Last revised: “06” October 2022
GROUP325 OÜ, together with its affiliates, associates, and partners (“GROUP325”, “we” or “us”) is a company specializing in providing full cycle web/mobile/MVP development and marketing services. In the course of its business, GROUP325 collects some information that could be used to identify you. We call this information “personal data”. We control the collection and processing of personal data relating to individuals who interact with us (“data subjects” or “you”). The data subjects may include (without limitation): visitors and users of our website lab325.com (collectively “users”); as well as our existing or potential customers (collectively “customers”).
- what personal data we collect;
- how we use, maintain, and otherwise handle your personal data;
- the conditions under which we may disclose your personal data to others;
- how we keep your personal data secure;
- the rights available to you regarding your personal data.
PERSONAL DATA THAT WE COLLECT
The personal data we receive in the course of our business may include the following:
- contact details – such as full name, e-mail address, phone number, user IDs in messengers and telecommunication applications;
- other information – such as interests and preferences, as well as any other personal data provided by data subjects at their own initiative.
Please note that the specific range of personal data we collect varies on a case-by-case basis, and, among other things, depends on how you interact with us and for which purpose.
PERSONAL DATA THAT WE DO NOT INTENTIONALLY COLLECT
Of course, you are free to decide which information to share with us. However, we ask you to consider the following warnings:
Sensitive personal data: we do not deal with any sensitive personal data, meaning data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation. We do not require such information and ask you to avoid its disclosure.
Personal data of children: we do not knowingly solicit, collect, or process personal data about children. If you are under 18, please do not give us any information about yourself. If we find out that we somehow gained access to personal data of children, we will delete such data without further delay.
HOW WE COLLECT THE PERSONAL DATA
We receive personal data directly from you when you interact with us, especially when:
- you fill our website contact form;
- you request us to provide any other information;
- you contact us for any other purposes; and/or
- you use any of GROUP325 services or participate in any of GROUP325 activities.
In general, you are not obliged to provide your personal data to us. However, most probably we will not manage to fulfil your requests or provide you with the services (wholly or partially) unless you do so. If you ask, we will advise you whether the provision of your personal data is mandatory in that particular case (and of possible consequences if you do not provide us with it).
Please note that we may combine personal data about you collected from different sources.
HOW WE USE THE PERSONAL DATA
GROUP325 may use your personal data for the purposes described below.
To provide, maintain, administer, support, protect, and improve our services, to carry out relevant transactions.
To manage our website, namely by doing the following:
- allowing users to visit and search through our website;
- enabling users to participate in its interactive features (when they choose to do so);
- improving the website operation and enhancing user experience;
- creating, publishing, and improving content most relevant to users;
- troubleshooting, investigating, and fixing website-related errors.
For our own marketing purposes, including and without limitation:
- performance of direct marketing activities, such as sending you informational content you subscribed to. However, you will always be able to opt out of such communications at any time by contacting us (please see Section “Contact us”);
- evaluation of the effectiveness of ongoing marketing campaigns (for instance, by gathering the information on how you interact with our website or respond to our e-mails);
- customizing, analyzing, and improving the informational content, filling out our website.
To meet the requirements set forth in domestic and/or international law (for example: health and safety, taxation, accounting, reporting, anti-money laundering laws, etc.) to comply with the court orders and other legitimate requests of authorized bodies.
To protect the rights, property, and safety of GROUP325 and third parties (e.g., prevent fraud and other prohibited or illegal activities).
To communicate with you, pursuing without limitation the following purposes:
- to provide customer support;
- to update your details;
- to seek your views or comments on the services we provide.
To respond to your requests for exercising your data subject rights under applicable data protection laws (you may find more details in Section “Your rights with respect to personal data”).
To protect the security or integrity of our website, our business, and our services.
This list is not exhaustive, and we may seek to process your personal data for any other purpose as disclosed to you, to which you specifically agreed, or as required or permitted by the provisions of domestic and/or international law.
LEGAL BASIS FOR PROCESSING OF YOUR PERSONAL DATA
The legal basis upon which we collect, use, store, and otherwise process your personal data will depend on the personal data concerned and the specific purpose for which it is needed.
In general, we rely on one of the following grounds:
Our legitimate interest in:
growing and improving our business by approaching new clients;
the lawful operation and development of our business.
You may be assured that we use your personal data in ways that you would reasonably expect, and our legitimate interest serves as a legal basis for collection and processing of your personal data only if, and to, the extent it does not interfere with your rights and freedoms.
You have the right to object to these grounds of processing of your personal data by contacting us (please see details in Section “Contact us”), upon which we will delete your personal data without further delay (unless we have a separate legitimate ground for further processing).
Your explicit consent: in other words, when you allow us to process your personal data for the specific purpose.
NOTE: you are free to withdraw your consent at any time by contacting us (please see details in Section “Contact us”), upon which we will delete your personal data without further delay (unless we have a separate legitimate ground for further processing). If you withdraw your consent, it will not affect the lawfulness of prior processing of your personal data based on your consent before you withdrew it.
To perform our obligations under a contractual arrangement with you, or comply with our legal obligations, including and without limitation:
- to satisfy any requirement of domestic and/or international law (for example: health and safety, taxation, accounting, reporting, anti-money laundering regulations, etc.);
- to comply with court orders or other legitimate requests of authorized bodies; or
- to assert and/or defend against legal claims.
Please be assured, we will handle your personal data only in line with the purpose for which it was collected. If at any moment we intend to process your personal data for any other purpose, we will not do this without sending you a respective notification / your prior explicit consent (subject to the exclusions and limitations which may be provided in the provisions of domestic and/or international law).
NOTE! If you share personal data of any third person with us, you ensure that you have received freely given, specific, informed and unambiguous consent of that person to such transfer and further processing of respective data by us, and you may present appropriate evidence of it upon request.
If you have any questions or need more information concerning the legal basis on which we collect your personal data, please contact us to clarify further details (please see details in Section “Contact us”).
HOW LONG WE KEEP YOUR PERSONAL DATA
To determine the appropriate retention period for your personal data, we consider (1) the amount, nature, and sensitivity of the personal data in question; (2) the potential risk of harm from unauthorized use or disclosure of your personal data; (3) the purposes for which we process your personal data; (4) whether we can achieve those purposes through any other means; and (5) the applicable legal requirements.
We do not keep your personal data for any longer than is necessary (a) to fulfill the purpose for which we collected it (you may find more details in Section “How we use the personal data”); (b) to comply with domestic and/or international law, or other regulatory obligations (for instance, accounting or reporting requirements) that apply to our business and services we provide; or (c) to assert and/or defend against legal claims.
Normally, the retention period will not exceed 2 years. However, we are legally required to hold some types of personal data to fulfill our statutory obligations (for instance, taxation, accounting, or reporting purposes) – then we will hold your personal data in our systems for as long as necessary for the relevant activity. Moreover, in some cases, we may anonymize your personal data (in such a manner that you are not or no longer identifiable) for research or statistical purposes, in the event of which we may use this information indefinitely without further notice to you.
We review our personal data retention periods on a regular basis. If you have any questions about how long we keep your personal data, you may contact us (please see details in Section “Contact us”) to clarify all the questions you have.
YOUR RIGHTS WITH RESPECT TO PERSONAL DATA
As a data subject, you have certain rights under domestic and/or international law in relation to the personal data we hold about you. Where the processing of your personal data is subject to European Union data protection legislation, including the General Data Protection Regulation (for instance, when you are physically located in one of the European Union / European Economic Area countries), at a minimum you have the set of data subject rights provided below.
Right of access
If you ask us, we will confirm whether we are processing your personal data and, if necessary, provide you with a copy of such personal data (along with other details). There are some limitations and exceptions concerning this right: for example, where information is legally privileged, or if providing you with the information would reveal any personal data of another person.
Right to data portability
In certain circumstances, you have the right to receive your personal data provided by you to us and reuse it elsewhere, or send such data to another organization (or ask us to do so if technically feasible); this is regarding where (1) our lawful basis for processing the personal data is consent or necessity for the performance of our contract with you, and (2) the processing is carried out by automated means.
Right to rectification
You may require us to update or correct any inaccurate personal data, or complete any incomplete personal data concerning you. If you do, we will take reasonable steps to check the accuracy and correct your personal data. Please let us know if any of your personal data changes so that we can keep it accurate and up-to-date. If you are entitled to rectification and if we have shared your personal data with others, we will let them know about the rectification where possible. If you ask us where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with, so that you can contact them directly. Also note that GROUP325 is not required to notify third parties to whom your personal data has been disclosed of any rectification when such notification involves an unreasonable burden or disproportionate effort.
Withdrawal of consent
If we rely on your explicit consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time by contacting us (please see details in Section “Contact us”). Your withdrawal of consent does not affect the lawfulness of processing based on your consent before its withdrawal.
Right to object
You can ask us to stop processing your personal data, and we will abide so, if we are:
relying on our legitimate interest to process your personal data, except if we can demonstrate other compelling legal grounds for the processing; or processing your personal data for direct marketing purposes.
Right to erasure
You can ask us to delete your personal data in some circumstances, for instance if you withdraw your consent (where applicable). For situations where, in accordance with the provisions of domestic and/or international law, we fulfil your request, GROUP325 will delete your personal data without undue delay. If you are entitled to erasure and if we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with, so that you can contact them directly. Also note that GROUP325 is not required to notify third parties to whom your personal data has been disclosed of any deletion when such notification involves a disproportionate effort or unreasonable burden.
Right to restriction of processing
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances (such as where you contest the accuracy of that data, or you object to us), so that we no longer process that personal data until that restriction is lifted. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with, so that you can contact them directly.
Rights in relation to automated individual decision-making, including profiling
You have the right to be free from decisions based solely on automated processing of your personal data, including profiling, unless these are necessary for entering into, or the performance of, a contract between you and us, or unless we do so based on your explicit consent (still such consent can be withdrawn as described in Subsection “Withdrawal of consent”).
Right to file a complaint
If you have a concern with respect to the way we process your personal data, you can report it to the relevant supervisory authority (the contacts of the European Union national data protection authorities are available at the website of the European Data Protection Board).
Please note that these rights are not absolute and in certain cases are subject to conditions as specified in the provisions of domestic and/or internationals law. For instance, it may happen if we have an overriding interest or legal obligation to continue to process your personal data.
You can exercise the above rights, where applicable, by contacting us directly (please see details in Section “Contact us”). We will respond to your request within the statutory period and typically seek to resolve the matter within one month. We will require you to provide satisfactory proof of your identity in order to ensure that your personal data is disclosed only to you.
While we will make reasonable efforts to accommodate your request, we reserve the right to reject such access requests, or to impose restrictions or requirements upon such requests if required or permitted by provisions of domestic and/or internationals law, but will explain “why” if we do so.
SHARING AND TRANSFERRING PERSONAL DATA
Please note that your personal data may be processed outside the European Economic Area, particularly in Ukraine. If you are from one of the European Union / European Economic Area countries, you should be informed that the European Commission hasn’t determined Ukraine as a country that offers an adequate level of data protection, which entails certain risks of losing the protection provided under the General Data Protection Regulation when your personal data is transferred outside the European Union / European Economic Area. Moreover, we may transfer your personal data to other countries outside the European Union / European Economic Area (such as the United States, United Kingdom, etc.). In order to provide adequate protection for the transfer of your personal data, we have in place contractual arrangements such as the standard contractual clauses (as appropriate) implemented in the agreements executed with our customers and third-party service providers.
Where we believe that processing or other business activities on our behalf or in our interest are better performed by third parties (“third party service providers”), we may outsource respective operations to them and, consequently, transfer your personal data to those persons, such as our IT systems providers, website hosting providers, data analysis, data backup, security and cloud storage services, consultants and other providers. We only share personal data that they reasonably need to provide their services and will not transfer your personal data to any third parties for their own direct marketing purposes. We ensure that third party service providers are authorized to use your personal data only as necessary to provide services on our behalf or in our interest.
Please note that the storage of your personal data on servers and/or on software made available or hosted by third party service providers shall not be considered a disclosure of your personal data to third parties as far as third party service providers do not have direct access to it. In all events, we shall ensure by contract that our third party service providers protect your personal data that is shared with them.
In an ongoing effort to better understand users of our website, we may analyze anonymous and aggregate information in order to operate, maintain, manage, and improve our website and/or services that we render. This aggregate information does not identify you personally. We may share this aggregate data with our customers, third party service providers and other persons. We may also disclose aggregated user statistics in order to describe GROUP325 services (or pursuing other lawful purposes) to current and prospective business partners, customers and other persons.
In certain situations, we may be required to disclose your personal data where we have a legal necessity or obligation to do so, including to meet the requirements set forth by domestic and/or international law. For instance, we may disclose your personal data to assert and/or defend against legal claims.
In the event of a sale, merger, receivership or transfer of all assets of GROUP325, we reserve the right to assign or share your personal data with such third parties and their advisors. Please be assured that you will be sent notice of such an event should it occur with the ability to opt-out of such a transfer unless GROUP325 and/or such third parties have a separate legitimate ground for such transfer and further processing of your personal data.
PERSONAL DATA SECURITY
GROUP325 has security measures in place to protect information we process (including your personal data), which involve preventing, detecting, investigating, and resolving security threats, both during transmission and once we receive it.
We do our best to protect your personal data, whether in electronic or tangible form (e.g., hard copy), by sticking to appropriate internal policies and using state-of-the-art technical and organizational measures that follow the European Union requirements for the safe and lawful processing of personal data.
Moreover, we restrict access to your personal data to authorized individuals among internal personnel, agents, or contractors of GROUP325 who need to access your personal data to perform specific tasks. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who are required to keep the information confidential.
Although we use industry-standard precautions to safeguard your personal data, the transmission of data over the Internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but 100% complete security does not presently exist anywhere online or offline. For this reason, you should take care in deciding what information you send to us, especially when you do so at your own initiative.
If you have any questions about security, you may direct them to us (please see details in Section “Contact us”).
LINKS TO OTHER WEBSITES
If you consider that your personal data is processed in contradiction with the provisions of domestic and/or international law, you have the right to file a complaint directly with the respective personal data protection authority (the contacts of the European Union national data protection authorities are available at the website of the European Data Protection Board).
Postal address: Ehitajate tee 110, Tallinn, 13517, Estonia