Processing of Personal Data of tokenware.io´s Customers and Website Users
Updated: 15th November 2018
We at tokenware.io / Seed & Foster GmbH (“we” or “us”) believe that protecting our customers’ and business partners’ privacy is crucial to our business and values. In the course of our business operations, we receive, collect, maintain, use and share personal data on customers and business partners. We are committed to protecting the privacy of individuals who visit our website (visitors), individuals who register to use our services (customers), and individuals who register to attend our corporate events (attendees) (collectively hereinafter “Data Subject(s)” or “User(s)”).
We act as a controller with respect to the information we process in connection with our business relationships. For example, we are the controller in relation to Data Subjects’ contact details and other commercial Personal Data. On the other hand, we may also act as a processor of Data Subjects’ Personal Data when our customer and business partners engage us to process Personal Data on their behalf, for example in connection with the provision of the Services. We may also act as a processor in certain circumstances when our customers use third party service providers in connection with our Services (e.g. Facebook). When we act as the processor, we process the data in accordance with applicable privacy laws and the data processing agreement entered into with the controller, where applicable. In such a case, please refer to the Privacy Policies of controllers for further information on the processing of Personal Data.
1. Processing of Personal Data
We process Personal Data of Data Subjects to offer the Services, including the processing and execution of demo requests relating to the Services, and to contact and market our Services to the participants of our business events and to contact and send marketing material to the visitors of our websites who submit us their information in a form or otherwise with the intent to receive marketing or other information from Smartly.io. In this context, Personal Data may be processed for market and customer analysis, reporting and statistical purposes, marketing purposes such as customised marketing, administration notices, database management and maintenance, product suggestions and offers, interaction with external social networks, access to third party services' accounts and platforms, heat mapping and newsletters. Personal Data may be used for direct marketing, including, where applicable, by electronic means unless objected by the Data Subject.
Further, Personal Data may be used for invoicing and to send important information to the Data Subject e.g. regarding changes of applicable fees, price list and conditions, or to contact the Data Subject and provide information customised Services according to the interests of the Data Subject. We process Personal Data on the following basis:
- for the performance of the contract between us and the Data Subject (Article 6.1(b) of the GDPR);
- for the purposes of our legitimate interests related to the customer and business relationships between us and the Data Subjects (Article 6(f) of the GDPR);
- to comply with legal obligations applicable to us (Article 6(c) of the GDPR, such as corporate and accounting).
We may ask for Data Subject’s consent for the processing of certain type of Personal Data (for example for a campaign). When collecting such consents, we inform the Data Subject of the respective purposes of processing and such processing is conducted only when appropriate consent is received.
We may ask for certain Facebook permissions allowing us to perform actions with the Data Subject’s Facebook account and to retrieve information, including Personal Data, from it. This allows our Services to connect with the User's account on the Facebook social network, provided by Facebook Inc. In this context, the following permissions may be asked: About Me, Access Rights (including but not limited to Ad Account Access, Business Manager Access), App Notifications, Contact Email, Manage Advertisements, and Manage Pages. For more information about the Facebook permissions, refer to the Facebook permissions documentation and to the Facebook Data Policy.
Use of Social Plugins
Our website also uses social plugins. These plugins usually collect data from you by default and transmit them to the servers of the respective provider. In order to guarantee the protection of your privacy, we have taken technical measures to ensure that your data cannot be collected by the providers of the respective plugin without your consent. When visiting a page on which the plugins are integrated, these are initially deactivated. Only when you click on the respective symbol are the plugins activated and you thereby give your consent that your data can be transferred to the respective provider. The legal basis for the use of the plugins is Art. 6 Paragraph 1 a and f GDPR. After activation, the plugins also collect personal data such as your IP address and send it to the servers of the respective provider, where it is stored. Furthermore, activated social plugins use a cookie with a unique identifier when connecting to the respective website. This also allows providers to create profiles of your usage behaviour. This also happens if you are not a member of the social network of the respective provider. If you are a member of the social network of the provider and you are logged in to the social network during your visit to this website, your data and information about your visit to this website may be linked to your profile on the social network. We have no influence on the exact extent of the data collected from you by the respective provider. For more information about the scope, type and purpose of data processing and about rights and setting options for the protection of your privacy, please refer to the data protection information of the respective provider of the social network. These can be found at the following addresses:
2. Personal Data we collect and use
We do not collect sensitive information (Personal Data of special categories).
3. Disclosure of Personal Data
Personal Data may be transferred outside the European Union and the European Economic Area (“EU/EEA”), including but not limited to, the United States of America, China, Australia, Singapore and Argentina as well as other locations and jurisdictions in which we conduct our business. Such transfers outside the EU/EEA are performed subject to appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission in accordance with the GDPR (“Standard Data Protection Clauses”).
The applicable Standard Data Protection Clauses are made available for review to the Data Subject upon request.
4. Retention Period
We retain Data Subject’s Personal Data for 3 years from Data Subject’s latest purchase or contact with us. Personal Data may be, wholly or in part, retained for longer or shorter term if required by applicable law or if there is other justified reason to retain or delete them. In such a case, Data Subject’s Personal Data shall be erased with no further delay after there is no longer any need for such a retention.
We evaluate the necessity and accuracy of the Personal Data on a regular basis.
5. Data Subjects’ Rights
Data Subject has a right to request from us:
- access to and rectification or erasure of Data Subject’s Personal Data;
- for restriction of processing concerning the Data Subject or to object to processing; and
- to receive, under certain preconditions, Data Subject’s Personal Data in a structured, commonly used and machine-readable format and to transmit those data to another controller.
Data Subject may exercise the aforementioned rights by sending a written request to us. Where the processing is based on consent, Data Subject has a right to withdraw such consent at any time. Please Policy that this will not affect the lawfulness of processing based on consent before its withdrawal.
In case the Data Subject considers that its rights under the data protection laws are infringed, the Data Subject may lodge a complaint with the supervisory authority of the Data Subject’s residence in the EU or In Berlin, the headquarters of Seed & Foster GmbH is the competent supervisory authority: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
6. Security Safeguards
Securing the integrity and confidentiality of Personal Data. We have taken adequate technical and organisational measures in order to keep Personal Data safe and to secure it against unauthorized access, loss, misuse or alteration by third parties, such as encryption, access controls, firefalls. Nevertheless, considering the cyber threats in modern day online environment, we cannot 100% guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to Personal Data and the absolute security of that information during its transmission or its storage on our systems.
8. Contact information of data controller
Data controller: Seed & Foster GmbH, Oberwallstraße 6,10117 Berlin, Germany