v.3.0 from 12.02.2020
HiTech Service LLC (hereinafter referred to as “we”, “our”, “us” or the “Company”) is a US based company with the address registered at 910 Foulk Road, Suite 201, Wilmington, DE, USA, 19803. The Company is operating from the website https://approval.studio/ (“Website”) and https://app.approval.studio/ (“Web Application”). The Company is committed to providing review and proofing tool services in the scope of Web Application.
This Policy provides an overview on how our Company protects the personal data and privacy of individuals who visit our Website and Web Application (hereinafter referred to as “Visitors and Users”), who register to use our products and services (available at https://approval.studio/ and https://app.approval.studio/ (hereinafter referred to as the “Services”).
The Company is committed to protecting your privacy and handling your data in an open and transparent manner and in accordance with the European Regulation and the relevant data protection legislation which is applicable in the United States of America. The personal data that we collect and process depends on the product or service requested and is agreed in each case.
Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Personal data – any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data Protection Officer (DPO) – a person appointed by the Company that takes formal responsibility for data protection compliance within an organization;
Data Protection Authority – an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
3. What we need
Our Personal Data Protection Policy governs the use and storage of your data.
HiTech Service LLC is a Controller of the personal data Visitors and Users provide to us. We only collect basic personal data about Visitors and Users.
Kindly note that if you do not provide us with the required data, we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorized representative/agent or beneficial owner of a legal entity.
4. Why we need it
We need your personal data in order to provide you the following services:
- Provide Customer Service – collection of authentication data: email/ password, First Name/ Last Name, location for the purposes of Customer’s registration, provision of the following activities on the website and application: account settings, account security settings.
- Provide Customer Support service – collection of email address and name for the purpose of providing customer support services, submitting tickets, checking ticket status.
- Provide Personal demo – collection of name and email for the purposes of requesting personal demo and getting feedback from an account manager.
- Advertising or promotion – collection of an email address and the customers name for advertising and sending news, offers and promotions from Approval Studio.
- Provide compliance with the relevant legislations and regulations – collection of customers personal data (IP addresses) for the purpose of live monitoring of anti-fraud activities.
- Provide security monitoring for possible anti fraud and illegal activities – collection of customer’s personal data (IP address, browser identification) for the purpose of monitoring of customers’ activities.
We do not use automated decision-making policies, including profiling.
5. Who receives your personal data for processing?
Your personal data is processed in:
- 3W Infra. DPO contacts: [email protected] Storage of Personal Data (hosting provider).
- Cloudflare Inc. DPO contacts: [email protected] DDoS protection service provider.
- TawkTo. DPO contacts: [email protected] Storage of Personal Data (customer support chat).
- Freshworks, Inc. DPO contacts: [email protected]. Storage of Personal Data (customer support tracking system).
- Stripe. DPO contacts: [email protected] Financial services.
- Google LLC. Analytics and marketing.
- HiTech Service LLC. DPO contacts: [email protected] Software development, storage of Personal data and Customer support data.
- Facebook Inc. Login option in customer support tracking system and marketing activities.
- Twitter Inc. Login option in customer support tracking system.
6. Transfer of your personal data to a third country or to an international organization
Your personal data may be transferred to third countries [i.e. countries outside of the European Economic Area and USA] using the two following tools:
- US Privacy Shield requirements for US Companies according to Article 46 Section 2 GDPR;
- Signed Standard Contractual Clauses for other third countries according to Article 46 Section 2 lits. c, d GDPR.
Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
7. How long we keep your personal information for
All Personal Data will be kept in a format that allows the Data Subjects to be identified for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods of time if personal data are processed solely for archiving purposes and for reasons of general interest, scientific or historical research or for statistical purposes or for the defense of any legal rights.
8. Your data protection rights
You have the following rights, in terms of your personal data we hold about you:
- Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where there is no good reason for us continuing to process it.
- Object to the processing of your personal data, where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.
- Withdrawal of the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
In the event that you wish to complain about how we handle your personal data, please contact HiTech Service DPO by the following email address: [email protected] or by post to address: 910 Foulk Road, Suite 201, Wilmington, DE, USA, 19803. Valid Data Subjects Access Requests listed below will be responded up to 30 days:
- Know whether a data controller holds any personal data about them.
- Receive a description of the data held about them and, if permissible and practical, a copy of the data.
- Be informed of the purpose(s) for which that data is being processed, and from where it was received.
- Be informed whether the information is being disclosed to anyone apart from the original recipient of the data; and if so, the identity of those recipients.
- Be informed of the data storage period.
- If the data is being used to make automated decisions about the data subject, to be told what logic the system uses to make those decisions and to be able to request human intervention.
According to Article 12 (3) GDPR, we will provide response on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
If any of the Personal Data we hold is incorrect or incomplete, you can request on legitimate grounds to have the information corrected, restricted or removed by writing to the DPO at HiTech Service LLC at the above address.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact the DPO at HiTech Service LLC at the above address and by completing the Data Subject Consent Withdrawal Form.
9. California Privacy Rights
Residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of PI the business shares with third parties for those third parties’ direct marketing purposes and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request each year by emailing us. Your request should specify your full name and the email address you used when submitting PI to us. According to CalOPPA, we agree the Users can visit our site anonymously.
Approval Studio does not currently respond to browser “Do Not Track” (DNT) signals or other mechanisms. Third parties may collect personal data about your online activities over time and across sites when you visit the Site or use the Service.
10. COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
11. Right to lodge a complaint
If after complaining to the DPO you still feel that your Personal Data has not been handled appropriately, according to the law, you can lodge a complaint with the Office of the Delaware Department of Justice (Delaware Attorney General) regarding the Processing of your Personal Data by us or on our behalf:
Office of the Delaware Department of Justice (Delaware Attorney General)
Delaware Department of Justice
Carvel State Building
820 N. French St.
Wilmington, DE 19801
Email: [email protected]