when you visit www.privacybastion.com (the "Site") and utilize Privacy Bastion services (the "Service").
1. What personal data do we collect and why?
We collect the information necessary for account creation, payment processing, customer assistance, and other similar activities.
1.1 Cookies and device information
We gather information about the individual web pages or items you view when browsing the website, what websites or search keywords sent you to the Site,
and how you interact with the website. This automatically obtained data is referred to as "Device Information."
Cookies are used to collect Device Information. Cookies are data files stored on your device or computer and frequently contain an anonymous, unique identification.
Visit https://www.allaboutcookies.org for more information about cookies and how to disable them.
We gather Device Information to help us improve and optimize our website (for example, by generating analytics about how our customers browse and interact with the website,
as well as to assess the efficacy of our marketing and advertising efforts). Our legitimate interest in analyzing and improving the operation of our website, as well as assessing
the efficacy of our marketing activities, is the legal basis for processing your data for this purpose (Art. 6(1)(f) of the GDPR).
1.2. Account registration
If you choose to utilize our Service, you must create a user account by providing your email address and a password. We will keep your email address, email verification date,
account creation date, and encrypted password. This information is referred to as "Account Information."
A contract with you serves as the legal basis for processing your data for this purpose (Article 6(1)(b) of the GDPR).
1.3. Privacy Bastion service provision
To properly utilize our Service, you must supply your full name and address information (country, state, city, ZIP code, and address) and your authorization
for us to act on your behalf when filing data erasure requests. We will keep a copy of the authorization, the information it contains,
and the date it was created/modified. In some situations, data brokers will need extra personal information from you for user verification
(such as your date of birth, phone number, middle name, or date of birth), and we will only be able to complete data removal if you supply this information.
We will maintain information regarding the status of these requests, the names of data brokers, and the removal ID on file to inform you about data deletion requests.
Furthermore, we use your email address to contact you about our Service, ask you questions, and deliver our Service.
The legal justification for processing personal data for this purpose is the fulfillment of a contract with you (GDPR Article 6(1)(b)).
1.4. Customer service
We also keep in touch with you on the Service and any issues that emerge while providing the Service. The inquiry ID, your name, the date of the inquiry,
and the content of the inquiry are all processed as personal data for this purpose. Your consent (Article 6(1)(a) of the GDPR) and a contract
with you are the legal bases for processing your data for this purpose.
1.5. Payment processing
In terms of payment information, our payment processing partners collect the standard data required for payment processing and/or refund requests
(subscription ID, subscription creation date, validity date, transaction date, payer's IP address, credit card number, credit card owner's full name,
and/or residence address in some jurisdictions). Our contract with you governs the processing and transmission of such data (Article 6(1)(b) of the GDPR).
1.6. Dispute resolution
In a disagreement between you and us, we may be required to defend our legitimate interests and legal rights. In these situations, we may be obligated to collect and preserve a
limited amount of information, such as your email address, subscription information, legal papers, communication with you, and other material about the
disputed issue. Please keep in mind that we do not automatically gather and store this information. We only keep this information when there is a dispute,
a court procedure, a legal claim, or other legal action that has been or is about to be initiated.
2. Sharing your personal information
Your personal information is never sold. For example, we might share limited information such as your Privacy Bastion email with our partners who assist us in providing our service.
We provide this limited information to the following parties:
Payment service provider Stripe Inc for payment processing
Email service provider Sendgrid Inc
Analytics service providers, such as Google LLC
Finally, we may release your personal information to comply with relevant laws and regulations, to react to a subpoena, search warrant, or other legitimate requests for information we receive,
or to protect our rights in other ways. If we do, the legal basis for processing data is our legitimate interest in defending our rights and interests in the event of a dispute (Article 6(1)(f) of the GDPR).
When we transmit your data outside the European Economic Area (EEA), we use suitable safeguards to ensure that your data is transferred and processed following the applicable privacy regulations.
The measures include signing Standard Contractual Clauses certified by the European Commission and considering the European Commission's adequacy determinations.
3. Your rights
You have privacy rights concerning acquiring and processing your data, which you can exercise by contacting us.
You can access or obtain a copy of your personal information by contacting us.
You have the right to object to processing your personal information, request that we limit the processing of your personal information, or seek portability of your personal information where technically feasible.
You have the right to request that inaccurate personal information be corrected and, depending on the nature of the collection and use, that incomplete personal information be completed (right to rectification).
You have the right to have your personal information listed in Clause 1 deleted unless we are legally compelled or have a legal basis to keep it.
If we gathered and processed your personal information with your permission, you can withdraw your permission at any time.
Withdrawing your consent does not affect the lawfulness of any processing we performed before your withdrawal, nor on processing your personal information performed in reliance on legitimate processing grounds other than consent.
If you want to exercise any of the rights listed above, please get in touch with us at email@example.com.
4. Data retention
We keep your personal information for a limited time before permanently deleting it.
As described above, we use different retention periods based on the purpose for which your personal information is handled.
Cookies are kept for the periods specified in section 1.1 above.
Personal data required to deliver the Service (sections 1.2, 1.3, and 1.5) is kept for up to 12 months after we stop providing the Service or until you ask us to remove it, and there are no legal restrictions on us doing so.
Personal data required for customer support (section 1.4) is kept for two years.
Suppose we need to protect our rights and interests in the event of a dispute (section 1.6). In that case, personal data is kept for two years or until the dispute is settled or a definitive decision by a competent authority is made, whichever comes first.
5. Get in touch with us
If you have any queries about our privacy practices, please contact us by email at firstname.lastname@example.org.
Last modified: September 24, 2023