Privacy Policy

Last updated on April 21, 2020

ECOMBIX Oy having a principal place of business at c/o Novius Pro Oy, Hitsaajankatu 6, 00810, Helsinki, Finland (hereinafter referred to as the “Company”, “we”, or “us”) collects from the individual user (hereinafter, referred to as “user”, “you” or “your”) certain personal data through the website https://www.gomage.com (hereinafter, referred to as the “Website”).

This Privacy Policy forms integral part of Terms of Use contains Company’s policies and procedures governing the processing of personal data through the Website.

The processing of personal data through the Website is done in accordance with the data protection laws of Finland, European General Data Protection Regulation 2016/679 (GDPR) and California Consumer Privacy Act 2019 (CCPA).

This Privacy Policy may be updated from time to time and you will be informed about any such updates. More details concerning the collection or processing of Personal Data may be requested from us at any time.

Definitions

PERSONAL DATA means data allowing to identify the natural person directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.;

PROCESSING means any operation or set of operations that is performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or destruction;

DATA SUBJECT is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular Personal Data.

Privacy Statement

ECOMBIX OY shall be considered a data owner and data controller in relationships with Data Subject. We acknowledge the privacy of natural persons and make efforts to protect them against any unlawful Processing by applying relevant technical and organizational measures to protect Personal Data of natural persons in accordance with the effective legislation. Although we will make reasonable efforts to ensure safe Processing, we cannot guarantee it to be 100% secure and risk-free.

We process personal data in a way that assures appropriate level of security, including protection against unauthorized Processing, destruction, accidental loss, or damage, while applying suitable organizational and technical measures under industry standards and in compliance with the following principles: (1) lawfully, fairly and transparently; (2) Processing is specified, explicit and only for legitimate purposes; Processing is adequate, relevant and limited to necessary purpose; accurate and kept up to date; limitation of the storage for periods not longer than necessary; Processing is held in a manner that ensures appropriate security of the Personal Data.

We Processes Personal Data only when one of the conditions below applies: (1) it is required for the performance of agreement with the Data Subject; (2) it is required for compliance with the law or our legal obligation; (3) Data Subject has provided us with consent for Processing of their Personal Data for one or more specific purposes; (4) Personal data is Processed for our Legitimate Purpose.

When it comes to processing, we will not discriminate against Data Subject CCPA rights. Unless permitted by the CCPA, we will not: (1) reject Data Subject's request for goods or services on the basis of discrimination; (2) provide to California based Data Subject different prices for goods or services, including through granting discounts or other benefits; (3) render to Data Subject different level or quality of goods or services in comparison to our other clients.

Notwithstanding the aforementioned, we may, at our own discretion, offer Data Subject certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will contain written terms that describe material aspects.

We do not knowingly Process Personal Data that related to, or reveal, racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning the health, sex life or sexual orientation of the natural person.

We apply the following principles in order to protect your privacy: (a) we will not sell or lease your Personal Data to third parties; (b) any Personal Data that you provide to us will be secured with industry-standard safety protocols and technology.

Types of Personal Data We Process

Contact data Email, billing address, shipping address
Financial data bank account and payment card details, tax identifiers (like VAT number)
Identity data first name, last name, username, date of birth
Marketing data preferences in receiving marketing from us
Communication data Messages you send to us
Technical data internet protocol (IP) address, clients SSH/SFTP/FTP, Magento username, Github repository identifier, Magento account data

The Company adheres to data minimization principles. We process only minimal amount of information that is necessary for pursuing the legitimate interests of the Company. At the time you purchase software and/or services through the Website or register a user account on the Website, you will be asked to provide personal data, such as your full name, email address, telephone number and company information.

Purposes of Personal Data Processing

Purpose/ActivityType of dataLawful basis for Processing
to register Data Subject account Identity data, contact data to perform our contractual obligations with you
to provide our services Identity data, contact data, marketing data, communication data, technical data, financial data
  1. 1to perform contract with Data Subject;
  2. 2as necessary for our legitimate interest in recovering debts
to manage our relationship with Data Subject, Identity data, contact data, profile data, marketing data
  1. 1to perform our contract with Data Subject
  2. 2as necessary to comply with our legal obligations
to deliver relevant content/advertisements to Data Subject and measure or understand the effectiveness of our advertising Identity data, contact data, profile data, marketing data, technical data
  1. 1as necessary for our legitimate interests in studying how customers use our products/services; to develop them
  2. 2to grow our business and to inform Data Subject about our marketing strategy;
to use data analytics to improve our platform, services, marketing, customer relationships and experiences technical data to keep our Websites and Services updated and relevant, to develop our business and to inform our marketing strategy
to make suggestions and recommendations about goods or services that may be of interest to Data Subject, including promotional offers Identity data, contact data, technical data, profile data as necessary for our legitimate interests to develop our products/services and grow our business

If you provide express consent in advance, we may use your Personal data for direct marketing purposes (e.g., sending you our newsletter or offering services that may be of interest to you).

Third Party Access to Personal Data

We will not sell, distribute or lease your personal data to third parties unless we have your permission or are required by law to do so. We may use your personal data to send you promotional information about third parties which we think you may find interesting if you tell us that you wish for this to happen.

In case third parties perform services (e.g., hosting of the Website) on behalf of the Company, the Company will assure that such third parties employ an adequate level of protection of personal data that is consistent with this Privacy Policy. You will be informed in advance if your personal data is transferred to the third parties i.e. before such transfer.

Your personal data may be accessed by the following third parties:

  1. 1The personal data provided by you for signing up for our newsletter will be used by Mailerlite (https://www.mailerlite.com/), which is a trading name of Rocket Science Group LLC having a principle place of business at J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania, to provide you with the requested newsletter. Mailerlite privacy policy is available at https://www.mailerlite.com/legal/privacy-policy
  2. 2The hosting services for the Website are provided by DigitalOcean LLC (www.digitalocean.com) having a principle place of business at 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA. DigitalOcean privacy policy is available at https://www.digitalocean.com/legal/privacy-policy/
  3. 3When you make payments through the Website using the Credit or Debit Card payment method, your payments will be processed by Stripe Payments Europe, Ltd. having a principle place of business C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1. Stripe privacy policy is available at https://stripe.com/en-de/privacy.
  4. 4When you make payments through the Website using the PayPal payment method, your payments will be processed by PayPal (Europe) S.à r.l. et Cie, S.C.A. having an address at 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal privacy policy is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE.
  5. 5Customer relationship management assistance may be provided by ZenDesk Inc. (https://www.zendesk.com) having a principle place of business at 1019 Market Street San Francisco, CA 94103, the USA. ZenDesk privacy policy is available at https://www.zendesk.com/company/customers-partners/privacy-policy/

Security and Confidentiality of Personal Data

The Company guarantees the confidentiality of any and all Personal Data supplied by the user when utilizing Company’s software or services and when visiting the Website. We do not disclose any user’s Personal Data to any third party unless ordered to do so by a court of law during the investigation of a criminal offense or as required under other provisions of disclosure of Personal Data.

The Company takes all necessary steps to safeguard your Personal Data including the use of specialized services to secure payment of all software or services purchased through the Website. All confidential information transmitted and received by us from the specialized services is encrypted with the help of software that uses Secure Sockets Layer (SSL).

We will put reasonable efforts to maintain the security of and to prevent misuse, loss, unauthorized access, and modification of your Personal Data. However, please note that, due to the inherent risks of using the Internet, we cannot be liable for any destruction, loss, leakage, and falsification of personal data caused by circumstances beyond our reasonable control.

In the case of a Personal Data breach, the Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Data breach to the competent supervisory authority, unless the Personal Data breach is unlikely to result in a risk to the rights and freedoms of you.

You are solely responsible for keeping your login details in a private and secure manner.

Links to Other Websites

The Website may contain links to other websites of interest. However, once you have used these links to leave the Website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

EEA Data Subjects rights execution

Rights of the data subject

  1. 1Right to rectification. Data Subject has the right to request to rectify, without undue delay, any incorrect data pertaining to the respective Data Subject.
  2. 2Right to limitation of processing. Data Subject can limit the use of Personally Data collected.
  3. 3Right of access. User may request a copy of Personal Data collected during the use of Platform.
  4. 4Objecting to or restricting the use of Personal Data. Data Subject can ask to stop using all or some portion of Personal Data or limit the use thereof by requesting its erasure as described above or sending a request at support@gomage.com.
  5. 5The right to lodge a complaint with a supervisory authority. User has the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where Data Subject resides, work or where the alleged infringement has taken place.
  6. 6The right to data portability. Data Subject can receive Personal Data in a machine-readable format by sending a respective request at support@gomage.com.

Execution of rights

  1. 1Upon Data Subject request we will provide the information free of charge. However, we may charge a reasonable fee if the Data Subject request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the Data Subject request in these circumstances.
  2. 2Data Subjects exercise their rights by filing a written request containing as a minimum the following information: (1) name, postal address, email address and other data allowing identification of the respective natural person; (2) description of the request; (3) signature, date, correspondence address and mobile number.
  3. 3The filing of the request is free of charge.
  4. 4Upon the filing of a request by an authorized person, the notarised power of attorney must be attached to the request.
  5. 5In case of death of the natural person, his / her heirs exercise his / her rights and the certificate of heirs shall be attached to the request.
  6. 6We will review and pronounce on the request within 1 month as of its filing. This period may be extended by further two months, if necessary, for example, if Data Subject request is particularly complex or when Data Subject has made a number of requests. We will inform Data Subject as to any such extension within 1 month as of receipt of the request, stating the reasons for the delay.
  7. 7We will provide an answer to the requesting person taking into account their preferred form for the provision of the information (orally or in writing - as a hard copy of electronically).
  8. 8Where data do not exist or law forbids their provision, access to the requesting party to such data is refused.
  9. 9If the requesting party is not satisfied with the response received and/or believes that their rights related to Personal Data protection were violated, they are entitled to exercise their right to defense.

Execution of rights by California Consumers

Access to Specific Information and Data Portability Rights

  1. 1Data Subject has the right to request information about what information was Processed over the past 12 months. Once we receive and confirm Data Subject verifiable consumer, we will disclose to you:
    • The categories of sources for Personal Data we collected about Data Subject.
    • The Personal Data we collected about you (also called a data portability request).
  2. 2All other information is already disclosed herein. For the avoidance of doubts, we do not sell Data Subjects Personal Data

Deletion Request Rights

  1. 1Data Subject has the right to request the deletion of Personal Data Processed, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete Personal Data from our records, unless Personal Data is necessary for us or our service provider(s) to (1) complete the transaction for which we collected the Personal Data, provide a good or service that Data Subject requested, take actions reasonably anticipated within the context of our ongoing business relationship with Data Subject, or otherwise perform our contract; (2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) debug products to identify and repair errors that impair existing intended functionality; (4) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) comply with a legal obligation; make other internal and lawful uses of that information that are compatible with the context in which Data Subject provided it.

Exercising Access, Data Portability, and Deletion Rights

  1. 1To exercise the access, data portability, and deletion rights described above, Data Subject should submit a verifiable consumer request to support@gomage.com. Only Data Subject based in California, or a person registered with the California Secretary of State that Data Subject authorize to act, may make a verifiable consumer request related to Personal Data.
  2. 2Data Subject can make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: (1) provide sufficient information that allows us to reasonably verify Data Subject is the person about whom we collected Personal Data; and contain description allowing us to properly understand, evaluate, and respond to it.
  3. 3We cannot respond to the request or provide Data Subject with Personal Data if we cannot verify the Data Subject’s identity or authority to make the request and confirm the relation of Personal Data.

Response Timing and Format

1The verifiable consumer request shall be responded within forty-five (45) days of its receipt. If we require more time, we will inform Data Subject of the reason and extension period in writing. The responding is free of charge unless it is excessive, repetitive, or manifestly unfounded.

Children Using the Website

The Website is not meant to be used by children who are under the age of thirteen (13). If you become aware that your child(ren) has provided us with their personal data without your prior consent, please contact us at support@gomage.com for requesting us to destroy or de-identify such personal data.

Place

Personal Data is processed at our operating offices and in any other places where the parties involved in the processing are located. It may be necessary to transfer collected Personal Data to countries outside of the European Union for Processing purposes.

Retention Period

Your personal data will be kept for as long as is necessary to provide you with the requested service. When your personal data is no longer necessary to deliver the requested service, the Company will delete it as soon as possible, unless retaining of your personal data is required by law for a certain period of time (e.g., for accountancy records).

COOKIES

A cookie is a small file that asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Generally, cookies allow web applications to respond to you as an individual. With the help of a cookie, a web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic to our website and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

List of Cookies We Collect

The table below lists the cookies we collect and what information they store.

COOKIE nameCOOKIE Description
CART The association with your shopping cart.
CATEGORY_INFO Stores the category info on the page, allowing you to display pages more quickly.
COMPARE The items that you have in the Compare Products list.
CURRENCY Your preferred currency.
CUSTOMER An encrypted version of your Customer ID with the store.
CUSTOMER_AU An indicator if you are currently logged into the store.
CUSTOMER_INFO An encrypted version of the customer group you belong to.
CUSTOMER_SEGMENT_IDS Stores the Customer Segment ID.
EXTERNAL_NO_CACHE A flag, which indicates whether caching is disabled or not.
FRONTEND You sesssion ID on the server.
GUEST-VIEW Allows guests to edit their orders.
LAST_CATEGORY The last category you visited.
LAST_PRODUCT The most recent product you have viewed.
NEWMESSAGE Indicates whether a new message has been received.
NO_CACHE Indicates whether it is allowed to use cache.
PERSISTENT_SHOPPING_CART A link to information about your cart and viewing history if you have asked the site.
POLL The ID of any polls you have recently voted in.
POLLN Information on what polls you have voted on.
RECENTLYCOMPARED The items that you have recently compared.
STF Information on products you have emailed to friends.
STORE The store view or language you have selected.
USER_ALLOWED_SAVE_COOKIE Indicates whether a customer is allowed to use cookies.
VIEWED_PRODUCT_IDS The products that you have recently viewed.
WISHLIST An encrypted list of products added to your Wishlist.
WISHLIST_CNT The number of items in your Wishlist.

Contacting Us

If you have any questions or concerns regarding this Privacy Policy, please contact us by email at support@gomage.com, or please write to the following address:

ECOMBIX Oy

c/o Novius Pro Oy, Hitsaajankatu 6

00810, Helsinki, Finland

+358 9-424-562-39