PRIVACY POLICY

This privacy policy (hereinafter "Privacy Policy“) applies to the use of our online offering www.spitana.com (hereinafter „Website“).


The protection of your personal data and data privacy in general is very important to us. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).


By using our Website you are confirming that you are happy to accept our collection, processing and use of your personal data according to this Privacy Policy. 



1. CONTROLLER

Controller (hereinafter „Controller“) for the collection, processing and use of your personal data pursuant to Article 4 Section (7) GDPR:

    

  First Floor 2 Central Parade

  101 Victoria Road

  Horley, Surrey, RH6 7PH

  United Kingdom

   Authorised managing directors: Ole Fjordside, Goncalo Saudade e Silva, Dinis Brazao


    Email: privacy@spitana.com

    Website: www.spitana.com


    Company number: 12570543

If you wish to object to the collection, processing or use of your data by us in accordance with this privacy policy as a whole or for individual measures, you can address your objection to the Controller. You can save and print this Privacy Policy at any time. Valid is always the currently online version, though. 



2. DATA PROTECTION OFFICER

According to § 38 BDSG (Bundesdatenschutzgesetz, i.e. Federal German Privacy Act) we are not obliged to appoint a data protection officer. In case of a question, please contact the Controller named above. 



3. GENERAL PURPOSES OF PROCESSING


We use personal data for the following purposes:

Communicating with you regarding our products, services and projects, e.g. to process inquiries.

Planning, execution and management of the (contractual) business relationship with you, e.g. to handle the ordering of products and services, for bookkeeping and billing purposes, and to carry out deliveries, maintenance or repairs.

Conducting customer surveys, marketing campaigns or market analysis.

Operation of the website.

Maintaining and protecting the security of our products and services and our website, preventing and detecting security risks, fraudulent activity or other criminal or intentional acts.

Compliance with legal requirements (such as tax and commercial requirements for record-keeping).

Settling litigation, enforcing existing contracts and asserting, exercising and defending legal claims.



4. WHAT DATA WE USE AND WHY

Below you will learn what data we use and our reasoning for doing so.



4.1. HOSTING

We use hosting services to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services we use to operate the site. In doing so, we or our hosting service provider processes inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of our website pursuant to Article 6 Section (1) Letter f) GDPR in conjunction with Article 28 GDPR.



4.2. ACCESS DATA

We collect information about you when you use this website. We automatically collect information about your usage and interaction with us and register information about your computer or mobile device. We collect, store and use data about every access to our website (so-called server log files). Access data includes:


  • Name and URL of the retrieved file.

  • Date and time of retrieval, amount of data transferred.

  • Message about successful retrieval (HTTP response code).

  • Operating system, browser type and browser version.

  • Referrer URL (i.e. the previously visited page).

  • Websites that are accessed by the user's system through our website.

  • Internet service provider of the user.

  • IP address and the requesting provider.


We use this log data without assignment to you or other profiling for statistical evaluations for the purpose of operation, security and optimization of our website, but also for the anonymous recording of the number of visitors to our website (traffic) and the extent and nature of use of our website and services, as well as for billing purposes if necessary, to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalised and location-based content, analyse traffic, troubleshoot and improve our services. This is also our legitimate interest in accordance with Article 6 Section (1) Letter f) GDPR.



4.3. COOKIES


We use so-called session cookies to optimise our website. A session cookie is a small text file that is sent by the respective servers when visiting a website and is stored on your hard disk. As such, this file contains a so-called session ID, with which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognised when you return to our website. These cookies are deleted after you close your browser. They serve e.g. that you can use a shopping cart feature across multiple pages.

Our legitimate interest in the use of cookies in accordance with Article 6 Section (1) Letter f) GDPR is to make our website more user-friendly, effective and secure.


You can set your browser so that you are informed in advance about the setting of cookies and can decide on a case-by-case basis whether you exclude the acceptance of cookies for specific cases or in general, or that cookies are completely prevented. This may limit the functionality of the site.



4.4. EMAIL CONTACT

When you contact us (for example, by contact form or email), we will process your details for processing the request as well as for follow-up questions. If the data processing is for the implementation of pre-contractual measures, which are made in response to your request, or - if you are already our customer - it is for the execution of the contract, the legal basis for this data processing is Article 6 Section (1) Letter b) GDPR.

We process further personal data only if you consent to it (Article 6 Section (1) Letter a) GDPR) or we have a legitimate interest in the processing of your data (Article 6 Section (1) Letter f) GDPR). A legitimate interest is e.g. in answering to your email.



4.5 DATA FROM PUBLIC SOURCES

If necessary, we will attempt to complete personal data transmitted by e.g. an email with the help of public sources (for example information on the websites of the associated company or the associated institution). The legal basis for this is Article Section (1) Letter f) GDPR, since our legitimate interest lies in processing correct data.



4.6 DATA TO FULFILL OUR CONTRACTUAL OBLIGATIONS

We process personal data that we need to fulfill our contractual obligations, such as name, address, email address, ordered products, billing and payment data. The collection of this data is required for the conclusion of the contract. The deletion of the data takes place after expiry of the warranty periods and legal retention periods, unless otherwise stated. Data associated with a user account is retained for the time this account is maintained. The legal basis for the processing of this data is Article 6 Section (1) Letter b) GDPR, because this data is needed so that we can fulfill our contractual obligations to you.

5. DURATION OF STORAGE

Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued. In some cases, the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will be stored by us only for these legal purposes, but not otherwise processed and deleted after expiration of the statutory retention period. 



6. YOUR RIGHTS AS DATA SUBJECT

Under applicable law, you have various rights to your personal information. If you would like to assert these rights, please send your request to the above-mentioned Controller by email or by post with a clear identification of your person. Below is an overview of your rights.



6.1. RIGHT TO ACCESS

You have the right to receive information about the processing of your personal data. Specifically, this means: You have the right at any time to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to ask us for free information about your personal data stored together with a copy of this data. Furthermore, there is a right to the following information:

1. The processing purposes.

2. The categories of personal data being processed.

3. The recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organisations.

4. If possible, the planned duration for which the personal data are stored or, if this is not possible, the criteria for determining that duration.

5. The right of rectification or erasure of personal data concerning you or restriction of processing by the controller or a right to object to such processing.

6. The existence of a right of appeal to a supervisory authority.

7. If the personal data is not collected from you directly, all available information about the source of the data.

8. The existence of automated decision-making including profiling according to Article 22 Sections (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved, as well as the implications and intended effects of such processing for you. If personal data are transmitted to a third country or to an international organisation, you have the right to be informed about the appropriate guarantees under Article 46 GDPR in connection with the transfer.



6.2. RIGHT TO RECTIFICATION

You have the right to demand that we correct and, if necessary, complete your personal data. Specifically, this means: You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.



6.3. RIGHT TO BE ERASED („RIGHT TO BE FORGOTTEN“) 

In a number of cases, we are required to delete your personal information. Specifically, this means: In accordance with Article 17 Section (1) GDPR, you have the right to ask us to erase your personal data without delay and we are obliged to erase personal data immediately if one of the following reasons applies:

1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

2. You withdraw your consent, on which the processing was based in accordance with Article 6 Section (1) Letter a) GDPR, and lack of any other legal basis for the processing.

3. In accordance with Article 21 Section (1) GDPR, you object to the processing and there are no legitimate reasons for the processing, or you object to the processing according to Art. 21 Section (2) GDPR.


4. The personal data were processed unlawfully.


5. The erasure of personal data is required to fulfill a legal obligation under Union or national law to which we are subject.


If we have made the personal data publicly available and if we are obliged to erase it pursuant to Article 17 Section (1) GDPR, we take appropriate measures, including technical ones, to Controllers who process the personal data, taking into account the available technology and the implementation costs to inform them that you have requested that they delete any links to such personal information or copies or replications of such personal information.



6.4. RIGHT TO RESTRICTION OF PROCESSING

In a number of cases, you may request that we restrict the processing of your personal information. Specifically, this means: You have the right to request from us to restrict processing if any of the following conditions apply:

1. The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.

2. The processing is unlawful and you have objected to the erasure of personal data and have instead requested the restriction of the use of personal data.

3. We no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend your rights, or

4. you have objected to the processing according to Article 21 Section (1) GDPR, as long as it is not certain that the justified reasons of our company outweigh yours.



6.5. RIGHT TO DATA PORTABILITY

You have the right to receive, transmit or have transmitted from us any personal data relating to you in a machine-readable manner. Specifically, this means: You have the right to receive the personal information you provided to us in a structured, common and machine-readable format, and you have the right to submit that information to another Controller without hindrance, provided that

1. the processing is based on a consent pursuant to Article 6 Section (1) Article Letter a) GDPR or on a contract pursuant to Article 6 Section (1) Letter b) GDPR; and

2. the processing is done using automated procedures.

In exercising your right to data transferability, you have the right to request that personal data be transmitted directly by us to another party, as far as technically feasible.



6.6. RIGHT TO OBJECT

You have the right to object to lawful processing of your personal data by us if this is based on your particular situation and if our interests in processing do not prevail. Specifically, this means: You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data concerning you pursuant to Article 6 Article (1) Letter e) or f) GDPR; this also applies to profiling based on these provisions. We no longer process personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

If personal data are processed by us in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

You have the right, for reasons of your particular situation, to object to the processing of personal data relating to you for scientific or historical research purposes or for statistical purposes under Article 89 Section (1) GDPR, unless: the processing is necessary to fulfill a public interest task.



6.7. AUTOMATED DECISION-MAKING INCLUDING PROFILING


You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner.

We do not apply automated decision-making based on the collected personal data.



6.8. RIGHT TO WITHDRAW A DATA PROTECTION CONSENT


You have the right to withdraw your consent to the processing of personal data at any time.



6.9. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY


You have the right to lodge a complaint to a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is unlawful. 



7. DATA SECURITY


We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities. 


Your personal data will be transmitted to us with encryption. This applies to your orders and also to the customer login. We use SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (for example, when communicating via email) can have security gaps. A complete protection of the data from access by third parties is not possible.


To safeguard your data, we maintain technical and organisational security measures in accordance with Article 32 DSGVO, which we always adapt to state-of-the-art technology. We also do not warrant that our offer will be available at specific times; disturbances, interruptions or failures can not be excluded. However, servers used by us are regularly secured. 



8. DISCLOSURE OF DATA TO THIRD PARTIES, NO DATA TRANSFER TO NON-EU COUNTRIES


Basically, we only use your personal data within our company. If and to the extent that we engage third parties in the performance of contracts (such as logistic service providers), they will only receive personal data to the extent that the transmission is required for the corresponding service.


In the event that we outsource certain parts of the data processing ("order processing"), we contractually obligate processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject's rights.


Data is neither currently transmitted to agencies or persons outside the EU nor is this planned for the future.

 

copyright 2020 by SPITANA Ltd