In this and the following section summaries, we have placed the legal information in a more accessible and abbreviated form. For complete information, please read the text in the section to the right.
This Policy is intended to help you understand:
KADAM CY LTD is located in the Republic of Cyprus.
When you submit your personal data to us, you may be asked to consent to our processing of the personal data you provide as explained in this Policy to enable us to provide you with the information or Services requested, if no other legal ground can be used.
Kaminari Click acts as a data controller OR a data processor in relation to personal data you provide depending on the factual circumstances of the processing.
To facilitate your understanding of this Policy, we explain the usage of the definitions listed here in accordance with the GDPR.
We use the following definitions in this Policy:
“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.
“data processor” means the natural or legal person who processes personal data on behalf of the data controller.
“data subject” is any living individual who is using our Website and/or Services.
“personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“joint controllers” means two or more controllers jointly determining the purposes and means of processing.
The definitions of terms used within this Policy are taken from the GDPR.
We collect and process the information about you or obtained from you in accordance with this Policy. In this section, you can learn more about what personal data may be collected when you visit the website or access our services.
We act as a controller and a processor in relation to the different categories of personal data.
We collect the information through our Website, Services, our social media accounts, messengers, email and process it as a data controller.
We collect third-party information our customers request us to process on their behalf by using our Services as a data processor.
When acting as a data controller, we collect information about you in connection with our Website and Services. In particular, we collect:
(a) Contact Information. We can collect some personal data when you submit your personal data via the Website’s forms, social media, messengers, email to contact and/or provide feedback on our Website or Services. Such data may include login, email and other information you may provide us via available contact options.
(c) Registration Information. When you create an account on the Website, we collect the following required information about you: login, email, and password.
(d) Payment Information. If you make a purchase via Website, you will need to provide certain banking information, so the order can be fulfilled. For instance, we may collect some information about the date of the payment, amount of the payment, its status, and purpose.
Please note that we use third-party payment processors to collect this information from you and process your payment. Such a third-party payment processor is responsible for all collection, processing, and storage of your financial information and we do not have direct access to or possession of your payment card information or banking information.
When acting as a data processor, we may collect third-party personal data that has been provided to us by the customer as part of the Kaminari Click’s Services. In particular, we collect:
(e) Device Information. We may collect some information about device’s battery settings, connection type, CPU, WebGL, notifications settings, browser setting, operational system settings, user agent, IP address, and other device information if available and needed.
Please note that in some situations, we may also use Device Information obtained from our customers for our own purposes - to optimise, develop and improve product performance, as well as to provide better service. In this case, we act as a data controller.
We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.
We DO NOT sell your data. We DO NOT use automated decision-making and profiling.
We DO NOT intentionally collect and process any sensitive personal data. Please, refrain from sharing your or third-party sensitive personal data with us.
Our grounds for processing your personal data are:
We do NOT intentionally collect and process sensitive personal information. Please, refrain from sharing your sensitive personal data when you provide information to us through Website, our social media accounts.
We collect and process your personal data in accordance with the provisions of the GDPR.
GDPR provides an exclusive list of lawful bases allowing us to process your personal data. During personal data processing we rely only on four of them, namely:
Article 6.1(a): consent
We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time.
Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw the consent to the processing of your personal data by sending us an email at email@example.com, or by contacting us in any other way convenient for you.
Article 6.1(f): legitimate interests
As a data controller, we process your personal data to prevent any fraudulent actions and to provide you with the desired services. Also, we need some data to enable our Website to run smoothly and give you a pleasant user experience. We use only strictly necessary data under this legal ground.
As a data processor, we also collect and process personal data for legitimate interests of our customers (i.e. fraud prevention), unless another lawful basis is applicable.
Article 6.1(b): performance of a contract
When you provide us with the personal data during the registration of the account on the Platform, insert requested payment information to purchase services; this can be deemed as your request to form a contract or to perform a contract between you and us. However, we may ask you to give us clear consent in case of doubt.
Article 6.1(c): legal obligation
We process your personal data to fulfil the applicable legal obligations arising mainly from the GDPR. In the event of you sending us the request to fulfil the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.
As a data controller, we use your personal data for the purposes listed in the table below where we also detail the type of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data:
|Purposes||Type of personal data||Legal grounds||Third Parties recipients|
|Creating an account on the Website||(c) Registration Information||Performance of a contract (Article 6(1)(b))||Contractors|
|Maintenance of the account on the Website||(c) Registration Information||Performance of a contract (Article 6(1)(b))||Contractors|
|Providing Services to customers||(c) Registration Information||Performance of a contract (Article 6(1)(b))||Contractors|
|Communication with visitors and customers||(a) Contact Information(c) Registration Information||Your consent (Article 6(1)(a))||Intercom, Contractors|
|Marketing (to suggest and notify you about our Services and conduct other marketing activities, such as personalised advertising)||(a) Contact Information(c) Registration Information(b) Cookies Information||Your consent (Article 6(1)(a))||Facebook Pixel, Google Ads, SendPulse, Intercom, Contractors|
|Processing of payments for the Services||(d) Payment Information||Performance of a contract (Article 6(1)(b))||Payment Processor, Contractors|
|Analytics and developing (for optimising and improving our Website)||(b) Cookies Information||Your consent (Article 6(1)(a))Our legitimate interest (Article 6(1)(f))||Google Analytics, Contractors|
|Analytics and developing (for optimising and improving our Services)||(e) Device information||Our legitimate interest (Article 6(1)(f))||Contractors|
|Complying with the law or legal process||(a) Contact Information(b) Cookies Information(c) Registration Information(e) Device information(d) Payment Information||Legal obligation (Article 6(1)(c))Our legitimate interest (Article 6(1)(f))||SendPulse, Payment Processor, Facebook Pixel, Google Ads, Google Analytics Intercom, Contractors|
Please, note that upon processing of payments using services of a payment processor, such payment provider may collect certain personal data it considers as necessary for provision of services. Such collection of personal data is regulated under the rules and policies of payment processors. We advise you to access the payment processors’ websites carefully and always check their policies and rules regarding the collection of your personal data.
We also process certain personal data as a data processor, at the request and pursuant to the instructions given by the respective customer of our Services (data controller in that case). Please note that in such processing we rely on the legal ground our customer provides us with (e.g. legitimate interest for preventing fraud). In the table below we describe a possible situation where we act as a data processor:
|Purposes||Type of personal data||Legal grounds||Third Parties recipients|
|Fraud prevention||(e) Device information||Customers’ legitimate interest (Article 6(1)(f)) or other applicable lawful ground||Contractors|
Cookies are small text files containing information that websites send to your browser. They are stored on your device, which might be a personal computer, a mobile phone, a tablet or any other device.
We use them for various purposes, as you can read more about in this section.
Necessary: these cookies and other tracking technologies are essential for your use of the Website and our compliance with applicable data protection laws. We can use them to provide the basic functions of the website.
Preferential: these cookies enable our Website to remember choices that you make, i.e. language choices.
Analytics: these cookies help us to understand how users interact with our website (e.g., page visits and page load speed) by collecting information anonymously to avoid your identification. Their sole purpose is to improve website functions.
Marketing: these cookies and other tracking technologies are used to deliver relevant online advertising to you on other websites. These cookies are placed by us and selected third parties and enable adverts to be presented to you on third party websites.
We will store and process your personal data for as long as needed to provide you or other customers with the services.
Also, you may request erasing of your personal data by contacting us in any way convenient for you.
As a data controller, we store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.
As a data processor, we store Device Information for 1 year since the day the data has been obtained.
We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.
Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at firstname.lastname@example.org or contacting us via another way convenient for you.
We have implemented appropriate organisational, technical, administrative, and physical security measures (such as encryption) that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.
We only transfer your personal data to third parties according to the requirements of GDPR.
Where possible, we always enter into data processing agreements (DPAs) and Non-Disclosure Agreements (NDAs) with our third parties.
We may disclose the personal data to third parties, including those located outside the EU and EEA, provided that proper safeguards are put in place and the applicable local laws do not put your rights at risk.
We may share your personal data as a data controller to joint controllers and data processors in accordance with provisions specified hereafter.
Sharing data with joint controllers (other controllers)
In some cases we may act as a joint controller jointly with other joint controllers, for example, while using Facebook pixel. In respect to this case of personal data processing, we are the party to the Facebook Joint Controllership Addendum. In such a case, a data subject may exercise their rights under the GDPR in respect of and against both other joint controllers and us.
Google LLC and we act as independent controllers of personal data across Google LLC’s digital marketing services such as Google Ads.
Sharing data with data processors
There are many features necessary to provide you with our Services that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.
Therefore, we may share and disclose your personal data to other data processors:
During our business activities we may engage different specialists which may receive your personal data, including technical, sales and marketing specialists, to provide you with better customer service. Also, we may disclose some of your personal data to our outsource legal and accounting professionals to make our business accurate and transparent. The abovementioned specialists are collectively referred to as Contractors.
We may transfer your personal data to countries outside the EU and EEA (for example, the USA) that are not determined to offer an adequate level of data protection on the basis of article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.
We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where the Contractor has an appropriate data processing agreement in place, Kaminari Click may adjoin such data processing agreement. If so, Kaminari Click and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.
We may transfer your personal data to third countries outside the EU and the EEA under Article 46 of the GDPR on the appropriate safeguards, including the standard contractual clauses (SCC).
For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to another third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.
We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal procedures regarding international transfers in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.
We put supplementary technical and organisational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.
You may exercise the following rights under the General Data Protection Act (GDPR):
You may exercise the following rights by submitting your request at email@example.com
When we act as a joint controller with regard to particular processing of personal data, you may exercise your rights under the GDPR in respect of and against both other joint controller(s) and us.
Rights under the GDPR
Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.
We kindly ask you to contact us directly so that we can quickly answer your question.
We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may contact us to address your inquiries: firstname.lastname@example.org.
Supervisory Authority under GDPR: In case of any questions regarding data protection, you can apply to the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities through the link.
We DO NOT knowingly collect personal data from children.
We undertake the best possible efforts to secure the processing of personal data belonging to the underage. Therefore, the Platform does not knowingly collect personal data from persons under the age of 18.
By registering on the Platform and entering into the contract with the Company, you acknowledge that you have reached the age of 18 and under the laws of your country of residence you have all rights to provide us with your personal data for processing.
If you have any reason to believe that a child under the age of 18 has provided his/her personal data to us, please contact us at email@example.com.
We may change this policy from time to time due to the different purposes.
We will notify you on such material changes through means available to us.
This Policy may be changed from time to time due to the implementation of new updates, technologies, laws’ requirements or for other purposes. We will send notice to you if these changes are dramatic and where required by applicable laws, we will obtain your consent for the subsequent processing. In any case, we encourage you to regularly review this Policy to check for any changes.
Such notification may be provided via email, announcement published in our Website and by other means, consistent with applicable law.