Mandatory information on the rights of natural persons with regard to personal data protection
(Privacy notice)
The company Oxxy Limited respects the rights of their customers to the protection of their personal data with regard to the processing of personal data and has taken all the necessary measures in order to provide the needed protection. The purpose of this document is to inform the www.oxxy.com website Users and customers about how Oxxy handles their personal data, as well as about all the rights they have regarding the respective operations.
Oxxy Limited is compliant with all the requirements of the General Data Protection Regulation and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation GDPR). The purpose of this regulation is to guarantee the data protection of natural persons from all the countries EU members and unify the regulations related to the data processing.
Definitions
"We"/"Us"/"Our"/"Oxxy"/The Company means Oxxy Limited (C 50382) with seat and registered address at THE PLAZA COMMERCIAL CENTRE LEVEL 8 / SUITE 5, BISAZZA STREET, SLIEMA SLM1640, MALTA (which is licensed to operate, represent and maintain the Site www.oxxy.com by Oxxy SA(B233295) of 681, rue de Neudorf, L-2220 Luxembourg.
"You"/"Your"/"Yourself"/"User" means the User of the Site and/or customer of the 'Services' (as defined hereunder) including but not limited to Users offering content and/or other materials or services on or through the Site. "Services" means any services offered by Oxxy on or through the Site www.oxxy.com including but not limited to various online web site development tools and web applications operated and hosted by Oxxy to enable Users (including individuals, businesses and/or developers) to create and publish web sites. The Services also include web hosting services for the websites created by Users through the Site. “Site”/”Website” means the website www.oxxy.com through which the Company provides their Services.
“Site”/”Website” means the website www.oxxy.com through which the Company provides their Services.
Information about the Controller
- Name: Oxxy Limited
- Registration Number: C 50382
- Seat, registered and correspondence address: Тhe Plaza Commercial Centre, level 8, suite 5, Bisazza street, Sliema SLM1640
- E-mail: [email protected]
Information about the Data Protection Officer
- Name: Information and Data Protection Commissioner
- Seat and registered address: Level 2, Airways House, High Street, Sliema, SLM 1549, Malta
- Correspondence address: Level 2, Airways House, High Street, Sliema, SLM 1549, Malta
- Telephone: (+356) 2328 7100
- Email: [email protected]
- Website: https://idpc.org.mt
Grounds for collecting, processing and storing your personal data
Art. 1. (1) Oxxy shall collect and process your personal data in relation to the provision of our Services and the conclusion of contracts with the Company on the grounds of Art. 6, Para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:
- explicit consent provided by you as a customer;
- compliance with a legal obligation applicable to Oxxy;
- fulfillment of the obligations of Oxxy under contract with you;
- for the purposes of the legitimate interest of Oxxy.
(2) Oxxy shall be a controller regarding your data as the User of our services. With regard to the personal data you process using our Services, Oxxy shall act as a processor.
What kind of personal data shall Oxxy collect, process and store?
Art. 2. (1) Oxxy shall process the following categories of personal data and information: Your personalizing data (name and surname, e-mail, country, phone, residence address). The User shall provide all or part of these personal data only if the usage of the respective Service requires it. Example: a website profile registration may be completed using only an e-mail; the billing operations related to the usage of our Services by the User may request name and surname, e-mail, phone and residence address.
(2) Other data that Oxxy shall process:
- Data concerning registered Users in the chatbot application that Oxxy uses to establish communication with them on Facebook Messenger, part of the Company Facebook Page https://www.facebook.com/oxxy.bg/. Such data includes identification and publicly available social media profile information (name, date of birth, gender, geographic location), chat history, navigational data (including chatbot usage information), application integration data, and other electronic data submitted by the User.
- Data related to the User navigation session on the website and/or the usage of our Services. For example, when logging in to our website or your account. Such data includes the IP address you use, geographic location, identifier of the device you use to access our website;
- Data, related to job applications and provided by the candidates
(3) Data of Oxxy Users’ users: these are billing and delivery data (name and surname, e-mail, phone, address) which Oxxy Users gather from their users with regard to the provision of their services through the Company ecommerce module.
(4) Oxxy shall not collect or process personal data that relates to the following:
- reveal racial or ethnic origin;
- genetic and biometric data, health data, or data on sexual life or sexual orientation;
- reveal political, religious or philosophical beliefs, or trade union membership.
(5) Personal data shall be collected by Oxxy from the persons to whom it relates.
(6) The Company shall not perform automated decision making with data.
How Oxxy shall collect the various types of personal data
Purposes and principles for collecting, processing and storing your personal data
Art. 3. (1) Oxxy shall collect and process the personal data you provide to us in connection with the use of our Services and for the conclusion of a contract with the Company, including for the following purposes:
- provision of our Services;
- creating a User profile in the website;
- statistical purposes;
- individualization of a party to this contract;
- accounting purposes;
- developing, personalizing and optimizing our Services according to Users’ preferences and interactions with the website;
- securing the implementation of this contract for the provision of the respective Service;
- contacting you in order to communicate you general information or information regarding the specific User, including promotional messages related to our Services, as it is described in Para. 4 (Types of messages and means of communication)
- sending a regular newsletter to which you subscribed giving your explicit consent;
- sending marketing messages and information of third parties after receiving your explicit consent on this regard;
- organization, implementation and management of marketing activities, including events, contests, online courses etc., both online and offline, related to our Services. This can include registration of the participants, as well as the communication activities before, during and after the event or choosing eventual winners and enter in contact with them;
- managing customer service requests and providing technical support via call center, chat, email;
- processing job applications related to the job offers announced by the Company or processing data related to freelance projects related to our Services;
- information security;
- creating an online store via the Oxxy platform.
(2) Oxxy shall comply with the following principles when processing your personal data:
- lawfulness, fairness and transparency;
- limitation of the purposes for processing;
- relevance with processing purposes and minimization of data collection;
- accuracy and age of the data;
- limitation of storage for the achievement of the purposes;
- integrity and confidentiality of processing, and ensuring an adequate level of security for the personal data.
(3) When processing and storing personal data, Oxxy may process and store personal data to protect the following legitimate interests of theirs:
- fulfilling their obligations to the National Revenue Agency, the Ministry of Interior and other governmental or municipal authorities.
(4) Types of messages and means of communication
The communication between Oxxy and the User may happen via phone, e-mail, online chat, sms, Facebook Messenger or similar means and can include general information or information regarding the specific User, as well as the following type of messages:
- Promotional and marketing messages: Messages related to various marketing activities of the Company, including promotional and special offers, new Services and products promotions, contests, events etc.;
- Messages related to corporate communication: Messages related to news and updates regarding Company activities;
- Messages related to the usage of Company Services: These messages may include information regarding subscription plans updates, website functionalities upgrades, new Services and/or products, useful information and content, related to our Services. This category may include also all kind of administrative messages regarding the provision of our Services, as well as billing information. Examples: temporary service suspension because of technical intervention or messages related to expiring plan subscriptions, billing, invoicing or service issues when the User uses our Services.
Where are stored your personal data and how long is the storage period
The User personal data may be stored and processed by Oxxy in different EU countries in order to assure a correct provision of our Services and be compliant with their legal obligations.
Art. 4. (1) Oxxy shall store your personal data for no longer than the duration of existence of your website profile. Upon expiry of this period, Oxxy shall take reasonable care to erase and destroy all your data without undue delay.
(2) Oxxy shall notify you in case the storage period needs to be extended in order to achieve the purposes, the implementation of the contract, in view of the legitimate interests of Oxxy or otherwise.
(3) Oxxy shall keep the personal data that they are required to keep under the applicable legislation for the required term, which may exceed the duration of your registration.
Transfer of your personal data for processing
Art. 5. (1) Oxxy may, at their sole discretion, transmit all or part of your personal data to personal data processors for the fulfillment of the processing purposes, subject to the requirements of Regulation (EU) 2016/679.
(2) Oxxy shall notify you in case of intent to transmit all or part of your personal data to third countries or international organizations.
Your rights when collecting, processing or storing your personal data
Art. 6. (1) Every User has the right to request to Oxxy access to, correction or erasure of their personal data or restriction of processing of data. Also, you have the right to object to processing of personal data about you, as well as the right to data portability as it is described in the paragraphs hereinafter. Тhe respective requests may be presented to Oxxy by free text message sent to [email protected] or by using the respective data settings, provided by the website.
(2) In order to proceed with the User request, Oxxy may require you to prove your identity and your identity with the data subject.
Right of access
Art. 7. (1) You shall have the right to request and obtain from Oxxy confirmation as to whether or not personal data about you is being processed. If your data is processed, you have the right to receive the following information:
- Purposes of data processing;
- Personal data categories;
- Recipients or recipient categories to whom shall be or already were disclosed your personal data in third countries or international organizations.
(2) Oxxy shall provide you, upon request, with a copy of the processed personal data about you, in electronic or other appropriate form having the right to apply an administrative fee depending on the related administrative costs.
Withdrawal of consent to process your personal data
Art. 8. (1) If you do not wish all or any of your personal data to continue to be processed by Oxxy for a particular or for any processing purpose, you may, at any time, withdraw your consent to processing by sending a free text message to [email protected].
(2) Your account shall be erased if you withdraw your consent for the processing of personal data which is required for creating and maintaining your registration for the use of the services.
Right to rectification or filling in
Art. 9. You can rectify or fill in the inaccurate or incomplete personal data about you directly through your website profile or by sending a request to Oxxy.
Right to erasure ('right to be forgotten')
Art. 10. (1) You shall have the right to request from Oxxy the erasure of the personal data about you, and Oxxy shall have the obligation to erase it without undue delay where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw your consent on which the data processing is based and where there is no other legal ground for the processing;
- you object to the processing of the data about you, including for the purposes of the direct marketing, and there are no overriding legitimate grounds;
- the personal data has been unlawfully processed;
- the personal data has to be erased for compliance with a legal obligation in the EU or Member State law to which Оxxy is subject;
- the personal data has been collected in relation to the offer of information society services.
(2) Оxxy shall not be obliged to erase the personal data, if they store and process the data:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by the EU or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
- for the establishment, exercise or defense of legal claims.
(3) In order to exercise your right to be 'forgotten', you should submit a free text request and send it to [email protected], as well as to authenticate your identity and identity with the person to whom the data provided to Oxxy relates, by presenting your ID card for identification purposes and, if necessary, entering your login data for the account of the person to whom the data relates.
(4) Oxxy shall not erase the data that they have a legal obligation to store, including for protection against claims brought against them or proof of their rights.
Right to restriction
Art. 11. You shall have the right to request from Oxxy restriction of processing of data about you where one of the following applies:
- you contest the accuracy of the personal data, for a period enabling Oxxy to verify the accuracy of the personal data;
- the processing is unlawful, but you oppose the erasure of the personal data and only request the restriction of their use instead;
- Oxxy no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of your legal claims;
- you have objected to processing, pending the verification whether the legitimate grounds of Oxxy override those of yours.
Right to data portability
Art. 12. (1) You may, at any time, request the data about you that are stored and processed in connection with the use of Oxxy services by sending us an e-mail to [email protected].
(2) You can request Oxxy to transmit your personal data directly to another controller, chosen by you, where technically feasible.
Right to receive information
Art. 13. You may request from Oxxy to inform you of all recipients to whom personal data has been disclosed for which rectification, erasure or limitation of the processing has been requested. Oxxy may refuse to provide this information if this would not be possible or would require disproportionate effort.
Right to object
Art. 14. You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data about you, by Oxxy including profiling or direct marketing.
Your rights upon personal data security breach
Art. 15. (1) If Oxxy become aware of a breach in your personal data that is likely to result in a risk to your rights and freedoms, we shall, without undue delay, notify you about this breach and about the measures that have been undertaken or are to be undertaken.
(2) Oxxy shall not be obliged to notify you if:
- they have implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach;
- they have taken subsequent measures which ensure that the high risk to your rights and freedoms is no longer likely to materialize;
- the notification would involve disproportionate effort.
Persons provided with your personal data
Art. 16. (1) For domain registration upon request submitted by you, Oxxy shall transmit the necessary information to the respective domain registrar who shall process your data as a controller for the purpose of registering the requested domain.
(2) The Company uses a chatbot application in order to manage the communication through Facebook Messanger which is part of Oxxy Facebook Page https://www.facebook.com/oxxy.bg/. The chatbot owner who provides the service has the right to use the personal data related to their operations, maintenance or/and the usage of their services for the purposes of their legitimate business purposes and in the framework of their Privacy Policy, being complaint with the applicable data protection laws.
(3) For online payments, Oxxy shall provide the necessary information to the company provider of the payment service which shall process your personal data for the purposes of the payment transaction.
Art. 17. The Controller shall not transfer your data to third countries.
Other provisions
Art. 18. In case of violation of your rights under the above or applicable data protection laws, you shall have the right to file a complaint with Office of the Information and Data Protection Commissioner as follows:
- Name: Information and Data Protection Commissioner
- Seat and registered address: Level 2, Airways House, High Street, Sliema, SLM 1549, Malta
- Correspondence address: Level 2, Airways House, High Street, Sliema, SLM 1549, Malta
- Telephone: (+356) 2328 7100
- Email: [email protected]
- Website: https://idpc.org.mt
Art. 19. If the consent relates to transfer, the Controller shall describe the possible risks in the transfer of data to third countries in the absence of a decision for adequate protection and appropriate remedies.
Art. 20. (1) When assigning Oxxy to process a third party personal data for the purposes of using the Service, Oxxy shall act in their capacity of a personal data processor.
(2) In the cases under Para. 1, Oxxy shall act only on your instruction as the User of the Service and only as long as they may have control over the personal data you are processing. Oxxy shall have no control over the content and data that you as a service User choose to be uploaded to the Service (including whether or not this data includes personal data). In this case, Oxxy shall have no role in the decision-making process whether the User uses the Service to process personal data, for what purposes and whether it is protected. Accordingly, the responsibility of Oxxy in this case shall be limited to 1) complying with the instructions of the User of the service, pursuant to the contract and the general terms and conditions, and 2) providing information about the Service and functionalities through their interface.
Cookie Policy
Art. 21. Our Site also uses a technology called “cookies”. A cookie is an element of data that a website can send to your browser, which may then store it on your system. Cookies are created for each session when you visit our website. None of the information collected by means of cookies is associated with you as an individual. We do not use the cookie technology to capture individual e-mail addresses or any personally identifying information about you. The information so gathered through cookies may include:
- the date and time when you access our website;
- the website pages that you view and any download that you may make through such pages;
- whether or not such viewing or download is successful;
- the Internet address of the website or the domain name of the computer from which you access our website;
- the operating system of the machine running your web browser; and the type and version of your web browser.
There are several types of cookies we use:
Essential cookies
Some cookies are necessary to the correct functioning of the website. Some of the cookies enables you, for example, to see the website content on the correct language or the prices according to the currency and the VAT rates in the different countries. Other cookies turn on cache options etc.
Analytical cookies
We also use cookies to track visits on our website and analyze how easy is for you to interact with the site (Google Analytics cookies). These cookies do not contain personal data. They show us information which pages of our website are visited, the type of browser via desktop/mobile access and other anonymous data. For IP addresses we also use anonymizelp.Functional cookies
Without these cookies, we cannot enable important features on our website such as uploaded videos, chat sessions, preferred language, etc.Targeting cookies
These cookies contain information how you use our website that we may share with data providers solely in hashed, non-human readable form. They do not contain personal data. These cookies help us displaying you only information which is relevant. These are the dynamic cookies of Facebook, Google, Adform, Adwise, etc.
Should you wish to reject all or certain cookies used by our website, you may modify your web browser preferences to do so. Moreover, you may set your browser to notify you when you receive a cookie, giving you the opportunity to choose whether or not you wish to accept it. Note that by disabling certain categories of cookies, you may be prevented from accessing some features of our website or certain content or functionality may not be available.
Security measures regarding the protection of the personal data stored on the Oxxy infrastructure
Art. 22. Considering that the privacy and the protection of your personal data is an absolute priority for us, the Company undertook all the necessary organizational and technical measures in order to assure a high level of security and protection on their infrastructure. For the purposes of maximum security to collecting, storing and processing your personal data, we may use additional mechanisms for protection as encryption, pseudonymisation etc.