Privacy Policy of Cyber Rights Organization
This Application collects some Personal Data from its Users.
This document contains a section dedicated to California consumers and their privacy rights.
This document contains a section dedicated to Users residing in Brazil and their privacy rights.
This document can be printed for reference using the print command in any browser’s configuration options.
Holder
Stichting Cyber Rights Organization – KVK: 87641933
Kalvermarkt 53, 2511CB, The Hague, Netherlands
Contact email of the Data Controller: info@cyberights.org
Types of Data Collected
The Personal Data collected by this Application, directly or through third parties, include: Tracker; Usage data; different types of data.
Complete information regarding each category of Personal Data collected is provided in the sections of this privacy policy dedicated to this purpose or through specific explanatory texts that are displayed before the collection of the Data.
Personal Data may be freely provided by the User or, in the case of Usage Data, will be collected automatically during the use of this Application.
All the Data requested by this Application are mandatory and any refusal to provide them could make it impossible for this Application to proceed with the provision of the Service. In cases where this Application expressly indicates that certain Data are not mandatory, Users are free not to communicate such Data without this having any consequence on the availability or operation of the Service. Users who have doubts about which Data are mandatory can contact the Owner.
The use of Cookies – or other tracking tools – by this Application or by the owners of third-party services used by this Application, in addition to the additional purposes described in this document and in the information, has the purpose of providing the requested Service by the User. Cookie Policy, if available.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Application and declares to have the consent of said third parties to provide such Data to the Owner.
Method and place of processing of the collected Data
Methods of treatment
The Data Controller will process the User Data in an appropriate manner and will adopt the appropriate security measures aimed at preventing unauthorized access, disclosure, alteration or destruction of the Data.
The data processing will be carried out using IT and/or telematic tools, according to organizational methods and methods strictly related to the purposes indicated. In addition to the Data Controller, in some cases, categories of authorized subjects may have access to the Data, in relation to the functioning of this Application (administrative, commercial, marketing, legal and system administration personnel) or external collaborators who provide services to the Data Controller (such as for example external suppliers of technical services, postal couriers, hosting companies, IT companies, communication agencies) who will be appointed by the Data Controller, where necessary, as Data Processors. An updated list of these subjects may be requested from the Data Controller at any time.
Legal basis of the treatment
The Data Controller may process the User’s Personal Data if one of the following conditions occurs:
When Users have given their consent for one or more specific purposes. Notice: According to various laws, the Data Controller may be authorized to process Personal Data until the User objects to it (“opt-out”), without the need for consent or any other legal basis. However, this does not apply when the processing of Personal Data is subject to European legislation on the protection of Personal Data;
When obtaining the Data is necessary for the fulfillment of a contract between the User and/or any other pre-contractual obligation of the same;
When the processing is necessary for the fulfillment of a legal obligation which must be fulfilled by the User;
When the processing is connected to a task carried out in the public interest or in the exercise of official powers conferred on the Data Controller;
When the treatment is necessary for the purpose of a legitimate interest pursued by the Data Controller or by third parties.
In any case, the Data Controller is at your disposal to define the specific legal bases applicable to the processing and in particular, if the collection of Personal Data is a contractual or legal obligation or an obligation necessary for the formalization of a contract.
Place
The Data is processed at the Data Controller’s offices, as well as in any other place where the subjects involved in the aforementioned processing are located.
Depending on the location of Users, Data transfers may involve the transfer of User Data to a country other than yours. For further information on the place of processing of such transferred Data, Users can refer to the section containing the details on the processing of Personal Data.
Users will also have the right to know the legal bases of data transfers to another country outside the European Union or to any international organization governed by public international law or which is made up of two or more countries, such as the UN , and also know the security measures adopted by the Data Controller to safeguard their Data.
In the event that such provision of Data takes place, Users can obtain further information by consulting the relevant sections of this document or by requesting it from the Owner, through the contact information that appears in the contact section.
Storage period
Personal Data will be processed and stored for the time necessary and for the purpose for which they were collected.
Therefore:
The Personal Data collected for the formalization of a contract between the Owner and the User must be kept as such until the complete formalization of said contract.
Personal Data collected in the legitimate interest of the Data Controller must be kept for the time necessary to achieve this purpose. Users can find specific information relating to the legitimate interest of the Data Controller by consulting the relevant sections of this document or by contacting the Data Controller.
The Data Controller may keep the Personal Data for a further period when the User gives his consent to such processing, provided that such consent remains in force. Furthermore, the Data Controller will be obliged to keep the Personal Data for a further period whenever it is required to fulfill a legal obligation or by order of the authority.
After the retention period, the Personal Data must be deleted. Therefore, after this term, the rights of access, modification, rectification and data portability cannot be exercised.
Purpose of the processing of the collected data
The Data relating to the User is collected to allow the Owner to provide its Service, fulfill legal obligations, respond to execution requests, protect its rights and interests (or those of Users or third parties), detect any activity harmful or fraudulent, as well as for the following purposes: Statistics, Tag Management and Contacting the User.
Users can find specific information on the Personal Data used for each purpose in the “Detailed information on the Processing of Personal Data” section.
Detailed information on Data Processing
Personal Data Personal Data is collected for the following purposes and using the following services:
Contacting the User Mailing list or newsletter (this Application) When registering for the mailing list or newsletter, the User’s email address will be automatically added to a list of contacts to which email messages with commercial information can be sent or promotional information relating to this Application. Your email address may also be included in this list after registering for this Application or after making a purchase. Personal Data processed: Tracker. Category of personal information collected pursuant to the CCPA: Internet information. Contact form (this Application)
By filling in the contact form with their Data, the User authorizes this Application to process the data to respond to requests for information, budgets or any other nature that is indicated in the header of the form.
Personal Data processed: different types of Data.
Category of personal information collected under the CCPA: Internet information.Statistics
The services contained in this section allow the Owner to monitor and analyze web traffic and can be used to track User behaviour.
Google Analytics (Google Ireland Limited)
Google Analytics is a web analytics service provided by Google Ireland Limited (“Google”). Google uses the Data collected to track and examine the use of this Application, to prepare reports on its activities and to share them with other Google services.
Google may use the data collected to contextualize and personalize the ads of its advertising network.
Personal Data processed: Usage data; Tracker.
Place of processing: Ireland – Privacy Policy –Opt Out .
Category of personal information collected pursuant to the CCPA: Internet information.
This treatment constitutes a sale pursuant to the CCPA. In addition to the information contained in this clause, Users can find information on how to opt out of the sale in the section detailing the rights of California Consumers.
Alexa Metrics (Alexa Internet, Inc.)
Alexa Metrics is a statistics service provided by Alexa Internet, Inc.
Personal Data processed: Usage data; Tracker.
Place of processing: USA – Privacy Policy – Opt Out .
Category of personal information collected pursuant to the CCPA: Internet information.
This treatment constitutes a sale pursuant to the CCPA. In addition to the information contained in this clause, Users can find information on how to opt out of the sale in the section detailing the rights of California Consumers.
Google Floodlight Conversion Tracking (Floodlight tag) (Google Ireland Limited)
Google Floodlight Conversion Tracking (Floodlight tag) is an analytics service provided by Google Ireland Limited that connects data from Google advertising services (eg. Search Ads 360 and Campaign Manager 360) with actions performed in this Application. Depending on how the service is configured, such Data may also be used for retargeting purposes.
Personal Data processed: Usage data; Tracker.
Place of processing: Ireland – Privacy Policy – Opt out .
Category of personal information collected pursuant to the CCPA: Internet information.
This treatment constitutes a sale pursuant to the CCPA. In addition to the information contained in this clause, Users can find information on how to opt out of the sale in the section detailing the rights of California Consumers.
Tag Management
This type of service helps the Owner to centrally manage the tags or scripts needed in this Application.
This means that user data passes through these services, which may involve the retention of such data.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal Data processed: Tracker.
Place of processing: Ireland – Privacy Policy .
Category of personal information collected pursuant to the CCPA: Internet information.
This treatment constitutes a sale pursuant to the CCPA. In addition to the information contained in this clause, Users can find information on how to opt out of the sale in the section detailing the rights of California Consumers.Viewing content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
This type of service can collect web traffic data for the pages in which they are installed even if the User does not use them.
Google Fonts (Google Ireland Limited)
Google Fonts is a font family visualization service provided by Google Ireland Limited that allows this Application to incorporate such content into its pages.
Personal Data processed: Usage data; Tracker.
Place of processing: Ireland – Privacy Policy .
Category of personal information collected pursuant to the CCPA: Internet information.
This treatment constitutes a sale pursuant to the CCPA. In addition to the information contained in this clause, Users can find information on how to opt out of the sale in the section detailing the rights of California Consumers.
User rights
Users can exercise certain rights with respect to the processing of data by the owner.
in particular, Users have the right to:
Withdraw your consent at any time. Users have the right to withdraw their consent when they have previously granted it to the processing of their Personal Data.
Opposition to the processing of your Data. Users have the right to object to the processing of their Data if such processing is carried out on a legal basis other than consent. For more information, you can refer to the corresponding section below.
Access your Data. Users have the right to know whether their Data will be processed by the Data Controller, to obtain information on certain aspects of the processing, as well as to obtain a copy of the Data Subject concerned.
Verify and request the change. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
Limit the processing of your Data. Users have the right, in certain cases, to limit the processing of their Data. In this case, the Owner will process your Data for the sole purpose of keeping them.
Erase or remove Personal Data. Users have the right, in certain cases, to obtain the cancellation of their Data by the Owner.
Receive your data and transfer them to another manager. Users have the right to receive their Data in a standard, structured, machine-readable format and, if technically possible, to have them transferred to another person in charge without impediments. This provision will be applicable on condition that the Data have been processed by automated means and that the processing is based on the User’s consent, on a contract of which the User is a party or which appears in the pre-contractual obligations of the same.
Claim. Users have the right to lodge a complaint with the competent authority for the protection of personal data.
Details on the right to object to the treatment
When the processing of Personal Data is in the public interest, in the exercise of official powers conferred on the Data Controller or for the legitimate interest of the Data Controller, Users can object to said processing by providing a specific reasoning to justify your objection.
Users must know that, however, if their Personal Data is processed for commercial purposes, they can object to such processing at any time without the need for justification. To find out whether the Users’ Personal Data is processed by the Data Controller for commercial purposes, it is necessary to consult the relevant sections of this document.
How to exercise these rights
Any request to exercise the User’s rights can be addressed to the Owner through the contact information provided in this document. These requests will be processed by the Data Controller free of charge in the shortest possible time and always within the term of one month.
Further information on the collection of data and their treatment
Defence
in court The User’s Personal Data may be used for the defense of the Owner in court or in the judicial stages preceding any dispute deriving from inappropriate use of this Application or the related Services.
The User declares to know that the Owner may be required by public authorities in order to reveal Personal Data.
Additional information on the User’s Personal Data
In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information relating to specific Services or the collection and processing of Personal Data.
System and maintenance logs
For reasons related to operation and maintenance, this Application and any other service, provided by third parties, by which it is used, could collect a system log; or files that record the interaction with this Application and which may contain Personal Data, such as the User’s IP address.
Information not contained in this privacy policy
Further information on the collection and processing of Personal Data may be requested from the Data Controller at any time. Contact information is indicated at the beginning of this document.
How we process “Do Not Track” requests
This Application does not allow “Do Not Track” requests.
To determine whether any of the third-party services you use accept “Do Not Track” requests, please review their privacy policies.
Modification of this privacy policy
The Owner reserves the right to modify this privacy policy at any time, giving publicity to Users through this page and, if possible, through this Application and/or if technically and legally possible by directly communicating it to Users, if the Owner has the contact information necessary for this purpose. We strongly recommend that you check this page frequently, referring to the date of the last update indicated at the bottom of the page.
In the event that the changes affect the processing activities carried out on the basis of the User’s consent, the Controller must obtain, if necessary, the new User’s consent.
Information for California Consumers
This part of this document is supplemented and supplements the information contained in the rest of the privacy policy, and is provided by the company that operates this Application and, where applicable, its parent company, affiliates and affiliated companies (collectively referred to as “we”, ” our” or “our” for purposes of this section).
The provisions contained in this section are applicable to any User who is a consumer residing in the State of California, United States of America, in compliance with the “California Consumer Privacy Act of 2018” (California Consumer Privacy Act ) (Users will be hereinafter collectively referred to simply as “You”, “your”, “your”), and, for such consumers, these provisions supersede any other provision that may be contrary to the provisions of the policy.
This portion of this document uses the term “personal information” as defined in the California Consumer Privacy Act (CCPA). Categories
personal information collected, disclosed or sold
In this section we summarize the categories of personal information we have collected, disclosed or sold and the purposes for which we do so. You can read these activities in detail in the section entitled “Detailed information on the processing of personal data” which appears in this document.
Information We Collect: The categories of personal information we collect
We have collected the following categories of personal information about you: Internet information.
We will not collect any further categories of personal information without notifying you.
How information is collected: What are the sources of the personal information we collect?
We collect the above categories of personal information from you, directly or indirectly, when you use this Application.
For example, you directly provide us with your personal information when you make requests through any form on this Application. You also provide us with personal information indirectly when you browse this Application, as personal information about you is automatically observed and collected. Finally, we may collect your personal information from third parties who work with us in connection with the Service or the operation of this Application and its features.
How We Use the Information We Collect: Sharing and disclosing your personal information to third parties for business purposes
We may disclose the personal information we collect about you to third parties for business purposes. In this case, we enter into a written contract with that third party which requires the recipient to keep the personal information confidential and not to use it for any purpose other than what is necessary for the performance of the contract.
We may also disclose your personal information to third parties when you request or expressly authorize us to do so, in order to provide you with our Service.
For more information on the purposes of the processing, please consult the relevant section of this document.
Sale of your personal information
For our purposes, the term “sale” means any “sale, lease, disclosure, dissemination, dissemination, making available, transfer, or communication by any other means, oral or written, or by electronic means, of a consumer’s personal information by the company to another company or to a third party, in exchange for a monetary or economic consideration of any other type”.
This means that, for example, a sale can occur every time an application displays advertisements, or performs statistical analysis of its traffic or views, or simply because it uses tools such as social network plug-ins or similar.
Your right to refuse the sale of your personal information You have
the right to refuse the sale of your personal information. This means that whenever you ask us to stop selling your data, we will comply with your request.
Such requests can be made freely, at any time, without the need to submit a verifiable request, by simply following the instructions below.
Instructions for disabling the sale of personal information
If you wish to obtain more information, or exercise your right to opt out of any sales made by this Application, whether online or offline, you may contact us so that we can provide you with further information, through the contact information data provided in this document.
What are the purposes for which we use your personal information?
We may use your personal information to enable the operation of this Application and its features (“commercial purposes”). In such cases, your personal data will be processed in a manner necessary and proportionate to the commercial purpose for which it was collected and strictly within the limits of compatible operational purposes.
We may also use your personal information for other reasons, for example for commercial purposes (as indicated in the “Detailed information on the processing of personal data” section of this document), as well as for compliance with the law and defense of our rights. rights before the competent authorities when our rights and interests are threatened or we suffer actual damage.
We will not use your personal information for any other, unrelated or incompatible purpose without notifying you.
Your California privacy rights and how to exercise them
Right to knowledge and portability
You have the right to request that we disclose to you:
the categories and sources of the personal information we have collected about you, the purposes for which we use your information and with whom it shares that information;
in case of sale of personal data or disclosure for commercial purposes, two lists in which we will communicate:
for sales, the categories of personal data acquired from each category of recipient; And
for communications for commercial purposes, the categories of personal information obtained from each category of recipients.
The disclosures described above will be limited to personal information collected or used in the last 12 months.
If we provide our response electronically, the information included will be ‘portable’, meaning that it will be provided in an easily usable format that allows the information to be transmitted to another entity without hindrance, provided this is technically feasible.
Right to request deletion of your personal information
You have the right to request that we delete any personal information about you, subject to the exceptions required by law (such as, without limitation, when the information is used to identify and fix errors in this Application, to detect security incidents and protect us from fraudulent or illegal activities, to exercise certain rights, etc.).
If no legal exception applies, as a result of exercising your right we will delete your personal information and instruct all of our service providers to do the same.
How to exercise your rights
To exercise the rights described above, you must send us a verifiable request by contacting us at the contact details provided here.
In order to be able to respond to your request, we need to know who you are. Therefore, you can only exercise the aforementioned rights by submitting a verifiable request which must:
provide sufficient information for us to reasonably verify that you are the individual whose personal information we have collected or an authorized representative;
describe your request in sufficient detail so that we can understand, evaluate and respond to it correctly.
We will not respond to any request if we are unable to verify your identity and therefore confirm that the personal information we hold relates to you.
If you are unable to make a verifiable application yourself, you may authorize a person registered with the California Secretary of State to act on your behalf.
If you are of age, you can make a verifiable claim on behalf of a minor in your custody.
You can submit a maximum of 2 applications in a 12-month period.
How and when we should process your request
We will acknowledge receipt of your verifiable request within 10 days and provide information on how we will process your request.
We will respond to your request within 45 days of receipt. In case we need more time, we will explain why this is needed and how much additional time we will need. In this regard, we remind you that the fulfillment of your request could take up to a maximum of 90 days.
Our disclosure will be for the immediately preceding 12-month period.
If we decline your request, we will explain the reason for our refusal.
We do not charge you to process or respond to your verifiable request, unless such request is manifestly unfounded or excessive. In such cases, we may charge you a reasonable fee or refuse to execute your request. In both cases, we will inform you of your choices and explain the reasons.
Information for Users residing in Brazil
This part of this document is integrated with the information contained in the rest of the privacy policy and supplements it, and is provided by the company that manages this Application and, where appropriate, by its parent company, subsidiaries and affiliated companies (collectively referred to as ” we”, “our” or “our” for purposes of this section).
The provisions appearing in this section are applicable to all Users residing in Brazil, in accordance with the “Lei Geral de Proteção de Dados” (hereinafter we will refer to Users simply as “you”, “your” or “his”) . For these Users, these provisions replace any other provision contrary to the provisions contained in the privacy policy or in contrast with them.
This part of this document uses the term “Personal Information” as defined in the Lei Geral de Proteção de Dados ( LGPD ).
Reasons why we process your personal information
We can only process your personal information if we have a legal basis for that processing. The legal bases are as follows:
Your consent to the corresponding processing activities;
The fulfillment of a legal or regulatory obligation which concerns us;
The application of public policies established by law or regulation or based on contracts, agreements and similar legal acts;
The conduct of studies by research institutions, preferably carried out on the basis of anonymous personal information;
The execution of a contract and its pre-contractual measures, in cases where you are a party to said contract;
The exercise of our rights in judicial, administrative or arbitral proceedings;
The physical protection or safety, yourself or others;
Health protection – in procedures carried out by healthcare organizations or professionals;
Our legitimate interests, provided your fundamental rights and freedoms do not override those interests; And
credit protection.
For more information on the legal bases, you can contact us at any time using the contact information provided in this document.
Categories of personal data processed
To find out which categories of personal data are processed, you can read the “Detailed information on the processing of personal data” section that appears in this document.
Why we process your personal data
To find out why we process your personal data, you can read the sections entitled “Detailed information on the processing of personal data” and “Purpose of processing the collected data” which appear in this document.
your privacy rights in Brazil, how to submit a request, and our response to your requests
your privacy rights in Brazil
You have the right to:
obtain confirmation of the existence of activities involving the processing of your personal data;
Access your personal information;
Have incomplete, inaccurate, or out-of-date personal information rectified;
Obtain anonymization, blocking or deletion of your unnecessary or excessive personal information or information that is not treated in accordance with the LGPD;
Obtain information on the possibility of giving or denying your consent and the consequences of such actions;
Get information about the third parties with whom we share your personal information;
Obtain, upon your express request, the portability of your personal information (with the exception of anonymous information) to another service or product provider, provided that our commercial and industrial secrets are protected;
Obtain the elimination of your personal data being processed if the treatment was based on your consent, except for one or more exceptions provided for by art. 16 of the LGPD;
withdraw consent at any time;
File a complaint about your personal information with the ANPD (National Authority for the Protection of Personal Data) or consumer protection agencies;
oppose the processing activity in cases where the processing is not carried out in accordance with the provisions of the law;
Request clear and adequate information on the criteria and procedures used for an automated decision; And
Request a review of decisions made solely on the basis of automated processing of your personal information and affecting your interests. This includes decisions that define your personal, professional, consumer and credit profile, or aspects of your personality.
You will never be discriminated against or suffer any other type of prejudice if you exercise your rights.
How to submit your request
You can submit your express request to exercise your rights free of charge, at any time, using the contact information provided in this document or through your legal representative.
How and when we will respond to your request
We will try to respond to your requests promptly.
In any case, if we are unable to do so, we will make sure to inform you of the factual or legal reasons which prevent us from granting your requests immediately or even completely. In cases where we are not processing your personal data, we will indicate the natural or legal person to whom to address your requests, if we are in a position to do so.
In the event that you send a request for access or confirmation of the processing of personal data, be sure to specify whether you want your personal data to be delivered in electronic or paper format.
You will also need to tell us if you would like us to respond to your request immediately, in which case we will do so in a streamlined manner, or if you require a full statement instead.
In the latter case, we will reply within 15 days from the moment of your request, providing you with all the information about the origin of your personal data, confirmation of the existence or otherwise of registrations, any criteria used in the treatment and the purposes of the treatment , protecting our commercial and industrial secrets.
In the event that you submit a request for rectification, deletion, anonymization or blocking of personal information , we will make sure to immediately communicate your request to other parties with whom we have shared your personal information in order to also allow those third parties to comply with the your request – unless such communication is impossible or requires a disproportionate effort on our part.
Transfers of personal information outside of Brazil permitted by law
We are authorized to transfer your personal data outside the territory of Brazil in the following cases:
When the transfer is necessary for international legal cooperation between public intelligence services, investigative and judicial agencies, in accordance with the legal means established in international law;
When the transfer is necessary to protect your life or limb or that of others;
When the transfer is authorized by the ANPD;
When the transfer derives from a commitment made in an international cooperation agreement;
When the transfer is necessary for the fulfillment of a public order or for the legal attribution of a public service;
When the transfer is necessary for the fulfillment of a legal or regulatory obligation, for the execution of a contract or its pre-contractual measures, or for the ordinary exercise of rights in judicial, administrative or arbitration proceedings.
Definitions and legal references
Personal Data (or Data)
Personal data is any information that, directly, indirectly or in relation to any other information – including a personal identification number – identifies a natural person.
Usage data
The information collected automatically by this Application (or by third party services used by this Application), may include: IP addresses or domain names of the computers used by the User who connects to this Application, URI addresses (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal coordinates of the visit (for example the time spent on each of the pages) and details relating to the itinerary followed within the Application,with particular reference to the sequence of pages consulted, to the parameters relating to the User’s operating system and IT environment.
User
The individual using this Application, which, unless otherwise indicated, must coincide with the Data Subject.
Interested
The natural person to whom the Personal Data refer.
Data Controller (or Data Processor)
The natural person, legal person, public administration, agency and any other body, which processes Personal Data on behalf of the Data Controller, described in this privacy policy.
Data Processor (or Owner)
The natural person, legal person, public administration, service and any other body, which, even jointly with others, determines the purposes and measures of the processing of Personal Data, including the security measures relating to the operation and use of this Application . Unless otherwise specified, the Data Controller is the Owner of this Application.
This Application
The means by which the User’s Personal Data was collected and processed.
Service
The service provided by this Application, as described in the definitions and legal references (if available) and on this page or application.
European Union (or EU)
Unless otherwise indicated, all references to the European Union in this document include all current member states of the European Union and the European Economic Area.
Cookies
Cookies are Trackers which consist of small amounts of data stored in the User’s browser.
Trackers
Tracker means any technology, such as cookies, unique identifiers, web beacons, embedded scripts, entity tags and fingerprinting, that allows Users to be tracked, for example by accessing or storing information on the User’s device.
Legal notices
This privacy policy has been drafted on the basis of the provisions of multiple legislations, including articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
This privacy policy applies only to this Application, unless otherwise indicated herein.