Privacy policy

1. Introduction

At DMap Factory, operated by Thorough Solutions OÜ, we are committed to protecting the privacy and security of our customers' personal data. This Privacy Policy outlines how we collect, use, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR) and other relevant EU and non-EU regulations. It also describes how we collect, use, and disclose your personal information when you visit or make a purchase from dmapfactory.com (the “Site”) or otherwise communicate with us regarding the Site.

2. Data Controller

The data controller for the personal data you provide via this DMap Factory website and online shop (the “Website”, the “Site”, the “(Online) Shop”, “DMap Factory”) is Thorough Solutions OÜ. The data controller’s contact details are:

Business Name: Thorough Solutions OÜ
Address: Ahtri 12, c/o E-Residency Hub, 15551 Tallinn, Estonia
Registration Number: 16274952
E-mail: dmf@thorough-solutions.com
Phone: +372 602 77 67

3. Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing this policy and ensuring compliance with data protection laws. You can contact our DPO via the contact details mentioned in section 2.

4. Personal Data We Collect

We may collect the following types of personal data from our customers:

  • Identity Data: Name, username, or similar identifier.
  • Contact Data: Billing address, delivery address, email address, and phone numbers.
  • Financial Data: Credit card and/or other payment details.
  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website.
  • Profile Data: Purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data: Information about how you use our Website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your general communication preferences.
  • Comments: Name, email address, IP address, and optionally, your website URL (if you leave a comment on any page of our Website).
  • Contact Form or Email: Name, email address, and IP address (if you decide to get in touch with us via our contact form or email).

Data Collected by Third-Party Services:
We use data collected by third-party services such as Google Analytics, Google Search Console, and Ezoic Inc. to analyze user behavior on our Website. Additionally, information may be collected through online tracking technologies like cookies, pixels, and similar tools to gather usage data, including how you interact with our Site, device information, IP addresses, and browsing behavior.

This data is anonymized and aggregated, so we cannot personally identify you by using such data. These third parties act as data controllers and data processors for the data they collect.

5. How We Use Personal Data

We use personal data to:

  • Process and deliver your orders, including managing payments, fees, and charges.
  • Manage our relationship with you, including notifying you about changes to our Terms of Service, Privacy Policy, Cookie Policy, or Terms and Conditions.
  • Enable you to participate in surveys, competitions, or promotional events.
  • Administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
  • Deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve.
  • Use data analytics to improve our Website, products/services, marketing, customer relationships, and experiences.
  • Prevent fraudulent activities and ensure security.
  • Answer messages sent by you via our contact form or email.
  • Filter out spam or malicious communications.
  • Ensure that content from our Website is presented in the most effective manner for you and your device.
  • Provide you with additional information, products, or services that you might request.
  • Allow you to participate in interactive features of our service.
  • Notify you about changes to our services.

6. Legal Basis for Processing Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Compliance with a Legal Obligation: Where we need to comply with a legal or regulatory obligation.
  • Consent: Where you have given consent to specific purposes, such as marketing communications.

7. Data Processing Agreements

We have agreements in place with all third-party service providers who process personal data on our behalf to ensure that they comply with GDPR and other relevant data protection regulations. These agreements stipulate that these third parties will process personal data only according to our instructions and will implement adequate technical and organizational measures to protect the data.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for processing the data, and whether we can achieve those purposes through other means. We will delete your personal data as soon as it is no longer necessary for the purposes collected.

9. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to employees, agents, contractors, and other third parties who have a business need to know.

Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Additionally, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information.

10. Data Breach Notification

In the event of a data breach, we have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so within 72 hours of becoming aware of the breach.

11. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request the erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Withdraw consent.

If you wish to exercise any of the rights set out above, please contact our DPO via the email address mentioned in section 2 or via our contact form. We may need to verify your identity before fulfilling your request and will respond to your request within one month unless the request is complex or numerous.

Please note that exercising your rights may be subject to certain limitations or exemptions, depending on applicable laws. You may also designate an authorized agent to make requests on your behalf. If you are dissatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

12. International Data Transfers

We may transfer your personal data outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection by implementing at least one of the following safeguards:

  • Adequacy Decision: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection by the European Commission.
  • Standard Contractual Clauses: Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Binding Corporate Rules: Where applicable, we will rely on other appropriate safeguards recognized by relevant data protection authorities.

13. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling in a way that produces legal effects concerning you or similarly significantly affects you. If we do so in the future, we will inform you and ensure that you have the right to human intervention and to contest the decision.

14. Third-Party Links

This Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

15. Personal Data from Children

The Services are not intended to be used by children, and we do not knowingly collect any personal data from children. If you believe your child has provided us with personal information, please contact us immediately so that we can promptly remove such information.

16. Changes to This Privacy Policy

We keep our Privacy Policy under regular review and may update it from time to time to reflect changes in our practices or in the law. We will notify you of any significant changes by placing a prominent notice on our Website. If we make any changes, we will post them on this page and modify the "last updated" date accordingly.

This Privacy Policy was last updated on September 29th, 2024.