Last updated 12.02.2024
1. What Is It For?
2. Types and Purposes of Processing.
2.1. Types of Personal Data We Process. We may collect and process different personal data about you depending on your type of interaction with the Website and the level of engagement in our Services. If you simply entered the Website with any purpose or without it, we collect the following personal data of yours:
- HTTP cookies: data regarding web traffic identifier, cross-site requests identifier, browser ID, Website requests statistics, Website activity statistics, number of visits of Website, average time spent on the Website, loaded Website pages, displayed adds, your IP address, geographical location, visited websites, clicked adds, return visits across websites, websites’ re-entering identifier, accessed browser pages,
- HTML cookies: data regarding your behavior on the Website, your user’s history across devices and marketing channels and other necessary cookies.
You can access more information regarding the cookies collected through the Website via the link: https://gdoc.io/cookie-policy/ If you filled in the support form available via the link https://gdoc.io/contact-us/ and sent to Us the support request, we additionally collect the following personal data of yours:
- Your name;
- Telephone number;
- Email address;
- Any personal data you specified in the message field.
2.2. Purposes of Personal Data Processing. We collect and process your personal data for such purposes as:
- polite appealing to you;
- communication with you;
- providing you with the support regarding the use of the Website and free templates of documents available on the Website
- determination of your country of location in order to understand the scale of Services’ distribution;
- performing of the agreement between you and our company;
- prevention of frauds related to the provision of Services and use of free templates of documents available on the Website;
- sending you the most relevant advertising materials regarding the Services;
- analysis of the Services’ quality and forecasting of your needs;
- improvement of the free templates of documents available on the Website;
- displaying of the online advertising on the Website;
- targeting of Services.
3. General Provisions.
3.1. Applicable Legislation. While collecting and using of the personal data the Company becomes a subject to various legislation that governs the matters of how such activities may be carried out and the safeguards that must be put in place to data protection. The Company adheres to all conditions and requirements stipulated by the current European legislation, including without limitation the General Data Protection Regulation as well as other international legislative acts concerning data protection. 3.2. Subject Scope of this Policy. This Policy applies to you, all Company’s employees, independent contractors, customers, interested persons and all other subjects that directly or indirectly participate in the personal data processing, including Data Subjects who visit the Website as well as its subdomains. 3.3. Data Subject Consent. We obtain data from you under your permission and consent, or may receive personal data from the Publisher or other contractors to whom you have given consent to transfer such information to Us in accordance with this Policy, including consent to the further transfer of your personal data to out contractors, as well as to involve our other partners in processing of such data. 3.4. Data Protection Authority (DPA). You have a right to apply to the Company or to the DPA about you personal data breach if you become aware of it earlier than the Company. Data Protection Authority (the “DPA”) means an independent public authority which is established by a Member State pursuant to the provisions of GDPR. We have no establishment within the EU. Therefore, for the purposes of this Policy, the DPA means the supervisory authority of a Member State where you are active. You have the right to lodge a complaint with a respective supervisory authority if you consider that the processing of personal data related to you infringes the provisions of the applicable data protection legislation.
4. Lawfulness of Processing.
4.1. General Rules. We process your personal data on the basis of the consent which is provided through the Consent Form. Consent Form specified the information on the means of processing as well as on the period for which such personal data are to be stored, including the precise information concerning the purposes of processing. We provide you with the Consent Form before collecting your personal data. It is presumed that by giving the consent you acknowledge and accept all terms and conditions specified in the Consent Form and this Policy. We undertake our best efforts to be able to demonstrate, if required, that we obtain consent for processing of your personal data. By providing consent to processing of your personal data, you confirm you are eighteen (18) years of age or older. 4.2. Processing of Personal Data. If you simply entered the Website with any purpose or without it, We start to collect your personal data when you enter the Website. We process your personal data on the basis of the consent which you provide through pop-up notification ad displayed on the Website. We provide you with this ad at the moment you enter the Website. If you filled in the support form available via the link https https://gdoc.io/contact-us/ and sent to Us the support request, We start to collect your personal data since the moment you have sent Us such request. We process your personal data on the basis of the consent you provide through the Consent Form before sending the request. The consent is considered to be provided after you have pressed the “I agree to the processing of personal data” under the support request form 4.3. Categories of Personal Data We Do Not Process. We do not collect and/or process the sensitive data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (the “Sensitive Data”). We do not collect and/or process any other personal data of Data Subjects except the data determined under this Policy. We also collect personal data strictly within the amount needed for the purposes of processing specified herein. 4.4. Personal Data Breach. We undertake to reduce the data breach risks that may lead to the breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (the “Personal Data Breach”). We select contractors with an impeccable reputation and conclude confidentiality agreements with them in this regard.
5. Data Subject Age.
5.1. We collect the personal data on the basis of consent obtained from the Data Subjects who have reached the age of 18 years. 5.2. After giving the consent to Company, the you acknowledge that you have reached the age of 18 years and have all rights to provide Us with the consent for your personal data processing. 5.3. If you know that We process data of person under 18 years old, please inform Us about this by writing to e-mail address: firstname.lastname@example.org
6. Withdrawing of Consent.
6.1. General Information. You are entitled to withdraw the consent at any time you wish. 6.2. Request Submission. The withdrawal of the consent is considered to be properly made after you have sent the letter of withdrawal to the following e-mail address: email@example.com. 6.3. Withdrawal Procedure. We will examine the appropriate request for withdrawing of the consent and will make a decision regarding such request as soon as possible taking into account the adequate and cost-effective measures for processing of Data Subjects’ requests.
7. Personal Data Storage.
7.1. After expiration of the period of storage, We will delete your personal data or ask you to provide Us with a new consent if the necessity of processing remains relevant for Us or another purpose of processing appears. 7.2. We may stop storing your personal data in future and delete the earlier collected personal data of yours at any time if such personal data are not needed anymore. Herewith, We are obliged to notify your that your personal data are deleted. 7.3. We may keep storing your personal data if a subsequent processing is foreseen by law and is deemed relevant for a purpose which is not compatible with the original purpose of processing stated in this Policy. Herewith, the incompatible purposes mean the purposes concerning archiving in the public interest, scientific, statistical or historical use.
8.1. Who Is the Processor? During the processing of your personal data, We may involve individuals or legal entity, state authority, agency or any other entity that processes personal data on our behalf (the “Processor”). 8.2. General Rules. We involve Processors to receive a support regarding the storage, analysis, transfer, structuring, organization and other necessary ways of processing of your personal data. We involve every Processor without exception under the same conditions as other Processors and acts only according to Our instructions and within the scope of the appropriate agreement We concluded with it. Every Processor is responsible for the adherence of the provisions of GDPR as well as for other legislative actions concerning data protection while processing your personal data. The Processors are not entitled to define any additional purposes and means of the your personal data processing.
9. Data Subjects’ Rights.
9.1. List of Rights. You are entitled to exercise any of the following rights: a. right to access. you have a right to know whether your personal data are being processed and if so, access such data. b. right to rectification. If the personal data are inaccurate, the respective you are entitled to ask Us to correct them indeed. c. right to erasure or right to be forgotten. You have a right to obtain from Us the erasure of the your personal data without undue delay and We have the obligation to erase such personal data without undue delay. d. right to restriction of processing. You have a right to limit processing of your personal data with several exceptions under the scope of the GDPR. e. right to be informed. We are obliged to inform you what your personal data are being collected, how are they being used, how long will they be kept and whether they will be shared with any third parties. This information must be communicated concisely and in plain language. f. right to data portability. You are permitted to obtain and reuse your personal data for your own purposes across different services. This right only applies to personal data that you have provided Us with by way of the consent. g. right to object. You can object to the processing of personal data that We process. We must stop processing of personal data unless We can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights and freedoms or if the processing is undertaken for the establishment or exercise of defense of legal claims. h. right not to be subject to a decision based solely on automated processing. You have a right to object to any automated profiling which means any form of automated processing of personal data intended to evaluate certain personal aspects relating to you, or to analyses or predict your performance at work, economic situation, location, health, personal preferences, reliability, or behavior (the “Profiling”), that is occurring without consent. Herewith, you have a right to request your personal data to be processed with the human involvement. 9.2. How You May Exercise These Rights. You can exercise any and all of your rights provided hereinabove by sending request to the e-mail address: firstname.lastname@example.org 9.3. Period of Rights’ Exercising. These are the timescales within which We will exercise the rights stated above (the period starts from the moment We receive the request): a. Right to be informed – when data is collected; b. Right to access – 2 weeks; c. Right to rectification – 2 weeks; d. Right to erasure – without undue delay; e. Right to restrict processing – without undue delay; f. Right to data portability – 2 weeks; g. Right to object – on receipt of objection; h. Rights in relation to automated decision making and profiling – 2 weeks.
10. Data Protection Officer.
11.1. We are responsible for ensuring that any personal data that We hold and for which We are responsible, are kept securely and are not under any conditions disclosed to any persons unless that persons has been specifically authorized by Us to receive that information and has entered into a respective confidentiality agreement. 11.2. All personal data are accessible only to those who need to use it. We treat all the personal data with the highest security.
12. Data Breach Notification.
12.1. Assessment of Risks. We take all reasonable steps to minimize the risk of the personal data breach while processing the personal data. We conduct the risk assessment to determine whether the risk to your rights and freedoms are sufficiently high to justify notification to them. 12.2. Obligation of Company If Data Breach Occurred. In the case of a personal data breach, We, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the DPA, unless the personal data breach is unlikely to result in a risk to your rights and freedoms. Also, in the case of a personal data breach, which is likely to result in a high risk your rights and freedoms, We, without undue delay, notify the appropriate Data Subject the personal data of which were breached. If measures have subsequently been taken to mitigate the high risk to you so that it is no longer likely to happen, then communication with you is not required under the GDPR. We document all personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the DPA to verify compliance with the GDPR.
13. Data Transfer.
13.1. We store personal data in USA. 13.2. We do not sell or trade your personal data to any legal persons or individuals. 13.3. We may transfer your personal data to its contractors. We transfer your personal data based on GDPR and adequacy decision if needed. 13.4. We transfer your personal data for the purposes and by using the means defined under this Policy.
14.1. General Information. We hereby assure and warrant that We do not involve any discrimination of Data Subjects because of the Data Subjects’ exercising of any of their rights, including, but not limited to, by: a. Denying goods or services to Data Subjects; b. Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, except as provided under this Policy; c. Providing a different level or quality of goods or services to Data Subjects; d. Suggesting that Data Subjects will receive a different price or rate for goods or services or a different level or quality of goods or services, except as provided under this Policy 14.2. Exception. Notwithstanding the clause 14(1) provided hereinabove, after a prior notification, We may offer a different price, rate, level, or quality of goods or services to you if such price or difference is directly related to the value provided to you by your personal data. 14.3. Disclaimer. Our denial of Data Subjects for reasons permitted by the applicable laws shall not be considered discriminatory.
15. Additional Conditions.
15.1. A current version of this Policy is available to all subjects concerned on the Website. 15.2. We may revise this Policy from time to time but no less than once at every 12 months. If We make material changes to this Policy, We will notify you by e-mail or by posting a notice on the Website prior to the effective date of the changes. By continuing to access or use the Website after those changes become effective, you agree with the changes applied to this Policy.