Cookies, Privacy and GDPR Policy

Updated: January 2019

Spoilsins (“us”, “we”, or “our”) operates the www.spoilsins.com website (hereinafter referred to as the “Service”) and respects your privacy. We are committed to safeguarding your privacy and protecting your information against unauthorized use. This privacy policy (the “Policy”) applies to Spoilsins its affiliates for the European Economic Area (“EEA”).  

 

PURPOSE OF THIS POLICY

This Policy explains our approach to any personal information that we might collect from you using this website (the “Site”) and in other situations, and the purposes for which we process your personal information. This Policy also sets out your rights in respect of our processing of your personal information.

This Policy will inform you of the nature of the personal information about you that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it. This Policy is intended to assist you in making informed decisions when using the Site.  

This Policy complies with the standards set by Regulation (EU) 2016/79 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

For purposes of this Policy, the term “Consumer” should be understood to mean any individual providing personal information to us via the Site or otherwise, but excluding all Spoilsins employees.

Please note that by using or accessing the Site, you signify your agreement to be bound by and to this Policy. If you do not agree to this Policy, you may not access or otherwise use the Site.

 

TYPE OF INFORMATION WE COLLECT  

Personal information is information that identifies you as an individual. Categories of personal information we collect through this Site includes:

  • contact information (e.g. name, physical address, telephone number, email address),
  • any additional information you submit to us.

This Site does not collect personal information unless you voluntarily submit that information to us or participate in the interactive features on the Site.

Additional information about the personal information we collect is described in the section HOW WE USE PERSONAL INFORMATION and the COOKIE POLICY below.

 

WAYS OF OBTAINING PERSONAL DATA

We do not obtain any personal information about a Consumer unless the Consumer has provided that information to us in a way providing for its clear and unequivocal consent to do so, including but not limited to visiting our website, by completion of a consent form or survey, or completion of an on-line or hard copy form. Consumers may choose to submit personal or private information by regular mail, e-mail, facsimile, electronic transmission over the Site, interoffice mail, or personal delivery, as each of these methods may be deemed applicable each time.

 

HOW WE USE PERSONAL INFORMATION

Our primary goal in collecting personal information from you is to:

  • verify your identity,
  • help us improve our services and develop and market new services,
  • carry out requests made by you to us,
  • comply with any applicable law, court order, other judicial process, or the requirements of a regulator,
  • protect the rights, property or safety of us or third parties, including our other clients and users of the Site,
  • provide support for the provision of our Services, and
  • use as otherwise required or permitted by law.

 

USES OF PERSONAL INFORMATION COLLECTED THROUGH THIS SITE

The following describes how we use personal information that we collect through this Site:

  • Cookies.

We use cookies and similar other technologies to collect information from the computer hardware and software you use to access the Site, or from your mobile.  Please see our Cookie Policy for additional information.

The information you provide to us may be archived or stored periodically by us according to our standard backup processes and our document retention policy.

 

LEGAL BASIS

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests,
  • Where you have consented to a certain use of your personal information, or
  • Where we need to comply with a legal or regulatory obligation.

To the extent permitted under applicable laws, we will also process, transfer, disclose, and preserve personal information when we have a good faith belief that doing so is necessary.

In circumstances where we rely on consent we will ask for your consent at the point of collection.  Where we intend to further process your personal information, we may contact you to seek your consent for new purposes.

Where your personal information is completely anonymised, we do not require a legal basis to use it as the personal information will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymised personal information may be subject to other laws where your consent is required.

 

COLLECTION FROM THIRD PARTIES

We also collect personal information about you from various third parties and public sources. We reserve the right to supplement your personal information with information we gather from other sources which may include information we gather from online and offline sources.

 

PERSONAL INFORMATION OF CHILDREN  

We do not intend to or knowingly collect personal information from children.

 

DATA TRANSFER

Personal information might be sent to the following third parties in or outside the EEA:

  • Third Parties: We may be required to disclose certain personal information to other third parties: (1) as a matter of law (e.g. to tax and social security authorities); (2) to protect our legal rights; (3) in an emergency where the health or security of an employee is endangered (e.g. a fire); (4) to law enforcement authorities in accordance with the relevant legislation in the different EEA Member States including but not limited to legislation transposing EU/2016/1148 concerning measures for a high common level of security of network and information systems across the EU (the “Network Information Security Directive”).

Therefore, we may transfer your personal information outside the EEA:

  • In order to store it.
  • In order to enable us to provide services to you.
  • Where we are legally required to do so.
  • In order to facilitate the operation of our group, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

 

CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL INFORMATION

We are committed to keeping the personal information you provide to us secure and we will take reasonable precautions to protect your personal information from loss, misuse or alteration.

To safeguard against unauthorized access to personal information by third parties outside our organization, all electronic personal information held by us is maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected from unauthorized personnel, fire detection and response systems. The location of these servers is known to a limited number of our employees.

We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:

  • unauthorized access;
  • improper use or disclosure;
  • unauthorized modification; and
  • unlawful destruction or accidental loss.

All of our employees and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our services.

 

ACCESSING YOUR DATA

You have the right under certain circumstances:

  • To see the personal information we hold about you,
  • Request your data be corrected or erased where appropriate,
  • To restrict the processing of your personal information while we investigate your concern,
  • Where processing is based on your consent, to receive your personal information in a commonly used electronic format, or ask that we move your personal information in that format to another provider, where your request relates to the data that you gave us directly and where technically possible, and
  • To withdraw your consent at any time when processing relies upon consent.  

Consumers have the right to be provided with information as to the nature of the personal information we store or process about them, and to request deletion or amendments. These requests can be made verbally or in writing at our contact information provided in the section below entitled ENFORCEMENT RIGHTS AND MECHANISMS.  We will respond within one month to such requests.

If access is denied, Consumers have the right to be informed about the reasons for denial. Consumers may use the dispute resolution described in the section entitled ENFORCEMENT RIGHTS AND MECHANISMS, as well dispute resolution available through a competent regulatory body or authority. We will handle, in a transparent and timely manner, any internal dispute resolution procedure relating to the collection and processing of personal information.

If any information is inaccurate or incomplete, a Consumer may request that data be amended. It is every person’s responsibility to provide us with accurate personal information and to inform us of any changes (e.g. new home address or change of name).

If a Consumer demonstrates that the purpose for which the data is being processed is no longer legal or appropriate, the data will be deleted, unless applicable law requires otherwise. Consumers can also object to direct marketing, or in certain other cases, object to processing more generally.

To exercise these rights, please contact us using the information provided in the following section of this Policy.

 

ENFORCEMENT RIGHTS AND MECHANISMS

If you have any complaints regarding our privacy practices, you have the right to make a complaint at any time to your local supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority so please contact us in the first instance.

We will ensure that this Policy is observed and duly implemented. All persons who have access to personal information must comply with this Policy. Violations of the applicable data protection legislation in the EEA may lead to penalties and/or claims for damages.

If at any time you believe that your personal information has been processed in violation of this Policy, or if you have any inquires or complaints about the use or limitation of use of your personal information, you may contact the following individuals:

 

Contact in the EEA:

Name: Nikolaos Broikos

Email:  [email protected]

 

We are committed to cooperate with the different national EEA Data Protection Authorities (“DPAs”) and to comply with their dispute resolution procedures in cases of complaints.  We are also committed to complying with any regulations or guidelines that DPAs may issue from time to time in accordance with EEA and Member State data protection legislation. We undertake to register and/or keep our registration updated as a data controller and/or processor in all jurisdictions where we maintain entities in the EEA.

Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal information.  This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal information from you than we currently have.

 

CONSENT

Where our use of your personal information requires your consent, you can provide such consent:

  • at the time we collect your personal information following the instructions provided; or
  • by informing us by e-mail, post or phone using the contact details set out in this Policy.

Please note that if you specifically consent to additional uses of your personal information, we may use your personal information in a manner consistent with that consent.

 

COOKIE POLICY

We use cookies and similar technologies to collect personal information from the computer or other device you use to access the Site. “Cookies” are pieces of information that may be placed on your device for the purpose of collecting data to facilitate and enhance your communication and interaction with our Site. We may also allow certain third parties to place cookies as described below. 

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

We use cookies for the following purposes:

  • To enable certain functions of the Service

We use both session and persistent cookies on the Service and we use different types of cookies to run the Service:

Essential cookies. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.

You can review your Internet browser settings to exercise choices you have for certain cookies. If you disable or delete certain cookies in your Internet browser settings, you might not be able to access or use important functions or features of this Site, and you may be required to re-enter your log-in details.

 

 

 

DPAs

We will respond diligently and appropriately to requests from DPAs about this Policy or compliance with applicable data protection privacy laws and regulations. Our employees who receive such requests should contact their human resources manager or business legal counsel. We will, upon request, provide DPAs with names and contact details of relevant persons. With regard to transfers of personal information between our entities, the importing and exporting entities will (1) cooperate with inquiries from the DPA responsible for the entity exporting the data and (2) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.

 

OPT OUT AND UNWANTED COMMUNICATIONS

To opt-out of any future communications from us, you should send a request to us at the contact information listed in the section entitled ENFORCEMENT RIGHTS AND MECHANISMS.  We will process your request within a reasonable time after receipt.  Please note that if you opt out in this manner, certain aspects of this Site may no longer be available to you.

 

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

We retain personal information only for as long as is necessary for the purposes described in this policy, after which it is deleted from our systems.

 

MODIFICATIONS TO THE POLICY

We reserve the right to modify this Policy as needed, for example, to comply with changes in laws, regulations or requirements introduced by DPAs. We will inform Consumers of any material changes in the Policy. We will post all changes to the Policy on relevant internal and external websites.