GDPR Notice – Stebian Ltd
Effective Date: 31 December 2018
Controller Disclosure & Details: We are a data controller of personal data regarding the following categories of EEA Individuals: Visitors, Registered Users, and vendors (collectively, “Business Contacts”) for the purposes and under the legal bases described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Visitors and Registered Users using the Websites).
|Data Subject Category||Purpose & Legal Basis of Processing|
(applies to all data subjects below)
Information Security: Our web servers will log your IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral, and existing URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking usage of the Websites, combating DDOS or other attacks, and removing or defending against malicious visitors on the Websites.
Direct Marketing: Generally-speaking, we will provide email marketing (e.g., our newsletter) pursuant to a Business Contact’s consent. In cases where a Business Contact buys, or enters into negotiation for the sale of, a product or service, email marketing shall be sent to such Business Contact pursuant to our legitimate interest in sending marketing communications to such Business Contacts in the context of a sale.
Rewards and Promotions: Our legitimate interest in administering our rewards and promotional offerings, such as with our third-party promotional and marketing partners.
Testimonials or Feedback: Our legitimate interest in using testimonials or feedback from Business Contacts for marketing purposes, such as posting on the Websites or within sales decks, pitches, or other promotional content (e.g., email marketing).
General Business Development: Our legitimate interest in furthering business relationships (such as by storing Business Contact information within a CRM or other database/file), ensuring customer satisfaction, and answering inquiries.
Audience Measurement and Retargeting: Pursuant to a Visitors’ consent, we use an assortment of marketing and analytics cookies for purposes of audience measurement, retargeting, and creating relevant Visitor experiences (such as based on their interaction with our Websites).
Controller’s Representative: Our representative in the European Union is:
Große Bleichen 21
Categories of Recipients: Stebian Ltd personnel will process the categories of EEA Individuals’ (as listed above) information appropriately for sales, marketing, finance, and related purposes. Such EEA Individuals’ information (or a particular category of EEA Individual, as listed in the table above) is also disclosed to various categories of recipients to effectuate the purposes described in the table above, including companies providing technical assistance, order fulfillment, customer service, marketing assistance, payment processing, survey collection, promotional and marketing assistance, and business operations.
Retention: Stebian Ltd retains your personal data as necessary to fulfill the purposes set forth within this Notice and to the extent you have (or demonstrate an interest in) a relationship with Stebian Ltd, unless you request deletion of such data or such data is no longer relevant. In some cases, we may have to retain data to comply with our legal obligations (e.g., accounting, finance, tax).
Your GDPR Rights: You (the individual) have a right to (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine-readable format under the right of data portability. You may exercise these rights and submit a GDPR complaint by contacting: firstname.lastname@example.org with the subject line “GDPR Notice.”
You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Stebian Ltd’s Standard Contractual Clauses.
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Objecting to Legitimate Interest/Direct Marketing: You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to email@example.com with the subject line “GDPR Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our sales team). In such a case, your personal data will no longer be used for that purpose.
Transfer of Personal Data outside the EEA: We are self-certified under the EU-US and Swiss-US Privacy Shield for appropriate transfer of your personal data, such as to our US data centers, pursuant to Article 45(1); in these instances, you may have specific rights under the Privacy Shield. In other instances, however, we may alternatively rely on appropriate Standard Contractual Clauses to ensure adequate protection for your personal data.
Disclosure to Public Authorities: Stebian Ltd may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Corporate Restructuring: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice. This GDPR Notice shall be binding upon Stebian Ltd and its legal successors in interest.
Updates to this GDPR Notice: If in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Effective Date” at the top of this page will be updated accordingly.
How to Contact Us: Please submit to firstname.lastname@example.org for any questions, complaints, or requests regarding this GDPR Notice; please include the subject line “GDPR Notice.”