Last updated 4.9.2020.
Identity of company:
Data protection officer:
Daniel Sjöblom (firstname.lastname@example.org)
Information created by users:
Any data voluntarily created by users, such as:
Information about purchases:
Information about sales:
Besides log-level and purchase/sales data, information is generally only processed by Ziney employees and services required to implement the functionality of the platform, and not shared with third parties.
If log level data is shared with a third party, it is first anonymized, or otherwise made sure that it is handled per the GDPR directives by that third party as well.
Purchase and sales data are shared with the parties involved in the business transaction, e.g. a seller can see the location of the buying customer, how much he has paid, if he has pending payments, and so on. This does not include email addresses or phone numbers, nor does it include details about payment methods like credit card numbers.
Information may be made available to subcontractors to implement specific tasks on behalf of Ziney, but in these cases, we also ensure the customer is protected by GDPR by imposing the same requirements on them. The information will also be a restricted subset specified by Ziney, we will never share a "full profile" with subcontractors. This includes, but is not limited to:
In cases where there is a need for us to interact with a party that does not fully comply with the GDPR, we will first securely encrypt the data before interacting with that party, or we will anonymize the data, ie. data may be stored on a non-GDPR platform, but that platform will not be able to access the information in a way that would identify anything about users of Ziney.
Data is generally processed to ensure the operation of the service, ie. to provide users with the features that the service implements. This includes:
In addition to this, we can use the customer's information for marketing or market analysis purposes, with the following restrictions and safeguards for the user:
Except for log-level data, all data is gathered from voluntary actions performed by the user, e.g. registration, content creation, purchases on the platform, and so on.
We do not automatically import data about users from any external sources, such as mailing lists or databases from other businesses or governments. We can at our discretion consult open governmental or private databases about users in case of e.g. payment disputes, to prevent known frauds, and other out of the ordinary matters.
Data is as a rule stored until the user deregisters or is otherwise removed from the service. This is to provide our users with a continuous service, e.g. we will generally not delete an account after X months of inactivity, although we may do so at our discretion.
An exception is log-level data which is generally discarded once it is no longer useful or when storage space needs to be freed.
Data can be used in AI-based or other automated decision making systems, but generally not where it may affect users legally or otherwise significantly. Its main purpose is to ensure the functionality of the service, e.g. by using AI to block content otherwise expressly forbidden in the terms of service.
Our services and data centers may be located inside or outside the EU, and there may be free transfer of data between different data centers in different regions. Our services and data centers provide at least as high a level of protection to users as the GDPR does in the EU, or in cases that they do not, we encrypt or anonymize all information sent to those particular services. Users have the right to terminate their account if they do not agree with their information being used this way.
The service is open to anyone from anywhere, hence the public information, profile, and any content a user has created, but none of the private data, will be visible around the world.
If a user purchases content from vendors outside the EU, they will have access to the details concerning that purchase.
Why don't we store everything inside the EU? We prefer European partners, but in some cases, this is not possible, e.g. a service we use may not yet have European data centers. In the case of interactions with users outside the EU, the data is already publicly visible outside the EU, and where it is stored is of course a secondary matter. In other cases, we do this to ensure the service remains performant, for example, so that we can serve the same content to users outside the EU from locations closer to them. In yet other cases, we may do so for economic reasons, to ensure competitive pricing by using a cheaper service from outside the EU.
Users are protected by the legal safeguards of the GDPR (articles 46 & 47).
All https (website) connections are secured and encrypted with SSL. All server connections are encrypted and secured. Emails are not encrypted, but the accounts are secured via password or other authentication mechanisms, and access to the email service itself is encrypted. In particular, the contact form uses email and the messages are not encrypted.
We take security seriously and take all reasonable precautions to safeguard our users and ourselves.
As per the GDPR, a user has the right to:
Information requests are free to perform up to once per year, after which we may request a fee for the information retrieval. The fee is to prevent overloading our resources and intended to cover the cost of the information retrieval.
A user may ask for their information to be updated in any registers we have about them. Typically this is done via the "Edit profile" functionality, but if this is not sufficient he may contact us directly.
A user has a right to opt-out of any otherwise legal marketing purposes we use their information for, in particular, marketing offers sent by email.
A user has the right to cancel their account and have all related information destroyed. This can be done via the "Edit profile" page. This does not include any communications outside the platform, e.g. emails, and does not include information sent via the contact form.
Requests sent via the contact form are emailed to our customer support and are generally erased after processing them. A customer may request us to specifically erase any email correspondence with them, except where this would contradict some other law.
Users have a right to lodge a complaint with a supervisory authority.
Policy changes are notified by changing the date at the top of this document.
To contact a supervisory authority, consult a local state representative or legal advisor to survey your options.