Skip to Content
Go back
BAS-IP / PRIVACY POLICY

SCOPE OF THIS POLICY

This Privacy and Data Protection Policy (“Policy”) defines the regulation of the relationship between BAS-IP DISTRIBUTION LTD, incorporated under the laws of the United Kingdom (England), located at Crown House, 27 Old Gloucester Street, London, England, WC1N 3AX (“we”, “us”, “our”, “Company”, “BAS-IP”) and YOU, as a data subject, regarding the use of your personal data.

This Policy is intended to help you understand:

  • why we collect your personal data;
  • how we collect, use, and store your personal data;
  • which rights relating to your personal data you have;
  • how you can exercise the rights relating to your personal data;
  • how we use cookies and other tracking technologies;
  • how we share and disclose your personal data.

This Policy describes how we handle the data you provide us with through our website https://bas-ip.com/uk/ (“Website”), including via contact forms, when you interact with us via our email address, or when you use or purchase any of our software, applications, or hardware (“Products”), during video or phone calls or otherwise provide us with information about yourself.

While conducting its activities, the Company adheres to all conditions and requirements stipulated by the current legislation of the United Kingdom and European Union, including but not limited to the UK General Data Protection Regulation and the EU General Data Protection Regulation (collectively referred to as the “GDPR”), the Data Protection Act 2018 in the United Kingdom, the Data (Use and Access) Act 2025 (“DUAA”) as well as by other international legislative acts concerning data protection.

When processing your personal data, BAS-IP can play different roles under the GDPR and other applicable laws and regulations. Depending on the factual circumstances of the processing, we may act as a data controller or data processor under the GDPR.

You can be a Website visitor, Client, User, or Job applicant:

  • You are a Website visitor when you merely browse our Website and provide us with your data through cookies and other tracking technologies or contact us via email, phone, or available contact forms on our Website;
  • You are a Client when you are an individual or legal entity that owns devices (such as entrance panels or intercoms) and are responsible for determining who has access, managing passes, and defining retention periods for access logs, or when you act as a representative of a partner company (e.g., dealer, installer, property manager, or other authorised stakeholder) managing devices or access on behalf of end users.
  • You are a User when you use our Products as an end user or gain visitor access through a one-time entry code; perform administrative or operational tasks on a device without independently determining data processing purposes (e.g., device administrator, server administrator, facility staff such as a concierge); contact us via email, contact forms on our Website, video, or phone calls for technical support, feedback, or other inquiries, and provide personal data in that context.
  • You are a Job applicant when you submit your personal data through the Website or job boards to apply for a job.

DEFINITIONS

We use the following definitions in this Policy:

UK GDPR” means the UK General Data Protection Regulation, as incorporated into UK law under the Data Protection Act 2018, together with other applicable UK data protection and privacy legislation.

EU GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679) and any related data protection and privacy legislation applicable within the European Union and the European Economic Area.

Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

Data controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

Data processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Data subject” means any living individual who is the subject of personal data is processed by the Company, including Website visitors, Clients, Users, Job applicants.

Products” means the Company’s products, including BAS-IP Link Selfhost, BAS-IP Link Cloud, BAS-IP Link App, BAS-IP Intercom Cloud, BAS-IP Intercom App, BAS-IP UKEY, BAS-IP UKEY Config, and BAS-IP intercom hardware, such as IP video intercom systems, access control systems, communication platforms, and any other associated products and services provided by the Company.

Website” means the https://bas-ip.com website.

Processing” means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling” means any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behaviour. This definition is linked to the right of the data subject to object to profiling and the right to be informed about the existence of profiling, measures based on profiling, and the envisaged effects of profiling on the individual.

Automated decision-making” means the ability to make decisions by technological means without human involvement that produce legal effects concerning the data subject or similarly significantly affect the data subject.

Personal data breach” means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

PRINCIPLES OF PROCESSING

While collecting and processing the personal data, the Company adheres to the principles provided by the GDPR. The Company’s policies and procedures are designed to ensure compliance with the principles:

(a) Lawfulness, fairness, and transparency

Lawfully – the controller identifies a lawful basis before processing the personal data (for example, consent).

Fairly – to process fairly, the controller has to make certain information available to the data subjects as practicable. This applies whether the personal data was obtained directly from the data subjects or other sources.

Transparently – any information and communication relating to the processing of the personal data should be easily accessible and easy to understand, and clear and plain language should be used.

(b) Purpose limitation

The personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered to be incompatible with the initial purposes.

(c) Data minimisation

Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which they are processed.

(d) Accuracy

Personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, with regard to the purposes for which they are processed, is erased or rectified without delay.

(e) Storage limitation

The personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for more extended periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if only appropriate technical and organisational measures are required by the GDPR to safeguard the rights and freedoms of the data subject.

(f) Integrity and confidentiality

The personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.

COLLECTED PERSONAL DATA

We collect and process information about you in accordance with this Policy. We may collect your personal data through the Website (including contact forms), email, when you use our Products and services, and during video or phone calls, or via other ways of communication.

We collect three basic types of information about you in connection with our Website, Products, and services: Website visitor data, Client and User data, Job applicant data, which relate to Website Visitors, Clients, Users, and Job Applicants, respectively. In particular, we collect and process the following:

Website visitor data:

  • Contact information. When you submit your data via email or contact forms available on the Website, including when you sign up for the newsletter, or share your personal data during video or phone calls, we may collect your personal data. This information may include your first name, last name, phone number, country, email address, role (integrator, builder, end-user), social media accounts, and any other details you provide to us.
  • Communication information. We may collect certain information during our communications with you. This can include a brief summary of the discussion, key details relevant to our interaction, or, with your consent, a recording of the call.
  • Information about request. We may collect certain information during technical support requests. This can include any information  provided by the user (text of the request or description of the issue, feedback, or rating of the support service, additional comments)
  • Cookie information. We may use cookies and other tracking technologies on our Website to function correctly, for analytics, marketing activities, remembering your preferences, and for other purposes. Such use may involve transmitting information from us to you and from you to a third-party website or us. To learn more regarding our use of cookies, please read the “Use of cookies” section of this Privacy Policy and our Cookies Policy.
  • Automatically collected information. When you access the Website, we collect certain information about your device automatically. We may use this information for technical administration of our Website, analytics, research and development, monitoring, and improving our Website.

Client and user data:

  • Account information. We may collect certain information from you during your registration with the BAS-IP Products. This can include a name, email, phone number, home address, country, password, user’s role in the system, and user group names.
  • Company information. We may collect certain information from you during your registration with the BAS-IP Products. This can include a name, email, address, phone number, logo, and type (role in business).
  • License information. We may collect certain information from you during your registration and use of BAS-IP Products. This can include an apartment license term, license ID, and license terms.
  • Communication information. We may collect certain information from you during your use of BAS-IP Products. This can include templates of letters.
  • SIP information. We may collect certain information from you during your use of BAS-IP Products. This can include a SIP number and password.
  • Access identifier. We may collect certain information from you during your use of BAS-IP Products. This can include an access code, photo, car license number, QR, or UKEY.
  • Identification information. We may collect certain information from you during your use of BAS-IP Products. This can include a call ID, caller ID, user ID, and SIP trunk details (SIP URI, display number).
  • Location information. We may collect certain information from you during your use of BAS-IP Products. This can include a GPS.
  • Reservation information. We may collect certain information from you during your use of BAS-IP Products. This can include the names of reservation services.
  • Information about guests. We may collect certain information from you during your use of BAS-IP Products. This can include a photo (captured or uploaded as part of visit logs).
  • Information about residents. We may collect certain information from you during your use of BAS-IP Products. This can include a name, home address, photo, number of residents in the apartment, identifiers (RFID, etc.), SIP numbers, a map of the route from the elevator to the apartment, and logs.
  • Information about family members. We may collect certain information from you during your use of BAS-IP Products. This can include a name, email.
  • Information about the device administrator. We may collect certain information from you during your use of BAS-IP Products. This can include an email and password, SIP number and device password, name and logo of the company, IP addresses of users attempting to log into the web interface, and administrator password.
  • Intercom information. We may collect certain information from you during your use of BAS-IP Products. This can include a UID, name, and IP address.
  • Information related to event processing. We may collect certain information from you during your use of BAS-IP Products. This can include a type of alarm event and the text of the comment by the user responsible for processing the event.
  • Call information. We may collect certain information from you during your use of BAS-IP Products. This can include a video before and during the call.
  • Device information. We may collect certain information about your device. This can include a device IP address, device ID and model, OS version, country, and crash logs.
  • Automatically collected information. When you use BAS-IP Products, we collect certain information automatically. This can include an IP address, server domain, and ОS.
  • Server configuration information. When you use BAS-IP Products, we collect certain server configuration information automatically. This can include IP addresses or domain names of integration services, as well as login credentials for integration services.
  • Information about request. We may collect certain information from you during your use of BAS-IP Products. This can include any information provided by the user (text of the request or description of the issue, feedback, or rating of the support service, additional comments).
  • Other information. We may collect certain information from you during your use of BAS-IP Products. This can include an identifier usage conditions (number of entries, validity period), and comment text.

Job applicant data:

  • Contact information. When you apply for a job through the form available on the Website, we can collect your personal data. This data may include your first name, last name, phone number, email address, and social media information.
  • Communication information. When you apply for a job through the form available on the Website, we can collect your personal data. This data may include content of emails, messages, audio or video conversations, brief summary of communication, key details of communication, in some cases, with the consent of data subjects – recording of conversations.
  • CV information. When you apply for a job through the form available on the Website, we can collect your personal data. This may include data from CVxs, such as work history, education, and other information you decided to provide us. We may also receive your CV and other personal data if you submit it through the job boards we partner with. Please review their privacy documentation before providing any data.
  • Information from the newcomer questionnaire. When you complete the newcomer questionnaire, we may collect the personal data you provide. This may include personal information, place of residence, contact details, marital status, education, professional references (name, position, contact details), personal qualities, etc.

The Company does not collect more personal data from data subjects than is determined in this Policy. The Company also does not collect more personal data than is needed for the purposes of processing specified herein.

The Company does not sell your data.

The Company does not collect or process sensitive data. Please refrain from sharing your or third-party sensitive personal data.

While processing personal data, the Company may apply automated individual decision-making to ensure security and prevent fraud. This may result in the deletion of your personal account in the Products (“Automated decision”). The Automated decision is based solely on the automated processing of the relevant personal data we collect and process for security and fraud prevention purposes.

GROUNDS FOR PROCESSING

We collect and process your personal data in accordance with the provisions of the GDPR and other applicable laws and regulations.

Under the GDPR, there is an exclusive list of lawful bases, allowing us to process your personal data. During personal data processing, we rely only on four of them, namely:

Article 6.1(a): consent

We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time.

You may withdraw your consent to the processing of your personal data by emailing us at [email protected] or contacting us in any other way convenient for you.

Article 6.1(b): performance of a contract

When you provide us with personal data via available options on our Website, this can sometimes be considered a request to form a contract or perform a contract between you and us. However, we may ask you for clear consent in case of doubt.

Article 6.1(c): legal obligation

We process your personal data to fulfil our legal obligations, such as complying with tax or regulatory requirements. If you request to exercise your rights under the GDPR, we may ask you for some personal data for verification purposes to identify you and comply with the applicable law.

Article 6.1(f): legitimate interest

We process your personal data for the purposes of our legitimate interests, such as:

  • preventing fraud,
  • ensuring the security of our Website, and
  • providing you with a seamless user experience.

We only collect and use the strictly necessary data to achieve these purposes, provided that your fundamental rights and freedoms are not overridden.

HOW WE USE YOUR DATA

When acting as a data controller, we use your personal data for the purposes listed in the table below, where we also detail the types of personal data processed, the legal bases we rely on to do so, and third parties with whom we may share your personal data.

Source Purpose of Processing Types of Personal Data Legal Grounds Recipients
Website Communication 一    Contact information

一    Communication information

 Your consent (Article 6(1)(a))

Performance of a contract (Article 6(1)(b))

 Telegram,

360 Dialog,

Discord
Marketing 一    Contact information

一    Communication information

一    Cookie information

 Your consent (Article 6(1)(a)) Cloudflare
Analytics 一    Cookie information

一    Automatically collected information

 Your consent (Article 6(1)(a))

Our legitimate interest (Article 6(1)(f))

 Google Analytics,

Celonis,

Cloudflare
Security and fraud prevention 一    Cookie information

一    Automatically collected information

 Our legitimate interest (Article 6(1)(f)) Cloudflare
Technical support 一    Contact information

一    Information about request

 Performance of a contract (Article 6(1)(b)) Tripetto, Telegram,

360 Dialog Contractors
Legal compliance (including cookie consent management) 一    Cookie information Legal obligation (Article 6(1)(c)) CookieYes
BAS-IP Intercom hardware Product analytics and improvement 一     Device information Our legitimate interest (Article 6(1)(f)) Hetzer,

Cloudflare, Celonis
BAS-IP Link App Account registration and authorisation 一    Account information

一    SIP information

一    License information

一    Automatically collected information

 Performance of a contract (Article 6(1)(b)) Apple,

Google
Product analytics and improvement 一    Automatically collected information Our legitimate interest (Article 6(1)(f)) Celonis
BAS-IP Intercom Cloud Authentication and account administration 一    Account information Performance of a contract (Article 6(1)(b)) Hetzer,

Cloudflare,

DigitalOcean
BAS-IP Intercom App Product analytics and improvement 一     Device information Our legitimate interest (Article 6(1)(f)) Celonis,

Apple,

Google
BAS-IP UKEY Product analytics and improvement 一     Device information

一    Automatically collected information

 Our legitimate interest (Article 6(1)(f)) Celonis,

Apple,

Google
BAS-IP UKEY Config Product analytics and improvement 一     Device information Our legitimate interest (Article 6(1)(f)) Celonis,

Apple,

Google
BAS-IP API docx Authentication and account administration 一    Account information Performance of a contract (Article 6(1)(b)) Google
Recruitment Job applications management 一    Contact information

一    Communication information

一    CV information

一    Information from the newcomer questionnaire

 Your consent (Article 6(1)(a)) Google Workspace,

Social media platforms (e.g., LinkedIn)

We can also process personal data as a data processor, at the request and pursuant to the instructions given by our Client as a data controller. We describe the situation when we act as a data processor and process personal data on behalf of the Client in the table below:

Source Purpose of Processing Types of Personal Data Legal Grounds Recipients
BAS-IP Intercom hardware Provision of services 一    Information about residents

一    Information about guests

一    Information about the device administrator

一    Device information

一    Information about request

 Determined by the Client Specified in the DPA with the Client
BAS-IP Link Cloud and BAS-IP Link Selfhost Provision of services 一    Account information

一    Company information

一    Communication information

一    License information

一    Access identifier

一    Reservation information

一    Device information

一    Intercom information

一    Information about guests

一    Information related to event processing

一    Automatically collected information

一    Server configuration information

 Determined by the Client Specified in the DPA with the Client
BAS-IP Link App Provision of services 一    Account information

一    SIP information

一    License information

一    Access identifier

一    License information

一    Device information

一    Call information

一    Information about guests

一    Information about family members

一    Automatically collected information

一    Other information

 Determined by the Client Specified in the DPA with the Client
BAS-IP Intercom Cloud Provision of services 一    Account information

一    SIP information

一    Call information

一    Device information

一    Information about requests

 Determined by the Client Specified in the DPA with the Client
BAS-IP Intercom App Provision of services 一    Account information

一    Device information

一    SIP information

一    Call information

一    Information about requests

一    Automatically collected information

 Determined by the Client Specified in the DPA with the Client
BAS-IP UKEY Provision of services 一    Location information

一    Access identifier

一    Device information

一    Automatically collected information

一    Information сollected by SDK Providers

 Determined by the Client Specified in the DPA with the Client
BAS-IP UKEY Config Provision of services 一    Device information Determined by the Client Specified in the DPA with the Client

USE OF COOKIES

When you visit our Website, we automatically gather certain information through cookies. These cookies, for example, can help us understand your interactions with our Website, enhance your browsing experience, improve our Website and services, and conduct marketing activities. To learn more about the types of cookies we use and how you can customise your cookie preferences, please review our detailed Cookies Policy.

DATA RETENTION

The Company processes and stores the personal data during the period that is needed for the realisation of the processing purposes, specified in this Policy.

We store Cookie information for the period specified in our Cookies Policy.

The Company is entitled to store more and delete the earlier collected data subject personal data at any time if such personal data is no longer needed. Herewith, the Company is obligated to notify the respective data subject that his/her personal data has been deleted.

The Company may keep storing personal data if subsequent processing is foreseen by law and is deemed relevant for a purpose that is not compatible with the original purpose of processing stated in this Policy. Herewith, the incompatible purposes mean the purposes concerning archiving in the public interest, scientific, statistical, or historical use.

Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by emailing us at [email protected] or contacting us in another convenient way.

SECURITY AND INTEGRITY OF THE DATA

The Company is responsible for ensuring that any personal data that the Company holds and for which they are responsible is kept securely and is not under any circumstances disclosed to any person unless those persons have been specifically authorised by the Company to receive that information and have entered into a confidentiality agreement.

All personal data should be accessible only to those who need to use it under the internal documentation of the Company. Personal data shall be treated with the highest security measures and must be kept encrypted.

We have implemented appropriate organisational, technical, administrative, and physical security measures designed to protect your personal data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

DATA BREACH NOTIFICATION

The Company takes all reasonable steps to minimise the risk of a personal data breach while processing the personal data.

In the case of a personal data breach, the Company shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Commissioner (or data protection authority under EU GDPR), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of the data subjects.

The risk assessment the Company has to carry out will determine whether the risk to the rights and freedoms of the data subjects affected is judged to be sufficiently high to justify notification to them.

Also, in the case of a personal data breach, which is likely to result in a high risk to the rights and freedoms of the data subjects, the Company shall, without undue delay, notify the appropriate data subject of the personal data which were breached.

If measures have subsequently been taken to mitigate the high risk to the data subjects so that it is no longer likely to happen, then communication with the data subject is not required by the GDPR.

The Company documents all personal data breaches, comprising the facts relating to the personal data breach, its effects, and the remedial action taken. That documentation shall enable the Commissioner (or data protection authority under EU GDPR) to verify compliance with the GDPR.

The respective processor is obligated without undue delay to notify the Company about the breach of the personal data while processing such personal data under the Company’s instructions.

SHARING YOUR DATA WITH OTHER ENTITIES

We may share your personal data with other entities in accordance with the provisions specified hereafter.

Sharing data with data processors

There are many features necessary to provide you with our services that we cannot complete ourselves; thus, we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.

Therefore, we may share and disclose your personal data to other data processors, namely, to:

  • Hetzer (Hetzner Online GmbH, Germany). You may read its Privacy Policy here.
  • Cloudflare (Cloudflare, Inc., USA). You may read its Privacy Policy here.
  • DigitalOcean (DigitalOcean, LLC, USA). You may read its Privacy Policy here.
  • Google (Google Ireland Limited, Ireland). You may read its Privacy Policy here.
  • Apple (Apple Inc., USA). You may read its Privacy Policy here.
  • Celonis (Celonis SE, Germany). You may read its Privacy Notice here.
  • CookieYes (CookieYes Limited, United Kingdom). You may read its Privacy Policy here.
  • Telegram (Telegram Messenger Inc.). You may read its Privacy Policy here.
  • 360 Dialog (360dialog GmbH, Germany). You may read its Privacy Policy here.
  • Discord (Discord Netherlands BV, Netherlands). You may read its Privacy Policy here.
  • Tripetto (Tripetto B.V., Netherlands).

As part of our business operations, we may engage various specialists who may receive your personal data, including technical professionals, to provide you with better client service. Collectively, these specialists are referred to in this Policy as Contractors.

The processors are not entitled to define any additional purposes for the personal data processing.

We may also need to share your personal data with law enforcement agencies, courts, regulatory bodies, or other public authorities. This could be to protect our rights, safety, or property, or those of our affiliates, you, or others, and to respond to lawful requests or comply with legal obligations under applicable laws.

If we are required to disclose your personal data for these reasons, we will inform you beforehand, unless the law prohibits us from doing so.

INTERNATIONAL DATA TRANSFERS

We may transfer your personal data to countries outside the United Kingdom (UK), European Union (EU), the European Economic Area (EEA), and that are not deemed to provide an adequate level of data protection.

In such cases, we will ensure that appropriate safeguards are in place in accordance with the GDPR to protect your Personal Data. These safeguards may include using Standard Contractual Clauses (SCCs) adopted by the European Commission, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the SCCs, as applicable. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with these third parties to ensure that your personal data is adequately protected.

We put supplementary technical and organisational measures in place when transferring data outside the EU and the EEA. e.g., prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity, and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.

LINKS TO THIRD-PARTY WEBSITES OR SERVICES

This Policy applies only to this Website. We strongly recommend you review the privacy documents of any websites you may reach by following the hyperlinks presented on our Website. We have no control over the content and data practices of other websites and are not responsible for their actions.

DATA SUBJECT AGE

Our Website and services are intended for general audiences and are not directed to children under the age of 18. By submitting your personal data to us, you acknowledge that you have reached the age of 18, and under the laws of your country of residence, you have all rights to provide us with your personal data for processing.

Under the GDPR, we do not knowingly collect any personal data from children under the age of sixteen (or a lower age if provided by EU member state law, provided that such lower age is not below 13 years).

If we learn we have collected or received personal data from a child, we will delete that information. If you have any reason to believe that a child has provided their personal data to us, please contact us at [email protected].

DATA SUBJECTS RIGHTS

You may exercise the following rights by submitting a data subject request to [email protected] or via the Data Subject Access Form. The data subject request must include the name, contact information of the data subject, the right which the Data subject wants to realise, the personal data processed by the Company, details, and the reason/justification for such a request.

Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

Right under the GDPR Description How to exercise it
Right to withdraw consent

(Art. 7)

 You can withdraw your consent for data processing at any time. You can submit a request.
Right to be informed

(Art. 13, 14)

 You have the right to be informed about the collection and use of your personal data. All information about our collection and use of your personal data is described in this Privacy Policy and the Cookies Policy.
Right of access

(Art. 15)

 You have the right to confirm whether your personal data is being processed by us and access such data, along with specific information. You can submit a request.
Right to rectification

(Art. 16)

 You have the right to correct inaccurate personal data about you and to have incomplete personal data completed. You can submit a request.
Right to erasure (“right to be forgotten”)

(Art.17)

 You have the right to have your

personal data deleted without undue delay where one of the following grounds applies:

一      the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

一      you withdraw consent to consent-based processing;

一      you object to the processing under certain rules of applicable data protection law;

一      the personal data have to be erased for compliance with a legal obligation in the European Union or an EU Member State law;

一      the personal data have been collected in relation to the offer of information society services referred to in Article 8(1);

一      the personal data have been unlawfully processed.

 You can submit a request.
Right to restriction of processing

(Art. 18)

 You can limit the way in which we use your data where one of the following applies:

一      you contest the accuracy of the personal data;

一      processing is unlawful, but you oppose erasure;

一      we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defence of legal claims;

一      you have objected to processing, pending the verification of that objection.

 You can submit a request.

Where processing has been restricted on this basis, we may continue to store your personal data.

However, we will only otherwise process it:

一      with your consent;

一      for the establishment, exercise, or defence of legal claims;

一      for the protection of the rights of another natural or legal person;

一      or for reasons of important public interest.
Right to data portability

(Art. 20)

 You have the right to receive your personal data in a structured, commonly accepted, and machine-readable format and have the right to request that we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means. You can submit a request.
Right to object

(Art. 21)

 You have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

Also, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling).

 You can submit a request.
Right not to be subject to a decision based solely on automated processing, including profiling

(Art. 22)

 This right restricts us from making solely automated decisions, including those based on profiling, which produce legal or other significant effects for data subjects. You can submit a request.
Right to lodge a complaint

(Art. 77)

 You have the right to lodge a

complaint with the Commissioner (or the supervisory authority under EU GDPR) if you believe that the processing of your personal data violates the requirements of the GDPR.

 You can submit a complaint with the Commissioner in the UK or with the competent data protection authority in the EU, as specified in this Privacy Policy.
Right to compensation

(Art. 82)

 Any person who has suffered material or moral damage as a result of a violation of GDPR requirements has the right to receive compensation from the controller or processor for the caused damage. Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the UK or EU Member State referred to in Article 79(2).

COMPLAINTS

We encourage you to reach out to us initially with any concerns you may have regarding the processing of your personal data. You may use the following email to address your inquiries: [email protected].

You have the right to lodge a complaint about our use of your personal data with the Commissioner under UK GDPR or a data protection authority under EU GDPR. For more information, please contact your national data protection authority. You can find a complete list of EU supervisory authorities through this link.

We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us.

AMENDMENTS TO THE POLICY

We may periodically update this Policy to reflect new updates, technologies, legal requirements, or other reasons. Any changes will be communicated by posting an updated version of the Privacy Policy on our Website.

We encourage you to review this Policy periodically. We always give advance notice of upcoming changes by indicating when the new version of the Privacy Policy will take effect. If you continue to use our Website or otherwise provide us with your personal data after the new version of the Privacy Policy goes into effect, we assume that you agree to the changes.

CONTACT INFORMATION

If you have a question related to this Policy, our processing activities, or your data subject rights under GDPR and other applicable laws, you can contact our Data Protection Officer directly using the following details:

External Data Protection Officer
Privacity GmbH
Germany, Hamburg,
Neuer Wall 50, 20354
Email: [email protected].