1. About this Policy
- This policy explains when and why we collect personal information about our members and instructors, how we use it, how we keep it secure, and your rights in relation to it.
- We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
2. Who are we?
We are JELVIX OU, Harju maakond, Kesklinna linnaosa, Kaupmehe tn 7-120, Tallinn, Estonia, 10114 and Jelvix LLC, 23 Yaroslava Mudrogo str. Kharkiv, 61002, Ukraine. We can be contacted at [email protected].
3. What information we collect and why.
|Which information||What we do||Why we do it||Retention time
How long we keep your information
|Name and surname||
|Emails||Collecting users’ emails.||
|Work phone, country, company name||We request this info in the contact form.||Telephone number is used for contact by our sales department.
Country – for better understanding of the user’s location.
Company – for more info regarding the user.
|Stored in the mailbox permanently. Sales representatives use it for their purposes.|
|Date of birth /
age related information
|Photos and videos||A user can optionally send photos or videos of his project. We do not request such information.||For the project understanding.||Always|
|Bank account details||No||No||No|
Before you disclose to us any personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
4. Using your personal information
Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website. We may use your personal information for the following:
- administering our website and business;
- personalizing our website for you;
- enabling your use of the services available on our website;
- sending you non-marketing commercial communications;
- sending you our email newsletter, if you have requested it;
- sending you marketing communications related to our business or the businesses of carefully-selected third parties which we think may be of interest to you, by post or, if you have specifically agreed to this, by email or similar technology;
- dealing with inquiries and complaints made by or about you relating to our website;
- keeping our website secure and preventing fraud.
If you submit personal information for publication on our website, we will publish and/or use that information in accordance with the license you grant to us.
We will not, without your express consent, supply your personal information to any third party for their or any other third party’s direct marketing.
5. Disclosing personal information
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers, or subcontractors as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information:
- to the extent that we are required to do so by law;
- in connection with any ongoing or prospective legal proceedings;
- in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
- to a court or other competent authority for disclosure of that personal information where such court or authority would order disclosure of that personal information.
Except as provided in this policy, we will not provide your personal information to third parties.
6. International data transfers
- Information that we collect may be stored, processed, and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
- Personal information that you publish on our website or submit for publication on our website may be available, via the Internet, around the world. We cannot prevent the use or misuse of such information by others.
- You expressly agree to the transfers of personal information described in this Section 6.
7. Retaining personal information
- We will hold your personal data on our systems for as long as you are our customer and for as long as it is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with any of the future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment exercise or defense of legal claims.
- We securely destroy all personal information once we have used it and no longer need it.
8. Security of your personal information
- We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information.
- We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
- You acknowledge that the transmission of information over the Internet is inherently insecure, and we cannot guarantee the security of the data sent over the Internet.
- We protect you personal data using the following measures:
– communication channels encryption (TLS, VPN);
– encryption at rest on the servers and users’ endpoints using AES-256 encryption;
– appropriate users’ access roles for personal data access;
– physical access control;
– data masking.
9. Your rights
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the following:
- to access your personal data. You can access certain personal information associated with you by communicating with us. You can request a copy of your personal information in an easily accessible format and information explaining how this information is used;
- to be provided with information about how your personal data is processed. You can communicate with us and we will provide all information about the flow of your personal data processing;
- to have your personal data corrected. You are entitled to request that we rectify inaccurate information about you. By communicating with us, you can correct and change certain personal information associated with you;
- to have your personal data erased in certain circumstances. In certain circumstances, you are entitled to request the deletion of your personal information, except information we are required to retain by law, or regulations, or to protect the safety and security;
- to restrict how your personal data is processed. In certain cases, where we process your information, you may also have the right to restrict or limit the ways in which we use your personal information;
- to have your personal data transferred to yourself or to another business in certain circumstances.
10. Data subject consent withdrawal
You can withdraw your consent to process your personal data from Jelvix so that Jelvix no longer has your consent to process your personal data for the purpose which was previously granted.
11. Data breach notification to Data Subjects
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, the company must inform those individuals without an undue delay. One of the main reasons for informing individuals is to help you take steps to protect yourself from the effects of a breach.
The following information needs to be included in the notification of data breach to the Data Subjects, in clear and plain language:
- the nature of the personal data breach;
- the name and contact details of the Data Protection Officer or other contact point where more information can be obtained;
- the description of the likely consequences of the personal data breach;
- the description of the measures taken, or proposed to be taken, to deal with the personal data breach including, where appropriate, the measures taken to mitigate any possible adverse effects.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you understand any changes to this policy. We may notify you of changes to this policy by email or through the private messaging system on our website.
13. Third party websites
Our website includes hyperlinks to and details of third party websites. We have no responsibility for or any control over the privacy policies and practices of third parties.
14. Type of Data Never Collected by Jelvix
Notice that if you are under 13, you shouldn’t access our website in any way as our resource isn’t fully available to children under the age of 13 and it isn’t in our competence to gather any data from children under the age of 13 without parental consent.
15. Transfers outside the EU
We may transfer personal data to a third country or an international organization only if they have provided appropriate safeguards, and on the condition that enforceable data subject rights and effective legal remedies for data subjects are available.
If appropriate safeguards are in place, the transfer may happen without requiring any specific authorization from a supervisory authority.
Appropriate safeguards may be provided (among others) by:
- Standard Data Protection Clauses (in the form of template transfer clauses) adopted by the Commission, or adopted by a Supervisory Authority and approved by the Commission;
- Binding Corporate Rules (BCR), which are essential personal data protection policies uniformly adhered to between organizations within a corporate group (e.g. multinational), under Article 47 of GDPR;
- Compliance with an approved Code of Conduct under Article 40 of GDPR;
- Certification under an approved Certification Mechanism under Article 42 of GDPR;
- Contractual clauses between the Controller or Processor and the Controller, Processor or the Recipient of the personal data in the third country or international organization. However, this is subject to authorization by the competent Supervisory Authority.
16. Updating information
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Ver. 1.1, May-24, 2023