What is GDPR?
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Z Yazılım Ltd. Şti. (‘Cubicl’ or ‘Company’ or ‘we’ or ‘us’ or ‘our’) is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We recognise our obligations in updating and expanding this program to meet the demands of the GDPR.
Scope of the GDPR
The GDPR applies to both EU and non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
Important Definitions in GDPR
|Data Subject||A person who lives in the EU.|
|Personal Data||Any information related to an identified/identifiable data subject (e.g., name, national ID number, address, IP address, health info).|
|Controller||A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.|
|Processor||A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.|
|Third Party||A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.|
|Processing||Any operation or set of operations which is performed on personal data or on sets of personal data, by automated means or otherwise, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.|
|Consent||Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.|
|Personal Data Breach||A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.|
|Supervisory Authority||Formerly called “data protection authorities”; one or more governmental agencies in a member state who oversee that country’s data privacy enforcement (e.g., Ireland’s Office of the Data Protection Commissioner, Germany’s 18 national/regional authorities)|
What is personal Data as per GDPR?
As per GDPR, personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Personal data will include not only data that is commonly considered to be personal in nature (e.g., social security numbers, names, physical addresses, email addresses), but also data such as IP addresses, behavioral data, location data, biometric data, financial information, and much more. It’s also important to note that even personal data that has been "pseudonymized" can be considered personal data if the pseudonym can be linked to any particular individual.
At the heart of GDPR lies a set of rights a person can exercise against organizations processing their personal data. Specifically, individuals have the right to:
|Access||Under GDPR, the Data Subject will be able to request access to his/her personal data and learn how an organization uses it.|
|Erasure||Data Subject will have a right to withdraw consent to store and use personal data and have the information erased.|
|Data Portability||Data Subject will have the right to transfer its data from one service provider to another, and current provider must comply with this request.|
|Rectification||Data Subject can also require any errors in personal data to be corrected, and an organization must reply to the request within one month.|
|To Be Informed||Under GDPR, companies must be transparent about how they gather personal information, and must do it before they collect the data. As part of this, Data Subject must freely give consent for their data to be gathered for a specific purpose.|
|Restrict Processing||This gives Data Subject the right to block and suppress processing of their personal data. Under suppressing, an organization can still store personal information but cannot use it in any way.|
|Stop Processing||Data Subject will have the right to object to using and processing their personal data. This includes direct marketing, profiling, processing for scientific or historical research, inclusion in statistical research and much more. Once a Data Subject objects, all his or her data processing must cease immediately.|
In the case of Cubicl’s relationship with a Customer, who is Controller and who is Processor of the data?
Unless explicitly clarified in any engagement, While Consumer is Controller, Cubicl will be both Processor and Controller of personal data with the consent of Customer.
What types of information does Cubicl collect?
We collect certain information about visitors and users of our websites.
1) Information that we obtain from vendors
Name, company name, address, email address, phone number(s), payment details (like information of your credit card), the responses you give to the surveys initiated for research purposes, and support queries.
This info is used to provide you with and/or improve our services; for example, paying commissions, verifying your identity, contacting you, providing you with advertising and marketing materials, and invoicing you. We’re using this information to make sure that we comply with the legal requirements.
2) Information that we obtain from users and clients
Names, member names, email addresses, phone numbers, other contact details, information about your computer and about your visits to and use of this website (including information about your browser, IP address), responses to the surveys initiated for research purposes, payment details (like information of your credit card), transaction details, support queries, web analytics data, information that you provide when you fill in forms on our websites.
We may use this information to respond to your requests or correspondence, to provide customer service (or for statistical purposes), analysis for management purposes in order to administer the website, improve products/services, send technical notices/updates, security alerts, changes in policy notifications, administrative messages, so we could to prevent fraud, breach of policies/terms, and threats or harm.
3) Information that we obtain from website visitors
The device type and browser you are using, network connection, IP address, information about the cookies installed on your device, support queries, and web analytics data. Also, we may collect personal information submitted by you via any feature available on any of our websites.
4) Information that we obtain from users who referred to chat support
Name, email address, information about the device and browser you use, chat transcript, and other personal information you provide us during our chat. We may request additional documentation from you during our chat to verify your identity.
How do we collect personal information?
- When you perform certain actions like register on our websites, buy/order items or services on our sites, subscribe to our newsletter, submit feedback, enter a contest, fill out a survey, or send us a communication via any available option.
- We collect personal information automatically as you navigate through the sites or through the 3rd party when you use services associated with our sites.
How does Cubicl use personal information?
- Your information is used when we need to define your identity to ease processing of transactions happening on any of our websites.
Other legitimate interests may include:
- providing you with services described on any of our websites;
- verifying your identity when you sign in to any of our websites;
- providing support services;
- sharing company news and websites/services updates;
- checking your actions on our websites to identify potentially fraudulent activity and to ensure compliance with the user terms that apply to the websites;
- respond to your comments or queries on our websites, ask for your feedback or opinion via surveys;
- managing legal/operational affairs including, risk management related to content and fraud matters;
- improving our products and services.
- For multiple purposes required by the law.
- For granting court of law, law enforcement authorities, government requests or any other occasions that may relate to investigations.
When do we disclose your personal information?
Your personal information may be accessed by individuals, for instance employees, or legal entities empowered by Cubicl, who need it to perform their tasks and duties to provide you with proper services.
We may share your Personal Information with third parties in the following cases, when:
- the relevant customer has consented to the disclosure.
- it’s needed for support purposes and/or license validation/activation.
- subcontractors or service providers who assist us in any possible ways, subcontractors and/or services providers may transfer and access your personal information from other countries in which they have operations.
- it’s required by the law either to protect our rights, or someone from injury, and/or to comply with a judicial proceeding, court order, or legal process.
How long do we keep your personal information?
Your private information is kept on our servers as long as it’s needed to provide you and your company or team with our services and to be able to comply with the legal obligations.
If you don’t want us to store your personal information, you have the right to get it erased, but in this case, we’ll have to close your Cubicl account.
How is your personal information kept secure?
In order to keep your information secure, we’re applying certain organizational measures to protect it against an unauthorized or unlawful use and accidental loss or destruction.
- We share and provide access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible.
- To store your information we’re using secure servers.
- We verify and identity all individuals who request access to private information before granting them with access.
- We use SSL-certificate encryption to protect the data transfer.
- In order to identify vulnerabilities including the potential for unauthorized parties to gain access to the system's features and data or for cyberattack, Cubicl has penetration testing and risk assessment is completed.
- We take a number of steps to protect the security and integrity of data stored with Cubicl. All web and mobile connections for data transfer are encrypted between our servers and the users. Our database is backed up every day to prevent data loss. Original database and its backups can only be accessed by personnel who have a need to.
Make sure your information is safe and secured. We’re not responsible if you try to circumvent privacy settings on our websites.
How can you access and manage your personal information?
All personal information that we collect about you is available in your account or in our servers and available for you on demand. You have the right to make all the necessary edits and corrections of any errors available in this data.
You can receive your personal information in a structured, machine-readable format, erase it, or restrict its processing, also you can object processing of your personal data based on a set of our legitimate interests, such as profiling for direct marketing, and cases where we’ve asked for your consent to process your data.
There’s a number of situations when these rights can be limited, there’s a number of cases when we can retain your information after you withdraw your consent.
Cases where we may require your personal information to be compliant with legal or contractual obligations. If you don’t provide us with such data we will not be able to manage relationships with you. In all other cases providing requested information can be optional.
If it happens that you have some unresolved concerns you have the right to complain to the data protection authorities.
What happens in the case of personal data breach?
In the case of a personal data breach, Cubicl shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay. Cubicl shall notify the customer without undue delay after becoming aware of a personal data breach.
Marketing choices regarding your personal information
In case we have your consent, we will send you marketing materials that will include information about products, services, and discounts that may be interesting for you.
If you decide not to receive such email notifications you can easily opt-out using the unsubscribe option or contact us via email@example.com
We’re using functional and analytical cookies, for further information on cookies use, please see our cookies policy, or visit www.allaboutcookies.org.
Another technology we’re using is the Web Beacons. It’s required to track your use of our website, on occasions like promotions or newsletter use. The data we collect via web beacons allows us to track the number of users who opened our newsletters. Also, web beacons help us to understand the behavior of our customers, members, and visitors.
Google in its turn uses this data to evaluate user behavior in general, compile reports for site managers as well as providing data to services relating to website activity and internet usage. Google may transfer various data to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Google Analytics is explained under the following link https://www.google.com/analytics/.
Public information and third party websites
In addition to various endorsements, we’re displaying testimonials on our website. These are published only after receiving your consent, we post your testimonials specifying your name. If you want to delete or modify your existing testimonials feel free to contact us via email firstname.lastname@example.org.
Cubicl offers users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. The information you ad to your comments or publications can be read, collected or used by any visitor or user of our websites. In case you wish to remove some of your info from our blogs contact us via email at email@example.com. If we are unable to remove your information, we will tell you why.
Social media platforms and widgets
All Cubicl website have social media features embedded, for example, Facebook share button. These features, may collect your data like IP address or place a cookie to your browser in order to gather statistical information about your interactions with our websites. Social media features are hosted both on our website and servers of a specific social media network.
Apart from these features, we maintain profiles on major networks including Facebook, Instagram and LinkedIn. Please be advised that any information you submit on these networks in public areas like comments can be easily read, collected or stored by all users of these networks. We are not able to control actions of other users of these platforms, or actions of these platforms. Your activity with those features and/or platforms is governed by privacy policies of the companies that provide them.
Links to other websites