PRIVACY NOTICE

PURPOSE OF THIS PRIVACY NOTICE

This Privacy Notice (hereinafter, the “Notice”) aims to give you a clear vision and understanding of how your personal data is collected and processed through the use of this Website, including any data that can be provided through this Website in case of input of contact details during the conversation/messaging with our team on the Website or request to know more about our software and possible services.

Notice is committed to safeguarding and protecting your privacy (including data privacy and communication preferences). Thus, it is important to read this Notice together with any other Notice on this Website.

1. INTRODUCTION

7ienna Holdings LTD (HE438717) is a company duly incorporated under the laws of Cyprus having its registered address at [ADDRESS] (hereinafter, the “7ienna”, “we”, “us”, “our” or “Controller”) is the Controller and responsible for your personal data. The 7ienna is the “Controller” in the meaning of Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).

In case of any questions regarding this Notice, please, contact us via email address [email protected].

NOTICE UPDATES

This Notice was last updated on October 1, 2022.

2. THE TYPES OF COLLECTED DATA

  1. 2.1

    Personal data or personal information shall mean any information about the person under which such person can be identified. Such personal information does not include removed (anonymous/anonymized) data.

  2. 2.2

    The Personal data that we may collect, use, store and transfer (if applicable) can be divided into such groups:

    1. 2.2.1

      Identification data. Consists of and is limited to a person's first, last and middle (if applicable) name.

    2. 2.2.2

      Contact & Communications data. Consists of and is limited to email address, phone, skype or other means of possible contact.

    3. 2.2.3

      Technical data. Consists of and is limited to your IP address, type and version of browser, time zone and location, operating system and/or device, and other technology of the devices or means to access this website.

    4. 2.2.4

      Website data. Consists of and is limited to information about the usage and travel on this website.

  3. 2.3

    We may collect, use and share the Aggregated Data such as statistical or demographic data for any purpose if such need arises. The used data is derived from part of your personal data but it is not considered personal data based on GDPR due to the fact it will not directly or indirectly disclose or reveal your true identity. In specific, your data will be used to calculate the overall amount (percentage) of visitors to the Website or its specific part.

  4. 2.4

    We do not collect any Special (in the meaning of Article 9(1) of the GDPR) category of personal data or any personal data in connection with criminal convictions and/or offenses.

PROCESSING OF MINORS’ DATA

The Website is not intended for individuals under the age of 18 and we do not knowingly intend to process such data of individuals under the age of 18. If you are a parent and/or a legal guardian and found that your child had used our Website, please, contact us via available means of communication and we will immediately apply an appropriate measure(s).

3. HOW IS DATA COLLECTED?

  1. 3.1

    We have different ways of data collection, which include, but not limited to information provided within our Website Contact Form and/or Website Online Chat.

    In such way, we collect Identification data, Contact & Communication data and etc. data, if provided by the person himself. This information is collected and obtained through the voluntary submission on our Website and will be processed in order to provide a clear answer on the query/request.

    The legal basis for such processing is your consent.

  2. 3.2

    Information obtained within the use of our Website.

    In such a way, we collect Website data and Technical data, which includes information regarding the Website overview, products you are interested in, your dynamic IP address, browser type and operating system, referral source, etc. information.

    The legal basis for such processing is monitoring and improving our Website and interaction on it.

  3. 3.3

    Information collected via means of Third Parties and/or Publicly Available Sources.

    We may collect data using the services of third parties such as Analytics providers (Google Analytics which tracks and reports, website traffic) or via the use of Social Media (Facebook, Linkedin, etc.) to ensure that the provided Identification data is true.

    The legal basis for such processing is the protection of our own and third-party legal rights.

  4. 3.4

    Information collected via means of our Cookies.

    Cookies are small-size text files which are automatically sent to the person's device used to access our Website. Cookie Notice can be viewed in the respective Website section.

    The legal basis for such processing is your consent.

  5. 3.5

    Information collected for the record and correspondence.

    We may keep and process any of the mentioned above Clause 3.1.1. - 3.1.4. personal information, where it is necessary to build a defence against any legal claims.

    The legal basis for such processing is the protection of our own, yours’ and third-party (if applicable) legal rights.

4. HOW IS COLLECTED DATA USED?

  1. 4.1

    The collected data is used only when the law allows such data usage. In common, personal data will be used in such cases:

    • To contact you based on your Contact Form (Article 6(1)(a) of the GDPR).
    • When we need to conduct the Non-disclosure Agreement for the further Business Offer proposal (Article 6(1)(b) of the GDPR).
    • Where it is necessary for the legitimate interest and/or protection of our own, yours’ and third party (if applicable) legal rights but only if such interests and fundamental rights, do not override those interests and rights (Article 6(1)(d) & Article 6(1)(f) of the GDPR).
    • Where it will be needed to comply with other legal obligations as a Controller (Article 6(1)(c) of the GDPR).

    As of the Clause 4.1. (c), we may process Personal Data in our legitimate interest for the below-mentioned purposes:

    • Collection, record, processing, and performing of statistical and other analysis of obtained information with further research for the Website and its services improvements and upgrades;
    • Administration and development of the Website and its services;
    • Improvement of Website user experience, including providing personalized services;
    • To contact you in relation to the made request/query with further correspondence.

5. PRINCIPALS OF DATA PROCESSING

  1. 5.1

    Your fundamental rights are fully respected; therefore, the protection of your privacy is the top priority of 7ienna. While processing the personal data we are following such Basic (Article 5 of the GDPR) principles:

    1. 5.1.1

      Lawfulness, fairness and transparency principles (in the meaning of Article 5(1)(a)). We submit your personal data (if requested) to legitimate the processing as well as we guarantee a fully transparent way of data handling.

    2. 5.1.2

      Purpose limitation & data minimization principles (in the meaning of Article 5(1)(b) & (c)). We collect and process personal data only for legitimate and explicit purposes as explained above in this Notice. We have no intention or right to process the data incompatible with the purposes mentioned in this Notice.

    3. 5.1.3

      Accuracy principle (in the meaning of Article 5(1)(d)). Receipted personal data is safely stored, thoroughly checked and verified with your assistance to ensure its accuracy and where it is necessary to update or make some corrections for the purpose of data processing, as well as to correct or erasure the receipt information if it is inaccurate or invalid respectively.

    4. 5.1.4

      Identification principle (in the meaning of Article 5(1)(e)). Personal data is kept in an identifiable form which allows you to be identified by yourself and us for the required period of time for the processing purpose mentioned above.

    5. 5.1.5

      Safety principle (in the meaning of Article 5(1)(f)). Personal data is securely processed via appropriate technical and/or organizational measures.

  2. 5.2

    We hereby inform you that your personal data is collected only for the purposes mentioned in this Notice and we have no intention to collect it further or outside the scope of this Notice. Also, we inform you that collected personal data will not be used for either automated decision-making or profiling.

  3. 5.3

    Without prejudice to the stated in this Notice, we neither disclose nor have the intention to disclose or transmit your personal data to any third party without your consent, unless permitted or obliged by law, or by a specific contractual agreement with you.

6. DATA SHARING AND DISCLOSURE

  1. 6.1

    Following certain circumstances, we may share and disclose your personal data as explained below:

    1. 6.1.1

      Legal Compliance (local & international laws; authority requests; harm prevention). We may disclose your personal information to courts, governmental authorities and/or law enforcement authorities, or authorized third parties (if applicable), to the extent applicable or permitted for such actions by law or legal necessity.

      • Local and International laws. We are obliged to comply with our legal obligations under applicable law(s).
      • Authority requests. We are obliged to comply with our legal processing obligations and to provide a timely and proper response to claims asserted against us.
      • Harm Prevention. We are obliged to respond to requests in connection to a criminal investigation or other illegal activity suspicions and/or any other activities where we, you, or a third party can be subject to legal liabilities.

  2. 6.2

    Service providers (third parties). We may use services of the third-party software and payment providers to help us in providing of our services on this Website. Service providers may locate inside or outside the European Union and/or European Economic Area (hereinafter the “EU” and “EEA” respectively). The Service providers have limited access to your data and are bound by the Agreement under which they are obliged to provide the same level of protection and safety of disclosed and provided information as is provided by us under this Notice.

  3. 6.3

    Our Affiliates. We may share your personal information with any member of our group of companies (meaning subsidiaries companies, ultimate holding company, and its subsidiaries) as reasonably legally and reasonably necessary for the purpose of this Notice.

  4. 6.4

    Aggregated data (as explained in 2.2. of this Notice). We may share such aggregated information and/or any other anonymized information for legal compliance, business and market analysis, demographic data analysis and research, marketing, and other business purposes.

7. DATA SUBJECT RIGHTS

  1. 7.1

    Based on the GDPR, you have such rights in connection with provided personal information:

    1. 7.1.1

      To access or request a copy of your provided personal information and information related to its processing.

    2. 7.1.2

      To request your personal information correction and any inaccuracies and/or missing personal information.

    3. 7.1.3

      To request your personal data in portable form (structured, commonly used and machine-readable) for the purpose of transfer to another controller (where technically feasible).

    4. 7.1.4

      To request stop and restrict all and any processing of your personal data as explicitly stated by law.

    5. 7.1.5

      To object to all and any processing of your personal data as explicitly stated by law.

    6. 7.1.6

      To object against automated processing, including profiling, which has or may have an impact on you.

  2. 7.2

    All of the rights stated in 7.1. of this Notice may be executed by sending an email letter to the Controller email mentioned in the Introduction section. Before the start of action from our side, we may ask you to identify yourself to guarantee the protection and safety of processed personal data.

  3. 7.3

    The response to the request will be provided within one (1) month from the receipt of the letter request. Notwithstanding the above-mentioned response period, it can be prolonged for an additional three (3) months based on the complexity of the request and the amount of other pending requests. We may reject in fulfillment of the request with appropriate and relevant justification to such rejection.

8. WITHDRAWING CONSENT AND RESTRICTION OF PROCESSING

  1. 8.1

    Where the consent to process personal data has been obtained from you and we have no other lawful and legal ground to do otherwise, you have the right to withdraw such earlier provided consent at any time by sending a letter on email mentioned in the Introduction section with the specification of the consent you are willing to withdraw. Notwithstanding the above-mentioned, the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before such consent withdrawal.

  2. 8.2

    In addition to all of the above-mentioned, the GDPR may give you the right to limit how we use your personal information, specifically:

    • you deny the accuracy of your personal information;
    • the processing is unlawful and you oppose such personal information processing;
    • we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise, or defense of legal claims; or
    • you have objected to the processing under the next section and pending the verification of whether the legitimate grounds of the Data Controller override your own.

9. OBJECTION OF PROCESSING

  1. 9.1

    You have the right to object to the processing of the personal data where it is done on a lawful basis and in our legitimate interest. If we process your personal data on the basis of provided consent, you have the right to withdraw it. Nevertheless, we may still process your personal data where there are or may be other relevant lawful basis or we have compelling grounds to continue the processing of personal data in our interests, which are not overridden by your rights, interests, or freedoms.

10. DATA RETENTION AND DELETION

  1. 10.1

    We will retain your personal information for the period necessary to contact you and/or perform the contract between you and us as or for the period of our legal obligation (the period to keep data can be longer due to regulatory obligation, as the case may be). Where your personal data is no longer needed, it will be automatically erased.

  2. 10.2

    To identify the appropriate retention period, we take into account: the size; quantity; nature, and sensitivity of the personal data, including but not limited to the potential risks of harm from unauthorized use or disclosure of your personal data; the purposes for the personal data to be processed; and the applicable legal (regulatory) or other possible requirements.

  3. 10.3

    You have the right to request to erasure personal data where it is no longer necessary for us, however, there are exclusions of the right. The general exclusions, where processing is necessary, include a legal (regulatory) obligation and/or defense against all and any legal claims.

11. DATA TRANSFER

  1. 11.1

    We may transfer, store and process your information within our companies or share it with Service providers based outside EU and/or EEA for the purpose stated in this Notice.

  2. 11.2

    We take all necessary and adequate measures to keep your personal data, during the transfer, at the same security level outside the EU and/or EEA as it is within EU and/or EEA and as it should be in accordance with this Notice.