We operate our site and our services in compliance with applicable data protection laws, including the EU General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act ("CCPA"). For more information, please see Section 6 "YOUR RIGHTS UNDER GDPR". If you are a California resident, please also see section 7 "INFORMATION FOR CALIFORNIA RESIDENTS."
You can contact us if you have any question about our privacy practices. We will be happy to provide you any assistance you may need.
1. WHO DECIDES “HOW” AND “WHY” YOUR PERSONAL DATA IS PROCESSED?
The following company decides how and why your personal data is processed, and for GDPR purposes is the “Data Controller”:
Duodecad IT Services Luxembourg S.à r.l., a Luxembourg-law governed private limited liability company with registered address at 44, Avenue John F. Kennedy, L-1855, Luxembourg, Grand-Duchy of Luxembourg, registered with the Luxembourg Trade and Companies’ Register under number B 207.016.
2. WHAT PERSONAL DATA DO WE PROCESS?
The data we collect and use varies depending on the products, services and features you are looking for. The personal data we collect or that you decide to provide to us includes the following categories of data:
- Personal data you provide when you open an online customer’s account If you choose to create an online customer’s account on our Website, we will ask you to provide the following information:
Additional information in relation to your purchases, your payment method or delivery address might be stored in your account.
- Personal data you provide to us in relation to your purchase(s) on the Website
- Personal data from site use
We collect and process information about you when you are using our Website. This means that, when you visit our Website or place an order, even if you have not created an account or logged in, we collect data, including:
• Log data, device and usage information:
If you are using a mobile device, we might also collect:
• Information collected by cookies and other technologies
Most web browsers are set to accept cookies by default. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Keep in mind, though, that blocking cookies may negatively affect your use of the services on our site.
You can opt-out of the creation of a user profile, Hotjar’s storing of your usage data and Hotjar’s use of tracking cookies by following this opt-out link.
3. WHY DO WE PROCESS YOUR PERSONAL DATA?
We use the information we collect for the following purposes:
- Customer’s account activation
We process this information to perform the contract that we have with you. We use the personal data you provided us when creating your online account to open and administer this account. The account allows you to exercise control over your personal data, manage your purchases, your profile and account settings (e.g. delivery address, etc.).
- Process payment, proceed to the delivery and organize any returns
The use of your personal data in strictly necessary in this instance to perform the contract we have with you. We use the data you provided to process the payment of the products you purchased on the Website, proceed to their delivery and organize any return after the purchase.
However, please note that certain data processing operations associated with the purchase process, such as the storage of your payment card data for future purchases, only applies when you give your consent to such processing.
- Website management and optimization
To understand how we can improve our Website services and/or find better ways to promote our services to others, we collect your personal data for analytical and statistical purposes.
To better understand your needs and how we can improve our Website, we compile the information you gave to us or that we collected about you when visiting pages on our site or while placing an order, to detect general trends regarding the preferences/habits of our users. This helps us, for example, to generate statistics reports on our customers’ activity based on the countries, or products purchased. The information in these reports is in aggregate form, and cannot be used to identify individuals.
We also use limited information to tailor our services for you. For example, when you visit and/or log in on our Website we use your IP address to determine the country where you are from, and display our webpages in your language (within the limits of the languages available on the site), so if you visit or login on our site from the United States, our site will automatically display content in English.
- Customer relationship management
Customer relationship management is key to any service and included in this term is any contact we have with you.
Our Customer Support team operates 24/7. By sharing your personal details and your questions, requests or claims with our Customer Support team, we will be able to provide you with your answers, and any help you may require, more efficiently.
All your communications with our Customer Support team and any information you provide are stored and reviewed so that we may respond to your request.
Some of the recorded communications with you will be used for training purposes within the Customer Support so that we can provide you with excellent customer service.
Please be aware that our Customer Support team will have access to all information that has been collected about you. By having this access, we ensure that they have everything they need to give you an appropriate and efficient response.
Please note that Customer Support team will use various means to contact you including email and phone, as appropriate.
We may also communicate with you through emails or any other appropriate means, to inform you of any changes regarding our site or announcements relating to your account activation or purchases, (e.g., successful account creation, shipping information, etc...).
Please be advised that the processing and use of your personal data is necessary given our legitimate interest to deliver appropriate customer support to you and to provide you with relevant information as regards the Website and your account.
- Sending of our newsletter
If you subscribe to the newsletter, you consent to the processing of your data to manage your subscription and/or to send you information about our products and/or services. You can, of course, unsubscribe from receiving our newsletter at any time, using a link contained within the emails themselves or by contacting us as provided in Section 9 “How to Contact Us?”.
- Ensure a safe and Trusting Environment
To protect you and our business, we use your personal data to detect and prevent fraud/illegal activities, and for security & risk assessment (e.g., authentication & verification of identity).
We have a legitimate interest in keeping you and our business safe.
- Comply with any legal requirements and enforce our legal rights
We may rely on a legal obligation to process your personal data. For example, we must retain your transaction information to maintain legally required accounting records.
We may also use your information to respond to requests of competent authorities or given our legitimate interest to establish, exercise or defend legal claims. If necessary, we would use your data to investigate issues with the bank processing your payment, or with a debt collector, in cases of unpaid transactions, or refunds.
4. WITH WHOM DO WE SHARE YOUR DATA?
We share a portion of your personal data with the following parties:
- Entities of our Companies’ Group
We share your personal data with the following companies of our group based in Luxembourg and Hungary, as they are helping us to deliver the services to you:
- Service providers
As we constantly work on the development and enhancement of the technology to support our site, our third party service providers may regularly change. Such entities mainly belong to the following areas:
- Payment providers and financial institutions
When you purchase products on our Website, depending on your choice of payment method, a third party bank or a payment processor may process your payment. If this is the case, you may need to share personal data with them in order to complete the transaction.
You may receive transactional emails from this party confirming the order, including dispatch, possible refunds, and follow-up invitations to leave feedback for this party.
We may share information with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.
- Law enforcement agencies or governmental authorities
To the extent permitted by applicable laws, we may also share information with law enforcement agencies or authorities, if such disclose is reasonably necessary for the following:
- Business transfers
Your information may be transferred to another entity of our group (i.e. reorganization, restructuring, etc.) or third party (i.e. sale, merger and/or acquisition, etc.) if part (more than 50%) or whole of the business (or related assets) is either directly or indirectly transferred or falling under the control of the new owner.
5. HOW DO WE PROTECT AND HOW LONG WE RETAIN YOUR PERSONAL DATA?
We implement various security measures, technical and organizational, to grant protection to your personal data against unauthorized access, modification, disclosure or deletion.
We implement data loss prevention systems against leakage, theft and data breach. We periodically test our IT systems and do penetration tests. Our Website incorporates reasonable security technologies available to ensure safety of its users and the safekeeping of their related information.
We do not normally retain personal data of visitors, who did not place any order, for more than ten to fifteen days, though this period is typically shorter (depending on traffic volume). Any information collected to verify your identity in connection with a request (e.g., a request to access your data) will only be kept for a short time, typically no more than five days. Otherwise, we will retain personal data for as long as we consider it necessary to:
- Process and track your orders and maintain your customer’s account
To enable us to process and track your order(s), organize any return, and maintain your customer’s account.
- Legal Obligation Compliance
For example, we may keep some of your information for tax, legal reporting and auditing obligations. Please note that in accordance with Luxembourg legislation, financial information will be kept for a minimum period of 10 years.
- Legitimate Interests and Business Conduct
For example, if we suspend or close your account due to fraud or illegal activities, we may retain certain information about you to prevent you from opening a new account in the future. Such information will also be kept available in case of ongoing judicial proceedings and/or investigations.
As we have said, the protection of your information and our Website from accidental or malicious loss and destruction is one of our top priorities.
Residual copies of some of your personal information will be kept on our backup systems for 30 days.
Some anonymized copies of your information may also remain in our database.
If you have a question about any specific retention periods of certain personal data, please contact us via the contact details provided in clause 8: "How to contact us?".
6. YOUR RIGHTS UNDER GDPR
- Information on the transfer of your personal data outside of the European Economic Area?
As we are a Luxembourg based company, we comply with the EU Data Protection Regulation, “GDPR.” Regardless of whether you are located in Europe or elsewhere, our own location in Europe requires us to comply with GDPR. You can read the entire Regulation here.
If we transfer your personal data outside of the EEA, we endeavor to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected. For this purpose, we utilize the Standard Contractual Clauses approved by the European Commission that you can find here.
- What are Your Rights Regarding Your Personal Data?
We have done our best below to explain what your rights are under GDPR and how you can exercise them. If, despite of our below explanations, you are still unsure about the actions you can take or the conditions of exercise of your rights, do not worry, our Support Team will provide you with all the assistance you need when exercising your rights. You may also contact us, at any time, before exercising any of your rights, and we will reply to your request as quickly as possible.
Our Support Team will provide you with information on actions taken within one month of the day of receipt of your request. Only in exceptional circumstances, when we face complex and a high number of requests, we may extend this period of response up to two further months.
Please note that rights may be exercised free of charge. However, unfounded or excessive requests, in particular because of their repetitive character, will lead to the payment of a fee.
Please also understand that, because your privacy is so important for us, our Support Team may need to duly verify your identity and ask you to provide additional information before executing your request.
• Data access and data portability
You have the right to access the personal data that we hold about you by requesting a copy of your personal data, free of charge, sending us an email to [email protected].
Upon verification of your identity, your request will be sent to our Support Team.
If we consider that your request is manifestly unfounded or excessive (e.g., due to multiple requests in a short period), we may refuse to act or charge a reasonable fee taking into account the administrative costs for providing you with the information.
In certain cases, you are also entitled to request copies of personal data that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible). To exercise this right, you can send an email to [email protected].
• Rectification of inaccurate or incomplete data
You have the right to request that we correct any inaccuracies in your personal data. For this purpose, you can contact our Customer Support or send an email to [email protected].
• Data Erasure
If you no longer want us to use your information, you can request that we erase your personal data and close your account, if any. Requests for account cancellation or closure will be considered as a request for erasure of your personal data.
Your request will be sent to our Support Team who will contact you. However, if you face any difficulties, please contact us at any time.
When the erasure process starts, you will not be able to log into your account.
Please note that even if you request the erasure of your personal information, we will retain some of it for as long as we consider it necessary for compliance with our legal obligations or other legitimate interests as explained above in section 5 “How do We Protect And How Long Do We Retain Your Personal Data?”.
• Right to object
We process your data for a variety of reasons as explained in section 3 “Why do We Process Your Personal Data?”.
Applicable law may entitle you to require us not to process your personal data for some specific purposes where such processing is based on legitimate interest. If you object to such processing we will stop processing your personal data for those purposes.
In specific situations, we may have to refuse the execution of your request. This would be the case where we have legitimate grounds to continue such processing or if we have to establish, exercise or defend legal claims.
• Right to restriction of processing
You have the right to request that we stop processing your personal data, while we resolve any issues. This is only possible in the following four cases:
Despite your request, we may continue to process your data if we have to establish, exercise, or defend legal claims. We will notify you before lifting a restriction.
• Right to lodge a complaint with a supervisory authority
If you consider that our processing of your personal data infringes the GDPR or any other applicable national laws, you have the right to lodge a complaint with a supervisory authority (e.g. your local authority or the CNPD).
7. INFORMATION FOR CALIFORNIA RESIDENTS
Please note that we do not “sell” your personal data, as that term is defined in CCPA.
- Your Right to “Know” and to Request Deletion
You have the right to know the categories and specific pieces of personal data we have collected about you. You have the right to know the categories of sources from which the personal data has been collected, the business or commercial purpose for collecting or selling personal data, and the categories of third parties with whom we share personal data.
You also have the right to request deletion of personal data we’ve collected or maintain. Please note this right is subject to certain exceptions, including without limitation our retaining information as necessary to protect against malicious, deceptive, fraudulent, or illegal activity, to comply with our legal obligations, and for other internal purposes.
To exercise these rights, you can contact us as provided in Section 9 “How to Contact Us?”. Please note that any requested disclosures in connection with a request to know will only apply to the 12-month period preceding the request, and you are entitled to request disclosure twice in any 12-month period.
- Personal Information Disclosed
You also have the right to know what categories of personal data we’ve disclosed for a business purpose, and the third parties to whom that information was disclosed. In the past 12 months, we’ve disclosed for a business purpose the following categories of information to the following parties: Usage/device information (including, without limitation, your IP address, as the case may be) to our business intelligence and analytics service providers (e.g., Hotjar, Google Analytics); Payment/transaction data to our customer/payment service providers; and identification information, contact information, device and usage information, payment information (as the case may be) to our antifraud service providers and auditing service providers.
- Your Right to Non-Discrimination
You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by CCPA, including but not limited to by denying you services, charging different prices or rates, or providing you with a different level or quality of services. Please note, however, that the exercise of some of your rights (e.g., to delete your data) may render it impossible for us to continue to deliver services to you.
- Your Right to Use an Authorized Agent
You have the right to designate an authorized agent to make a request under the CCPA on your behalf. To designate an authorized agent, please contact us as provided in Section 9 “How to Contact Us?” below. In order to verify you have authorized an agent we may require a signed, written authorization from you.
- Do Not Track
Some browsers have a “do not track” feature that lets you tell websites you do not want to have your online activities tracked. Because these features are not yet uniform, we do not presently respond to “do not track” signals. We will however treat any “do not sell” or similar signals as opt-out requests under CCPA.
If we make any important changes, we will let you know by placing a notice on the relevant site and/or contact you directly, using other methods such as email.
9. HOW TO CONTACT US?
DuoDecad IT Services Luxembourg S.À.R.L.,
44, Avenue John F. Kennedy
Grand Duchy of Luxembourg
We are also happy to inform you that we have an employee dedicated to ensuring your privacy, our Data Protection Officer. You can directly reach our Data Protection Officer via email at: [email protected] or mail to the following address:
To the attention of the DPO
DuoDecad IT Services Luxembourg S.À.R.L.
44, Avenue John F. Kennedy
Grand Duchy of Luxembourg