Privacy Policy

Wecontrol Business Services OÜ
Last updated: October 1, 2019

Introduction

This Privacy Policy ("Privacy Policy") describes and summarizes the policies and procedures of Wecontrol Business Services OÜ (“We Control”, "we", "our" or "us") with respect to the processing of personal data (“Personal Data”) provided or acquired through use of our website located at www.wecontrol.io and all related subdomains (“Websites”) where Websites and Wecontrol Business Services OÜ services (“Services”).

We Control takes the privacy of individuals very seriously. We are committed to maintaining the security, confidentiality and integrity of the personal data in our custody or control, and protecting such data in accordance with the applicable legislation. We Control regularly re-evaluates its privacy and security practices and adapts them as necessary to deal with new regulatory requirements, changes in legislation, its Services and/or security standards.

Contents

Section 1 - Data We Collect
Section 1.1 - Whose Personal Data Do We Collect?
Section 1.2 - What Personal Data Do We Ask You to Provide to Us, and Why?
Section 1.3 - How We Can Use Your Personal Data?
Section 1.4 - Who Do We Share Your Personal Data With?
Section 2 - Use of Cookies
Section 3 - How Do We Keep Your Personal Data Secure?
Section 4 - Changes to Our Privacy Policy?
Section 5 - Children’s Privacy
Section 6 - Controller and Processor
Section 7 - Legal Basis for Processing
Section 8 - Third Party Websites
Section 9 - Your Privacy Rights
Section 10 - About us

1. Data We Collect

Whenever we collect Personal Data from you, we let you know and you will be able to access the following precise information:

  • Personal Data we have collected from you;
  • the basis on which we are holding it (e.g. because you gave us consent);
  • what we will do with it;
  • how long we will hold it for;
  • who it might be shared with;
  • your rights in relation to your Personal Data;
  • information on how you can access and manage Personal Data.

We have provided further detail below about the specific types of Personal Data we collect and our reasons for doing so.

1.1. Whose Personal Data Do We Collect?

We collect Personal Data about:

  • our Websites’ visitors (“Visitors”);
  • the contact person of our clients (“Client personnel”);
  • agents (e.g. employees) of our clients who use our Services (“Users”);
  • individuals whose Personal Data is supplied by Users (“Indirect Users”).

1.2. What Personal Data Do We Ask You to Provide to Us, and Why?

We Control typically collects the following categories of Personal Data:

  • biographical data such as first and last name;
  • contact data such as email address;
  • employment data such as the company name and the role within the company;
  • course data related to the We Control GDPR Academy;
  • any other Personal Data that you may decide to share with us, for example, such as communication and support data that you share when you contact us.

When you access our Websites whether by computer, mobile phone or any other device, we automatically collect certain information about your use of our Websites which may include, among other things: geographical location and IDs of the device; bandwidth used; system and connection performance; browser type and version; operating system; referral source; length of visit; page views; IP address or other unique identifier of your device.

1.3. How We Can Use Your Personal Data?

We Control may use the collected Personal Data for the following purposes:

  • to provide, maintain, administer, support, protect and improve the Services;
  • to provide customer support;
  • to allow our partners to provide their services;
  • to manage and administer your account;
  • to handle and process your inquiries;
  • to send newsletters to you;
  • to process your payments;
  • to award you with certificates obtained through our GDPR Academy;
  • to respond to your requests for exercising your privacy rights under the applicable data protection laws;
  • to enforce compliance with the Terms of Service;
  • to investigate any illegal activity or wrongdoing in connection with the Services;
  • for troubleshooting, investigating and fixing service related errors. In such cases, Personal Data may be visible to and/or accessed by technicians, IT staff and/or system administrators authorized by We Control;
  • to carry out We Control’s legal obligations;
  • to establish compliance with the data protection laws during an audit or inspection conducted by an appropriate data protection authority.

1.4. Who Do We Share Your Personal Data With?

We may share your Personal Data with certain third-party service providers for the purposes of facilitating the provision of our Services. We require that transfers of your Personal Data to such service providers that are based outside of the EEA are subject to suitable safeguards. Such safeguards include contractual arrangements with our service providers, such as the standard contractual clauses approved by the European Commission.

Service Provider Services Country
AcademyOceanOnline learning platformUK
Digital OceanCloud computingEU
Google (Google Analytics)Web analyticsUSA
Google (GSuite)Business productivity toolsUSA
MailgunEmail marketingEU
SigningHub (Ascertia Limited)Digital document signingUK
IntercomOnline chat & product toursIreland

Your Personal Data will also be shared with our partners for the purposes of delivering their services you have requested them to you. Some of our partners who receive your Personal Data may be located in countries outside of the EU that do not offer an adequate level of protection of personal data as determined by the European Commission. We require that transfers of your Personal Data to such partners are subject to appropriate safeguards. Such safeguards include contractual arrangements with our partners, such as the standard contractual clauses approved by the European Commission.

There are certain situations in which we may share access to your Personal Data, for example:

  • if required by law, to protect the life of an individual;
  • to comply with any valid legal process, government request, rule or regulation;
  • In case of sale or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change;
  • to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above.

2. Use of Cookies

We use certain cookies on our Websites. Cookies are small snippets of information stored by your browser when you visit most websites. You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. Note, if you reject certain cookies, you may not be able to access all of our Websites’ features. For more information, please visit https://www.aboutcookies.org/.

We use the following types of cookies on our Websites:

  • necessary cookies that enable the basic functionality of our Websites such as authentification features, online chat, product tours;
  • analytics cookies that collect certain information automatically through web analytics programs such as Google Analytics for the purposes of analyzing trends, to administer our Websites and to gather aggregated demographic information about our user base as a whole;

3. How Do We Keep Your Personal Data Secure?

We keep your Personal Data secure:

  • by implementing and maintaining commercially reasonable measures to protect against unauthorized access to and unlawful interception or processing of Personal Data we process;
  • by following internal policies of best practice and training for staff;
  • by using Secure Socket Layer (SSL) technology when Personal Data is submitted to us online.

4. Changes to Our Privacy Policy?

We may change this Privacy Policy from time to time. When we do, we will let you know by adding notices to our Websites. We will also update the “Last Updated” section at the beginning of this document.

5. Children’s Privacy

Protecting the privacy of young children is especially important to We Control. The Services are not directed to children under the age of eighteen (18) years and We Control does not knowingly solicit, collect or process Personal Data from persons under eighteen (18) years of age. If We Control learns about the processing of Personal Data of persons whose age has not reached the required legal minimum under the applicable laws, We Control will take the appropriate steps to delete this information without undue delay.

6. Controller and Processor

In relation to Visitors and Client Personnel, We Control acts as Controller for their Personal Data. In the case of Users and Indirect Users, We Control acts as a processor or, in other words, the entity that processes Personal Data on behalf of the respective Controller. In performing its obligations as a processor We Control acts on Controller’s behalf and according to Controller’s instructions.

Furthermore, We Control shall adhere to the following general principles with respect to Personal Data processing:

  • not to collect more Personal Data than is necessary for the purpose of providing the Services;
  • not to use Personal Data for any other purposes than those specified in this Privacy Policy; ensure that all employees authorized by We Control to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; and
  • not to knowingly solicit, access, collect and/or process any sensitive categories of Personal Data.

7. Legal Basis for Processing

Where We Control acts as a Controller, We Control’s legal basis for processing the Personal Data will depend on the purposes of the processing. We Control will collect and process Personal Data based on the following legal bases:

  • processing is necessary for the performance of a contract to which the User is a party, particularly for the provision of the Services;
  • consent (e.g. to send you newsletters via email);
  • processing is necessary for compliance with a legal obligation to which We Control is subject; and/or
  • processing is necessary for the purposes of our legitimate interests such as marketing, troubleshooting and fixing errors on our Website or improving our Services.

If there is another legal basis for We Control to collect and process Personal Data, We Control will provide the required notification to User at or before the time the Personal Data is collected.

8. Third Party Websites

The Services may include links to, or otherwise direct User’s attention towards, websites operated by third parties and not by We Control. Such links are provided solely for User’s convenience and informational purposes. The inclusion of any link does not imply an association, support, endorsement, consent, examination, or approval by We Control of such third party and third party website (including without limitation any content on such website).

9. Your Privacy Rights

If we process your Personal Data, you may have the following privacy rights:

  • the right to be informed about the collection and use of your Personal Data;
  • the right of access to your Personal Data and any supplementary information;
  • the right to have any errors in your Personal Data rectified;
  • the right to have your Personal Data erased;
  • the right to block or suppress the processing of your Personal Data;
  • the right to move, copy or transfer your Personal Data from one IT environment to another;
  • the right withdraw your consent;
  • the right to object to our processing of your Personal Data in certain circumstances.

We give you the option to exercise your privacy rights via:

We retain Personal Data for the duration of your relationship with us and two years after we cease to provide our Services to you.

You have the right to submit a complaint to the data protection authority in the member state of your habitual residence, place or work or the alleged violation of your rights under the GDPR.

10. Your Privacy Rights

We are Wecontrol Business Services OÜ and our address is Sepapaja 6, Tallinn 15551, Estonia

If you would like to get in touch about anything in this policy or about your Personal Data then please contact We Control at gdpr@wecontrol.co.