PERSONAL DATA PROTECTION AND PRIVACY POLICY

As Contentrain (“us”, “we”, “our”), we prioritize the protection of your personal data and privacy as a user or visitor. This policy’s objectives are to inform you of the personal data we collect, how and why we collect it, how and why we process it, who we share it with, how we take appropriate technical and organisational measures to ensure its safety and your rights around your personal data, in compliance with the General Data Protection Regulation (“GDPR”).

Definitions of Key Terms

  • Data Subjects: A natural person whose data is processed.
  • Personal Data: Any information relating to an identified / identifiable living individual.
  • Sensitive Personal Data: Any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; trade-union membership; genetic data, biometric data processed solely to identify a human being; health-related data; data concerning a person's sex life or sexual orientation.
  • Data Controller: Any organization, person, or body that determines the purposes and means of processing personal data, controls the data and is responsible for it, alone or jointly. Data Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
  • Processing: Any operation performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
  • Third Party: Any natural or legal person, public authority, agency, or any other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process the data.
  • Transfer: An intentional sending of personal data to another party or making the data accessible by it, where neither sender nor recipient is a data subject.

Principles and Purpose of Processing

We take pride in processing your personal data in a lawful manner. We make sure to collect only the personal data absolutely required for the appropriate purpose, strictly limit data processing for only legitimate purposes and ensure appropriate security for the data, including protection against unauthorized or unlawful processing. We keep your personal data accurate and up to date by allowing you to update it. Any data is only retained while necessary and is deleted once the legitimate purpose for which it was collected has been fulfilled. We believe in complete transparency when it comes to processing. This Policy shows all the legitimate purposes for processing and the kind of data that’s processed.

What Personal Data Do We Collect and How We Collect Them?

We may collect first name, surname, email addresses, passwords, birthdays, phone number, payment and location information. We collect your personal information directly when you provide it to us when creating your account, automatically when you are using our Website, Services and Products, and through cookies. Cookies collect information that are not always personally identifiable, such as clicks, shopping preferences, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, device specifications, location, and search history. For more information on cookies, you can review our Cookie Policy. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information. If you contact us directly, we may receive your name, your email address, and any personal information you provide in the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

Why Do We Process Your Personal Data?

The table below sets out which legitimate purpose we rely on when processing your personal data for the different contexts in which we engage with you.

Legal basis for processing personal data under the GDPR are as follows:

  • Consent: In the case that you have freely given a specific, informed and unambiguous agreement.
  • Contract: In the case that the processing is necessary for a contract you have with us or because specific steps have to be taken before entering into a contract.
  • Legal obligation: In the case that the processing is necessary for us to comply with the law.
  • Vital Interests: In the case that the processing is necessary to protect someone’s life.
  • Public Task: In the case that the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
  • Legitimate Interest: In the case that the processing is necessary for our legitimate business interests or the legitimate interests of a third party, as long as it’s not a detriment to the protection of your personal data.
How's your personal information collected?What kind of personal information is collected?How will we process your personal information?What's the legal basis for processing your personal information
Online BrowsingIP address, browser information, device information, login details, location, duration of your visit, clicks, shopping Preferences, referring/exit pagesOn our website, we use specialised cookies to allow our website to function properly, for interface personalisation, such as language, or any user-interface customisation, to improve user experience and our website, to ensure our website is secure and safe, to run statistics.Your consent on cookies and our legitimate interest in improving our services, communicating with visitors and customers and securing safety.
Creating an AccountUsername, e-mail address, password, photosCreating a user account for you.Your consent when creating an account
Enquiries and Use of the WebsiteFirst name and surname, Email address, Location, Other information you have shared with us about yourself in relation to your enquiry.Answer and manage your enquiries, run analytics and statistics, Add your questions or concerns to your profile so we can understand your interests and preferences.To respond to your enquiries as performance of a contract or for pre-contract negotiations and our legitimate interest in improving our services and communicating with visitors and customers.
Purchasing Products and Services on the WebsiteCredit card number, the expiration date of your credit card, your billing address, and your shipping information.Receiving your payment in exchange for services and products and saving your payment information. We do not process your data ourselves when your data is saved for your convenience.Your contractual obligation to pay for our services and products. Before saving your payment information, we ask for your consent and do not save your information if you do not consent it to be saved.

Sensitive Personal Data

We do not collect or process any sensitive personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs; trade-union membership; genetic data, biometric data processed solely to identify a human being; health-related data; data concerning a person's sex life or sexual orientation.

Transfer of Personal Information

We might transfer your personal data pursuant to the GDPR and under legal basis. Your personal data may also be processed on our behalf by our trusted third-party suppliers abroad in order for them to perform the service they are providing while requiring them to keep it secure. Your personal data can be processed by Google or Github if you are signing up on our Website and by Iyzico and Stripe when you are paying for our services and products. Your personal data can also be disclosed to third parties other than suppliers, if we are under a duty to disclose or share your personal data to comply with a legal obligation. In other circumstances we can only transfer your personal data if we have your consent or we are permitted to do so by law.

There are a number of exemptions where transfer of personal data can take place in absence of the abovementioned transfer mechanisms. These are limited circumstances and are as follows:

  • Consent: In the case that you have freely given a specific, informed and unambiguous agreement.
  • Contract: In the case that the transfer is necessary for the conclusion or performance of the contract.
  • Public Interest: In the case that there are important reasons of public interest.
  • Legal Claims: In the case that it is necessary to establish, exercise or defend legal claims;
  • Vital Interest: In the case that it is necessary for the vital interest of data subject or other persons;
  • Public Register Data: In the case that it involves public register data

Storage of Personal Information

Your collected personal information may be transferred and stored outside of the country where we operate. When we transfer personal data outside of the country, this will be done in a secure and lawful way. As some countries may not have laws governing the use and transfer of personal data, we will take steps to ensure that third parties adhere to the commitments set out in this Policy.

GDPR Personal Data Protection Rights

Under the GDPR, you are entitled to eight rights that we must uphold and prioritize through our data practices. Please reach out to us to use your rights.

  • The right to information: You have the right to ask what kind of information is processed and why we need it.
  • The right of access: You have the right to request copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to object: You have the right to object to our processing of your personal data, under certain conditions.
  • The right to avoid automated decision-making: You have the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning your or similarly affects you.

Changes to the Policy

Due to amendments to applicable laws, regulations, and industry practices, or due to changes we make to our services, changes can be made to this Policy. It is advised that you come back to this Policy on a regular basis.

Minor’s Personal Information

Under GDPR Article 8, if you are below the age of 16 years old, then a parent needs to provide the consent for processing your personal data. We encourage parents and guardians to observe, participate in, and/or monitor and guide your online activity.

If you are a parent and you think that your child provided personal information on our website, we strongly encourage you to contact us immediately for the removal of such information from our database.