Contract Code: PrivacyPolicy-GDPR-Ver1.0
Effective Date 2022-04-29
Your privacy is important for LaLoka Labs (hereinafter, “LaLoka Labs”, “Site”, “the Site”, “We” or “Us”) and an essence to our service. We respect the privacy of everyone that engages with the services that we run and manage (hereinafter, “Service”, “Services” or “Website”), and we are committed to being transparent about our privacy processes and policies.
At LaLoka Labs, we care about the confidentiality and privacy of your data and are fully committed to protecting it. This is something that will never change.
Please review this Policy before using any part of the Site as by using any part of the Site you hereby agree to the collection, use and disclosure of your information as outlined below.
1. Why do we collect your data
- The lawful basis for processing and storing data subjects personal data and data retention periods are based on the contractual obligations agreed upon by the Customer by creating the account on the basis of agreeing to the Terms and Conditions of a particular Service, legal basis derived from the EU law or by explicit consent provided for marketing purposes.
2. What kind of data is collected and how it is used
- Data is collected in two ways: Data which is given to Us directly, and data which We collect automatically.
- Personal Information of the Users will be processed by LaLoka Labs throughout the term of the contractual relationship and subsequently for the legal term during which applicable regulations require such personal data be he held thereafter.
- The User may at all times exercise his or her rights to access, rectification, erasure and restriction of processing and data portability as provided in the GDPR and applicable regulations by contacting LaLoka Labs at firstname.lastname@example.org. This may however result in the inability of the User to access and use the Service.
2.a. Data given to us directly
- the Visitor has the option to contact Us via e-mail or from the contact-us link, which is being recorded. We may also offer the Visitor the option to share details through signing-up to surveys or by signing-up to a newsletter, during which We will collect and record the information the Visitor provides Us in subscribing or using such opportunities.
- Specific for GetOTP customers and visitors
- The Visitor will be providing to us Personal Information such as e-mail and phone number when completing a OTP transaction, which is part of our contractual obligations to our Customer.
2.b. Data which we collect automatically
- When visiting the Site, We and our service providers acting on our behalf may collect certain data using tracking technologies like cookies, web beacons and similar technologies.
- When we conduct fraud monitoring, prevention, detection or provide such services to our Customers, we will receive Personal Information from you (and your device) and about you through our Service and from our business partners, financial service providers, identity verification services, and publicly available sources (e.g., name, address, phone number, country), as necessary to confirm your identity and prevent fraud. Our fraud monitoring, detection and prevention services may collect Personal Information about you and use technology to help us assess the risk associated with an attempted transaction by you with a Service Customer.
- Specific for GetOTP customers and visitors
- In order to execute our contractual obligations to our Customer, prevent fraud and improve the Service, we will also collect data of the Visitor such as IP address, country data, browser environment details such as language settings, browser version and operational system version when the Customer completes an OTP transaction.
2.c. How the data is used (or not)
- Data given to us directly – The data given to us directly is used
- to provide you access to the Service;
- to provide a response to your inquiries, suggestions or complaints made by you on the Service;
- to provide you with the reply to the surveys signed-up or to provide you with the newsletter;
- Data which we collect automatically – Data collected automatically as described above is used
- to improve the Service;
- to understand visitors are using the Site;
- to improve the user experience on the Site;
- Your data is not used for ads – Earning revenue from third-party ads is not our business. We do not share your Personal Information in any way with a third-party for advertisement purposes.
3. Who we may share your data with
- In order to render and give you access to the Service, we list out the parties that we share your data with in this section. The following sub-processors are deemed as authorized by the User:
- Amazon Web Services, Inc. as provider of the hosting of the Service, through servers located in the European Economic Area (EEA).
- Digital Ocean, as provider of hosting for the Service, through servers located in the European Economic Area (EEA).
- Google services: Google Apps, Google reCaptcha V3, Google APIs, Google Analytics and Webmaster Tools
- HelpScout, for the provision of our customer service functionalities
- LaLoka Labs LLC, Japan, for the development and maintaining of the Service
- Heroku (Heroku Inc.). Heroku is a hosting platform for our apps. Binding corporate rules.
- StitchData (Stitch, Inc.). Used to process some personal identifiable data and anonymize its results. SCC incorporated into Talend Data Processing Addendum.
- Compliance with laws – We may disclose the data provided to Us to a third party if such disclosure is required by law, regulation or legal process. Also such information may be disclosed to enforce the Policy or in case to protect the security of the Site. If We are legally required to provide such data to third parties, we will use reasonable efforts to provide the Visitor with information about such procedures.
- We shall not subcontract third parties for the processing operations which may imply access to the Personal Information without the authorization of the User.
- In general, the User’s personal data will be stored in the European Economic Area (EEA). However, LaLoka Labs may share the Personal Information with third parties, some of which may be located outside of the EEA, only for the provision of the Service and at all times subject to the guarantees and requirements provided by applicable data protection laws.
In the event that LaLoka Labs transfers the User’s Personal Information to another country and where the country or territory in question does not maintain adequate data protection standards, LaLoka Labs will make sure that personal data is stored and transferred in a way which is secure. Therefore, LaLoka Labs will only transfer personal data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- By way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
- Transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
- Where it is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
- Where the User has consented to the data transfer.
- However, where personal data is stored in a third country, it may be accessible to law enforcement agencies in accordance with domestic laws.
4. Your rights
- The User, as the Data Subject, may at all times exercise his or her rights to access, rectify, erase and restrict the processing and data portability as provided in the GDPR and applicable regulations by contacting LaLoka Labs via email to email@example.com.
- Any withdrawal of consent by the User to the collection and processing of the Personal Information does not affect the lawfulness of the processing based on the consent before withdrawal thereof.
- However, please note that the withdrawal of consent by the User can result in the Service to be unusable by the User.
- If at any time the User wishes to stop receiving communications regarding the Service or with commercial information about the Service, the User may request so by sending an email to firstname.lastname@example.org.
- The exercise of the above mentioned rights is free of charge. We will provide the User with information about the follow-up to the request immediately and in any case within one month of receipt of the request. Depending on the complexity of the request and on the number of requests, this period can be extended by another three months. We will notify you of such an extension within one month of receipt of the request.
- If the User’s requests are manifestly unfounded or excessive, we will either charge the User a reasonable fee or refuse to comply with the request.
- In addition to the above mentioned rights, for service managed by LaLoka Labs OÜ, the User may also lodge a complaint before the Estonian Data Protection Inspectorate if the User feels the Service Provider is not protecting his or her rights in a reasonable manner.
Please refer to our Cookies Policy here.
6. Use by minors
The Service is not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Information through the Services.
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a children under age 13 without verification of parental consent, we take steps to remove that information from our servers.
7. Links to other websites
The Service may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.
We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
9. Security of your data
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, in compliance with GDPR, we cannot guarantee its absolute security.
11. Term and termination
- The Parties agree that upon the termination of the Agreement, LaLoka Labs shall return all the Personal Information transferred and the copies thereof to the Customer or shall destroy all the Personal Information and certify in writing to the Customer that it has done so, unless legislation imposed upon LaLoka Labs prevents it from returning or destroying all or part of the Personal Information transferred. In that case LaLoka Labs is obligated to ensure the confidentiality of Personal Information transferred by the Customer and cease for further Processing of the Personal Information.
12. Contact us