Last updated on: 17.09.2020
WHY WE PROCESS CUSTOMER PERSONAL DATA AND WHAT PERSONAL DATA DO
WE PROCESS AS DATA CONTROLLER?
- When the Customer or the Hosting provider has opted to use our Portal and Service, we need to process your personal data to enable the Service.
Upon the provision of the Service, we process Customer personal data that is submitted to us
directly by the Customers or the Hosting providers in the course of using our Service. Such data
includes the following data:
- general personal information: name (first name, last name);
- contact details: e-mail address and password used for creating account via Portal;
- website details: website address(es) and other details concerning the website(s) related to which the Service is used;
- payment data: if the use by the Service is subject to any fees, then payment data related to the use of the Service.
- We also process Customer personal data that is submitted to us directly by any data subject, for example if data subject contacts us with a query or question via Portal or via any other channel (by sending an e-mail, for example). In such a case we process Customer personal data included in the inquiry to the extent that is necessary to respond to it.
- Upon maintaining the Portal, we may also process usage data. We may process information about how our Portal is used. Information about the usage of the Portal may be processed for the purposes of development and improvement of the Service.
WHAT IS THE LEGAL BASIS FOR PROCESSING CUSTOMER PERSONAL DATA?
- We process Customer personal data to provide the Service in accordance with BotGuard Terms of Service, as available on our Web Site or in accordance with the terms of agreement entered with the respective Customer/Hosting provider. Legal basis for such data processing is GDPR Article 6-1-(b), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- In certain specific situations we might also process Customer personal data where processing of personal data is necessary for the purpose of our legitimate interests pursued by us. Legal basis for such data processing is GDPR Article 6-1-(f). In such a case we shall ensure that processing is proportionate and that we have carried out legitimate interest impact assessment. For example, for the purpose of our legitimate interest we analyse how our Service and Portal are used by the Customers and Hosting providers so we can provide better service.
- .In certain specific situations we may also process Customer personal data based on the consent. Legal basis for such data processing is GDPR Article 6-1-(a). In those situations, we process Customer personal data on the terms as provided in the consent that has been granted to us by each data subject.
- Additionally, we might process Customer personal data when processing is necessary for compliance with a legal obligation to which we are subject, for example for accounting purposes under applicable accounting legislation or when Customer personal data is requested from us on the basis of valid request by competent authorities, such as on the basis of valid court order issued by the court. Legal basis for such data processing is GDPR Article 6-1-(c).
WHEN DO WE SHARE CUSTOMER PERSONAL DATA?
- To the extent this is necessary for the provision of our Service, we may share your personal data with certain third parties.
- We may also share your personal data with third party suppliers providing services to us, e.g. IT
following service providers:
- Hetzner Online GmbH for data storage and data centre service. We use Hetzner data centre located in the EU, in Gunzenhausen, Germany. Privacy terms for Hetzner Online are available here: https://www.hetzner.com/rechtliches/datenschutz;
- Hetzner Finland Oy for data storage and data centre service. We use Hetzner data centre located in the EU, in Tuusula, Finland. Privacy terms for Hetzner Online are available here: https://www.hetzner.com/rechtliches/datenschutz;
- HOW LONG IS CUSTOMER PERSONAL DATA RETAINED?
- Botguard does not retain personal data longer than it is necessary for the purposes of processing personal data or pursuant to applicable law.
- Personal data related to contracts can be retained during the term of the contract and based on our legitimate interest pursuant to Article 6 (1) (f) of the GDPR until the end of the statutory limitation periods under applicable law. Accordingly, as a general rule, Botguard retains Customer Data collected in relation to the provision of the Service as long as it is necessary for the provision of the Service during the term of the contract concluded between Customer and Botguard and for 3 years after the term of the contract. In this regard, as a general rule, if the Customer has not used our Portal for 3 years (you have not logged in to your profile on our Portal for 3 years), your profile and all personal data therein will be deleted, unless we have a legal basis for retaining your personal data for longer time period.
- Pursuant to the Accounting Act, we retain accounting documents for 7 years.
DATA PROCESSING AS DATA PROCESSOR
- .As part of provision of our Service to Customers/Hosting providers, we process a limited amount of personal data concerning the persons who enter or try to enter to the webpages of our Customers or who try to enter to the web pages managed by the Hosting providers. This data includes mostly technical data and cannot be associated with any particular data subject by us. However, in conjunction with additional data not obtained by us (for example, on the basis of data obtained by telecommunications service providers), this technical data could be also associated with specific data subject.
- If you try to enter the webpage on which the Service is used, the following data about you is
processed by us:
- IP-address used to enter to the webpage, country of you location, your internet service provider;
- full HTTP(S)-request of the software used by you and the operating system used by you;
- metadata about the connection (TLS handshake data, various properties of network packets)
- Based among other data on the data outlined above, BotGuard software solution will automatically determine whether the visitor of the webpage is a human user, legitimate search engine bot, a malicious bot or hacker and access to the webpage by malicious bot or hacker will be denied.
- Data collected as a Data Processor is retained by us for a maximum of 3 months.
HOW DO WE PROTECT PERSONAL DATA?
To protect your personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents and buildings.
- We use following type of cookies on our Portal:
- Strictly necessary cookies, that are essential in order to enable you to move around and navigate on Platform and use the features of Portal.
The specific cookies that Portal uses are the following:
Name Purpose Retention period _gat_* This is a Google Analytics cookie. This allows the web site to obtain data on visitor behaviour for statistical purposes 1 day _ga This is a Google Analytics cookie. This allows the web site to obtain data on visitor behaviour for statistical purposes 2 years _gid This is a Google Analytics cookie. This allows the web site to obtain data on visitor behaviour for statistical purposes. 1 day session Used by BotGuard to temporarily store navigation and access details for a logged user. Session __stripe_mid This is a Stripe payment gateway cookie used by Stripe for payment fraud prevention. 1 year
- You can delete or block cookies on Portal through your browser settings at any time. However, some cookies might be necessary for the functionality of Portal. Therefore, you understand that when blocking or deleting the cookies some features of Portal might not function correctly.
- For more general information about cookies including the difference between session and persistent cookies please see www.allaboutcookies.org.
DATA SUBJECT RIGHTS
- Botguard is dedicated ensuring that all data subject rights arising under applicable law are always guaranteed to you. In particular, any data subject has:
- the right to access the personal data that Botguard processes about you;
- the right to request that Botguard rectifies any inaccurate personal data about you;
- the right to request that Botguard erases your personal data and/or restricts processing of your personal data if we do not have valid legal basis for processing;
- the right to receive your processed personal data in a structured, commonly used and machine-readable format and have the right to transmit your personal data to another controller;
- the right to object to the processing of your personal data.
- .If you believe that your rights have been infringed, you may contact and lodge a complaint to the supervisory authority applicable for your jurisdiction (Data Protection Inspectorate in Estonia address Tatari 39, Tallinn 10134, firstname.lastname@example.org or other competent authority in your jurisdiction).
address Pärnu mnt 22, 10141 Tallinn, Estonia,