Legal Docs / Privacy Policy

Privacy Policy

Effective as of 19th December 2019

Ⅰ. GENERAL

The Privacy Policy of the ECOMBIX Oy (we, us, our) is designed to regulate the privacy matters of the Sellbery.com (Platform) and is based on the Personal Data legislation. This Privacy Policy is based on data protection principles and requirements adopted by virtue of the European General Data Protection Regulation 2016/679 (GDPR) and California Consumer Privacy Act 2019 (CCPA).

This Privacy Policy may be updated from time to time and you will be informed about any such updates. More details concerning the collection or processing of Personal Data may be requested from us at any time.

Ⅱ. DEFINITIONS

PERSONAL DATA means data allowing to identify the natural person directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.;

PROCESSING means any operation or set of operations that is performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or destruction;

DATA SUBJECT is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular Personal Data.

Ⅲ. PROCESSING

1. The ECOMBIX OY shall be considered a data owner and data controller in relationships with Data Subject. We acknowledge the privacy of natural persons and make efforts to protect them against any unlawful Processing by applying relevant technical and organizational measures to protect Personal Data of natural persons in accordance with the effective legislation. Although we will make reasonable efforts to ensure safe Processing, we cannot guarantee it to be 100% secure and risk-free.

2. We process personal data in a way that assures appropriate level of security, including protection against unauthorized Processing, destruction, accidental loss, or damage, while applying suitable organizational and technical measures under industry standards and in compliance with the following principles: (1) lawfully, fairly and transparently; (2) Processing is specified, explicit and only for legitimate purposes; Processing is adequate, relevant and limited to necessary purpose; accurate and kept up to date; limitation of the storage for periods not longer than necessary; Processing is held in a manner that ensures appropriate security of the Personal Data.

3. We Processes Personal Data only when one of the conditions below applies: (1) it is required for the performance of agreement with the Data Subject; (2) it is required for compliance with the law or our legal obligation; (3) Data Subject has provided us with consent for Processing of their Personal Data for one or more specific purposes; (4) Personal data is Processed for our Legitimate Purpose.

4. When it comes to processing, we will not discriminate against Data Subject CCPA rights. Unless permitted by the CCPA, we will not: (1) reject Data Subject’s request for goods or services on the basis of discrimination; (2) provide to California based Data Subject different prices for goods or services, including through granting discounts or other benefits; (3) render to Data Subject different level or quality of goods or services in comparison to our other clients.

5. Notwithstanding the aforementioned, we may, at our own discretion, offer Data Subject certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will contain written terms that describe material aspects.

6. We do not knowingly Process Personal Data that related to, or reveal, racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning the health, sex life or sexual orientation of the natural person.

7. We apply the following principles in order to protect your privacy: (a) we will not sell or lease your Personal Data to third parties; (b) any Personal Data that you provide to us will be secured with industry-standard safety protocols and technology.

Ⅳ. TYPES OF PERSONAL DATA COLLECTED
Contact dataEmail, address and/or mobile phone number
Financial dataBank account and payment card details, tax identifiers (like VAT number)
Third-party account dataThird-party account identifiers, third party account login credentials
Identity dataFirst name, last name, username
Marketing dataPreferences in receiving marketing from us
Communication dataMessages you send to us
Technical dataInternet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system
Ⅴ. PURPOSE OF PROCESSING
Purpose/ ActivityType of dataLawful basis for Processing
To register Data Subject accountIdentity data, contact data, third party account datato perform our contractual obligations with you
To provide our servicesIdentity data, contact data, financial data, marketing data, communication data(1) to perform contract with Data Subject;
(2) as necessary for our legitimate interest in recovering debts
To manage our relationship with Data SubjectIdentity data, contact data, profile data, marketing data(1) to perform our contract with You;
(2) as necessary to comply with our legal obligations
To deliver relevant content/advertisements to Data Subject and measure or understand the effectiveness of our advertisingIdentity data, contact data, profile data, marketing data, technical data(1) as necessary for our legitimate interests in studying how customers use our products/services, to develop them;
(2) to grow our business and to inform Data Subject about our marketing strategy
To use data analytics to improve our platform, services, marketing, customer relationships and experiencestechnical datato keep our PLATFORM updated and relevant, to develop our business and to inform our marketing strategy
To make suggestions and recommendations about goods or services that may be of interest to Data Subject, including promotional offersIdentity data, contact data, technical data, profile dataas necessary for our legitimate interests to develop our products/services and grow our business
Ⅵ. DISСLOSING OF PERSONAL DATA

We may disclose Personal Data to the following categories of persons:

Service providersacting as data processors or data controllers/joint data controllers based in the EEA but also around the world who provide software development services, marketing services, IT and system administration services:
1. We use Digital Ocean hosting services for our platform and software hosting. Digital Ocean is based in EEA. Digital Ocean privacy policy is available here – https://www.digitalocean.com/legal/privacy-policy
2. We use Stripe for payments transitions. Stripe. Stripe is based in EEA. Stripe privacy policy is available here – https://stripe.com/ie/privacy
3. We use MongoDB database built services. MongoDB is located outside EEA, but is EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework certified. MongoDB privacy policy is available here – https://www.mongodb.com/legal/privacy-policy
4. We are using Google Analytics to analyze how our users use our services and provide the best experience. Google LLC is located outside EEA, but is EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework certified. Google privacy policy is available here – https://policies.google.com/privacy?hl=en-US
5. We are using HotJar to analyze how our users use our services and provide the best experience. HotJar is based in EEA. HotJar privacy policy is available here – https://www.hotjar.com/legal/policies/privacy
6. We use Mailerlite for our informational campaigns automation. Mailerlite is based in EEA. Mailerlite privacy policy is available here – https://www.mailerlite.com/legal/privacy-policy
7. We use First Promoter for our affiliates tracking. This service applies only to our affiliates. First Promoter is based in EEA. First Promoter privacy policy is available here – https://firstpromoter.com/privacy
Professional advisorsacting as data processors or data controllers/joint data controllers including lawyers, bankers, auditors and insurers based in the EEA but also around the world, who provide consultancy, banking, legal, insurance, and accounting services
Tax services, regulators and other authoritiesacting as processors or joint controllers based in the EEA who require reporting of Processing activities in certain circumstances
Third partiesthird parties, who may or whom we may purchase
Othersmarket researchers, fraud prevention agencies
Ⅶ. EEA DATA SUBJECTS RIGHTS EXECUTION
A. Rights of the data subject

1. Right to rectification. Data Subject has the right to request to rectify, without undue delay, any incorrect data pertaining to the respective Data Subject.

2. Right to limitation of processing. Data Subject can limit the use of Personally Data collected.

3. Right of access. User may request a copy of Personal Data collected during the use of Platform.

4. Objecting to or restricting the use of Personal Data. Data Subject can ask to stop using all or some portion of Personal Data or limit the use thereof by requesting its erasure as described above or sending a request at azatserklaniy@sellbery.com.

5. The right to lodge a complaint with a supervisory authority. User has the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where Data Subject resides, work or where the alleged infringement has taken place.

6. The right to data portability. Data Subject can receive Personal Data in a machine-readable format by sending a respective request at azatserklaniy@sellbery.com.

B. Execution of rights

1. Upon Data Subject request we will provide the information free of charge. However, we may charge a reasonable fee if the Data Subject request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the Data Subject request in these circumstances.

2. Data Subjects exercise their rights by filing a written request containing as a minimum the following information: (1) name, postal address, email address and other data allowing identification of the respective natural person; (2) description of the request; (3) signature, date, correspondence address and mobile number.

3. The filing of the request is free of charge.

4. Upon the filing of a request by an authorized person, the notarised power of attorney must be attached to the request.

5. In case of death of the natural person, his / her heirs exercise his / her rights and the certificate of heirs shall be attached to the request.

6. We will review and pronounce on the request within 1 month as of its filing. This period may be extended by further two months, if necessary, for example, if Data Subject request is particularly complex or when Data Subject has made a number of requests. We will inform Data Subject as to any such extension within 1 month as of receipt of the request, stating the reasons for the delay.

7. We will provide an answer to the requesting person taking into account their preferred form for the provision of the information (orally or in writing – as a hard copy of electronically).

8. Where data do not exist or law forbids their provision, access to the requesting party to such data is refused.

9. If the requesting party is not satisfied with the response received and/or believes that their rights related to Personal Data protection were violated, they are entitled to exercise their right to defense.

Ⅷ. EXECUTION OF RIGHTS BY CALIFORNIA DATA SUBJECT
A. Access to Specific Information and Data Portability Rights

1. Data Subject has the right to request information about what information was Processed over the past 12 months. Once we receive and confirm Data Subject verifiable consumer, we will disclose to you:

  • The categories of sources for Personal Data we collected about Data Subject.
  • The Personal Data we collected about you (also called a data portability request).

2. All other information is already disclosed herein. For the avoidance of doubts, we do not sell Data Subjects Personal Data.

B. Deletion Request Rights

1. Data Subject has the right to request the deletion of Personal Data Processed, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete Personal Data from our records, unless Personal Data is necessary for us or our service provider(s) to (1) complete the transaction for which we collected the Personal Data, provide a good or service that Data Subject requested, take actions reasonably anticipated within the context of our ongoing business relationship with Data Subject, or otherwise perform our contract; (2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) debug products to identify and repair errors that impair existing intended functionality; (4) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) comply with a legal obligation; make other internal and lawful uses of that information that are compatible with the context in which Data Subject provided it.

C. Exercising Access, Data Portability, and Deletion Rights

1. To exercise the access, data portability, and deletion rights described above, Data Subject should submit a verifiable consumer request to azatserklaniy@sellbery.com. Only Data Subject based in California, or a person registered with the California Secretary of State that Data Subject authorize to act, may make a verifiable consumer request related to Personal Data.

2. Data Subject can make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: (1) provide sufficient information that allows us to reasonably verify Data Subject is the person about whom we collected Personal Data; and contain description allowing us to properly understand, evaluate, and respond to it.

3. We cannot respond to the request or provide Data Subject with Personal Data if we cannot verify the Data Subject’s identity or authority to make the request and confirm the relation of Personal Data.

D. Response Timing and Format

1. The verifiable consumer request shall be responded within forty-five (45) days of its receipt. If we require more time, we will inform Data Subject of the reason and extension period in writing. The responding is free of charge unless it is excessive, repetitive, or manifestly unfounded.

Ⅸ. PLACE

Personal Data is processed at our operating offices and in any other places where the parties involved in the processing are located. It may be necessary to transfer collected Personal Data to countries outside of the European Union for Processing purposes.

Ⅹ. RETENTION TIME

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. Personal Data collected for purposes related to the performance of a contract shall be retained until such a contract has been fully performed. Personal Data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfill such purposes. Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.

Ⅺ. AGE LIMITATION

We do not knowingly Process any Personal Data from persons under 18 years of age. If you learn that anyone younger than 18 has provided us with Personal Data, please contact us at support@sellbery.com.

Our Platform contains links to other websites, services, and web addresses. This privacy policy applies only to our Platform, not those external websites, services and web addresses that we link to. We are not responsible for these external websites and services and their privacy policies, practices and compliance with the law.

ⅫⅠ. INFORMATION FOR DATA SUBJECT

DATA CONTROLLER: ECOMBIX Oy
DATA CONTROLLER ADDRESS: office, 1001, Hlinky St, 2, Dnipro, Dnipropetrovsk Oblast, 49000. Affiliated Ecombix Oy office.
E-MAIL: support@sellbery.com
PHONE: +38 0504263857

ⅩⅣ. COOKIES POLICY

Cookies are small text files sent by us to your computer or mobile device. They are unique to your account or your browser. Session-based cookies last only while your browser is open and is automatically deleted when you close your browser. Persistent cookies last until you or your browser deletes them or until they expire. To find out more about cookies, visit http://www.allaboutcookies.org/

We use cookies to analyze trends, administer the website, track users’ movements around the website, and to gather our website audience. Most of our cookies are session-based, which stored for a certain period of time.

See below for the types of cookies we use and their respective purposes.

Cookies typeDescription
Functionality cookies (Necessary cookies)We use functionality cookies that support certain functionalities of our website, prevent failures and errors.
Security cookies (Necessary cookies)We use cookies to enable and support our security features, and to help us detect malicious activity.
Advertising cookiesWe use advertising cookies for targeting advertising, measurement of the advertising effectiveness, distinguishing users of third party platforms, showing the correct version of the website. We may use cookies to help us deliver marketing campaigns and track their performance.
For this purpose we use:
Statistics cookiesStatistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We use Statistic cookies to recognize visitors who chat with us, identify user’s device, identify what information has been seen by the user, minimize the blocking of legitimate users.
For this purpose we use:

Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers, you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust. By doing so, you may not be able to access all or parts of our website.