This privacy policy applies to all online services of 128bit

128bit is the processor and the Client is the controller of the data that are uploaded by the Client to the servers of 128bit, are created in the servers of 128bit upon the use of services or are uploaded to the servers by the users of the application(s) of the Client.

The grounds for the processing of the Clients’ data by 128bit consist of the consent of each Client for the processing of data, the necessity for processing of data in order to perform the Contract, as well as the legal obligations of 128bit.

This document is based on the requirements of GDPR (EU) 2016/679

Client – any natural or legal person that has entered into a contract for using the services of 128bit.

User – any natural person using the services of 128bit.

128bit – 128bit OU, registry code #12501440, 8 Suurtüki, Tallinn 10412 Estonia. Questions regarding personal data processing can be addressed directly to the the address info@128bit.ee.

Personal Data – any information relating to a natural person.

Client Data – data relating to the Clients which are used by 128bit to provide services to the Clients, including but not limited to the Personal Data of Clients that are natural persons, representatives of Clients, Users, and other natural persons.

Data Processing – operations performed on Client Data, whether or not by automated means.

Controller – 128bit is the controller of Client Data.

Processor – a natural or legal person, public authority, agency or another body processing Personal Data on behalf of 128bit.

Data Protection Officer – the employee of 128bit who organizes supervision of the processing of Personal Data at the company.

Recipient – a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed

Third Party – a natural or legal person, public authority, agency or another body, except the Data Subject, Controller, Processor and the persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.

Contract – any contract (including the Central User Contract, Service Contract) between 128bit and the Client / Central User.

128bit shall process Client Data in a manner that is lawful, fair and transparent.

128bit shall process Client Data in a manner that is lawful, fair and transparent.

128bit shall process Client Data in a manner that shall ensure their appropriate security, including protection of the data against any unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.

128bit shall process Client Data in a manner that shall ensure their appropriate security, including protection of the data against any unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.

128bit shall act with the aim of ensuring that the Personal Data that are inaccurate for the purpose of processing shall be deleted or rectified without delay.

128bit shall act with the aim of ensuring that the information and notices related to Data Processing would be easily accessible, understandable and compiled using clear and plain language.

128bit may collect and process the following data in order to provide services to its Clients:

Identifiers of the Client and the Client’s representatives – name, date of birth, personal identification code, Commercial Registry code, number of the document used for the purpose of identification of the person, copy of the document;

Contact details of the Client and the Client’s representatives – e-mail addresses, telephone numbers, post addresses, usernames for cloud services;

Language preference of the Client and the Client’s representatives – the language of communication preferred by the person or his or her representative;

The data related to the devices of the Client and the Client’s representatives – the IP addresses of the devices, the IP addresses of the network gateway, cookies used for web browsers, and other data related to the devices;

Data on any communication between 128bit, the Client or the Client’s representatives – correspondence between the persons, messaging and audio recordings generated in the course of the customer service provided by 128bit;

Images of the Client or the Client’s representatives – footage of security cameras which may be recorded when a person visits the physical seat of 128bit;

Data on the payment behavior of the Client – the data collected regarding a Client in the course of payment for the services;

Data on the customer satisfaction of the Client – the data collected in relation to the use of services and the customer satisfaction with these services;

The data set related to the Client – files, databases, logs, etc;

Any other data related to the Client.

Client Data may be collected in the following ways: upon filling in the order forms for services; upon the use of services; upon payment for services; by telephone, by e-mail; while visiting a physical location; while using cookies or other technologies that monitor the visitors of our websites; while providing feedback or in other ways.

128bit processes Client Data in order to: enter into a Contract with the Client; provide the Client with an access to its services and products; maintain client relationships; enhance the user experience of the Clients; keep the Client Data up to date; settle accounts with the Client; send promotional notices or marketing information to the Client; organize satisfaction surveys; prepare market analyses and statistics; perform legal or contractual obligations; exercise its legal or contractual rights; for other reasonable purposes.

128bit shall also process Client Data to ensure compliance with the laws and regulations applicable to us; to respond to inquiries in public law and inquiries from governmental authorities, including public bodies and governmental authorities located outside the country of residence/host country of the Client; or to protect the rights, privacy, security or property of 128bit and/or of any subdivisions of the company.

128bit will transfer Client Data to Third Parties if it is necessary and proportionate for ensuring network and information security by public sector authorities, Computer Emergency Response Teams (CERT), Computer Security Incident Response Teams (CSIRT), providers of electronic communications networks and services, and providers of security technologies and services.

128bit shall apply appropriate data protection principles and measures if these are proportionate to the Client Data Processing operations.

128bit shall implement appropriate technical and organizational measures to ensure and to be able to evidence the processing of Client Data in compliance with applicable legal acts.

128bit shall, both at the time of the determination of the means for processing and at the time of the processing of Client Data, implement appropriate technical and organizational measures which are necessary for effective implementation of data protection principles.

128bit will be entitled to process the Client Data during the client relationship as well as after the end of the client relationship. After the end of the client relationship, 128bit will be entitled to process the Client Data for 3 years or for a longer period of time if it is necessary in relation to a legal obligation (e.g. under accounting laws or laws regulating limitation periods or other private law), contract or legitimate interest.

128bit will be entitled to engage processors in the processing of Client Data. 128bit shall engage the processors who provide a sufficient security that they shall implement appropriate technical and organizational measures in such manner that the processing of Client Data shall be in conformity to the requirements set out in the respective laws and that the protection of the rights of data subjects shall be ensured. We may disclose Client Data to the extent permitted by law to the following parties: the parent company, shareholders, subdivisions and subsidiaries of the company; third parties involved in the settlement of accounts with the Client; auditors or consultants; lawyers; entities maintaining registers (top-level domain registrars, network information registrars, etc); debt collectors; postal service providers; information technology maintenance providers and developers; providers of identification or abuse prevention services; other parties providing services to 128bit

128bit may rectify, supplement and update the collected Client Data based on its internal and external sources.

The Client has the right to receive information on whether 128bit is processing his or her data and which data are being processed.

The Client has the right to apply for a copy of the Client Data pertaining to him or her from 128bit.

The Client has the right to request rectification or deletion of the Client Data or limitation of the processing of the Client Data from 128bit, as necessary, or submit an objection to the processing of the Client Data. 128bit shall use its best efforts to accommodate the request.

The deletion of Client Data shall not be applied if: the data are necessary to perform a legal obligation which prescribes processing of the data; the data are necessary for compiling, filing or defending a legal or debt claim; the deletion of the data is not possible due to the nature of the technical solution or is not possible without an unreasonable effort.

128bit has the right to charge a reasonable fee for processing the Client’s request if it is permitted or if the Client’s inquiry is excessive in the opinion of 128bit.

Client Data shall be stored, both in electronic as well as physical form, at our company and with Third Parties. As a rule, 128bit shall process Client Data within the European Union / European Economic Area.

128bit may transfer Client Data to outside the European Union / European Economic Area, if there are legal grounds for it, e.g. performance of a legal obligation or the Client’s consent, and if appropriate protective measures are implemented: there is a contract containing the standard clauses conforming to the General Data Protection Regulation, approved codes of conduct, certifications, etc; there is a sufficient level of data protection in place in the state of location of the Recipient in accordance with the decision of the European Commission; or the Recipient has been certified under the data protection framework Privacy Shield.