Last Revision: 8 Jan 2023
1. The company ("Nordblade") collects several different types of information both from and about users of its services, including but not limited to the following
(i). Personal information: This includes identifying information such as a user's name, email address, and phone number, which is provided when creating an account or registering for the services.
(ii). Payment information: This includes financial information such as a credit or debit card number and expiration date, which is collected when making a purchase through the services.
(iii). Location data: This includes information about a user's physical location, such as their IP address and GPS data, which is collected when using the services.
(iv). Device information: This includes details about the device a user is using to access the services, such as the device type, operating system, and browser type.
(v). Usage data: This includes information about how a user interacts with the services, such as the pages they visit, the features they use, and the content they access.
2. The company uses this information to provide, maintain, and improve its services, personalize the user experience, and communicate with users about products and services that may be of interest. The company may also use the information for research and analytics purposes, to enforce its policies, and to comply with legal obligations. The company may combine this information with other data it has collected or received from third parties in order to better understand and serve its users.
3. There are several purposes for which the company may use personal information and data, including:
(ii). Identifying and verifying customers on the website, including when they log in or sign up for the site or services, and ensuring the functionality and security of the website and services.
(iv). Managing customer accounts, including maintaining and updating account functionality.
(v). Contacting customers or responding to inquiries made through their account information. This may include using the provided information to contact customers in the event of updates or changes to the company's services.
(vi). Fulfilling, managing, and tracking orders for the company's services. The company uses collected information to assign services and send orders to the correct customers.
(vii). Providing customer support assistance, including through the company's ticket and live chat systems, which require customer information to identify and assist customers with their issues as quickly as possible.
(viii). Sending and receiving feedback and responses to marketing materials such as marketing emails, which customers may opt out of by using the "unsubscribe" button in the emails.
4. Overall, the company uses customer data for a variety of purposes, including to provide and improve its services, communicate with customers, and protect the security and integrity of its website and services. The company takes steps to ensure that the personal information it collects and uses is handled in a manner that is consistent with applicable laws and regulations and respects the privacy rights of its customers.
5. The company may collect and share personal information and data for a variety of reasons, including to comply with legal requirements, ensure the functionality and security of its services, and protect its legitimate interests. When transferring personal information and data to authorized parties, the company relies on the European Commission's Standard Contractual Clauses to ensure that the information is handled in a manner that is compliant with applicable laws and regulations.
6. The company may collect and share personal information based on the following legal bases:
(ii). Legal requirement: If required by law, the company may share personal information with authorized organizations.
(iii). Mergers and acquisitions: If the company enters into or negotiates a merger, large investment, partial sale, or acquisition that involves the transfer or change in management control of its services, it may share personal information with the relevant party in order to continue providing the services.
(iv). Best interests: If it is in the company's best interests and compliant with the terms of the relationship, the company may share personal information in order to investigate fraudulent or illegal activities or to pursue litigation.
(v). Third-party vendors and contractors: The company may share personal information with third-party vendors, network operators, and contracted consultants or employees in order to provide the services and features offered by the company. This may include sharing analytical data, service logs, and diagnostic information with vendors and network operators. Third parties that receive personal information are bound by confidentiality and non-disclosure agreements and may be considered "joint controllers" under the General Data Protection Regulation (GDPR), such as Article 26.
7. In addition to the circumstances outlined above, the company may also collect and share personal information and data with third parties for a variety of other purposes. For example, the company may share personal information with third parties to improve its services, provide customer support, or conduct market research. The company may also share personal information with third parties in order to comply with legal obligations, such as responding to subpoenas or court orders.
8. The company takes steps to ensure that any third parties with whom it shares personal information are bound by appropriate confidentiality and data protection obligations and that the information is only used for the purposes for which it was shared. The company also maintains records of the personal information it shares with third parties, including the types of information shared, the purpose of the sharing, and the duration of the sharing.
9. It is important to note that the company may be required to share personal information with third parties in order to provide its services or comply with legal obligations. In such cases, the company will take steps to ensure that the personal information is handled in a manner that is consistent with the requirements of applicable laws and regulations.
11. There are a number of third parties that the company may share information and data with, including payment processors, performance monitors, sales and marketing teams, authentication services, accountants and financial services, analytics tools, and other third party services not explicitly mentioned. These third parties may be involved in various aspects of the company's operations, such as processing payments, monitoring the performance of the company's website, promoting and marketing the company's products and services, verifying the identity of users, providing accounting and financial services, and analyzing data to improve the company's operations. The company takes steps to ensure that these third parties handle personal information in a responsible and secure manner, in accordance with applicable laws and regulations.
12. The company operates servers in several locations including the United Kingdom, Germany, Canada, and the United States. If you access the company's website from a location outside of these countries, it is important to be aware that your information may be transferred to, stored, and processed by the company in its facilities and by third parties with whom it may share your personal information (as described in the section titled "WILL YOUR INFORMATION BE SHARED WITH ANYONE?") in any of these countries or other countries. This means that your information may be subject to different laws and regulations regarding data protection, privacy, and security depending on the location where it is processed. The company takes steps to ensure that your information is protected and handled in accordance with applicable laws and regulations, regardless of where it is processed.
13. The company claims to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the UK Data Protection Act 18 (DPA18) and therefore stores information for only as long as is necessary for the specific function or as required by law. In general, the company retains information from the time of sign-up until the account is terminated by the customer, if applicable. The company has implemented policies and procedures to ensure that it only stores information for the minimum amount of time required and that it is deleted or destroyed once it is no longer needed. This includes regularly reviewing the data it holds and determining whether it is still necessary to retain it or if it can be safely disposed of. The company is committed to complying with all relevant data protection laws and regulations and takes steps to ensure that it handles personal information in a responsible and secure manner.
14. The company has legally binding restrictions in place for employees and contractors to ensure that access and processing of the information is restricted and secure. The information is stored in encrypted databases located at any of the company's listed service locations. The company takes measures to ensure that the information is kept safe and secure at all times, including implementing strong encryption and storing the data in secure locations. The company also requires its employees and contractors to adhere to strict confidentiality agreements to protect the privacy of the information. These measures are in place to safeguard the information and ensure that it is only accessed and used in accordance with the company's policies and procedures.
15. Nordblade is committed to protecting the privacy of its customers. This includes respecting the privacy rights of customers based on their legal residence. Even if a customer's country of residence does not have data protection legislation, Nordblade promises to uphold their right to privacy.
16. Customers who are residents of the European Economic Area (EEA) are protected under the General Data Protection Regulation (GDPR). Chapter 3, Articles 12 through 23 of the GDPR outline the rights of EEA customers, also known as "data subjects," in relation to their personal information. These rights include:
(i). The right of access (Article 15): Customers have the right to obtain from Nordblade any information about their personal data that is being processed, as well as access to that data.
(ii). The right to rectification (Article 16): Customers have the right to request the correction of any inaccurate or incomplete personal information that Nordblade has about them.
(iii). The right to erasure (Article 17): Customers have the right to request that Nordblade delete their personal data, subject to certain restrictions. This right is also known as the "right to be forgotten.
(iv). The right to restriction of processing (Article 18): Customers have the right to request that Nordblade restrict the processing of their personal information in certain cases.
17. Customers who are residents of California in the United States are protected under the Californian Consumer Privacy Act (CCPA). The CCPA prohibits the sharing or selling of personal information of California residents without their consent.
18. Customers who are residents of the United Kingdom are protected under the Data Protection Act of 2018. This legislation is similar to the GDPR and applies to the processing of personal data of UK citizens. Customers can find more information about the Data Protection Act of 2018 on the UK government's website at https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted.
19. If customers have any questions or concerns about their privacy rights, they can contact Nordblade's Data Protection Officer at [email protected]. The Data Protection Officer is responsible for overseeing Nordblade's compliance with data protection laws and regulations and can assist customers with any issues they may have.
20. The Children’s Online Privacy Protection Act (COPPA) is a legislation enforced by the Federal Trade Commission of the United States that applies to any commercial entity that engages with U.S. citizens, regardless of where the business is located. Nordblade LTD, a business based in the United Kingdom, engages with U.S. resident customers and therefore must comply with COPPA. This means that Nordblade restricts purchases, does not collect or process data, and does not engage in any business-related activities with individuals under the age of 13.
22. Third parties may report any suspected violations of COPPA by visitors to Nordblade's compliance department or Data Protection Officer at [email protected]. or [email protected]. Adolescents between the ages of 13 and 17 must obtain the permission of a legal guardian to form a contractually binding relationship with the company. Please see Section 6-8 of the Terms of Service for more information.
23. The Data Protection Officer of Nordblade Ltd can be contacted at [email protected] for private and confidential conversations regarding data protection regulations. When making a request to the Data Protection Officer, the customer may be required to provide personally identifiable information such as passport details and proof of residence in order to confirm their identity. This information will only be used for the duration of the conversation and will not be stored or shared with any other parties.
24. To request the implementation of any data protection legislative articles, the customer should send an email to the Data Protection Officer at [email protected] from the same email address associated with their account, if available. If it is not possible to send the email from the associated account, the customer may send it from another email address or authorize a family member or agent to do so on their behalf. The email should include personally identifiable and verifiable information such as a passport or driver's license and a photo of the customer holding the form of identification.