Effective as of 20 September, 2018
01 - General:
1.2. Is Stackctrl located in the EU? Stackctrlis registered in a member state of the European Union and is subject to the European General Data Protection Regulation (hereinafter: GDPR) and local data protection laws. This Policy shall not list nor describe all rules and principles of the GDPR, however, these rules and principles of the GDPR shall still be applicable towards Stackctrl and you.
1.3. What is this policy about? The Policy describes how and for which purposes Stackctrl collects, processes and distributes your personal data (meaning any data relating to an identified or identifiable natural person) provided by you or collected by Stackctrl when you visit the website www.stackctrl.com (hereinafter: Site), when you use the services or products that Stackctrl provides or may provide in the future (hereinafter jointly: Services) or when you communicate with Stackctrl.
1.4. What if I do not agree with this policy? By using the Site or the Services or submitting data to Stackctrl, you are agreeing to this Policy. If you do not agree to this Policy, please do not use the Site or Services or submit data to Stackctrl. Please read this Policy each time before using the Site or the Services and before submitting any data to Stackctrl. Stackctrl may change this Policy unilaterally and any changes will be posted on the Site.
1.5. Whom does this apply to? The privacy practices set forth in this Policy apply to Stackctrl only. If you are linked to other websites (including sites that offer or use the Services or which are linked on the Site or Services) or use the services of other service providers, please review the privacy policies posted by the relevant service providers.
1.6. What am I responsible for?You are responsible for ensuring the security of your device (restricting access, locking the device when not in use) and account (strong password, logging out after each session) which you use to access the Site and the Services and for communicating with Stackctrl, and limiting the access of third parties to your device and account.
02 - Processing and Collection of Data:
2.1. Stackctrl processes your data to the minimum extent necessary for the purposes set out in this Policy.
2.2. Why does Stackctrl process my data? Generally Stackctrl processes your data i) for the performance of a contract entered into (or prior to entering into a contract) between you and Stackctrl, ii) based on your consent or iii) to fulfil a legal obligation, but may process your data also for other reasons outlined in the GDPR to ensure lawfulness of data processing. WhereStackctrl processes your data based on your consent, you may withdraw the consent at any time for any reason, or no reason at all, but this will not affect the lawfulness of processing your data by Stackctrl before the withdrawal.
2.3. Stackctrl may also process your data under Stackctrl's legitimate interests. For more details, please see clauses 2.6. and 2.7. below.
2.4. How does Stackctrl receive my data? Stackctrl collects your data using three approaches.
2.4.1. Firstly, when voluntarily provided by you on the Site (e.g. when you create an account, provide your data to access information or articles), in the process of using the Services (e.g. you insert your phone number to the payment window to make a mobile payment or to access content) or in any communication to (e.g. e-mails you send, chats), or interactions with, Stackctrl. The provision of such data by you is a requirement to enter into, or fulfill, a contract with Stackctrl, and without such data, Stackctrl would not be able to provide you the Services or fulfill the contract.
2.4.2. Secondly, when obtained by Stackctrl independently when you use the Site or the Services. The latter includes data which can be legally obtained using current technologies or in the course of providing you the Services, for example data regarding your operating system, web browser, mobile network provider, country of residence, IP address, mobile phone number, network connection, device, the Services that you use, how you use the Services, what content you purchase or access, how much you paid for the content etc.
2.4.3. Thirdly, when obtained from third parties (e.g. from the content provider whose content you have purchased or accessed, or your mobile operator, or a contractual partner of the aforementioned). This may include data on your mobile phone number, what content you wish to purchase, whether your mobile payment was successful or not, why your mobile payment was unsuccessful, what you purchased, if you are eligible to receive access to certain content, if you have been refunded for a transaction, if you have not paid your mobile phone bill etc. If you have made data about yourself public or your data is available from public sources, Stackctrl may also process your data available from such sources in accordance with this Policy.
2.5. What data does Stackctrl process about me? Stackctrl's Services are constantly evolving and new Services are added regularly. So it is not possible to provide a complete list of data that we process about you, but some examples are set out below. The data that Stackctrl processes depends on the Services you use and differs between end users (e.g. consumers who make mobile payments or access content) and other contractual partners (e.g. content providers, mobile operators).
2.5.1. What data does Stackctrl process, when I make a mobile payment or access content? With regard to end users Stackctrl may process data such as phone number, IP address, what content, when, and at what price did you purchase, country of residence, mobile network provider, device data, operating system, payment behavior, purchase history, payment failure reasons (e.g. insufficient funds) etc. In case an end user requests a refund from Stackctrl, Stackctrl may also process the e-mail address, name, bank account or other payment account data you provided to correctly handle the refund.
2.5.2. What data does Stackctrl process, when I use Stackctrl's Services to monetize content? With regard to partners, if you are a private individual, then we process your personal data, and if you are a legal entity, then we process personal data of your employees and representatives. Stackctrl may process data such as name, names of representatives and employees, identification details (including personal identification code, date of birth), contact details, job titles, employer, country of residence, address, e-mail address, phone number, banking details etc.
2.6. For what main purposes does Stackctrl process my data? Stackctrl may process:
2.6.1. your identification data (e.g. your name, the names of your representatives, the legal entities you represent, identification documents, personal identification codes, date of birth) primarily to identify you;
2.6.2. your contact data (e.g. phone number, address, e-mail address, preferred language) primarily to communicate with you, to provide to you information and offers;
2.6.3. your use data (e.g. how you use the Site and Services) primarily to evaluate the performance and functionality of the Site and Services;
2.6.4. your transaction data (e.g. what content you purchased, your mobile phone number, banking details) primarily to correctly process your transactions;
2.6.5. your trustworthiness data (e.g. data about payment behavior and violations) primarily for proper risk assessment and fraud management; and
2.6.6. your location data (e.g. IP address) for determining language preferences and for statistical purposes.
2.7. For what other purposes does Stackctrl process my data? The main reasons for processing your data have been outlined in the preceding clause. Additionally, Stackctrl may process your data for the following purposes:
2.7.1. deciding whether and on what terms to provide Services;
2.7.2. provision of Services and customer support;
2.7.3. processing and monitoring of transactions, the payment and billing thereof, and performance of other agreed tasks;
2.7.4. understanding how you use the Site and Services;
2.7.5. resolution of disputes and enforcement of rights and contracts;
2.7.6. accounting, calculation and collection of fees;
2.7.7. verification of your transactions;
2.7.8. prevention and investigation of prohibited or illegal activities or fraud;
2.7.9. customization, updating, maintenance, protection and improvement of the Site and Services;
2.7.10. provision of information, advertisements (including interest-based advertisements), offers, update notices;
2.7.11. comparison of data for accuracy, identification and verification with third parties;
2.7.12. statistical, research and reporting purposes;
2.7.13. to prevent money laundering and terrorist financing;
2.7.14. to anonymize it to create aggregated statistical data, which may be shared with third parties;
2.7.15. other reasonable business-related purposes, to fulfil legal obligations or for purposes related to the above.
2.8. Does Stackctrl process my data by automated means? Stackctrl may process your data by automated means, but you will not be subjected to a decision based solely on automated processing.
2.9. Does Stackctrl use my data for marketing? Stackctrl may use your data to offer or advertise to you Services offered by Stackctrl, other companies of the Stackctrl group or contractors of Stackctrl if you have granted such consent. You may opt out at any time.
2.10. Does Stackctrl process my sensitive personal data? Stackctrl does not collect, share or process your sensitive personal data (religious or political views, health related data etc.) in any manner. Stackctrl does not knowingly provide Services to, or process personal data of, children under the age of 16. If you believe that Stackctrl has unintentionally processed sensitive personal data or data of a child under the age of 16, please contact us.
03 - Distribution of Data:
3.1. When does Stackctrl share my data? Stackctrl may share your data when: (1) permitted or required by law or to fulfill a contract with you; or (2) trying to protect against, prevent, investigate actual or potential fraud, security issues, technical issues, unauthorized transactions or other violations; or (3) trying to enforce the applicable terms of service or other contracts; or (4) protecting against violations to the rights, property or safety of Stackctrl, our employees, clients or the public as required or permitted by applicable laws; (5) related to a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Stackctrl's assets or stock, financing, public offering of securities, acquisition of all or a portion of Stackctrl's business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), subject to standard confidentiality arrangements; or (6) you have given your consent to do so; or (7) necessary to provide you the Services as stipulated below.
3.2. With whom does Stackctrl share my data? Stackctrl may disclose your data to members of the Stackctrl group or contractors of Stackctrl to process it for Stackctrl, for the purposes of managing transactions, providing content, assessing your creditworthiness, collecting fees and debts, identifying you, but also for improving your user experience, performing business support functions, providing customer support, marketing, communication, courier and postal services or other related tasks, based on Stackctrl's instructions and in compliance with the Policy and any other applicable confidentiality and security requirements. Stackctrl may disclose your data to auditors, legal and financial consultants under a confidentiality obligation. Some recipients of your data may be based outside of the European Union, therefore Stackctrl cannot guarantee that they follow the same regulations with regard to personal data as required by European Union legislation or provide the same level of protection of personal data as required under European Union legislation, however, Stackctrl shall apply relevant contractual protections to protect your data in such cases.
3.3. Does the provider of the content have access to my data? Content providers whose content you have purchased or accessed using the Services of Stackctrl may have access to your mobile phone number and transaction history relating to specific content provided by that content provider, mainly for processing transactions, customer support purposes (including for handling refund requests) and for proper delivery of content. If you raise a complaint with Stackctrl regarding a transaction, Stackctrl may be required to share data that you provide with the content provider, whose content you purchased/accessed (or tried to purchase/access) and your mobile operator. Many content providers are based outside of the European Union, therefore Stackctrl cannot guarantee that they follow the same regulations with regard to personal data as required by European Union legislation or provide the same level of protection of personal data as required under European Union legislation, however, without granting access to such data to these content providers, you could not purchase or access their content with your mobile phone number.
3.4. Does my mobile operator have access to my data? Your mobile operator, and any mobile payment mediators, if applicable, will also receive data about your mobile transactions, e.g. what content you purchased/accessed from whom, when, and at what price, purchase history. The mobile operators and mediators need this data mainly to properly process, and bill you for, your mobile payments, to manage fraud and provide you customer support. Many mobile operators are based outside of the European Union, therefore Stackctrl cannot guarantee that they follow the same regulations with regard to personal data as required by European Union legislation or provide the same level of protection of personal data as required under European Union legislation, however, without granting access to such data to your mobile operator and any mobile payment mediators, you could not purchase or access content using your mobile phone number.
3.5. Stackctrl may share non-personally identifiable data (e.g. general payment trends, statistics) publicly or with third parties.
04 - Cookies.
4.3. What can cookies track? Personal data is not collected via cookies and other tracking technology, however, if you previously provided personally identifiable data, cookies may be tied to such data. Cookies may also be able to track your device's browsing activity on third party sites or services and may be placed on your device by Stackctrl or third parties. Aggregate cookie and tracking data may be shared with third parties. Certain cookies may be stored locally on your device, app or browser.
4.4. Can I opt out of cookies? In the event you do not wish to receive cookies, you may configure your web browser, device or app to not accept cookies, to delete existing cookies or to notify you if a cookie is sent to your device. You are free to decline cookies, but you may not be able to use all the features and the functionality of the Site or Services if you do.
4.5. What cookies does Stackctrl use? To find out which specific cookies the Site uses at any given time, please visit a specialized site and perform a cookie check on the Site. To opt out of being tracked by Google Analytics please visit https://tools.google.com/dlpage/gaoptout.
4.6. You can learn more about the options available to limit third parties' collection and use of your data by visiting the websites for the Network Advertising Initiative (https://www.networkadvertising.org/) and the Digital Advertising Alliance (http://digitaladvertisingalliance.org/).
05 - Commitment to Data Security.
5.1. What measures does Stackctrl use to protect my data? Your data is maintained and kept secure by applying physical, electronic and procedural measures conforming to industry standards and applicable law. Stackctrl has implemented the privacy by design and privacy by default principles in its Services and workflows. Only authorized employees, agents and contractors (who have agreed to keep data secure and confidential) of Stackctrl have access to your data on a need to know basis.
5.2. Where are Stackctrl's servers located? Stackctrl processes your data on servers located in the European Union (Ireland) hosted by Amazon Web Services.
5.3. For how long will Stackctrl retain my data? Stackctrl will not retain your data for longer than necessary for the purpose of processing. The applicable retention period will depend on our contracts, our legitimate interests for data processing and applicable laws.
5.4. What other rights do I have? You have various rights under the GDPR with regard to your data. If you wish to use any of these rights, please write to email@example.com, but keep in mind that there may be limitations to these rights as stipulated in the GDPR.
5.4.1. Right to access and data portability: You may ask Stackctrl for a copy of your data and request this data to be presented in machine-readable format.
5.4.2. Right to erasure: You may ask Stackctrl to delete all or some of your data.
5.4.3. Data rectification: You may ask Stackctrl to update or correct your data.
5.4.4. Data processing restriction and objection: You may ask Stackctrl to stop processing all or some of your data or to limit, or to object to, Stackctrl's processing of it.
5.5. Who is Stackctrl's supervisor? Stackctrl is subject to the supervision of the Estonian Data Protection Inspectorate
Address: Väike-Ameerika 19, Tallinn 10129, Estonia
Phone: +372 56202341; +372 6274135
5.6. Where can I file a complaint? If you believe that Stackctrl processes your data in violation of applicable law, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (or the data protection authority of your member state, if you are in the EU) or a competent court.
5.7. How can I contact Stackctrl? For further information regarding the Policy and related practices, and to contact Stackctrl's data protection officer, please write to firstname.lastname@example.org or to
Stackctrl Data Protection Officer
Address: Uus 12, Tallinn, 10111