- Effective date: May 24th, 2018
Stratigen Consulting, (“us”, “we”, or “our”) operates Stratigen.com, ChessCreator.com, Synthwave.com, FlightRank.com and FischerRandom.com (the ‘Services’). The security of all data is important to us; in this document, we will explain how we collect, use and protect the personal data we control and process.
These are 6 principles that underpin our approach to GDPR in terms of our responsibilities as a Data Controller and a Data Processor. In different words, we strive to ensure personal data is:
- Processed Lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purposes;
- Adequate, relevant and limited to what is necessary;
- Accurate and, where necessary, kept up to date;
- Retained only for as long as necessary; and,
- Processed securely in an appropriate manner to maintain security.
In our role as a Data Controller, we also strive to obtain Informed Consent, defined as being ‘freely given, specific, informed and unambiguous’.
As an EU citizen whose personal information we hold, the GDPR affords certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org or through our Services. In order to process your request securely, we reserve the right to request two valid forms of identification from you, for verification purposes.
Your rights are as follows:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure (the ‘right to be forgotten’);
- The right to restrict processing;
- The right to data portability;
- The right to object; and,
- Rights in relation to automated decision making and profiling.
In our role as a Data Controller, we strive to uphold these rights in the manner, and to the timelines, defined within GDPR. If we consider requests to: be frivolous or vexatious; necessitate disproportionate effort to complete (time or cost); or, cannot be fulfilled for another legitime reason (e.g. legal) – then we reserve the right to refuse them. If such an exceptional circumstance arises, then we will inform you (within a reasonable timeframe). If answering requests is likely to require additional time (above that specified in GDPR) or generates a commercially unreasonable expense (which you may have to meet, in part or in full), then we will also inform you (within a reasonable timeframe).
On matters where GDPR specifies a defined timeline, for example, fulfilling Subject Access Requests (‘no later than 30 days’) and/or reporting data breaches to the Supervisory Authority (‘where feasible, within 72 hours’), we will make commercially reasonable efforts to achieve said timelines. If exceptional circumstance arise, which might impact us achieving these deadlines, then we will inform you (within a reasonable timeframe). If there is no defined timeline for a specific matter, then we will strive to address them ‘within a reasonable timeline’ as recommended within GDPR.
We collect different types of information from the customers of our Services, including:
- Registration and Contact Information. We collect information about you when you (a) register to use the Services; and/or, (b) provide contact information to us via email, chat bots, telephone, or through our Services.
- Payment Information. When you purchase the Services (via: PayPal), we collect transactional information, which may include your credit card information, billing and mailing address et al (necessary to complete purchase).
- Technical, Usage and Location Information. We automatically collect information as you interact with our Services, such as your IP address, date and time, browser version, operating system, location data, computer or device details, pages viewed, and items clicked.
- Other Information. We may collect other information from you.
Stratigen Consulting is a UK registered business so there is no transfer of personal data outside the EU. If such a transfer is required, then informed consent will be obtained before said transfer is made.
We take the security of all data extremely seriously and utilize multiple technologies, processes and protocols to protect against the loss or theft of personal data, including (but not limited to): access controls, data backups, passwords, reputable third parties et al. This being said, although we invest at a commercially reasonable level, no software platform or data storage can be 100% secure; thus, we cannot make guarantees relating to data security.
We use personal data for various activities including (but not limited to) safeguarding, delivering and improving our Services to you, such as:
- Fulfilling, maintaining and improving the Services;
- To answer your Service questions and otherwise deliver customer service;
- To process your payments, we share and use external payment processors (PayPal);
- To control, monitor and prevent unauthorized use or abuse of the Services;
- To analyze trends, usage patterns, demographic data, or other data to optimize the Services (Google Analytics);
In simple terms, we do not sell, distribute or lease any personal information outside of our business, without obtaining Informed Consent, unless we are legally required to do so, or there is a ‘good faith belief’ such action is absolutely necessary. For example, if Stratigen or its Services are involved in a merger, acquisition or sale, then personal data might be transferred; in this case, we will provide advance notice. Disclosure could also be required to: protect the rights or assets of our business; prevent or investigate a wrongdoing related to our Services; support a legal request from a recognized legal authority; and/or, protect the safety of users of the Services et al.
We use third-parties (including, but not limited to those listed, beneath) to monitor, analyze, support, promote and enhance our Services. In some cases, these providers will use personal data to fulfil their contractual obligations (with us), when we request them to perform various services on a legitimate interest basis:
- Google Analytics is a web analytics service offered by Google that tracks and reports website traffic and usage: http://www.google.com/intl/en/policies/privacy/
- PayPal processes payments: https://www.paypal.com/webapps/mpp/ua/privacy-full
For the avoidance of doubt, we do not support Do Not Track (“DNT”) technologies (DNT is a web browser setting that requests that a web application disable its tracking of an individual user).