Whitespots Privacy Policy
Last update: 10 March 2023
Welcome to the Whitespots OÜ (official address: Harju maakond, Tallinn, Kesklinna linnaosa, Vesivärava tn 50-201, 10152, registry code: 14914719) (“Whitespots”, “we”, “us” and “our”)!
This Privacy Policy (“Policy”) describes how we collect and use the personal data you provide through the Site (link: https://whitespots.io/). It also describes the choices available to you regarding our use of your Personal Data and how you can access the information. We respect your privacy, and we take protecting it seriously.
This Privacy Policy should be read together with our Terms of Use (“Terms”), accessible from https://whitespots.io/terms-of-use. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms.
For us, our users’ privacy and security are paramount. We are committed to protecting the data you share with us. This Privacy Policy explains how we process information that can be used to directly or indirectly identify an individual (“Personal Data”) collected through the use of our Site (link: https://whitespots.io/) and it’s subdomains (*.whitespots.io).
GENERAL INFORMATION
- This Policy applies to the following people:
- people who use the Service (for this Policy, we define the term “user”, “you”, “your”, and “yours” as a person which has access to the Service);
- people who make complaints to us by email.
- We do not sell your Personal Data to third parties. A “sale” of Personal Data under the CCPA is defined broadly to include the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means” the Personal data of a Consumer to another business or third party “for monetary or other valuable consideration”. If we decide to sell the Service, we will inform you about this, so you can forbid us to transfer your Personal Data with our business. If so, we will delete your Personal Data from the databases before a business transfer.
- This Policy applies to the following people:
PRINCIPLES OF DATA PROCESSING
- We adhere to the following principles to protect your privacy:
- principle of purposefulness — we process personal data fairly and in a transparent manner only for the achievement of determined and lawful objectives, and they shall not be processed in a manner not conforming to the objectives of data processing;
- principle of minimalism — we collect personal data only to the extent necessary for the achievement of determined purposes and do not keep personal data if it is no longer needed;
- principle of restricted use — we use personal data for other purposes only with the consent of the data subject or with the permission of a competent authority;
- principle of data quality — we update personal data, it shall be up-to-date, complete, and necessary for the achievement of the purpose of data processing;
- principle of security — security measures shall be applied to protect personal data from unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures;
- principle of individual participation — the persons shall be notified of data collected concerning him or her, the persons shall be granted access to the data concerning him or her, and the persons have the right to demand the correction of inaccurate or misleading data.
- We adhere to the following principles to protect your privacy:
DATA WE COLLECT
- To fulfill our obligations on the provision of a license for Service Whitespots for you and applicable Terms (to identify our users and provide them with services and meet other contractual obligations), we are entitled to ask you to provide us with your Personal Data, including (but not limited to):
- Full Name (Name and Surname);
- Email address.
- The processing of such Personal Data is based on contract obligations (Art. 6 (1) lit. (b) GDPR) and is performed only for the purposes specified in this Privacy Policy — to meet your request concerning the service, to formalize the development of the contractual relationship.
- We may also receive information about you from other sources, such as when you log in to Module using your account credentials for a separate third-party Software — Auth0.com, such as Google Account. We will receive information from that Software as indicated in the relevant third party’s authorization screen. The processing of such Personal Data is based on consent (Art. 6 (1) lit. (a) GDPR) and is performed only for the purposes specified in this Privacy Policy — providing license and access to Whitespots.
- We may collect Personal Data from you in various ways and circumstances, including, but not limited to, access to Whitespots, a subscription to a newsletter, filling out a form, and providing us with feedback. We shall be entitled to combine Personal Data collected during your interaction with different Service sections with any other relevant available information. The processing of Personal Data is based on consent (Art. 6 (1) lit. (a) GDPR) and is performed only for the purposes specified in this Privacy Policy — to provide a more significant and better experience with our Service.
- To fulfill our obligations on the provision of a license for Service Whitespots for you and applicable Terms (to identify our users and provide them with services and meet other contractual obligations), we are entitled to ask you to provide us with your Personal Data, including (but not limited to):
PERSONAL DATA COLLECTED IN AN AUTOMATIC WAY
- We may also automatically collect data about the devices you use to interact with our Service. Personal Data automatically collected by or transmitted to us in the course of accessing, interacting, and operating the Service may include, without limitation, the following Personal Data:
- device information, which may include (but is not limited to) information about the personal computer or laptop you use to access the Service, including the hardware model, the Service you use, and other device identifiers;
- server log information, which may include (but is not limited to) your login details, the date and time of visits, the pages viewed, your IP address, time spent at the Service.\The processing of such Personal Data is based on a legitimate interest (Art. 6 (1) lit. (f) GDPR) and is performed only for the purposes specified in this Policy — to contact you about, and conduct, surveys or polls you choose to take part in and to analyze the data collected for market research purposes.
- information collected by cookies and other similar technologies. Our service providers and we use various technologies to collect information when you interact with Whitespots, including cookies and other similar technologies. To view more information on what cookies we use and how we use them, please review our separate Cookie Section in this Policy.
- We may also automatically collect data about the devices you use to interact with our Service. Personal Data automatically collected by or transmitted to us in the course of accessing, interacting, and operating the Service may include, without limitation, the following Personal Data:
THE PURPOSE OF DATA PROCESSING (USE OF COLLECTED PERSONAL DATA)
- We may use the data collected from you for various purposes, primarily, relating to providing our Services and information about our Services. We may also use the information for other purposes as otherwise allowed by law. We may use your Personal Data for such purposes, including, but not limited to:
- providing license and access to Whitespots;
- providing you with the products, and services;
- meeting your request concerning the Service Whitespots;
- handling your orders and requests, including requests for technical support and assistance;
- providing a more significant and better experience with our Service;
- creating and managing user accounts or other user profiles;
- protecting the property rights of users, Whitespots, or another party;
- enforcement of any agreements with users;
- proper fulfillment of tax-related and accounting obligations imposed by applicable laws;
- processing payments;
- meeting our internal and external audit requirements, including our information security obligations;
- any other purpose as we determine, at our sole discretion, to be necessary or required to ensure the safety and/or integrity of our users, employees, third parties, public, and/or our Services, or to comply with requirements of any applicable law.
- We may use the data collected from you for various purposes, primarily, relating to providing our Services and information about our Services. We may also use the information for other purposes as otherwise allowed by law. We may use your Personal Data for such purposes, including, but not limited to:
CONSENT TO PERSONAL DATA PROCESSING
- Consent to Personal Data Processing
- By accepting this Privacy Policy, you approve of having reached the age of majority or the legal age in your jurisdiction (generally 18 (eighteen) or older), that you are solely responsible for all your actions, and fully understand the statements, outlined in this Privacy Policy.
- EU Persons’ Consent to Personal Data processing
- If you are an EU Person and to process your Personal Data we need to receive your consent, as it is prescribed by GDPR, we will process your Personal Data only in the case we have received from you a freely given, specific, informed, and unambiguous indication of your wishes by which you signify agreement to the processing of your Personal Data (“Consent”).
- You may give your consent by ticking the respective box when you register for an account with our Service. In the case you tick the respective box, you irrevocably and unconditionally consent and agree that we shall be entitled to process your Personal Data as it is indicated by your Consent.
- Your Consent covers all processing activities with your Personal Data carried out for the same purpose or purposes. When the processing has multiple purposes, your Consent should be deemed given for all of them.
- Non-EU Persons’ Consent to Personal Data processing
- If you are not an EU Person, by transferring to us your Personal Data via the Service or otherwise, you irrevocably and unconditionally consent and agree that we shall be entitled under this Policy:
(i) to process in any manner, including to collect, store, use, disclose, share, and transfer (including cross-border), your Personal Data so provided to us, as well as your Personal Data collected from your use of the Service (i.e., your Personal Data which we collect automatically and/or from other sources); and
(ii) to use cookies and web beacons (pixel tags) to collect your Personal Data.
- Consent to Personal Data Processing
СOMPLIANCE WITH THE LAWS
- Our Privacy Policy is under the laws of each country or legal jurisdiction in which we seek to operate. If you believe this Policy does not comply with the law of your jurisdiction, we would like to receive feedback from you. However, it is your choice whether you want to use our Site.
- For users located in the UAE (United Arab Emirates), privacy rights are granted, and all processing of Personal Data is performed in accordance with regulations and rules following the Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL).
- For users located in the European Economic Area (EEA), privacy rights are granted, and all processing of Personal Data is performed in accordance with regulations and rules following the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR).
- For users located in California, all processing of Personal Data is performed in accordance with regulations and rules under the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”).
- For users located in Australia, privacy rights are granted, and all processing of Personal Data is performed in accordance with regulations and rules under the Privacy Act 1988.
YOUR RIGHTS
- You can review, correct, update, delete, or transfer your personally identifiable information. For that, contact us directly at sales@whitespots.io. We will acknowledge your request within seventy-two (72) hours and handle it promptly and as required by law.
- Right to access. Users may contact us to get confirmation as to whether or not we are processing their Personal Data. When we process users’ Personal Data, we will inform users of what categories of Personal Data we process regarding them, the processing purposes, the categories of recipients to whom Personal Data have been or will be disclosed, and the envisaged storage period or criteria to determine that period.
- Right to withdraw consent. In case our processing is based on the consent granted by the user, the user may withdraw the consent at any time by contacting us or by using the functionalities of our Services. You can withdraw your consent at any time by replying to the email with your withdrawal, and your email will be deleted in seventy-two (72) hours from store.whitespots.io. Withdrawing consent may lead to fewer possibilities to use our Services.
- Right to object. If our processing is based on our legitimate interest to run, maintain and develop our business, any user has the right to object at any time to such processing. We shall then no longer process the user’s Personal Data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override the user’s interests, rights, and freedoms or for legal claims. Notwithstanding any consent granted beforehand for direct marketing purposes, any user has the right to prohibit us from using their Personal Data for direct marketing purposes, by contacting us or by using the functionalities of the Services or unsubscribe possibilities in connection with our direct marketing messages.
- Right to restriction of the processing. Any user has the right to obtain from us restriction of processing of the user’s Personal Data, as foreseen by applicable data protection law, e.g., to allow our verification of the accuracy of Personal Data after the user’s contesting of accuracy or to prevent us from erasing Personal Data when Personal Data is no longer necessary for the purposes but still required for the user’s legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.
- Right to data portability. Any user has the right to receive the user’s Personal Data from us in a structured, commonly used, and machine-readable format and to independently transmit those data to a third party, in case our processing is based on the user’s consent and carried out by automated means.
- How to use these rights. To exercise any of the above-mentioned rights, you should primarily use the functions offered by our Services. If such functions are insufficient for exercising such rights, you shall send us a letter or email to the address set out below under the Agreement, including the following information: name, address, phone number, and email address. We may request additional information necessary to confirm the user’s identity. We may reject unreasonably repetitive requests, excessive, or manifestly unfounded.
DATA RETENTION
- We will retain Personal Data as long as you use our Site or Services or continue communicating with our support team. Your information will be deleted if you do not communicate with the support team for over twelve (12) months.
- When deciding what the correct time is to keep the data, we look at its amount, nature and sensitivity, potential risk of harm from unauthorized use or disclosure, processing purposes, if these can be achieved by other means, and legal requirements. For tax purposes, the law requires us to keep basic information about our users (including contact, identity, financial and transaction data) for twelve (12) months after they stop being our users.
- In some circumstances, we may anonymize Personal Data for research or statistical purposes, in which case we may use this information indefinitely without further notice to our users. Any data collected for the purpose of analytics will be deleted twelve (12) months after being collected.
- We do not use Service to knowingly solicit information from or market to children under the age of 13. In the event that We learn that We have collected personal data from a child under 13 years of age, We will delete that information as quickly as possible. If you believe that We might have any information from or about a child under 13 years of age please contact Us at
INFORMATION SECURITY
- We care to ensure the security of Personal Data. We follow generally accepted industry standards to protect the information submitted to us during transmission and after receiving it. We maintain technical, physical, and administrative security measures to provide reasonable protection for your Personal Data. When our contractors or we process your information, we also make sure that your information is protected from unauthorized access, loss, manipulation, falsification, destruction, or unauthorized disclosure. This is done through appropriate administrative, technical, and physical measures.
- There is no 100% secure method of transmission over the Internet or method of electronic storage. Therefore, we cannot guarantee its absolute security.
- We never process any kind of sensitive data and criminal offense data as a Controller. Also, we never undertake to profile Personal Data.
SERVICE PROVIDERS
- We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Site is used.
- These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. All data transfers are performed under the highest security regulations.
HOSTING
- All data we process is stored exclusively in secure hosting facilities provided by Digital Ocean and Cloudflare, (servers in the Netherlands and Germany). DigitalOcean’s infrastructure and Cloudflare’s infrastructure are secured through a defense-in-depth layered approach.
PERMITTED DISCLOSURE
- We may have to share your Personal Data with the parties set out below:
- Service Providers who provide IT and system administration services;
- Professional advisers, including lawyers, bankers, auditors, and insurers;
- Government bodies that require us to report processing activities;
- Third parties to whom we transfer or merge parts of our business or assets.
- We require all third parties to whom we transfer your data to respect the security of your Personal Data and to treat it according to law. We only allow third parties to process your Personal Data for specified purposes and under our instructions. Where we have knowledge that a third party is using or disclosing Personal Data in a manner contrary to this Policy, we will take reasonable steps to prevent or stop the use or disclosure of Personal Data and/or to obtain the third party’s deletion, destruction, anonymization or return of Personal Data.
- We may have to share your Personal Data with the parties set out below:
COOKIES
- We use a browser feature known as a “cookie”, which assigns a unique identification to your device. Cookies are data files that can hold small amounts of information and are stored on your device (computer, smartphone, etc.) when you first visit a Site. Information collected from cookies is used by us to evaluate the effectiveness of our Site, analyze trends, and administer the Site.
- The information collected from cookies allows us to determine such things as which parts of our Site are most visited and the difficulties our users may experience in accessing our Site. With this knowledge, we can improve the quality of your experience on the Site by recognizing and delivering more of the most desired features and information, as well as by resolving access difficulties.
- We also use cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of and response to our emails and to provide you with a more personalized experience when using our Site.
- We use a third-party service provider(s) to assist us in better understanding the use of our Site. Our service provider(s) will place cookies on the hard drive of your computer or other device and will receive information that we select that will educate us on such things as how users navigate around our Site, what products are browsed, and general transaction information. Our service provider(s) analyzes this information and provides us with aggregate reports.
- The information and analysis provided by our service provider(s) will be used to assist us in better understanding our users’ interests in our Site and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information we collect about you while you use the Site. Our service provider(s) is/are contractually restricted from using information they receive from our Site other than to assist us.
- We use cookies when you visit our Site, but you can control these through your browser settings. Unfortunately, in most cases, there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to our Service. You may control the cookies through the browser settings. Find out how to manage cookies on browsers:
- Cookies used on the Site.
- Marketing Cookies. Marketing Cookies (also known as Advertising Cookies/ Tracking Cookies) remember your preferences for services, products, and web pages and generally that you have visited the Site. We aim to provide you with advertising that is relevant to you and your interests on other online platforms, where possible, based on your visits and actions on our Site and other third-party sites. Based on these interests, we develop a segmented profile and then customize the content and advertising on our Site for different customer groups.
- Statistics Cookies. Statistics Cookies/Performance Cookies collect information about how you use our Site. They aim to identify your browser, operating system, the websites visited, the duration and number of visits to the website, as well as to identify and remember if you are already registered on our Site and whether to show certain notifications which might only be valid to the subscribed or unsubscribed users. The information collected serves the purpose of evaluating and improving the usability of our Site.
- Strictly Necessary Cookies. These Cookies are required to navigate our Site and to operate the basic functions of the Site. Examples of Strictly Necessary Cookies are cookies to remember your cookie preferences, to access secure areas of the Site, or to remember your orders and order payment status between pages of the Site. Without these cookies, certain basic functions cannot be offered. Strictly Necessary Cookies are always active and will be placed without your consent. These Cookies cannot be disabled.
- Preference Cookies. These Cookies allow websites to remember choices you have made (such as your language or the region you are located in, or your preferences according to surveys and questionnaires) and provide more advanced personalized features. These Cookies cannot track your activity on other websites. They do not collect any information about you that can be used to advertise to you or remember where you have been on the Internet outside of our Site.
- Third-Party Cookies. We use cookies set by a third-party domain (not by our Site) (Third-Party Cookies). Some third-party services that we use to improve the performance of our Site may place their own cookies on your browser/device. Our Privacy Policy applies only to the use of cookies by us and not to the use of Third-Party Cookies by third parties. Such third-party services place their own cookies:
- Tilda. Types of cookies used: marketing, statistics, analytics. For more detail, you should view Tilda’s Privacy Policy, Cookie Policy.
- HubSpot. Types of cookies used: essential website cookies, performance and functionality cookies, analytics and customisation cookies, advertising cookies, and social networking cookies. HubSpot uses the data collected to track and analyze the use of our Site and to target users’ interests, prepare reports on its operation, and share them with other HubSpot services. For more detail, you should view HubSpot’s Privacy Policy, Cookie Policy.
- Google Analytics. Types of cookies used: preferences, security, processes, advertising, session state, functionality, and analytics. Google uses the data collected to track and analyze the use of our Site, prepare reports on its operation, and share them with other Google services. Google may use the Personal Data collected to contextualize and personalize the advertising of its own advertising network. Personal Data collected: Cookies and Usage Data. Place of processing: USA — Privacy Policy — Opt Out.
- Google Drive. Types of cookies used: preferences, security, processes, advertising, session state, functionality, and analytics. Google uses the data collected to track and analyze the use of our Site, prepare reports on its operation, and share them with other Google services. Google may use the Personal Data collected to contextualize and personalize the advertising of its own advertising network. Personal Data collected: Cookies and Usage Data. Place of processing: USA — Privacy Policy.
- Cloudflare. Types of cookies used: strictly necessary cookies, functional cookies, performance cookies, targeting cookies. For more detail, you should view Cloudflare’s Privacy Policy, Cookie Policy.
- Meta Pixel. Meta uses the data collected to track and analyze the use of our Site, prepare reports on its operation and share them with other Meta services. Meta Pixel may use the Personal Data collected to contextualize and personalize the advertising of its own advertising network. Personal Data collected: Cookies and Usage Data. Place of processing: USA — Privacy Policy.
- Telegram. Types of cookies used: performance and operation cookies, analytics and customisation cookies. Telegram uses the data collected to track and analyze the use of our Site and to target users’ interests, prepare reports on its operation. For more detail, you should view Telegram’s Privacy Policy.
- Notion. Types of cookies used: strictly necessary cookies, functional cookies, analytics cookies, marketing cookies. Notion uses the data collected to track and analyze the use of our Site and to target users’ interests, prepare reports on its operation, and share them with other Notion services. For more detail, you should view Notion’s Privacy Policy, Cookie Notice.
THIRD-PARTY LINKS
- This Policy applies to our Site. Our Site contains links to other sites. Once redirected to another site, this Policy is no longer applicable.
CHANGES AND UPDATES TO POLICY
- From time to time, we may update this Privacy Policy. We will notify you about material changes by either sending an email message to the email address you most recently provided to us or by prominently posting a notice on our Service. We encourage you to periodically check back and review this Policy so that you always will know what information we collect, how we use it, and with whom we share it.
ACCEPTANCE OF THESE CONDITIONS
- We assume that all users have carefully read this document and agree to its content. If a user does not agree with this Privacy Policy, they should refrain from using our Service.
CONTACT US!
- If you have any questions about the practices of this Site, or your dealings with this Site, please contact us at sales@whitespots.io.