Privacy Policy – DMap factory

1. Introduction

At DMap factory, operated by Thorough Solutions OÜ, we are committed to protecting the privacy and security of our customers' personal data. This Privacy Policy outlines how we collect, use, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and other relevant EU and non-EU regulations.

2. Data Controller

The data controller for the personal data you provide via this DMap factory website and online shop (the “Website”, the “Site”, the “(Online) Shop”, “DMap factory”) is the company Thorough Solutions OÜ. The data controller’s contact details are:

Business Name: Thorough Solutions OÜ

Address: Ahtri 12, c/o E-Residency Hub, 15551 Tallinn, Estonia

Registration Number: 16274952

E-mail: info@thorough-solutions.com

Phone: +372 602 77 67

3. Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing this policy and ensuring compliance with data protection laws. You can contact our DPO via the contact details mentioned in section 2.

4. Personal Data We Collect

We may collect the following types of personal data from our customers:

  • Identity Data: Name, username, or similar identifier.
  • Contact Data: Billing address, delivery address, email address, and phone numbers.
  • Financial Data: Credit card and/or other payment details.
  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website.
  • Profile Data: Purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data: Information about how you use our Website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your general communication preferences.
  • Comments: Name, email address, IP address, and optionally, your website URL (if you leave a comment on any page of our Website).
  • Contact Form or Email: Name, email address, and IP address (if you decide to get in touch with us via our contact form or email).

Data Collected by Third-Party Services:

We use data collected by third-party services such as Google Analytics, Google Search Console, and Ezoic Inc. to analyze user behavior on our Website. This data is not collected by us, and we have no control over these processes. These third parties act as data controllers and data processors for the data they collect. This data is anonymized and aggregated, so we cannot personally identify you by using such data.

5. How We Use Personal Data

We use personal data to:

  • Process and deliver your orders, including managing payments, fees, and charges.
  • Manage our relationship with you, including notifying you about changes to our Terms of Use, Privacy Policy, Cookie Policy, or Terms and Conditions and asking you to leave a review or take a survey.
  • Enable you to partake in a prize draw, competition, or complete a survey.
  • Administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
  • Deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
  • Use data analytics to improve our Website, products/services, marketing, customer relationships, and experiences.
  • Make suggestions and recommendations to you about goods or services that may be of interest to you.
  • Answer messages sent by you to us via our contact form or email.
  • Filter out spam messages that are intended to harm our site or send us inappropriate advertising or other undesired communication.
  • Ensure that content from our Website is presented in the most effective manner for you and your device.
  • Provide you with additional information, products, or services that you might request from us from time to time.
  • Carry out our obligations arising from any contracts entered into between you and us.
  • Allow you to participate in interactive features of our service if and when you choose to do so.
  • Notify you about changes to our service.
  • Communicate with you in any other way that you might request from time to time.

6. Legal Basis for Processing Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Compliance with a Legal Obligation: Where we need to comply with a legal or regulatory obligation.
  • Consent: Where you have given consent to specific purposes, such as marketing communications.

7. Data Processing Agreements

We have agreements in place with all third-party service providers who process personal data on our behalf to ensure that they comply with GDPR and other relevant data protection regulations. These agreements stipulate that these third parties will process personal data only according to our instructions and will implement adequate technical and organizational measures to protect the data.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will only store your personal data if you give us your explicit consent or if we are required by law to do so. As soon as we no longer need your personal data, we will delete it. Additionally, you have the right to demand the deletion of your personal data collected and stored by us at any time.

9. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

10. Data Breach Notification

In the event of a data breach, we have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so within 72 hours of becoming aware of the breach.

11. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request the erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Withdraw consent.

If you wish to exercise any of the rights set out above, please contact our DPO via the e-mail address mentioned in section 2. We may need to verify your identity before fulfilling your request, and we will respond to your request within one month, unless the request is complex or numerous, in which case we may extend the response period by up to two additional months.

Please note that exercising your rights may be subject to certain limitations or exemptions, depending on the specific circumstances and the applicable laws. For example, we may need to retain certain personal data to comply with our legal obligations, or we may have overriding legitimate grounds to continue processing your data despite your objections or requests.

If you are dissatisfied with our response to your request, you have the right to lodge a complaint with the relevant data protection authority.

12. International Data Transfers

We may transfer your personal data outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • Adequacy Decision: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Standard Contractual Clauses: Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Binding Corporate Rules: Where we use providers based in the United States, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.

13. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling in a way that produces legal effects concerning you or similarly significantly affects you. If we do so in the future, we will inform you and ensure that you have the right to human intervention, to express your point of view, and to contest the decision.

14. Third-Party Links

This Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.

15. Personal Data From Children

We do not knowingly collect any personal data from children. If you think that your child provided this kind of information on our Website, we strongly encourage you to contact us immediately, so that we can do our best efforts to promptly remove such information from our records. In general, we encourage parents, teachers, and guardians to observe, participate in, and/or monitor and guide the online activity of their children and/or any minor under their responsibility and/or protection.

16. Changes to This Privacy Policy

We keep our Privacy Policy under regular review and may update it from time to time to reflect changes in our practices or in the law. We will notify you of any significant changes by placing a prominent notice on our Website. If we make any changes, we will post them on this page, and we will update the date of the policy accordingly.

This Privacy Policy was last updated on 30th July 2024.