Effective since August 2019, last updated September 3rd 2019
The terms listed below have the meanings assigned to them in the General Data Protection Regulation (EU) 2016/679 (GDPR):
1.1. Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’). In this definition identifiable natural person means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
1.2. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
1.3. Data Controller or Controller means any natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by the European Union or the law of the UK.
1.4. Data Subject is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular information representing personal data;
2. General provisions
2.1. UNPITCHD LTD a company incorporated under the laws of the United Kingdom under registration number 11792246, with registered office in the United Kingdom is a Data Controller of collected Personal Data.
2.3. The Controller acknowledges the privacy of Data Subjects and makes efforts to protect them against any unlawful processing of Personal identifiable data.
2.4. The Controller applies all necessary relevant technical and organizational measures to protect the Personal Data of Data Subjects in accordance with the effective legislation.
2.5. Although Controller will take diligent efforts to ensure safe storage and Processing of Personal identifiable data, Controller cannot guarantee it to be 100% secure and risk-free. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of Data Subject information at any time.
2.6. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors. The updated list of these parties may be requested from the Controller at any time.
3. Collecting and Processing of Personal Identifiable Data
3.1. Types of Personal Data collected:
contact data email address
identity data a first name, maiden name, last name, username or similar identifier, status (buyer or provider)
communication data messages Data Subject send to Controller, feedbacks and survey responses
internet protocol (IP) address, login data, browser type, and version, time zone setting and location, browser plug-in types and versions, operating system and other technology on the devices Data subject use to access the website.
3.2. Collection of Personal identifiable data:
direct interactions Data Subject may voluntarily provide Personal Data when completing online forms, create an account, join the mailing list, or otherwise or correspond with Controller (by post or email)
automated technology Controller automatically collects Personal Data(technical and usage) when Data Subject interacts or browse Website by using cookies, server logs, and other similar technologies.
3.3. The Controller, in its capacity as Controller of Personal Data, processes it with an appropriate level of security. Such Processing includes protection against unauthorized or illegal Processing and against accidental loss, destruction or damage while applying suitable technical and/or organizational measures in compliance with the following principles:
• lawfully, fairly and in a transparent manner in relation to the Data Subject (“lawfulness, fairness and transparency”);
• data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“appropriateness in the Processing of Personal Data and purpose limitation”);
• adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed (“data minimization”);
• accurate and kept up to date;
• limitation of the storage for periods not longer than necessary for the purposes for which they are processed (“storage limitation”);
• Processed in a manner that ensures appropriate security of the Personal identifiable data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage;
• Using appropriate technical or organizational measures (“integrity and confidentiality”).
3.4. The Controller processes Personal Data only if and to the extent, at least one of the conditions listed below shall apply:
• Processing is required for the performance of an agreement with the Controller, to which the Data Subject is a party, or to undertake steps at the request of the Data Subject prior to the signing of an agreement with the Controller.
• Processing is required for compliance with a legal obligation that applies to the Controller in its capacity as Controller of Personal identifiable data.
• Data Subject has given consent for the Processing of Personal Data for one or more specific purposes.
3.5. Controller in its capacity as Controller does not collect or Process the Personal Data which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, data concerning the health, sex life or sexual orientation of the natural person.
4 General purpose
|Purpose||Type of data||Lawful basis|
|to register Data Subject account||identity & contact||to perform Controller‘s obligations|
|to provide services pursuant to Terms and Conditions||identity, contact; technical||to perform a contract with Data Subject; as necessary for Controller’s legitimate interest.|
|to administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||identity, contact, technical||as necessary for our legitimate interests in running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise as necessary to comply with any legal obligations|
|to deliver relevant content/advertisements to Data Subject and measure advertising effectiveness||identity, contact, technical||as necessary for our legitimate interests in studying how customers use Website, to grow our business|
|to familiarize our clients with Data Subject’s services and advertise Data Subject’s service||contact||to perform a contract with Data Subject; as necessary for Controller’s legitimate interest|
|to make suggestions and recommendations to Data Subject about goods or services||identity, contact, technical||as necessary for our legitimate interests to develop our products/services and grow our business|
5.1. Personal Data are processed at the Controllers operating offices and in any other places
where the parties involved in the processing are located.
5.2. Depending on the Data Subject’s location, data transfers may involve transferring the
Personal Data to a country other than their own. To find out more about the place of processing
of such transferred Data, Users can check the section containing details about the processing
of Personal Data
6. Rights of Data Subject
6.1. Right to information – Data Subject has a right to receive information about the
Controller, as well as about the Processing of their Personal identifiable data.
6.2. Right of access to own Personal Data– Data Subject the right to receive from the
Controller confirmation as to whether Personal Data related to them are processed and if so,
to be given access to the data and the following information:
• purpose of the Processing;
• Processed Personal Data categories;
• Personal Data recipients or categories of recipients, if any;
• the intention of the Controller to transmit Personal Data to a third party;
• Personal Data storage period;
• the existence of the right to correct Personal identifiable data, as well as the right to
object against the Processing of Personal identifiable data;
• the existence of automated decision making, including profiling (if any); information as to
all rights that the Data Subject has;
6.3. Right to rectification of Personal Data (if data is not accurate) – the Data Subject has the
right to request the Controller to rectify, without undue delay, any incorrect data pertaining to
the Data Subject.
6.4. Right to the erasure of Personal Data (right “to be forgotten”) – the Data may request
the Controller to erase Personal Data if any of the conditions listed below exist:
• Personal Data is no longer needed for the purposes they have been collected for or
• Data Subject withdraws given consent, which data Processing is solely based on, and no
other legal grounds for the Processing exist;
• Data Subject objects against the Processing and no legal grounds for the Processing
exist that prevail;
• Personal Data were processed unlawfully;
• Personal Data should be erased in order to comply with a legal obligation under the
applicable European Union law or the laws of the United Kingdom;
• The Personal Data have been collected in relation to the offering of information society
services to children and the holder of parental responsibilities for the child gave consent.
6.5. Right to the limitation of Processing by the Controller or by the Personal Data processor
– specific conditions are required to be in place for that right to be exercised, namely:
• The Data Subject disputes accuracy (up-to-date) nature of the data. In this case, the
limitation of the Processing is over a period of time allowing the Controller to check the accuracy
of the Personal identifiable data;
• Processing is unlawful, but the Data Subject do not wish their Personal Data to be
erased, but rather require limitation of their use;
• The Controller no longer needs such Personal Data for Processing purposes, but the
Data Subject requires them for establishing, exercising or defending legal claims;
• The Data Subject has objected to the Processing while awaiting a check to be performed
whether the Controller legal grounds prevail over the interests of the Data Subject.
6.6. Right to transferability (data portability) of the Personal Data between the various
Controllers – the Data Subject has right to receive Personal Data pertaining to them, which they
have provided to the Controller in a structured, widely user and machine-readable format. In
addition, Data Subject has the right to transfer such data to another Controller without
hindrance by the Controller, to which Personal Data has been provided when Processing is
based on consent or contractual obligation and is automated.
6.7. Right to object against the Processing of Personal Data– Data Subject has right to
object against Processing of their Personal identifiable data, unless the Controller is able to
prove that compelling legitimate grounds for Processing exist that override the interests, rights,
and freedoms of the Data Subject, or for the establishment, exercising or defense of legal
6.8. Data Subject also has the right not to be subject to decision-based solely on automated
Processing, including profiling, which ensures legal consequences for the Data Subject or
significantly affects the Data Subject otherwise.
6.9. Right to defense through judicial or administrative procedure if the Data Subject rights
have been breached – if the Data Subject decide that their right has been violated, they may file
a complaint with the relevant supervision authority – or to file a claim with the court to defend
7. Disclosure of Personal identifiable data
7.1. Controller may disclose Personal Data to the following categories of persons:
|Service providers||acting as processor or Controller based in the EEA but also around the world who provide – services and IT and system administration services.|
|Professional advisors||acting as a processor or joint Controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance, and accounting services|
|HM Revenue & Customs, regulators and other authorities||acting as a processor or joint Controllers based in the EEA who require reporting of Processing activities in certain circumstances|
|Third parties||third parties to whom we may choose to sell, transfer, or merge parts of business or assets.|
7.2. Controller will never disclose Personal Data to persons to enable them to provide Data Subject with information regarding unrelated goods or services.
7.3. The information Data Subject provides to Controller may be transferred to and stored on Controller’s servers, or servers of third-party providers. It may be necessary to transfer collected data from Data Subject to locations outside of the European Union for Processing and storing.
8. Exercise the rights
8.1. In exercising their right to access Data Subject has the right to request from the Controller at any time:
• Confirmation as to whether data related is processed by the Controller, the purpose of the Processing, the data category, and recipients of such data or the categories of recipients’ data is disclosed to;
• To send them a message in an understandable format, containing the Personal Data of respective Data Subject to Processing and any information available as to the source of such data;
• Information as to the logic of any automated Processing of Personal Data pertaining to Data Subject, at least in the case of automated decisions under the provisions of the General Data Protection Regulation.
8.2. Data Subject has the right to request at any time that the Controller:
• erases, rectifies or blocks their Personal Data Processing of which is not compliant with the requirements of the effective legislation;
• notifies the third parties to which the Personal Data have been disclosed as to any erasure, rectification or blocking, except when this proves to be impossible or would involve a disproportionate effort.
8.3. Data Subject exercise their rights by filing a written request to the Controller, containing as a minimum the following information:
• name, personal ID number, postal address, email address and other data allowing identification of the respective Data Subject;
• description of the request;
• Signature, date, correspondence address, and mobile telephone number.
8.4. The filing of the request is free of charge. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
8.5. Upon the filing of a request by an authorized person, the notarized power of attorney must be attached to the request.
8.6. In case of death of the Data Subject, entitled heirs exercise the one’s rights. The certificate of heirs shall be attached to the request.
8.7. The Controller shall review and pronounce on the request within 1 month as of its filing. This period may be extended by further two months, if necessary, for example, if the request is particularly complex or Data Subject has made a number of requests. Data Subject shall be informed of any such extensions within 1 month as of receipt of the request, stating the reasons for the delay.
8.8. When you file a request by electronic means, the information is provided electronically, if possible, unless you have requested otherwise.
8.9. We provide an answer to the requesting person taking into account their preferred form for the provision of the information (orally or in writing – as a hard copy or electronically).
8.10. Where data do not exist or their provision is forbidden by law, access to the requesting party to such data is refused.
8.11. If the requesting party is not satisfied with the response received and/or believes that their rights related to Personal Data protection were violated, they are entitled to exercise their right to defense.
9. Third Party Links
10. Data retention
11. Age limitations
11.1 Data Controller do not knowingly process personal data from persons under 18 years of age. If you learn that anyone younger than 18 has provided us with personal data, please contact us at firstname.lastname@example.org