CloudStellar (hereinafter also – we) is committed to protecting the privacy and security of your personal information.
Before you proceed, we kindly request that you read through this Policy carefully.
Should you have any questions or require further clarification, please do not hesitate to reach out to us using the contact details provided in the section below.
Your continued use of our website or services is considered an acknowledgment that you have read, understood, and agreed to the terms outlined in this Policy.
2. DATA CONTROLLER
In the context of our services, CloudStellar acts as the data controller, determining the purposes and means of processing your personal information.
If you have any questions or concerns about how your personal information is handled, please contact us using the following contact information:
Registration No. 16079892
Address: Tallinn, Kesklinna linnaosa, Türi tn 10c, 11313
3. CATEGORIES OF PERSONAL DATA
The types of data we collect and process for the purposes outlined in this Policy include:
- Identity information – this category includes, for example, name, surname, date of birth, government-issued ID number, nationality, gender, identification document details, country of residence, etc.
- Contact information – for example, email address, phone number, residential address, other similar data.
- Account information – including, for instance, username, profile picture, account preferences, etc.
- Usage and account activity information – this category includes, for example, login and session data, activity logs, usage patterns, clickstream data, etc.
- Identification and authentication information – this category includes data related to biometric identification and authentication (for example, fingerprints data, facial recognition, and similar data).
- Financial information – this category includes financial data, such as bank account details, card details, transaction history, etc.
- Transactions information – including, for example, history and details of your transactions, current balance, portfolio data, etc.
- Payment information – this category includes, for example, bank account data, payment card details, payment confirmations, billing address, etc.
- Technical information - this category includes data about your device, browser, IP address, operating system, interactions with our website, and other technical details.
- Communication-related information – namely, information related to our communication with you (for example, emails, messages, records of incoming and outgoing calls with the Company, and other forms of communication), your feedback, and your communication preferences.
- Legal compliance-related information – this category includes data and documents necessary for compliance with Anti-Money Laundering (AML), Know Your Customer (KYC), and other similar legal and regulatory requirements (including but not limited to identity verification data, proof of address data, photographic evidence, selfie, data related to sanctions and watchlist screenings, and other similar data).
- Claims and disputes-related information – this category includes different data related to disputes or claims, for example its status, nature, etc.
- Video surveillance-related information – this category includes data received in the course of video-surveillance activities conducted at our office premises.
4. SOURCES OF INFORMATION
The primary sources of personal data we collect include the following:
- Information provided by you – for example when you create an account, use our services, make inquiries, or otherwise interact with us.
- Automated technologies – for example when information is received through automated technologies such as cookies and similar technologies.
- Third-party service providers - in some cases, we may receive information from third-party service providers (such as payment processors, analytics providers, and others).
- Publicly available information – in some cases we may also collect information from publicly available sources.
5. PURPOSES OF PROCESSING
We process personal data for specific and transparent purposes, which include:
- Provision of services - we process your personal data to deliver our services to you.
- Identity verification - we may process personal data to verify your identity, ensuring secure access to our services and preventing unauthorized use.
- Transactional purposes - your personal data is processed for invoicing and payment processing.
- Legal and Regulatory Compliance - we may process personal data to comply with legal obligations (such as tax and financial reporting requirements; anti-money laundering (AML) regulations, or other legal requirements relevant to our business operations.
- Fraud prevention – we may process personal data to detect and prevent fraudulent activities and misuse of our services.
- Communication - we use your contact information to communicate with you about your account, services, updates, and respond to your inquiries or requests.
- Customer support – personal data is processed to provide customer support, including addressing queries, resolving issues, and ensuring a positive user experience.
- Troubleshooting - in the event of technical issues, we may process your data to troubleshoot and resolve problems related to the functionality of our services.
- Analytics and service improvement - we analyze usage data to understand how our services are used, identify trends, and make enhancements for a better user experience.
- Research and development - data may be processed for research and development purposes to innovate and improve our services.
- Security – personal data is processed to maintain the security and integrity of our services, including fraud prevention, monitoring, and addressing potential security threats.
- Risk management - information may be processed for risk management purposes, ensuring the stability and reliability of our services.
- Marketing and personalization – personal data may be processed for marketing purposes, including providing personalized content, offers, and recommendations.
- Resolution of legal claims and disputes -personal data may be processed for the resolution of legal claims and disputes.
Rest assured that we only process personal data for legitimate purposes and ensure that the processing is proportionate to achieve these objectives. Before we process your information, we ensure that there is a valid legal basis for such processing, as outlined in applicable personal data protection laws (including the General Data Protection Regulation (GDPR)).
6. LEGAL BASES FOR PROCESSING
We process personal information based on the following legal grounds:
- The necessity of processing for the performance of a contract with you.
- Compliance with a legal obligation.
- Your consent, where applicable.
- Public task, where applicable.
- Legitimate interests pursued by us or a third party.
7. RECIPIENTS OF PERSONAL DATA
Personal data may be shares with the following categories of recipients:
- Third-party service providers that assist us in providing our services.
- Law enforcement or regulatory authorities, when required by law.
- Other third parties with your consent or under another applicable legal basis.
8. INFORMATION SECURITY
At CloudStellar, we take the security of your personal data seriously. We have implemented appropriate technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, and destruction.
However, it is important to note that ensuring security of personal data is your responsibility as well. Here are a few security practices we recommend:
- Ensure that your account login credentials, including usernames and passwords, are strong and unique. Avoid sharing your login details with others.
- Keep your software, including web browsers and operating systems, up to date. Updates often include security patches that protect against known vulnerabilities.
- Be cautious of unsolicited emails or messages that request personal information. If in doubt, verify the authenticity of the communication with us directly.
- When using shared or public devices, always log out of your account to prevent unauthorized access.
Remember, your active involvement in adopting secure practices enhances the overall protection of your data. If you ever suspect any suspicious activity or have security concerns, please contact us immediately.
9. DATA TRANSFERS
We commonly process personal data within the European Union and European Economic Area (EU/EEA), adhering to rigorous data protection standards.
However, in some situations and in compliance with applicable data protection laws, we might transfer your personal data to countries outside the EU/EEA. In such cases, we implement suitable measures to guarantee the security and confidentiality of your information during the transfer.
10. DATA SUBJECT RIGHTS
10.1 As an individual (and data subject), you have the following rights regarding your personal data:
- Right to access your personal data.
- Right to rectification of inaccurate or incomplete personal data.
- Right to erasure of your personal data.
- Right to restrict certain types of processing.
- Right to object to certain types of processing.
- Right to withdraw consent when data processing relies on your consent (please note that withdrawal doesn't affect the lawfulness of processing before consent withdrawal).
- Right to data portability.
10.2 It is essential to recognize that abovementioned rights are not absolute and may be subject to limitations as prescribed by law.
11. DATA RETENTION
- If you wish to exercise your data subject rights, please initiate this process by reaching out to us through the contact details in Section 2 of this Policy. Additionally, you may find self-help options in your account settings to facilitate specific requests, such as updating your information or managing communication preferences.
- In case of reasonable doubts about the identity of a person submitting a request, we may request additional information necessary to confirm that person’s identity
We retain your personal data for only as long as necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law. The specific retention periods may vary depending on the nature of the data and purposes for which it is processed. At the end of the retention period, personal data is securely deleted or irrevocably anonymized.
12. PROVISION OF INFORMATION
When utilizing our services, specific personal data is required to fulfill our contractual obligations to you and to comply with legal requirements. While providing the requested personal data is voluntary, failure to supply essential information may prevent you from registering an account, using our services, or accessing features on our website. We will clearly label mandatory information to notify you of this requirement.
In addition to mandatory details, you have the option to provide additional, non-essential information that can enhance your user experience, such as opting into marketing subscriptions. Supplying optional information is entirely voluntary, and you can modify or withdraw your consent for its processing at any time through your account settings or by reaching out to us. The absence of optional information will not impact your ability to use our essential services but may affect the personalization of your experience and the receipt of certain promotional communications.
13. AUTOMATED DECISION MAKING; PROFILING
In some cases, we may employ automated systems to make decisions that may affect your interactions with our website and services, as well as profiling to get better understanding users' preferences, behaviors, and interests. Namely:
- Automated Decision Making - Some of our services may involve automated decision-making processes, particularly in areas such as fraud detection and prevention. These decisions are typically based on predetermined criteria, algorithms, and data analysis, with the goal of ensuring the security and integrity of our services.
- Profiling - We may use profiling techniques to analyze and predict your preferences, behavior, and interests. Profiling helps us deliver personalized content and recommendations, improving the relevance of our services to your needs. This is done with the aim of enhancing your user experience.
It is important to note that these automated processes are designed to be fair, transparent, and accountable. We regularly review and update our algorithms to ensure accuracy and prevent unintended bias. If you have concerns about automated decision making or profiling, please contact us using the contact information provided in Section 2 above.
14. COMPLAINTS; DISPUTES
We are dedicated to addressing any claims or disputes regarding the processing of your personal data in a prompt and effective manner. In case of any questions, concerns or complains we encourage you to contact us using the information provided in Section 2.
Although we suggest reaching out to us as a primary step for fair and equitable solutions to your concerns, you also retain the right to lodge a complaint with the relevant data protection authority, which in our particular case it is Estonian Data Protection Inspectorate.
15. AGE LIMITATIONS
Our services are not intended for individuals under the age of 18, and we do not knowingly collect or process personal information from minors. If you are a parent or guardian and become aware that your child has provided us with personal information, please contact us immediately using the information provided in Section 2.
We may update this Policy from time to time, and the latest version will be posted on our website with the effective date. In the event of material changes, we may notify you using the contact details at our disposal. We encourage you to revisit this Policy periodically to stay up-to-date.
17. ADDITIONAL INFORMATION
If you have any additional questions about this Policy or our data practices, please contact us using the contact information provided in Section 2 above.
Effective date: 12.12.2023.