PRIVACY POLICY

Last updated: 20 May 2025

This Privacy Policy describes the Provider’s personal data processing practices for the Provider’s PrivacyNest service ("Service(s)"), in general or through the Provider’s websites, collectively or individually "Site(s)"). The Provider acts as data controller and the Provider’s subsidiaries as data processor.

Details about Provider:

The name and details of Provider can be found in the welcome email sent to you upon subscribing to the Site. In addition, it can be found after logging in to the website privacy-nest.net in the footer of this website, and on the My Account details page on privacy-nest.net/account.

The Provider is bound by the applicable privacy legislations and regulations, including the General Data Protection Regulation (GDPR). The Provider is responsible for keeping Customer administration and data management for analysis and marketing purposes. The Provider has the duty to carry out its responsibilities under the GDPR. The Provider is responsible for all data processing on behalf of the Provider

Please take time to read the Provider’s Privacy Policy carefully. 

By visiting this Site, providing the Provider with Customer’s personal data or other information on the Sites, or by subscribing to the Service, or by entering into a contract with the Provider, Customer expressly acknowledges that Customer has read and agreed to the terms of this Privacy Policy.

Minors (as defined by law in various countries) (“Minors”) cannot subscribe to the Service. Parents and legal guardians are responsible for the use that is made of the Services, and Sites by their Minors.

Pursuant to the General Data Protection Regulation 2016/679 (“GDPR”) and other data protection laws, the Provider reserve the right to amend this Privacy Policy at any time. A notification on the Site(s)' home page will alert Customer, or a message will be posted in Service(s), or in specific cases, Customer will receive an e-mail.

1. What information or personal data does the Provider collect from Customer and why?

The Provider may collect and process personal data and other information as listed below (collectively referred to as "Data") to perform the Provider’s obligations under the contract Customer signed with Us, or to provide Services to Customer.

Please note that the Provider does not collect or process any sensitive personal data (i.e., data which directly or indirectly reveals racial or ethnic origins, political, philosophical or religious opinions or trade union membership, as well as genetic, biometric data for the purpose of identifying a single natural person or which relates to health or sexual life, and for any such purpose). Therefore, the Provider asks Customer to abstain from sending any such data over to the Provider.

The Provider’s contracts and registration forms indicate any specific Data which Customer is required to provide.

1.1 Personal Data

Personal Data means information that directly or indirectly relates to Customer as an identified or identifiable natural person. This may concern, depending on the contract, the Sites, the Products or Services, Customer’s status and/or the means of collection, all or part of the following Personal Data:  

• Name(s) and surname;
• Postal address (invoicing or delivery); 
• Landline or mobile (personal or professional) phone number;
• Email address;
• Banking information (bank or other account information, bank account details, credit/charge card information, number, expiry date, visual cryptography);
• Passport number or ID number; 
• Spoken language or chosen language for the Sites or Services
• Any confidential information to help Customer recall Customer’s personal identifiers or passwords;
• IP address (number automatically assigned by Customer’s Internet Access Service Provider or the MAC address of Customer’s electronic devices from which access to the Site(s) is made and which are subject to an automatic identification and recording for each use of the Site(s);
• Demographic data on Customers (e.g. age, gender, place of residence); 
• Technical information, such as cookies;
• Geolocation data (country level only);

1.2 Other information

The Provider also collects other data that does not necessarily lead, directly or indirectly, to Customer’s identification as a natural person ("Other Information").

In such a case, the Provider will process it in accordance with the conditions described and for the purposes set out in section 3 below. These Other Information may be:

• Information on the Customers' Internet browser and devices to access the Sites, such as the type of device, screen resolution, version of operating system, type and version of the Internet browser, as well as the type and version of the Service used. A unique identifier may be assigned to the device from which Customers access the Service(s) delivered by the Provider or its service providers;
• Data relating to Customers' use of mobile applications or other communication services: within this context the Provider may collect the unique identifier, as well as Other Information relating to the connecting device in order to provide content to the devices. It may also collect the date and time of access to the servers, as well as the downloaded files and information;
• Server Log files to manage the Services, diagnose problems affecting the servers, or determine Customers' geolocation data (on country level);
• Information collected using cookies, clear gifs, web beacons, pixel tags or other similar technologies; 
• Demographic or Other Information as long as it does not allow the person's identification;
• Information on the Services' use via analytical tools enabling the Provider to provide Customer with enhanced performance level. The information thus collected may provide the Provider with information regarding the most used services and functions, the type of equipment used, its characteristics, country, and downloading language.

2. How does the Provider collect Customer’s Data?

The Provider collects Customer’s Data from:

• The contract Customer entered into with Us;
• The account Customer created or Services Customer subscribed to;
• Viewing, downloading or using a Site;
• Customer’s subscription;
• Customer’s subscription to newsletters or other types of communications;
• Customer’s claims regarding the Provider’s Service;

The Provider collect Customer’s Other Information via: 

• Browsers, devices and other digital applications' use on such devices;
• Server log files; 
• Cookies: 
• The sharing of information and data.

3. What does the Provider process Customer’s Data for?

The Provider processes Customer’s Data to:

• Create and administer Customer’s personal accounts; 
• Perform contractual obligations,
• Provide Services;
• Conduct and process various payment transactions;
• Respond to Customer’s requests or inquiries, or provide and improve customer support;
• Communicate with Customer (e.g., administrative, promotional or commercial communications);
• Provide, improve, optimise and customize Customer’s experience; 
• Implement, ensure and improve Sites or Services security, combat fraud, and prevent data security breaches as defined by the GDPR;
• Analyse, identify, improve and understand the Services and Sites functioning and the trends of the use of the Sites or Services; 
• Fulfil the Provider’s legal obligations 
• Manage and administer Customer’s Personal Data in compliance with GDPR

4. On what legal ground can the Provider process Customer’s Data?

The Provider may process Customer’s Data based on:

• Customer’s consent;
• A contract Customer entered into with Us;
• A legal obligation;
• The Provider’s legitimate interest (for example, to improve the Provider’s Products and Services, to prevent fraud, to secure Sites and Services, or to customize the Provider’s communication.

5. Who receives Customer’s data?

The Data Customer sends to the Provider, directly or indirectly, is accessed exclusively by authorised individuals, only when necessary, and for the sole purposes referred to in Section 3 above. The Provider makes sure that such access complies with the security measures that the Provider implements. 

Data recipients may be:

• The Provider’s subsidiaries;
• Third-party providers with whom the Provider work to facilitate the Services' provision or access to Sites, such as but not limited to hosting services, data analysis, processing of payment transactions, providing infrastructure services, information technology services, customer services, e-mail distribution services or other similar services;

The Provider may also communicate Customer’s Data to duly authorised individuals, only when necessary for the sole purposes referred to in Section 3 above, in the following cases:

• To comply with applicable law, including the law of countries outside Customer’s place of residence;
• To respond to injunctions or requests from public or governmental authorities, including those outside Customer’s country of residence;
• To perform under or enforce the contract and the Terms of Service, or to protect the Provider’s activities or those of the Provider’s subsidiaries;
• To protect the Provider’s rights, security and property or those of the Provider’s subsidiaries, licensors and partners;
• To exercise or defend the Provider’s legal rights or to have such rights recognized;
• To make any necessary recourse or to limit damages or any sentences that may be pronounced against the Provider or the Provider’s subsidiaries;
• For a reorganisation, merger, acquisition, joint venture or any other form of transfer of all or part of the Provider or the Provider’s assets to any such third party;
• To perform specific data transfers upon receiving Customer’s explicit consent;
• To satisfy a public interest;
• To protect Customer, or third parties, from fraud, abuse, illegal acts or breach of contract, or of the Terms of Service.

6. How long does the Provider use Customer’s Data for? (data retention period)

The Provider keeps Data only for the time necessary to execute the contract, achieves the objective pursued, meets Customer’s needs, executes the contract or meets the Provider’s legal obligations.

The data retention criteria the Provider established includes:

• The term of the contract entered into by Customer with Us;
• The retention period required by applicable law (i.e., accounting or archiving obligations);
• The duration of the Customer’s consent for a specific use;
• For prospects (in the absence of any subscription to a Service or purchase of a Product): 1 year or less from the day of the Data collection;
• 12 months or less for cookies.

When the Provider no longer needs to process Customer’s Data, the Provider deletes it from the Provider’s systems and databases or anonymises it so that Customer can no longer be identified.

7. Hosting-storage and transfer of Customer’s data outside the European Union

The Provider takes all necessary measures to host and store Customer’s Data on servers located in the European Union.

Certain Data may be collected, transferred, hosted and/or more generally processed outside Customer’s country or jurisdiction of residence. Data protection and data security requirements differ from place to place and may not offer the same level of protection as those of Customer’s country or jurisdiction of residence or of origin. However, the Provider and the Provider’s subsidiaries take appropriate measures to protect the transfer of Customer’s Data. Such measures include the use data transfer methods approved by the European Commission, and written agreements with the Provider’s processors to ensure they process the Data they receive from the Provider according to the law.

In light of the above, Customer Data may be accessed by law enforcement and/or regulatory authorities according to the applicable laws of such foreign jurisdictions.

The Provider may, as specified in section 5 above, when needed, disclose Customer’s Data to third parties' partners in order to ensure the Sites' or Services' maintenance and security, offer certain features, or to improve the Sites' and Services' functioning and appearance or create new features.

The Provider requires such third parties to provide adequate confidentiality and security guarantees, to take the necessary physical, organisational and technical measures to protect and secure Customer’s Data, in accordance with applicable law. Any transfer of data outside the European Union shall be governed by mechanisms approved by the European Commission and/or the local competent authorities.

8. Security measures

The Provider implements appropriate physical, technical, administrative and organisational security measures in order to best protect, Customer’s Data against loss, theft, misuse, abusive use, fraudulent access, disclosure, alteration and destruction.

No data transmission on the Internet can be 100% secure but the Provider is committed to implementing security standards recognised in the Provider’s industry and designed to protect and prevent unauthorised access, disclosure and use of Data.

These measures include but are not limited to:

• Storage on secure servers within the European Union;
• Protection, including through data encryption processes, such as Secure Sockets Layer (“SSL”) for credit card transactions and other bank payment transactions;
• Limited access of employees or third-party staff to databases containing the Data;
• procedures for the Provider’s staff handling Data which impose confidentiality requirements they must fulfil.

In addition, Customer has the opportunity, on the Sites or when using the Services, to create an access account or Customer account containing an identifier and password that Customer only are deemed to know to protect access to Customer’s account. In order to further protect Customer’s Data, the Provider recommends that Customer periodically changes Customer’s password and under no circumstances should Customer discloses Customer’s identifiers to anyone. 

9. Customer’s rights 

Residents of the European Union/European Economic Area have the following rights under the GDPR : 

• Right to Information: right to obtain clear, transparent and understandable information on how the Provider uses Customer’s Personal Data;
• Right of access: right to access Customer’s Personal Data held by the Provider about Customer;
• Right of rectification, opposition or limitation: right to have Customer’s Personal Data corrected if they are inaccurate or incorrect and/or to complete them;
• Right to erasure/right to be forgotten: right to request the erasure or deletion of Customer’s Personal Data. This right may, however, be limited by the Provider by legal grounds or legitimate interest in maintaining said Personal Data. Such a request will result in the termination of Customer's customer/Customer account and the Customer will no longer be able to access the Sites or Services;
• Right to object to direct marketing: right to request or modify Customer’s choice at any time to no longer receive communications relating to the offers of Services, Products, news or events from the Provider or third-party partners. In this case, Customer may use the hyperlink provided for this purpose in each email;
• Right to withdraw consent at any time for consent-based data processing: right to withdraw Customer’s consent to the processing of Customer’s Personal Data when such processing is based on consent;
• Right to data portability: right to request copying, transferring Customer’s Personal Data to another database. This right applies only to Personal Data provided by Customers, and provided that the processing is based on an agreement or consent and made using automated processes. The Provider will return to Customers the Data in a structured manner and in a legible format;
• Right to contact Customer’s local data protection authority: in case the Provider did not satisfy Customer’s request to exercise any of Customer’s rights above.

In order to exercise these rights, please contact the Provider at mail@privacy-nest.net.

10. How can Customer contact the Provider?

Details about Provider:

The name and details of Provider can be found in the welcome email sent to you upon subscribing to the Site. In addition, it can be found after logging in to the website privacy-nest.net in the footer of this website, and on the My Account details page on privacy-nest.net/account.

In case Customer has any questions with regards to this Privacy Policy, please contact the Provider at mail@privacy-nest.net.

11. Complaints

If the Customer feels that the personal information of the Customer is used, gained, saved and/or obtained incorrectly, and Customer is unsatisfied with the outcome of the request to the Provider, Customer can submit a complaint at the supervisory authority in Customer’s country at any time.