Privacy Notice

Last updated: December 15, 2024

Welcome to COOLECT, the application available at https://www.coolect.app (the "Application", "COOLECT").

This document ("Privacy Notice") explains why and how we collect, use, store, and share your personal data if you communicate with us or simply visit our website. We take your right to privacy seriously and are committed to complying with the General Data Protection Regulation ("GDPR") and other privacy laws.

By registering to use our services or visiting our website, you acknowledge that we have provided this Privacy Notice in accordance with the GDPR. You also confirm that you find its content clear and fair and have no objections to the processing of your personal data. If you have any concerns or questions, we encourage you to contact us immediately.

Data Controller

As the data controller responsible for collecting and processing your personal data according to this Privacy Notice:

Greenovation Strategy LLC
Registered office: Ulica Roberta Frangeša - Mihanovića 9, Zagreb, Croatia
Email: info@coolect.app

As the data controller, we determine the purposes and means of processing your personal data. If you have any questions or concerns about how your personal data is processed, or if you wish to exercise your rights under data protection regulations, please feel free to contact us using the above information.

Purpose of Processing; Types of Data

We process your personal data for the following purposes. For each purpose, we have listed the types of personal data that may be relevant.

If you are a user of the Application:

  • Provision of Services: We process your personal data to provide you access to and functionality of the Application, including user registration, account management, and provision of services available on the Application. This processing is necessary for the performance of the contract between us that arises from your registration. Types of data include name, email and other contact information, organization you are associated with, login data, usage data.
  • Customer Support and Communication: We use your personal data to communicate with you, provide customer support, respond to inquiries, and send important notifications related to your account and our services. Types of data include contact information, communication history (support, emails), user preferences.
  • Security and Integrity of the Application: We may process certain personal data to maintain and protect the security and integrity of the Application, prevent fraud, ensure the availability of the Application, and to detect and respond to potential security threats or unauthorized access. Types of data include usage data, device information, IP address, login history.
  • Service Improvement: We process your personal data to improve the performance, functionality, and user experience of the Application, including troubleshooting, system maintenance, and feature enhancement. Types of data: usage data, interaction data, feedback, error logs.
  • Compliance with Legal and Regulatory Obligations: We process personal data to comply with legal obligations, including fulfilling our data protection compliance obligations. Types of data: contact details, account data, usage data, and other necessary legal compliance information.

If you are a visitor to our website:

  • Website Usage and Analytics: We collect data about your visit to analyze visitor behavior, improve user experience, and optimize content. Types of data: IP address, browser type, device information, visited pages, time spent on pages.
  • Cookies and Tracking Technologies: We use cookies and other tracking technologies to collect data about your website usage, improve your experience, and analyze performance. More details can be found in our Cookie Policy. Types of data: cookie IDs, usage data, user preferences, device information.

Other Purposes:

  • Marketing: If you subscribe to our newsletter or other promotional communications, we process your data to send you notifications and other materials. You can unsubscribe at any time. Types of data: contact details, user preferences, communication history.
  • Business Interactions: If you consider using our Application as a business partner or client, or in other business communications, we process your personal data for discussions, information sharing, and potential cooperation or contract formation. Types of data: contact details, organization affiliation, communication history (especially emails).

Legal Bases for Processing

We process your personal data on the following legal bases, depending on the purpose of processing:

Performance of a Contract:

We process your personal data if necessary for the performance of a contract with you. This includes providing access to the Application, delivering services, managing your user account, and communicating about our services that you use. This primarily applies to Application users and is essential for enabling its functionality and the services we provide.

Legitimate Interest:

In certain cases, we process your personal data based on our legitimate interests. This includes ensuring the security of our Application, improving our services, preventing fraud, maintaining user satisfaction, and conducting business communications (e.g., with potential clients or business partners). We will always strive to ensure that legitimate interests do not override your rights or freedoms, and we are committed to protecting your privacy.

Legal Obligation:

We may process your personal data to fulfill legal obligations. This includes responding to legal or regulatory requirements, such as requests from supervisory authorities or other obligations under applicable data protection regulations.

Consent:

In specific circumstances, we will request your explicit consent to process your personal data for particular purposes. You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. The following activities require your consent:

  • Marketing Communications: If you subscribe to our newsletter or other promotional notifications, we process your personal data to send you marketing materials related to our services.
  • Cookies and Tracking Technologies: To improve your experience, we use cookies and other tracking technologies on our website and Application. We will request your consent before setting cookies or other tracking technologies that are not necessary for the operation of the site. You can manage your cookie settings through your browser settings or within your account settings on the Application.

Data Retention

We retain your personal data only for as long as necessary for the purposes for which they were collected, and in accordance with applicable laws and contractual obligations. We will determine the period of personal data retention based on the following criteria:

  • Purpose of Data Processing: We retain your personal data for as long as necessary to fulfill the purpose for which they were collected. Once the purpose is no longer relevant or has been achieved, your data will be securely deleted or anonymized.
  • Applicable Regulations: We may retain certain types of data for periods required by specific regulations. In such cases, we will keep your data for as long as necessary to fulfill these obligations.
  • Contractual Obligations: Personal data may be retained for the duration of the contractual relationship with you, and after the termination of the contract, they will be stored for an additional period for purposes such as dispute resolution.
  • Legitimate Business Interests: If we process your data based on legitimate interests, we will retain them for as long as necessary to achieve those interests. When they are no longer applicable, your data will be securely deleted or anonymized.
  • User Account Activity: If you are a user of the Application, personal data associated with your user account will be stored while your account is active, and for some time after deactivation to fulfill any contractual obligations that still apply or to resolve certain issues.

Data Sharing and Disclosure

We do not sell your personal data. However, to provide our services, we may need to share it with trusted third parties. Below are the categories of recipients with whom we may share the personal data we collect:

External Service Providers

We collaborate with various service providers who assist us in maintaining and delivering our systems, website, Application, and services. These providers aid in functions such as cloud hosting, data storage, technical support, customer service, and data analysis. All these providers are contractually obligated to protect your personal data and may use the data only for the purposes specified in our agreements.

Integrations

If certain parts of our Application can be integrated with other applications or services, it may be necessary to share your personal data to enable such integrations. Third parties providing these applications or services process personal data in accordance with their own policies; we recommend reviewing them to understand how they process your personal data. We note that we cannot guarantee that these third parties follow our privacy protection practices.

Marketing Partners and Advertising Networks

We may share personal data with marketing partners and advertising networks to personalize advertisements and improve our marketing campaigns. These partners may use your data to display targeted ads on various platforms. You can manage ad settings or opt out of certain types of advertising in your account settings or by using external privacy tools.

Regulatory Compliance

If we are subject to an obligation that involves disclosing personal data, we may disclose it to authorities responsible for enforcing regulations. This may include responding to legal requests, complying with court orders, or fulfilling other obligations. In such cases, we will share only the personal data necessary to fulfill these legal requirements, while taking all measures to protect your privacy to the greatest extent possible.

Professional Advisors

We may share your personal data with our advisors such as legal counsel, accountants, auditors, and others to ensure compliance with regulations or contractual obligations. These advisors may also be necessary for resolving disputes or facilitating business transactions.

Affiliated Companies

We may share your personal data with affiliated companies in our corporate group. This helps us provide consistent services across all business activities, improve the Application's functionality, and enhance user experience. All data about you shared within our corporate group will continue to be protected under the terms of this Privacy Notice.

Business Transfers

If our company participates in a merger, acquisition, or sale of assets, your personal data will be transferred to the new owner as part of the transaction. In this case, we will notify you in advance, and your data will continue to be subject to this Privacy Notice. The company that assumes ownership will also be obligated to comply with applicable data protection regulations.

Data Security

We take the security and confidentiality of your personal data seriously. We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or disclosure. The measures we implement include the use of encryption, access control, and regular testing of the effectiveness of our security systems.

We ensure that your data is processed in a secure environment, protected from any risks such as unauthorized access, modification, or destruction. We also maintain procedures for restoring access to personal data in the event of a technical incident.

In accordance with GDPR, we apply security practices for the protection of personal data that are common in this business sector. Our systems are designed to protect and ensure the confidentiality, integrity, availability, and resilience of our services. Finally, we regularly assess the security measures we apply to ensure they remain effective.

International Data Transfer

In principle, your personal data will always remain within the European Economic Area (EEA). However, we may occasionally transfer and store them in other countries as well. If this occurs, we commit to taking appropriate measures to ensure that the transferred personal data remains protected in accordance with applicable regulations.

We are committed to protecting your privacy and ensuring that any transfer of personal data outside the EEA is secure. This typically includes mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission, which provide an appropriate level of protection for personal data transferred internationally.

We take all reasonable steps to ensure that your data is processed in accordance with the highest standards of privacy and security, even when processed outside the EEA.

Automated Decision-Making

We do not conduct any automated decision-making processes that have legal effects on you or similarly significantly affect you. In other words, we do not use automated systems or algorithms to make decisions that could impact your rights, obligations, or any other aspect of your relationship with us in a legally binding or materially significant manner.

Should we introduce such automated decision-making processes in the future, we will ensure that they fully comply with applicable regulations. We will provide clear and transparent information about how these processes function and inform you of your rights in relation to such processing.

Your Rights Under GDPR

Under the GDPR, you have various rights concerning your personal data that we hold. These rights allow you to manage, review, and control how your data is processed. Your rights are as follows:

Right of Access

You have the right to request access to the personal data we hold about you. This right enables you to obtain a copy of your data and verify its accuracy. You can also request information about how your data is processed, including the purposes of processing, categories of data we process, and recipients to whom your data might be disclosed.

Right to Rectification

If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. We will strive to keep your data accurate and up-to-date.

Right to Erasure (Right to be Forgotten)

Under certain conditions, you may request the deletion of personal data concerning you. This right may apply when the data is no longer necessary for the purposes for which it was collected, if you withdraw your consent (where consent is the legal basis for processing), or if you object to the processing and there are no legitimate grounds for continued processing that would override your interest in deletion.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data. This means that, while we may continue to store the data, we will limit how we process it in certain situations. For example, you may request restriction if you contest the accuracy of the data or if you object to processing, but please note that we will still need time to assess your request.

Right to Data Portability

You have the right to receive personal data in a structured, commonly used, and machine-readable format. You may request that we transfer your personal data directly to another controller, where technically feasible.

Right to Withdraw Consent

If we process your personal data based on your consent as the legal basis, you have the right to withdraw that consent at any time. After withdrawal, we will cease processing your data unless we have another legal basis for continued processing, such as fulfilling a legal obligation.

Right to Object

You have the right to object to the processing of your personal data at any time. This includes situations where we process your data based on legitimate interests or for direct marketing purposes. If you object, we will cease processing the data for these purposes unless we have compelling legitimate grounds for continued processing.

Right to Lodge a Complaint

If you believe that we are not processing your personal data in compliance with regulations, you have the right to lodge a complaint with a supervisory authority. In the EU, this is typically the data protection supervisory authority in your country of residence or in the country where the alleged infringement occurred.

To exercise any of the above rights, or if you have any questions regarding the processing of your personal data, please contact us using the contact details provided above. We will respond to your request within a reasonable timeframe, in accordance with applicable data protection laws.

Please note that some rights may be subject to limitations or exceptions. If we are unable to fulfill your request, we will explain the reasons for this.

Amendments to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our data processing practices, business operations, or to align this document with regulatory changes. When we make certain changes, the updated Privacy Notice will be published on our website with a clearly marked effective date.

We recommend that you regularly review this Privacy Notice to stay informed about how we protect your personal data and to ensure that you are aware of all updates. If there is a significant change that affects your rights, we will notify you in advance, in accordance with applicable data protection regulations.

LAST UPDATED: December 15, 2024