquarters, etc.
By contacting Auvela.Online in any way mentioned in the last paragraph or through any other mean that involves direct or indirect communication between yourself and Auvela.Online, you understand and agree that your data will be processed in accordance with the foresights of Auvela.Online’s DPP.
THE DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
The Auvela.Online processed personal data will be disclosed and/or transferred to third parties only when we have your deliberate consent to do so, with the exception of situations when we have the legal or stipulated by contract obligation to process those data.
Thus, we ask of you to bear in mind that there are some circumstances when we are forced to disclose your personal data to our partners and third party suppliers.
PERSONAL DATA PROCESSING BY THIRD PARTIES, OTHER WEBSITES AND SPONSORS
Auvela.Online may contain, at some point, access links to other websites that have different data processing policies than Auvela.Online has.
We ask you to consult the policy of those websites, given that Auvela.Online doesn’t take responsibility for the information sent to of collected by these third parties.
AUTOMATED DATA PROCESSING. COOKIES
DATA STORING TIME
Auvela.Online may keep the processed data over different periods of time, considered to be reasonable, in accordance to the purposes previously mentioned. We keep your data only for the time period needed to attain the purpose that we are storing those certain data, to satisfy your needs or to carry out legal obligations.
In order to know how long your data will be stored, we use the following criteria:
- When you purchase a product or a service, we store your personal data over the course of our contractual relationship, and maybe even further, if there is any legal obligation involved.
- When you contact us with a question, we store your data over the course of processing your query, but no more than 2 years from our last correspondence.
- When you create an account, we store your data until you ask us to delete them or after a period of inactivity (without any direct interaction with us). In this sense, we mention that the data processed for this purpose will be deleted after 2 years from our last interaction with the user of the account (for example, logging in to your account)
- When you’ve offered the consent for our marketing purposes, we store your data until you unsubscribe or you ask us to delete them or after a period of inactivity (without any interaction with our brands defined in accordance to the legal regulations in force). In this sense, we mention that the stored data for direct marketing purposes are deleted from our database after 2 years from our last interaction.
- When the cookie modules are stored on the computer, we keep them for as long as necessary to reach their purposes (for example, over the course of a shopping cart cookie session or cookies for an ID session) and for a defined period of time in accordance to the regulations and local guidance. In this sense, we mention that the stored data processed through the cookie modules and then used for providing you with behavioral online ads, personalizing your services and allowing the distribution of our content on social media sites (“Share” buttons for certain pieces of content), will be stored for a period of 2 years from their collecting, after you’ve given us your consent.
We access, store and offer your information to the regulatory authorities, law enforcement factors and other entities:
- As a reply to a request of juristic nature, when we consider, in good faith, that the law requires it. Also, it is possible to reply to requests of juristic nature when we consider, in good faith, that the reply solicited by the laws of that jurisdiction affects the users in that certain jurisdiction and is in accordance to the accepted international standards.
- When we consider , in good faith, that it’s necessary for: detecting, preventing and replying to acts of fraud, the unauthorized use of any material that belongs to us, violations of our conditions and policies or any other harmful or illegal activity, in order to protect ourselves (including our rights, goods and materials), yourself and others, inclusively within the regulating authorities’ investigations and inquiries or for preventing any imminent death or injury. For example, if it is relevant, we provide information to and receive information from third party partners, about the reliability of your account, fraud, abuse and other harmful activities prevention inside and outside of our materials.
The information we receive about yourself can be accessed and stored over a longer period of time, when they are the object of a request of juristic nature or a legal obligation, a government investigation or any other investigation about the possible violation of our conditions and policies, or in other situations that call for preventing damage.
RELATIONS WITH THE OPERATORS
Depending on the context, we may find ourselves in the situation where it is absolutely necessary to forward the information to a higher level, both globally and internally or externally, to our partners and to the ones that we transfer data to for respecting the GDPR, in virtue of offering the highest level of professional services. The information controlled by Auvela.Online may be transferred, forwarded or stored and processed in the EU or other countries other than the one you are living in, with the purposes mentioned previously in this Policy. These data transfers are necessary in order to provide the highest quality services, as well as to continue providing our materials at the highest professional level.
The Auvela.Online site may contain liaisons to other websites and/or web pages that are not Auvela.Online property. Auvela.Online doesn’t take any responsibility about the content of these websites and, in consequence, cannot be held responsible for the content, ads, goods, services, software, information or other available materials on or from these websites. Auvela.Online will not be responsible for the personal data loss, for any negative effect of the visitors’ personal data or any other moral and/or patrimonial damage caused by accessing those websites.
UPDATING THE PROTECTION POLICY AND PROCESSING PERSONAL DATA
We ask you to consider the fact that this Policy can be subject to some periodic content adjustments , through the Auvela.Online website updates.
We ask you to not continue using our website if you do not agree with these adjustments. Also, we recommend that you check this page for any updates.
The DPP terms are interpreted in accordance to the applicable legislation.
If you have any questions or concerns about how we treat and use your personal data or you wish to exert your rights, we ask you to contact us at Auvela.Online/Contact-Us.