Last update date: 17.09.2024
I. POLICY ON HANDLING PERSONAL INFORMATION
- The policy on handling personal information (hereinafter “Privacy Policy”) adopted by Lanro System Limited, with the registration number 15797516 (referred to as the “Company” or “Data Manager”), aims to inform individuals (the “data subjects”) about the objectives, legal basis, extent, security measures, and duration of personal information handling from the moment of collection to the processing of the individual’s personal information.
II. DATA MANAGER AND CONTACT DETAILS
- The entity responsible for personal data management is the Company, located at 5 Brayford Square, London, United Kingdom, E1 0SG.
- For inquiries related to personal data handling and to submit requests or complaints regarding data protection breaches, contact the Company via email at info@infopleasuretoys.cluib.
III. BASIC TERMS
- Personal information refers to any data that can identify a living person directly or indirectly.
- This Privacy Policy ensures the safeguarding of individuals’ privacy and personal data concerning various categories of data subjects, collectively termed “clients”:
- Individuals who are clients of the Company (potential, past, and current), their agents, property owners, and other affiliates;
- Individual representatives of the Company’s business clients, and their contacts;
- Visitors to the Company’s physical locations, including those under video surveillance;
- Users of the Company’s online platforms;
- Persons whose personal data is processed on social media in relation to the Company’s events.
- The Company commits to protecting client privacy and personal data, upholding the right to lawful data handling as per relevant laws – the Personal Data Processing Law, the General Data Protection Regulation (GDPR) (EU) 2016/679, and other pertinent privacy and data handling regulations.
- The Privacy Policy covers all forms of data submission and processing by the Company, whether direct, via the Company’s website, electronically, on paper, or over the phone.
- In its data handling practices, the Company adheres to principles of:
- Legality and fairness;
- Transparency;
- Specific purpose limitation;
- Data minimization;
- Accuracy;
- Storage limitation;
- Security;
- Accountability.
IV. OBJECTIVES FOR HANDLING PERSONAL DATA
- The Company processes personal data for purposes including:
- Service provision and sales;
- Client identification;
- Agreement drafting and execution;
- Fulfilling contractual commitments;
- Developing new offerings;
- Marketing and promotional efforts;
- Customer support;
- Addressing complaints or claims;
- Managing payments;
- Debt recovery;
- Enhancing website and app functionality;
- Business planning and analytics;
- Ensuring customer and property security;
- Various specific goals.
- Data may also be processed for other purposes aligned with the original intent, provided the rights of the data subject are safeguarded.
V. LEGAL GROUNDS FOR DATA PROCESSING
- Personal data processing by the Company is primarily based on:
- Contractual necessity – to finalize and fulfill agreements based on client requests or verbal commitments to purchase a service;
- Legal obligations – to comply with applicable legal requirements;
- Consent from the data subject;
- Legitimate interests – to pursue the Company’s or a third party’s legitimate interests derived from obligations, contracts, or other lawful bases.
- The Company’s legitimate interests include:
- Business operations;
- Identity verification before service provision;
- Contractual duty fulfillment;
- Retaining service-related client communications;
- Service development and enhancement;
- Marketing its services;
- Contract-related communications and customer service surveys;
- Fraud prevention;
- Effective corporate governance and business management;
- Service quality and payment administration;
- Security measures including video surveillance;
- Publicly sharing information about the Company’s activities;
- Other established legitimate interests.
VI. PROTECTING PERSONAL DATA
- The Company employs modern technological solutions, considering potential privacy risks and the available organizational, financial, and technical resources, to protect client data through measures like firewalls, intrusion detection and prevention systems, and other current technological safeguards.
- Measures for securing information, including personal data, are outlined in the Company’s internal policies on information security and system use.
VII. DATA RECIPIENT CATEGORIES
- The Company does not share any client personal data or service-related information with third parties, except under specific conditions such as with explicit client consent, to contracted data processors, for legitimate interests, or when required by law to protect the Company’s lawful interests.
VIII. TRANSFERRING PERSONAL DATA
- The Company may share personal data with third parties as needed for business operations, ensuring confidentiality and data protection.
- Data may be shared with suppliers, subcontractors, and partners assisting in business and customer service, provided these parties commit to using the data solely for the agreed purposes and in line with legal requirements.
IX. DATA PROCESSING GEOGRAPHY
- While the Company mainly processes data within the EU/EEA, certain circumstances may necessitate data handling in other regions.
- Data transfers outside the EU/EEA are conducted on a legal basis, with appropriate safeguards to ensure data protection, such as contractual agreements aligned with GDPR standards or transfers to countries recognized by the European Commission as providing adequate data protection.
X. DATA RETENTION PERIOD
- The Company retains personal data based on the processing purpose, legal retention requirements, and the timeframe within which claims against the Company can be made, ensuring evidence preservation.
- Once these conditions no longer apply, the Company either deletes or anonymizes the data.
XI. DATA SUBJECT RIGHTS
- Data subjects have rights regarding their data, as outlined in applicable laws.
- These rights include accessing, correcting, deleting, or limiting data processing, objecting to processing, and data portability, subject to legal restrictions.
- Requests to exercise these rights can be made in writing or electronically, with the Company verifying the requester’s identity and responding in compliance with legal standards.
XII. CONSENT AND WITHDRAWAL
- Data subjects can withdraw consent for data processing at any time, with such withdrawal not affecting the legality of prior processing based on consent.
- Withdrawal does not impact data processing based on other legal grounds.
XIII. COMMERCIAL MESSAGES
- The Company sends commercial messages about its or third-party services with legal compliance or subject consent.
- Consent for commercial messages is valid until withdrawn, with options for opting out provided in various formats.
XIV. WEBSITE USAGE AND COOKIES
- The Company’s websites utilize cookies, with users informed via a pop-up notice.
- Cookies enhance user experience, with browser settings allowing users to manage cookie preferences.
XV. CONCLUDING REMARKS
- This Privacy Policy is subject to updates, with the Company committed to informing data subjects in a clear and comprehensive manner.
Data Security
We implement a variety of security measures to protect your personal information when you make purchases or interact with our website. These include data encryption, strict access controls, and ongoing security evaluations to prevent unauthorized access, changes, disclosure, or destruction of your personal data.
GDPR and Data Protection
We comply with the General Data Protection Regulation (GDPR) by taking necessary technical and organizational steps to secure and maintain the confidentiality of your personal data. This involves regular audits, staff training, and adherence to key data protection principles.
Extra-EEA Transfers of Personal Data
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure these transfers comply with relevant data protection laws and implement sufficient safeguards, such as standard contractual clauses or other legal mechanisms, to protect your information.
Strong Customer Authentication (SCA)
We comply with Strong Customer Authentication (SCA) requirements to enhance the security of online transactions. SCA utilizes two or more verification factors (knowledge, possession, or inherence) to confirm our customers’ identities during the payment process, in line with PSD2 regulations.
PSD2 Requirements
We adhere to the Payment Services Directive 2 (PSD2) regulations, which mandate the implementation of SCA for most online card transactions. This ensures that our customers complete a two-factor authentication process before finalizing a payment, increasing security.