Privacy and Security Policy

You accept this Privacy and Security Policy (“Privacy Policy”) when you sign up for, access, or use our products, services, content, features, technologies or functions offered on our Website and all related sites, applications, and services (collectively “Services”). We may amend this Privacy Policy at any time by posting a revised version on our website. The revised version will be effective at the time we post it. In addition, if the revised version includes a substantial change, we will provide you with a notice by posting it on your Account page 10 days in advance. After this 10-day notice period, you will be considered as having expressly consented to all amendments to this Policy.

This Privacy Policy is an integral part to the General Terms. The terms used herein shall follow the meaning as defined in the General Terms, unless otherwise indicated herein. The term “Users” as used in the Privacy Policy shall include Authorized users.

By using the Services, You acknowledge and accept the terms and conditions of this Privacy Policy.

Personal Data / User Content
1. Collection of Data and Personal Data
  We request information from Users in several areas of the Website and other channels that may be used to identify Users, including but not limited to:
  - User's personal information such as name, date of birth, passport or other personally identifiable number and information about Users' registered status with any of Your subsidiaries, associated companies and/or business associates;
  - User's contact information such as Your telephone numbers, mailing addresses and email addresses;
  - User's (or the Company the User acts on behalf of) credit or debit card information and billing information, including name of cardholder, card number, billing address and expiry date;
  - User's (or the Company the User acts on behalf of) business information such as company name, business title and associated contact information;
  - User's log information and location information.
  Certain Personal Data (particularly relating to User's contact and billing information) are required for provision of Services and if the User fails to supply such Data or Personal Data as requested, the Service Provider may be unable to deliver the Services.
2. Use of Data and Personal Data
  The Service Provider may use the Data and Personal Data Users have provided for one or more of the following purposes:
  - For Users' use of the Services available through the Website and/or through other telecommunication channels as managed by the Service Provider;
  - For the supply of any Services, including text message (SMS) alerts;
  - For marketing, promotional and customer relationship management purposes, such as sending Users' updates on latest offers and promotions in connection with the Services
  - For identification and verification purposes in connection with any of the Services that may be supplied to Users;
  - To contact Users regarding their enquiries;
  - To disclose to a third party in order to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside of Estonia;
  - To facilitate the verification of credit card details with third parties and using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties).
  - To improve our security, including in relation to the processing of User Content against the risk of fraud (maintained by the Service Provider, its Affiliates or third parties).
  - For the use by any Affiliates in connection payment for Services provided by the Service Provider or its Affiliates;
  - To use Your business name (and trade mark or trade name) for advertising purposes;
  - with any of the above purposes.
  The Service Provider may from time to time use aggregate non-identifying information about the Users to better design Websites and/or to improve the Services. This means the Service Provider may provide this information to third parties. However, this information will never identify any single User in particular.
  Except as provided above, the Service Provider will not knowingly or intentionally use or share Data or Personal Data You provide without your prior consent.
3. Use of third party Data and Personal Data provided by Users
  Through the use of the Services, the Service Provider may also collect information from the Users about other persons. If the User provides Confidential Information or other types of (personal) information about other persons, the User is obliged to ensure that it is authorized to disclose that information to the Service Provider and that, without the Service Provider taking any further steps required by applicable data protection or privacy laws, the Service Provider may collect, use and disclose such information for the purposes described in this Policy.
  The User shall assist the Service Provider with any requests by any individual to access or update Data or Personal Data the User has collected from such person and has entered into the Website, Database or User Account.
4. EU Law
  The Service Provider will act in line with the Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data to the extent it is applicable.
5. Transfer of Personal Data / User Content
  Data or Personal Data may be transferred to a third party as a result of a sale, acquisition, merger, reorganization or other change of control directly related to the Service Provider or to its Affiliates. Upon such transaction, User acknowledges and accepts, that when the Service Provider's any part of the business, is sold, acquired, merged or reorganized, that Data and Personal Data can be transferred without User's consent.
Cookies
1. The term “Cookie” means a text-only string of information that a Website transfers to the cookie file of the browser on User's computer's hard disk so that the Website can recognize the User upon revisits and remember certain information about the User. This can include which pages the User visited, choices made, any specific information the User has entered into forms and the time and date of the User's visit. Cookies include Session cookies and persistent cookies.
  1. Session cookies are temporary cookies that expire at the end of a browser session. Session cookies allow the Website to recognise the User as the User navigates between pages during a single browser session and allows the User to use the Website most efficiently.
  2. In contrast to session cookies, persistent cookies are stored on the User's equipment between browsing sessions until expiry or deletion. They therefore enable the Website to “recognise” the User upon return, remember the User's preferences, and tailor the Services for the User.
2. Session Cookies help us to maintain security and to verify User's details whilst Users use the Website and navigate from page to page, which enables User to avoid having to re-enter his or her details each time entering a new page.
3. Persistent Cookies help us recognize User as a unique user when User returns to the Website so that the User does not have to insert his or her details multiple times as moving between pages. It also remembers how User has customized its use of the Website, such as your preferred currency and time zone, and helps to collect and compile anonymous, aggregated information for statistical and evaluation purposes to help the Service Provider to understand how Users use the Website and help the Service Provider to improve the structure and usability of the Website.
4. Some of the Cookies may collect and store User's Personal Data, such as User's name or email address. The Service Provider is committed to respecting and protecting privacy and will ensure that all User's Personal Data collected is kept and treated in accordance with the Privacy Policy.
5. User can set his or her browser settings to be notified when receiving a cookie, so that the User will have an opportunity to either accept or reject Cookies in each instance. However, Users should note that refusing Cookies may have a negative impact on the functionality and usability of the Services or the Website. Therefore, as the Cookies allow you to access some of the Website's features it is recommended that Users leave Cookies enabled.
6. The Service Provider will act in line with the Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). However, with respect to the Cookies exempt from the requirements set within the Directive, the Service Provider is not obliged to ask User consent for certain Cookies. Please visit https://ec.europa.eu/ for more information.
Data retention
1. All Data and Personal Data, that is entered into the Website or User Account by the User, or automatically imported on the User's instructions, is transferred to servers used by the Service Provider as a function of transmission across the Internet. By using the Services, You consent to Data and Personal Data being transferred to the servers as set out in this Privacy Policy.
2. Currently the servers used by the Service Provider are located in Germany, operated and maintained by another service provider (Amazon Web Services, Inc.), and Data and Personal Data will be routed through, and stored on, those servers as part of the Services. Amazon Web Services, Inc. complies with relevant legal and regulatory requirements and has certified that it adheres to relevant Safe Harbor Privacy Principles (i.e. Directive on privacy and electronic communications). If the location of the servers changes in the future, the Service Provider will update this Privacy Policy.
3. By providing Data and Personal Data to the Service Provider, the User consent to the Service Provider storing the Data and Personal Data on servers hosted in the EU (Frankfurt). While Data and Personal Data will be stored on servers located in the EU (Frankfurt), it will remain within the effective control of the Service Provider at all times. The server host's role is limited to providing a hosting and storage service to the Service Provider and the Service Provider has taken steps to ensure that the server hosts do not have access to, and use the necessary level of protection for, Data and Personal Data.
4. The Service Provider only keeps Data and Personal Data for as long as required for the purposes of providing the User with the Services. However, the Service Provider may also be required to keep Data or Personal Data for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.
5. The Service Provider may retain Data and Personal Data and Confidential Information in servers as long as it deems necessary for the purposes of back-up, recovery and archiving of such information.
6. The Service Provider undertakes to make daily back-up copies of the Data and Personal Data to avoid any unexpected loss of such data in case of any technical failure in one of the Databases or servers used.
7. The User can remove Data or Personal Data related to him at any time from the Website. When the User requests the Service Provider to delete the User Account, the User's Data and Personal Data may be permanently expunged from our primary production servers and further access to User's Account will not be possible any longer. The Service Provider will also promptly disconnect any connection it had established to the particular User Account and delete all account credentials. However, portions of the User's Data and Personal Data, consisting of aggregate data derived from the User's Account, may remain on the servers indefinitely. Your Personal Data may also remain on a backup server or media. The Service Provider keeps these backups to ensure the continued ability to provide the Services to You in the event of malfunction or damage to our primary production servers.
Security of Personal Data / User Content
The Service Provider has put in place appropriate physical, electronic and managerial procedures to safeguard and secure Data and Personal Data and any Confidential Information. This is achieved via the application of a variety of measures to protect such information from illegitimate access, use or disclosure.
1. We encrypt some of the data transmission using SSL (Secure Sockets Layer). This technology sends User's information through an encrypted tunnel via 256-bit encryption while it becomes unreadable for third parties during being in transit. For security purposes, the Service Provider is not obliged to reveal any of the mechanics related to the functioning of the SSL implemented.
2. The Service Provider applies firewall techniques to protect User's Data and Personal Data. For security purposes, the Service Provider is not obliged to reveal any of the mechanics related to the functioning of firewalls applied.
3. The Service Provider reviews the information collection, storage and processing practices, including physical security measures regularly to guard against unauthorized access to systems.
4. The Service Provider has restricted access to User's Data and Personal Data to its employees (or of its Affiliates), contractors and agents who need to know that information in order to process it for the Service Provider, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
You acknowledge that despite the Service Provider's efforts to keep Data, Personal Data and Confidential Information secure, there is no guarantee for 100% system safety.
The Service Provider will advise Users at the first reasonable opportunity upon discovering or being advised of a security breach where User's Data or Personal Data is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorized persons or in any unauthorized manner.
Right to access Your information
The Users have the right to access information held about them. You can obtain access to Your Personal Data held by the Service Provider by sending your request through the User Account. Your request will processed and an invoice for EUR 10 will be charged (to cover administration costs for collating this information), made payable to the Service Provider.
Complaints procedure
Complaints with respect to the collection or use of Data or Personal Data shall be addressed to the Service Provider's Privacy Officer with full details of the complaint and any supporting documentation by e-mail at privacy@rephop.com.
Response to such query or complaint will be handled at the earliest convenience. The Service Provider investigates and attempts to resolve the query or complaint within 30 business days or such longer period as is necessary and notified to you by our Privacy Officer.