Greetings!
Clakson OÜ, our subsidiaries, agents, partners, and affiliates are collectively referred to as “Clakson”, “we”, “us”, and “our”. Clakson owns, operates, and provides a Website https://clakson.net/.
This Privacy Notice constitutes an explanation of the personal data processing of a capable (16+) natural person (“User”, “you”, “your”), who uses our Website according to the Terms of Use and/or final clients of our merchants who obtains our Services according to separate bilateral agreements.
You agree that by accessing the Website and/or our Services, you have read, understood, and agreed to be bound by this Privacy Notice. If you don’t agree with this Privacy Notice, then you are expressly PROHIBITED using the Website and/or our Services, so you must discontinue use immediately.
Supplemental terms and conditions or documents that may be posted on the Website are hereby expressly incorporated herein by reference. We reserve the right to change this Privacy Notice occasionally, without prior notice and your consent.
Other terms used in this Privacy Notice, but not defined, have similar meanings to those in the Terms of Use.
Terminology
Consent. Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, signifies agreement to the processing of personal data relating to him or her.
Controller. The natural or legal person (and others) who determines the purposes and means of processing.
Co-controller. The natural or legal person (and others) who determines the purposes and means of processing with another controller.
Data Protection Authority. The public organization or governmental body protects the data subjects from unlawful processing.
Data Subject. The natural person, whose personal data is processed.
Legal Ground for Processing. One of the legally defined grounds for which the processing of personal data is permitted. There are the following reasons:
- Consent;
- Legitimate interest;
- Obligation.
Personal Data. Any information relating to an identified or identifiable natural person.
Personal Data Breach. A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Processing. Any action or set of actions with personal data.
Processor . The natural or legal person, who processes personal data on behalf of the controller.
Profiling. Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Third-Party. Any person, except the subject of personal data, the Controller or Processor and the Data Protection Authority, to whom the Controller or Processor transfers personal data.
Data Subjects Rights
Right to access personal data. You can receive information regarding specific personal data Clakson has collected about you, as follows:
- Purpose of the processing;
- Categories of personal data concerned;
- Recipients of categories of recipients to whom the personal data has been, or will be, disclosed;
- The envisaged period for which the personal data will be stored or the criteria used to determine that period;
- The existence of the right to rectification, erasure, or restriction of processing personal data concerning you or to object to such processing;
- The right to complain to a supervisory authority;
- Where personal data is not collected from you, any available information as to the source;
- The existence of any automated decision-making, including profiling as well as the significance and envisaged consequences of such processing for you;
- Where personal data is transferred outside of the EEA (which consists of EU member states and Iceland, Lichtenstein, and Norway), you have the right to be informed of the appropriate safeguards in place and to request a copy of them.
Right to rectification of personal data. You can correct your personal data if it has been changed or incorrectly collected.
Right to erasure (deletion) of personal data. You can ask us to delete personal data.
Right to restrict processing of your personal data. You can temporarily restrict the processing of personal data.
Right to personal data portability. You may receive personal data in a human and machine-readable format for transmission to another controller.
Right to object. You may object to data processing if Clakson:
- Process personal data for direct marketing purposes, including profiling related to direct marketing.
- Process personal data that we consider necessary for its or a third party’s legitimate interest.
Right to reject automated individual decision-making (profiling). You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects.
Right to withdraw consent. You can withdraw your consent on personal data processing if Clakson uses this ground for processing.
Right to opt-out from Marketing/Send Out. You can withdraw your consent on personal data processing for marketing and send-out purposes.
Right to ask a question and/or make a claim on data processing. You are allowed to ask us any question according to data processing or privacy legislation.
Personal Data
User’s Website Visit. When the User visits the Website, he gives us his personal data under the following conditions:
- Personal Data. Device ID, browsing information such as name and version, Internet Protocol (“IP”) address , internet connectivity data, operator and carrier data, login data, browser type and version, device type category and model, time zone setting and location data, language data, application version. browser plug-in types and versions, operating system and platform, other information stored on or available regarding the devices you allow us access to when you visit our Website or use our Services.
- Purpose of collection. To load the Website accurately for the User, and to perform analytics on Website usage, to optimize our Website.
- Source of collection. Collected automatically when the User accesses our Website.
- Legal Ground. Legitimate interest.
- Terms. While the User is using our Website and 3 years after.
User’s Contact Inquiry. When the User makes a contact inquiry through the contact form on the Website, he gives us his personal data under the following conditions:
- Personal Data. Company name, personal name, surname, email, phone number, etc.
- Purpose of collection. Communication and service offering.
- Source of collection. User.
- Legal Ground. Consent.
- Terms. While the User is using our Services and 10 years after.
Services Provision. When we provide the Services to merchants, they and their final clients give us their personal data under the following conditions:
- Personal Data.
- Full name, e-mail address, gender, home address, phone number, date of birth, nationality, signature, utility bills, photographs, a video or voice recording, country and region;
- Government issued identity documents such as passport, national identification number, national identity card details, drivers licence numbers;
- Proof of legal formation, personal identification data for all material beneficial owners, personal data about the board of directors senior persons responsible for the operations of the body corporate;
- Bank account information, payment card information, source of funding, source of wealth;
- Information about the transaction you make on our services, such as the name of the recipient, your name and e-mail;
- Job title, salary wage rate, and company;
- Surveys responses, information contained in the Survey. Communications with us including call recordings with our customer services team;
- Public blockchain data, such as transaction ID’s, transaction amounts, wallet address, timestamps or transactions or events;
- Other applicable data.
- Purpose of collection. Services provision, analytics, marketing, market research, and business development.
- Source of collection. Collected from merchants.
- Legal Ground. Agreements with merchants and their agreement with final clients.
- Terms. While the merchants use our Services and 10 years after.
Customer Support Information.
- Personal Data. It depends on a case by case but can include name, username, payment information, etc.
- Purpose of collection. To provide information about our product and Services, consult how to use our Website, etc.
- Source of collection. Collected from the User.
- Legal Ground. Consent.
- Terms. W hile the user is using the Services and 10 years after.
Other Processing Conditions:
Data source. We process personal data received from you and public sources. If in the future, we process personal data obtained from Third Parties, we will notify you of this.
Data storage. Your personal data is stored on servers around the globe.
Profiling. We don’t use profiling on you.
Selling Personal Data. We will not sell your personal data at all, without your consent.
Data processing in Corporate Changing. During a corporate change of our legal entity, your personal data may be given to a new controller, co-controller, and/or processor.
Anonymization. We may process your personal data for a longer period if we apply anonymization tools to it, which would essentially make it impossible for us to identify you.
Processors
Software | Processor | Goal of use | Privacy Notice |
Amazon Web Services | Amazon Web Services EMEA SARL | Hosting and data storage | |
We may share your personal data with any processors when it is necessary to provide services to you or for our business. | |||
Advertising
Direct marketing. We will send you emails, SMS, push messages, and other types of electronic messages and make a phone call if you give your consent or ask us to do so.
Advertisement on the Software. Clakson will display advertisements on the Website based on a legitimate interest to promote our services and earn money on our business, or if you give consent to another physical or legal entity to use your personal data through, for example, Google AdSense or Facebook Network Audience.
Targeting Marketing. We will use targeting marketing via co-controller services based on your consent given to our co-controller (for example, social networks, search engines, websites, mobile applications, and other Internet platforms).
Data for Targeting Marketing. Clakson may use the next type of personal data for targeting you:
- Full name;
- Sex, gender, marital status, and age;
- Registration and residence address;
- Phone number links to social networks, and instant messengers;
- Information about friends and contacts;
- Physical and email address;
- Place of work;
- Search terms and preferences;
- Reactions;
- Information from accounts;
- Any other information.
Basis of targeting marketing. Clakson processes this personal data based on joining to the Terms of Use and under the Privacy Notices of our co-controllers, on the grounds and for the purposes specified in the documents of the respective platforms.
Right exercise on targeted marketing. To exercise your rights to data subjects, you need to check the settings of the respective platforms and/or contact their support services.
Personal Data Transmission
Transmission in general. We can transmit your personal data to Processors, Co-controllers, and Third Parties, based on the law, court, or governmental body decision.
Transmission in specific situations. We have the right to transfer your personal data by default to countries recognized by the EU Commission as providing an adequate level of protection, generally or partially, in specific industries.
Personal Data Protection
Protection in general. We protect your personal data through technical and organizational measures.
Measures of protection. These measures include:
- HTTP connection with SSL and TLS certificates;
- Training employees in cyber security and data privacy via onboarding;
- Employees distribute access to personal data;
- Distribute storing in different databases;
- Safe servers for web hosting and data storage;
- Integration with Third Party’s software through official APIs;
- Strong password requirements;
- Server controlling.
Data Breach Notification
Notifying the DPA. We shall notify the respective DPA through any designated by DPA means of communication within 72 hours after we become aware of the data breach and report the following information:
- Describe the nature of the data breach;
- Contains the name and contact details of the responsible person from whom more can be obtained more information;
- Describe the possible consequences of the data breach;
- Describe the measures taken or proposed by us to address the data breach.
Notifying You. If a data breach may lead to a violation of your rights and freedoms or has a high risk of this, we shall immediately inform you in any possible means of communication, in particular the e-mail, in-app, and push messages of the fact of the data breach and report the following information:
- Describe in clear and simple language the nature of the data breach;
- Contains the name and contact details of the responsible person from whom more can be obtained more information;
- Describe the possible consequences of breaching the security of personal data;
- Describe the measures taken or proposed by us to address the data breach;
- Provide you with useful tips and know-how that can help you in reducing the risks of a data breach.
Miscellaneous
Effective date. This version of the Privacy Notice is valid from the Effective date.
Governing Law. This Privacy Notice shall be governed by and construed under the laws of Estonia, without giving effect to any principles of conflict of laws.
Disputes. All disputes or claims about this Privacy Notice are resolved within 30 business days of negotiation, if negotiation doesn’t work the court of Estonia under Estonia law must resolve it. The defeated party should pay all reasonable court and attorneys’ fees and costs.
Changes. We may make changes from time to time without your consent. The new version will be valid from the time of the changes noted at the beginning of this Privacy Notice.
Languages. This Privacy Notice is available in English. If there are any differences between the English and any other translated versions, the English version shall prevail.
Contact Information
Direct Contact. You can contact us electronically via email at [email protected]. We will give you an answer as soon as possible, but no more than 30 calendar days.
Contact Person. You can send to us a paper letter on Harju maakond, Tallinn, Lasnamäe linnaosa, Väike-Paala tn 2, 11415. Contact person is Eesti Firma OÜ. It will give you an answer as soon as possible, but no more than 30 calendar days.
Contact DPA. The User can ask DPA any question about his personal data or make a complaint through the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en The timing and procedure for responding depend on the internal policies of DPA.
Contact Processors and Co-controllers. The User can make inquiries or complaints to our Processors and Co-controllers via any available means of contact on their websites. The timing and procedure for responding depend on the internal policies of our Processors and Co-controllers.
Legal
Company Name | Clakson OÜ |
Company Number | 16859836 |
Legal Address | Harju maakond, Tallinn, Lasnamäe linnaosa, Väike-Paala tn 2, 11415, Estonia |