PRIVACY POLICY

Effective as of October 9, 2018
1. PURPOSE, SCOPE, AND USERS

1.1. At QMARO LIMITED, a private limited company, incorporated in the Republic of Cyprus under registry number ΗΕ 296126, we have adopted this Privacy Policy and will make sure it is maintained and followed. We make efforts to comply with applicable laws and regulations related to personal data protection in countries where we operate. This Privacy Policy sets forth the basic principles and rules by which we process, collect and store your personal data or personal data which you receive, and the Privacy Policy indicates our duties and responsibilities while processing, collecting and storing personal data.
1.2. We do not knowingly attempt to solicit or receive information from children. The particular age of the children are defined differently in many countries, so any case involving a child will be reviewed individually.
1.3. We understand that you are aware of and care about your own personal privacy rights and interests, and we take that fact seriously. This Privacy Policy describes the policies and practices regarding the collection and use of your personal data, and sets forth your privacy rights. We recognize that privacy is an ongoing responsibility, and so we will follow and, from time to time, improve this Privacy Policy as we undertake new personal data practices or adopt new privacy and security rules. Our business model may also change and it may require changes to the current version of the Privacy Policy.
1.4. All countries have different privacy and data protection laws and we will do our best to follow such rules when they apply in a particular case. We follow Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR") as we are established in the Republic of Cyprus and we offer our services in the European Union.
1.5. In case if in the light of the GDPR you are a data controller and, accordingly, we are a data processor, please contact us and we will take all necessary steps to become compliant. We have an accessible standard data processing agreement.

2. TERMS WE USE AS LEGAL GUIDELINES OF THE PROCESSING

2.1. There are some legal bases for the processing of your personal data and we count on them to process your personal data. We use three main bases to process your personal data such as consent, contract, and legitimate interest. The GDPR have other legal bases and in some cases we may count on them to process your personal data. In case if you need a detailed review of all legal bases on which we count, please contact us via the contact form available on the Site.
2.2. Consent means your, freely given, specific, informed and unambiguously indicated, agreement to the processing of personal data for a specific purpose. We do not count on the consent directly as we do not collect personal data as a controller and the latter subject is responsible for obtaining consents or relying on other legal grounds.
2.3. Contract is a ground why the processing is necessary based on a contract you have with us, its performance, or because we have asked you to take specific steps before entering into that contract. To provide our services available on the Site we need to conclude an agreement with our clients. In this case, we count on the contract as a ground for the processing.
2.4. Legitimate Interests mean why the processing of personal data is necessary and based on our legitimate interests or the legitimate interests of a third party, provided that those interests are not outweighed by your rights and interests. Please be aware that you may object such processing according to article 21 of the GDPR. For example, we may answer you or send you promotional materials when you contact as via the contact form available on Site.
2.5. Articles 6(1) and 9(2) of the GDPR also indicate other legal grounds for the processing and when applicable we will count on such grounds.

3. CONSENT RULE AND INTERRELATION WITH OTHER LEGAL GROUNDS (WHEN APPLICABLE)

3.1. If you have given consent to the processing of your data you can freely withdraw such consent at any time by emailing us or contacting via the contact form.
3.2. If you do withdraw your consent, and if we do not have another legal basis for the processing of your data, then we will stop the processing of such personal data.
3.3. If we have another legal basis for the processing of your data, then we may continue to do so subject to your legal interests and rights. In some cases you may object such processing according to article 21 of the GDPR.

4. OUR RESPONSIBILITIES

4.1. You are as a client or visitor to our website at https://qmaro.com (hereinbefore and hereinafter the "Site") may be a data subject and, in this case, we may act as "data controller" or "data processor" of the personal data. Both roles make us responsible for particular processing practices with your personal data.
4.2. In some cases, we may not be involved into the processing activity with your personal data at all. This may happen when you use third parties to process your personal data.

5.YOUR RESPONSIBILITIES

5.1. You shall read this Privacy Policy carefully.
5.2. You shall make sure you understand all your rights.
5.3. If you provide us with personal data about other individuals, we will only employ that data for the special reason for which it was provided to us. By sending the data, you confirm that you have the right to process the data on your behalf in accordance with this Privacy Policy.
5.4. You shall treat your personal data secure.
5.5. In case if you submit third party's personal data, be sure that you have legal basis for the processing of such data.

6. COLLECTED DATA AND RECIPIENTS

6.1. We collect data when you interact with our Site, especially when:
6.1.1.you fill out our contact form and send data;
6.1.2.you use the Site;
6.1.3.you receive emails from us;
6.1.4.we measure Site traffic;
6.1.5.in cases we have a legal basis to collect some part of personal data (see articles 6 and 9 of the GDPR).
6.2. We process the following types of data:
6.2.1.contact details such as you're your name and email you provide to us via the contact form;
6.2.2.data connected to your use of the services we provide;
6.2.3.purchasing history and payment details;
6.2.4.data that identifies you such as your IP address, browser type and version, time zone setting, browser plug-in types, operating system and version;
6.2.5.data on how you use Site such as your URL clickstreams (the path you take through Site), page response times, download errors, how long you stay on webpages, what you do on those pages, how often, and other actions.
6.3. The recipients of the collected data is the highest management level and employees of the Company. We have appropriate security and organizational arrangements with employees and freelancers when applicable, especially we have security policy, a standard data processing agreement, non-disclosure agreements, and internal privacy instructions.

7. PURPOSES AND LEGAL BASIS FOR THE PROCESSING

7.1. We process the data for:
7.1.1.Providing services and storing data:
Details: we need to provide services mentioned on the Site.
Legal basis: Legitimate Interests.
7.1.2.Keeping the Site or services running:
Details: managing your requests, remembering your settings, hosting and back-end infrastructure.
Legal basis: Legitimate Interests.
7.1.3.Processing payment information and purchase history:
Details: processing payments to identify what you purchased.
Legal basis: Legitimate Interests.
7.1.4.Improving the Site and services:
Details: testing features, interacting with feedbacks, managing landing pages, browsing history and use of the Site, traffic optimization and data analysis and research.
Legal basis: Contract; Legitimate Interests.
7.1.5.Customer support:
Details: notifying you of any changes to the service, solving issues, any bug fixing.
Legal basis: Contract; Legitimate Interests.
7.1.6.Preventing frauds, illegal activity or any violation of the terms or Privacy Policy:
Details: we may disable access to the Site or services in cases when such access is restricted or prohibited by the applicable law or in case of your inappropriate behavior.
Legal basis: Legitimate Interests.

8. DATA SUBJECT'S RIGHTS (WHEN APPLICABLE)

8.1. You may choose not to provide us with personal data. If you choose to do so, you can restrictively continue to visit Site and browse its pages, but we may not be able to provide you the full range of services without some parts of your personal data.
8.2. You may turn off cookies in your browser via settings. You can block cookies on your browser refusing cookies. You may delete cookies. If you turn off cookies, you can continue to use the Site and browse its pages, but Site and certain services may not work properly.
8.3. You may ask us to refrain from using your data for marketing (when applicable). You can opt out from marketing by emailing us or contacting via the contact form.
8.4. You can exercise the following rights by sending us an email or contacting via the contact form.
8.4.1.You have the right to access information about you, especially:
8.4.1.1. the categories of data;
8.4.1.2. the purposes of data processing;
8.4.1.3. third parties to whom the data disclosed;
8.4.1.4. how long the data will be retained and the criteria used to determine that period;
8.4.1.5. other rights regarding the use of your data.
8.4.2.You have the right to make us correct any inaccurate personal data about you.
8.4.3.You may object to using your personal data for profiling you or making automated decisions about you. We may use your data to determine whether we should let you know information that might be relevant to you (for example, tailoring emails to you based on your behavior).
8.4.4.You have the right to the data portability of your data to another service or website/application. We will give you a copy of your data in readable format so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.
8.4.5.You have the right to be "forgotten". You may ask erasing any personal data about you, if it is no longer necessary for us to store the data for purposes of your use of Site.
8.4.6.You have the right to lodge a complaint regarding the use of your data by us. You can address any complaint to your national regulator (see the list at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).
8.5. In the context of the right to access information we shall provide you with the information within one month of your request unless there is a justified requirement to provide such information faster or later.

9. SECURITY

We have security and organizational measures and procedures to secure the data collected and stored. Connections to Site are encrypted. We use SSL transfer protocol (https). We use servers that comply with strict international data security standards, including ISO 27001. You acknowledge that no data transmission is guaranteed to be 100% secure and there may be risks. In case if your privacy has been breached, please contact us via the contact for available on the Site.

10. LOCATION OF THE PROCESSING OF PERSONAL DATA AND THIRD PARTY SERVICE PROVIDERS

The personal data collected by us is processed in our offices which are indicated on the Site. The storage of personal data which are provided by our clients is based in Germany.
We have partners which provide their services to us necessary for the provision of our services. The list of our partners available on the Site.

11. RETENTION PERIOD

Our retention practice depends on the type of data we collect, regulatory burden, and how we use the personal data. The retention period may also be based on criteria that include legally mandated retention periods, pending or potential litigation, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.
Please contact us to receive a detailed information regarding the retention period of your personal data.

12. COOKIE POLICY

12.1. We collect certain types of information when you access or use Site, including cookies and similar tracking technologies.
12.2. Cookies are small data files that are placed on your computer or mobile device when you visit this Site. Cookies are used by Site in order to make Site work, or to work more efficiently, as well as to provide reporting information.
12.3. You may always turn off some of the cookies through your browser or device. If you turn off the cookies, this may influence the functionality of Site.
12.4. The list of cookies we use is listed in your browser or device.

13. TRANSFER OF YOUR PERSONAL DATA

13.1. Personal data we collect from you may be processed in our offices outside the European Economic Area (EEA). One of our offices is located in Ukraine.
13.2. Ukraine has not received a finding of "adequacy" from the European Union under Article 45 of the GDPR. Therefore, we rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we collect and transfer to Ukraine personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest in a manner that does not outweigh your rights and freedoms. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Privacy Policy. We also enter into data processing agreements and model clauses with our vendors whenever appropriate.

14. CONTACT INFORMATION

If you have any questions or need to make an enquiry, please contact us via the contact form available on the Site.