Date of Last Revision: September 20, 2023
TOKENS d. o. o. ("Tokens")
Dunajska cesta 117
In some cases of personal data processing, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”) applies based on the “targeting” criterion. This Policy is compliant with the GDPR.
2. INFORMATION WE COLLECT AND PROCESS
At Tokens, we collect and process the information you provide to us, automatically collected information and information received from third parties.
Information you provide to us
You may provide us with information about you when you use our Services:
- Personal Information or Personal Data (“Personal Information”): In the course of using the Services (whether as a Client, Contractor, Site Visitor, Mobile Application user), we may require or otherwise collect information that identifies you as a specific individual and can be used to contact or identify you (“Personal Information”), such as your name and surname, email address, billing address, phone number, location, photos, financial account information.
- Non-Identifying Information: We may also collect other information, information regarding your use of the Services, and general project-related data (“Non-Identifying Information”). If possible, we render Personal Information into a form of Non-Identifying Information referred to as “Pseudonymised information”, in such a manner that it can no longer be attributed to you without the use of additional information.
- Combination of Personal and Non-Identifying Information: Certain Non-Identifying Information would be considered a part of your Personal Information if it were combined with other identifiers in a way that enables your identification. We may combine your Personal Information with Non-Identifying Information and will treat the combined information as Personal Information.
Automatically collected information
We may receive technical information when you use our Services. We use these technologies to analyze how people use our Services, to improve our Site functions, and save your log-in information for future sessions. This information may include the browser and operating system you are using, the Internet Protocol (“IP”) address, or other unique device identifiers (“Device Identifier”) for any device (computer, mobile phone, tablet, etc.) used to access our Services.
- Embedded Scripts: We may also employ software technology known as an Embedded Script, a programming code designed to collect information about your interactions with the Services, such as the links you click on. The code is temporarily downloaded onto your computer or other device and is deactivated or deleted when you disconnect from the Services.
In addition, we may use a variety of other technologies (such as tags) that collect similar information for security and fraud detection purposes. We may use third parties to perform these services on our behalf.
Information received from third parties
We may collect the information about you from the following third-party sources:
- third parties who license, sell, or otherwise provide data they have collected (“Third-party Data”) or
- publicly available sources, such as via the Internet and social networks (“Public Data”)
3. HOW WE USE YOUR INFORMATION
We process your information for the purposes described in this policy, based on the following legal grounds:
- your consent We ask for your consent to the processing of your information for specific purposes. You have the right to withdraw your consent at any time
- when we are providing services We process your data to provide the services you’ve asked for under a contract or service agreement. Such processing is necessary for the performance of our contract or in order to take steps at your requests prior to entering into a contract
- when we are complying with legal obligations We will process your data when we have a legal obligation to do so, for example, if we respond to a legal process or an enforceable governmental request
- when we are pursuing legitimate interests We process your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. That means that we process your information for things such as developing new products and features useful to our Services’ users, marketing to inform users about our services, performing research that improves our services, etc
We use the information for the following purposes:
- to provide and improve our Services
- to complete your transactions, address your inquiries
- to verify the information you provide is valid and for compliance and internal business purposes
- to contact you
- to administer and develop our business relationship with you
- for the purposes disclosed at the time you provide your information
- internal accounting, bookkeeping and tax reporting purposes
4. INFORMATION SHARING AND DISCLOSURE
We may share information about you if sharing and disclosure are necessary for the performance of our Services, for compliance with any legal obligations, for the purposes of legitimate interests, or if you give us your consent to do so.
We may employ third parties (companies and individuals) to facilitate or enhance the Services, to provide the Services on our behalf, to assist us in analyzing how the Services are used, and to perform services related to administration of the Services or the Site (such as maintenance, payments, accounting, bookkeeping, tax preparation, legal, hosting and database management services, website analytics and administration). We may share your information with such third-party service providers so that they may perform these tasks on our behalf.
5. DATA RETENTION
6. ACCESSING, CHANGING OR DELETING YOUR INFORMATION
- right of access by the data subject
- right to rectification
- right to object
- right to erasure (‘right to be forgotten’)
- right to restriction of processing
- right to data portability
- and explicitly the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
all in accordance and within the deadlines as set out in GDPR.
You may review, update, correct or delete your Information, if not required to be retained by law or for legitimate business reasons, by making updates to that information through your online account or by contacting Tokens at email@example.com. If you request to access, change or delete your personal information, we will respond to your request within 30 days.
We will use all reasonable efforts to honor your request to delete your information; however, certain information will actively persist on the Services even if you close your account/if we delete your information. In addition, your Personal Information may remain in our archives and information you update or delete, or information within a closed account, may persist internally or for our administrative purposes, especially if it is technically impossible to delete. It is not always possible to completely remove or delete information from our databases.
In relation to all procedures relating to the collection, processing and storage of your personal data, you have the right to appeal to the Information Commissioner of the Republic of Slovenia (https://www.ip-rs.si/o-pooblascencu/osebna-izkaznica/
7. SECURITY AND DATA BREACH
Because we are very concerned about your information’s confidentiality and security, we employ administrative, physical, and electronic measures designed to protect your information from unauthorized access. We implemented all appropriate technical and organizational measures to ensure a sufficient level of security:
- we use encryption and data pseudonymization
- we use different security features like 2 Step Verification
- we review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access
- we restrict access to personal information to our contractors and processors who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations
- our data access rights and levels are based on job function and role, using the least-privilege and need-to-know concepts to match access privileges to defined responsibilities
In the case of a personal data breach, we implemented appropriate procedures to notify competent authorities and, when the personal data breach is likely to result in a high risk to your rights and freedoms, we will communicate the personal data breach to you in accordance with the legal requirements and without undue delay.
8. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
Tokens protects personally identifiable information from residents of the European Union, other European Economic Area countries, and Switzerland in accordance with applicable law, above all with the GDPR (including, as applicable, reliance upon your consent and EU-approved Standard Contractual Clauses).
9. CHANGES TO THIS POLICY