Devoltex LTD (in this Policy is referred to as “Website”, “we” and “us”), a private limited company (Männimäe, Pudisoo küla, Kuusalu vald, Harju maakond, Estonia, reg.number 14772634) respects your privacy and is fully committed to the processing of users’ personal information in a secure manner and with compliance with the law and other legal obligations.
We work hard to protect your information and put you in control:
- The process of collecting and usage of your personal information is transparent and you may always inquire about its collection and usage process.
- Your personal data is collected only for the purposes that are needed for the maintenance of our services.
- Your personal information is not shared with third parties and its public availability is controlled by you as a user.
1. The Platform may collect the following information
1.1 Automatic Data Collection
Any interaction with the Website via a browser on another electronic device, the Personal Data begins to be automatically collected.
Automatic data storage in log files begins as soon as User starts interacting with the Website and the following information is collected:
- Internet protocol (IP) addresses, provider of the internet service, cookies, reference and exit pages, type of a browser, operating system, the ID of the device, type of the device, device token, date/time stamp.
- Information about computer and connection: referral URL, statistics on page views, browser history, traffic to and from the sites, web log information.
- Location information.
1.2a Required for the Client:
- e-mail address
- dates and time of registration, authorization, visits, and access,
- country, region and city
- the source of transfer to the Website
- IP address
- Username and password
- financial information or any other information that is related to the order or transaction; any information that is related to the Order (name of the cardholder, partial card number, number of e-Wallet and e-mail of e-Wallet, if applicable). Platform and Website do not have access and do not store billing address, expiry date and CVV number.
- Records of correspondence (including any further information that may be requested) when you contact the Website for requesting information.
1.2b Optional for the Client:
- First name
- Last name
- Phone number
- Personal information (study major, scientific degree, writing style and samples, date of birth, etc.)
- The User logo (profile picture)
1.3a Required for the Writer:
- e-mail address
- phone number
- real First and Last names
- The dates and time of registration, authorization, visits and access to the website
- IP address
- country, region and city
- The source of transfer to the Website
- username and password
- financial information provided during registration; Platform and Website do not have access and do not store billing address, expiry date and CVV number of your card,
- records of correspondence while contacting a platform for any reason,
Information that should be provided upon request
- Identity proof (a scan copy of passport, driving license, ID card)
- educational institution, study major, scientific degree and any other information that concerns educational background
- links to social network profiles needed for personality verification
- language proficiency certificates
1.3b Optional for the Writer:
- Profile picture
- Date of Birth
Any information may be updated at any time though offered channels of communication of the Website.
2. Necessity to obtain Personal Data.
Personal data is collected only with the User’s consent and is used to set up the access to the Website and Services, to contact Users in cases of necessity, to set up personal accounts and to prevent, detect, investigate any actions that are illegal or are connected with fraud. Overall, but not limited to, Website collects data for the following purposes:
- verification of identity;
- verification of eligibility to become a fully functional user;
- for the processes of registration, its management and support;
- facilitation of communication among website users;
- maintenance of account security and prevention of transaction risks;
- detection and prevention of fraud;
- personalization of communication with users;
- analysis of data for the improvements of website layout and customization of services;
- to keep internal records: billing, accounting, and market research;
- development of marketing in terms of the applicable laws;
- to provide user service and respond to requests that concern services of the website;
- to process writers’ withdrawal requests;
- to provide location-based services (search results, advertisements and any other similar personalized content);
Personal data may be transferred to law enforcement agencies, government and regulatory authorities and other organizations, professional advisers, insurers, courts or other institutions only if permitted by applicable laws to comply with the applicable laws, protect legal interests and prevent fraudulent activities.
Personal Data is collected and used only for the purposes mentioned in this policy and is not processed in any other way that is not coherent with the applicable laws and legal requirements.
Website performs all necessary measures to maintain the top level of security of every user and to defend rights, freedoms and legitimate interests. That is why any automated technology that is used on the website (decision-making, profiling) may not affect users’ personal information. More details may be checked in USER AGREEMENT. No automated decisions are made that might legally affect the user, unless personal consent is provided or unless applicable law requires the usage of the specified technology. Please note that user’s consent is explicitly provided when user accepts USER AGREEMENT while registering on the website.
3. Control and profiling of Personal Data
3.2 The Controller is responsible for the collection, use, disclosure, retention and protection of your personal information.
3.3 According to the Data Subject Rights, every user has the following rights:
- to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed;
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- to ask Controller to correct inaccurate or irrelevant Personal Data according to the relevant request;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- the right to provide objections regarding the usage of the Personal Data for the purposes of the direct marketing that requires profiling, upon request, Controller should stop using this information for indicated purposes unless legitimate basis is provided;
- to obtain from the Controller restriction of processing where one of the following applies: the accuracy of the Personal Data is contested by the User; the processing is unlawful and the User opposes the erasure of the Personal Data and requests the restriction of their use instead; the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the User for the establishment, exercise or defense of legal claims; the User has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the data subject.
- to obtain Personal Data that was provided for Controller in a structured and readable format and to share this information with the other Controller upon necessity or request;
- to request the Controller to delete information that concerns the User. Controller is
obliged to erase Personal Data in cases:
- the Personal Data are no longer needed for the reasons it was initially collected;
- the User withdraws the agreement for the share and processing of information unless other legal grounds are provided;
- the User objects any type of the data processing and its further usage may not be supported by legal grounds;
- the Personal Data was used for illegal purposes;
- the Personal Data requires erasure to comply with the law.
3.4 The Controller is required to provide information upon the User’s within one (1) month of receipt of the request. It is possible to extend this period to two (2) months depending on the number of requests that have to be processed. User has to be informed if any extension is required, explaining the delay reasons. Controller is eligible to charge corresponding fees for processing of the requested data that is based on administrative costs.
3.5 User gives a consent for personal data processing on a freely basis and it can be withdrawn upon the request of the User. Withdrawing of User’s consent will not affect the lawfulness of any conducted processing prior to withdrawal, nor will it affect the processing of personal information conducted in reliance on lawful processing grounds other than consent. Services may no longer be used after the consent withdrawal is performed. In cases of necessity to withdraw consent, please contact firstname.lastname@example.org.
3.6 Every User can contact email@example.com regarding any questions that arise from this policy. The Controller has a right to ask for identity verification from any person that sends the request, Devoltex LTD will inquire additional personal identification information that might include a number of ID card or passport, its date of expiration, name and date of issue.
3.7 Children online privacy has to be maintained. Website is developed for a general audience and is not intentionally targeted for the audience under the age of 16. In cases of Personal Data submission by a child, parents are required to contact the Website through Devoltex LTD to remove the information.
“Cookies” is a set of small text files that are saved by the web browser when websites are viewed.
5. Legal basis
Personal Data is collected and processed in accordance with Estonian Personal Data Protection Act, Public Information Act, Electronic Communications Act, the General Data Protection Regulation and other legal acts. Devoltex LTD and its employees must keep it in secret even if they are no longer have employment relation with the website.
For the purpose of the processing of the Personal Data, Devoltex LTD may engage data processors and/or to function on behalf of Devoltex LTD. In these cases, Devoltex LTD is responsible for the processing of personal data according to the instructions and requirements of Devoltex LTD and current applicable registration. Personal Data should be fully secured by the data processors and all appropriate measures should be taken to maintain the proper level of data security. Non-disclosure obligation regulates the actions of data processors and Personal Data shall not be used for any other purposes that are not listed in this policy and are not allowed/required by the applicable law.
Personal Data collection of legal basis is performed only when the following is applied:
- the User provides consent on the collection of Personal Data for described or more specific purposes;
- the processing is required for the maintenance of the agreements that connect user and the website;
- processing is required for the Controller’s necessity to comply with legal obligation;
- processing is required for the protection of the User and his/her vital interests;
- processing is required for the maintenance of public interests;
- processing is required for the maintenance of the interests of the Controller and protection of legal rights and freedoms, especially the protection of children.
6. Applicable measures for the information security maintenance
Unauthorized access, alteration, disclosure, misuse or unlawful erasure, risks of loss, and other illegal actions with the Personal Data are prevented by the application of the reasonable commercial standards of technology and operational security, together with the appropriate legal measures.
Personal account information and Personal data are password protected. Password should not be disclosed to any third parties to avoid unauthorized access, disclosure, alteration, risks of loss, misuse or unlawful erasure and other illegal actions with the Personal Data. In cases of sharing the computer (device), login information should not be stored in the browser, all sessions must be finished before browser window is closed. No data security is guaranteed when Personal Data is provided to the third party.
Website is not responsible for the protection of the User's privacy while visiting other websites and websites of the third parties, even if they are visited using the links from the website. It is recommended to check the privacy policies of every separate website.
7. Disclosure to third parties
Website does not have full access to financial information provided in the transaction. Financial institutions that process your transaction have access to full information provided during checkout.
Personal information might be disclosed to the institutions of law enforcement or any other governmental agencies in cases when it is necessary to comply with obligations, laws and regulations. Disclosure may presuppose transfer of information to different countries without proper protection.
8. Final provisions
Website may review messages automatically to ensure the absence of violation of Agreement. Personal Data is processed and stored worldwide, depending on the location of the servers and data centers.