Privacy Policy

on processing of personal data by the Controller of this internet website.

CONTROLLER

Company name: Cyber Security Innovation ApS

Registered seat: Kirke Værløsevej 16, 3500 Værløse, Denmark

Company registration nr.: 40803688

Taxation ID:

Represented by: Jakob Seierø & Rasmus Severin

E-mail: [email protected]

1. Legal regulation regarding the processing of personal data

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter referred to as: “Regulation” or “GDPR”), and
Act CXII. of 2011 on the Freedom of Information (hereinafter referred to as: “Infotv”).

2. The purpose of this Privacy Policy

2.1. This Privacy Policy refers to the processing of personal data provided by or collected from the natural persons (hereinafter referred to as: “users”) when using this website despiritu.com (hereinafter referred to as: “website”); please read through thoroughly.

2.2. This Privacy Policy aims to fulfil the respective privacy-related legal regulation and to keep the users of the website as fully informed as possible. It also aims to demonstrate the controller’s firm commitment to protecting the privacy of all the users of this website.

2.3. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4. “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. Acknowledgement of this Privacy Policy

3.1. By using the website — either with or without registration — the users acknowledge and grant their consent to the content of this Privacy Policy.

3.2. Users are entitled to withdraw their consent anytime. Withdrawal of consent shall not affect the legality of the consent-based data processing prior to the withdrawal. Users may withdraw their consent either by sending a relative statement to the abovementioned e-mail address of the controller or by deleting their registration. Data regarding and proving the withdrawal of consent shall be recorded and stored in order to fulfil the lawful interests and legal obligations of the controller for the necessary term.

3.3. In case the personal data is obtained upon the consent of the data subject then, unless regulated otherwise by the competent law, the controller is entitled to process this data in order to fulfil the legal obligations of the controller even without further consent of the data subject or after such consent is withdrawn.

3.4. If the user is accessing this website from outside the European Union, the user consent to the transfer of his or her information to Denmark (a member state of the European Union), and the processing, use and sharing of the user’s information in accordance with this Privacy Policy. Regardless of where the user’s information is collected or transferred, the information will be treated in accordance with this Privacy Policy.

3.5. By using this website and thus agreeing to this Privacy Policy, the user consent to the Controller’s use of cookies in accordance with the terms of this Privacy Policy.

4. Granting consent by the user

4.1. We hereby draw the attention of the users that the following acts / activities shall qualify as granting their consent to the data processing by the user with regard to the data processing according to article 6 of this Privacy Policy:

a) if the user uses the website without registration: the use of the website
b) if the user uses the website with registration: registration to the website
c) if the user subscribes to the newsletter: ticking the respective checkbox at the website
d) in all other cases: giving explicit consent — in writing, by ticking a checkbox or by other method which is verifiable afterwards.

4.2. We hereby draw the attention of the users that processing the personal data of minor users under 16 years is only legal if the consent to the data processing is granted or confirmed by the legal representative of the minor. The conforming statement of the legal representative of minors must be sent to the abovementioned e-mail address of the controller.

5. Legal basis for the data processing

5.1. The processing of the personal data is legal only if at least one of the following conditions apply:

a) Regulation Article 6. a): the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) Regulation Article 6. b): processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) Regulation Article 6. c): processing is necessary for compliance with a legal obligation to which the controller is subject;
d) Regulation Article 6. d): processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e) Regulation Article 6. e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f) Regulation Article 6. f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

6. User activities giving reason for processing personal data

(A) Using the website (with or without registration)

Data subject

Processed data

Purpose of the data processing

Legal basis of the data processing

Recipient (who the data is provided to)

Term of storing the data

user

IP address, time of visiting the website

online content services, securing the using of the website, securing the inviolated operation of the website, making the services of the website available, statistics

Regulation Art 6. a) — user’s consent

Regulation Art 6. f) — Controller’s lawful interest

Controller, Processor, HostGator, Google Inc, Google Analytics

data suitable for unique identification are not stored

(B) Registration at the website

Data subject

Processed data

Purpose of the data processing

Legal basis of the data processing

Recipient (who the data is provided to)

Term of storing the data

registered user

name, e-mail address, password

identifying the user, checking the entitlement of the user to access the website, online content services, securing the use of the website, making available the full scope of the services of the website

Regulation Art 6. a) — user’s consent

Controller, Processor: HostGator

term of the registration / service or until the withdrawal of consent by the data subject

(C) Subscription to the Newsletter (condition precedent: registration and grating consent)

Data subject

Processed data

Purpose of the data processing

Legal basis of the data processing

Recipient (who the data is provided to)

Term of storing the data

users who subscribe to the newsletter

name, e-mail address, password

informing the user about the products and services of the Controller, sending ad materials, sending direct marketing proposals in case of separate consent by the user

Regulation Art 6. a) — user’s consent

Controller, Processor: HostGator

until the newsletter services exists, or until the user unsubscribes or until the withdrawal of consent by the data subject

(D) Subscription through the Website (condition precedent: registration)

Data subject

Processed data

Purpose of the data processing

Legal basis of the data processing

Recipient (who the data is provided to)

Term of storing the data

subscribing user

name, e-mail address, password, subscribed product, data required for the payment system of Stripe

entering into the contract for the service chosen by the user regarding the product which may be ordered at the website, and the fulfilment of the related sub-tasks (e.g. delivery); fulfilment of the legal obligations related to selling the product (e.g. invoicing)

Regulation Art 6. a) — user’s consent

Regulation Art 6. b) — entering into and fulfilling contracts

Regulation Art 6. c) — fulfilment of legal obligation

Controller, Processor, Stripe Inc.

8 years from the termination of the subscription; accounting records must be stored for 8 years

(E) Registration for prize competition, drawing lots (condition precedent: registration)

Data subject

Processed data

Purpose of the data processing

Legal basis of the data processing

Recipient (who the data is provided to)

Term of storing the data

users who registers for prize competition, or drawing lot

name, e-mail address, password, name of prize competition / drawing lot

identification of the User who registered for the prize competition / drawing lot, ensuring the participation of the registered User at the prize competition / drawing lot, delivery of the possible prize, coordination of delivery, compliance with respective accounting regulation

Regulation Art 6. a) — user’s consent

Regulation Art 6. b) — entering into and fulfilling contracts

Regulation Art 6. c) — fulfilment of legal obligation

Controller, Processor

the Controller store the data of the data subjects for 30 days after the prize competition / drawing lot is finished, the data of the winners must be stored for 8 years in accordance with the accounting regulation

(F) Communication

Data subject

Processed data

Purpose of the data processing

Legal basis of the data processing

Recipient (who the data is provided to)

Term of storing the data

user or any other third person

name, e-mail address, other essential data required for answering the remark

communication in order to answer questions or remarks sent to the controller which do not qualify as complaint

Regulation Art 6. a) — user’s consent

Controller

30 days from answering the remark or question and closing the case (unless longer storage is necessary with regard to the Controller’s lawful interests — e.g. management of complaints)

(G) Management of complaints

Data subject

Processed data

Purpose of the data processing

Legal basis of the data processing

Recipient (who the data is provided to)

Term of storing the data

compliant user or third person

name, e-mail address, (contract address in case of complaints filed in writing via postal service)

management of complaints, identification of the data subject user or third person, communication, lawful management of the complaint, verification of compliance with the respective legal regulation

Regulation Art 6. a) — user’s consent

Regulation Art 6. f) — Controller’s lawful interests

Controller

30 days from answering the complaint and closing the case (unless longer storage is necessary with regard to the Controller’s lawful interests — e.g. review procedures)

We hereby draw the attention of our users that some of our activities may result in data procession for more than one purposes which is in compliance with the Regulation because the separate consent of the users regarding the multi-purpose data processing is secured.

7. Data processors

Detailed data of the data processors mentioned in article 6 (a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller) are the following:

Hosting service provider: HostGator (5005 Mitchelldale, Houston, Texas 77092, United States) (hostgator.com); scope of transferred data:

IP address of the user;
time of visiting the website;
all data filed in at the website and forms is archived on a central data storage (name, password, e-mail address)

Making visit-based statistics: Google Inc., Google Analytics (18 Lower Leeson Street, Dublin 2, DO2 HE97, Rep. of Ireland) (analytics.google.com); scope of transferred data:

IP address of the user
time of visiting the website

Stripe payment system: Stripe Inc. (510 Townsend Street, San Francisco, California 94103, United States) (stripe.com); scope of transferred data:

gross cumulated fee of the services;
user’s name
user’s address (postal code, city, street name, street number)
user’s e-mail address
user’s telephone number (in case the user provided this data during or prior to the purchase)

Accounting software: Visma e-conomics a/s (Gærtorvet 1-5, 1799 Copenhagen V, Denmark) (e-conomic.dk); scope of transferred data:

user’s name
e-mail address

E-mail provider: Microsoft Corporation (Kanalvej 7, 2800 Kongens Lyngby, Denmark) (microsoft.com); scope of transferred data:

user’s email
data sent to the Controller’s email by the user