Privacy Policy
Data Collection and Retention
Types of data collected:The owner does not disclose an exhaustive list of personal data types collected.
Complete details on each type of personal data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the data collection.
Personal data encompassing usage data is collected automatically during the client's usage of the application. Personal data may also be freely provided by the user.
Unless explicitly stated, all data requested by this application must be provided. Failure to provide requested data may result in denial or inability to deliver services.
Users may refuse to transmit data that this application marks as not mandatory without any consequences to service availability and functionality.
If uncertain about whether a given set of personal data must be transmitted users may contact the owner.
Any use of cookies - or of other tracking tools - by this application or by the operators of third-party services employed by this application is done with the intent of providing the user the current service, in addition to any other purposes described in the present document.
Users are responsible for any third-party personal data obtained, published or shared through this application and confirm that they have the third party's consent to provide the data to the owner.
Methods, Location and Internal Authorisation of Data Processing
The owner takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data.
All data processing is carried out using computers and IT infrastructure following strict organizational procedures.
In addition to the owner, in some cases, the data may be accessed by certain individuals involved within the operation of this application (sales, marketing, legal, administration, system administration) or of external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed as data processors by the owner.
The updated list of these parties may be requested from the owner at any time.
Legal basis of processing
The owner may process personal data relating to users if one of the following applies:
- The user has given their consent after being informed of the manner and purposes of data collection and treatment.
- The provision of data is necessary for the performance of an agreement with the user or for any pre-contractual obligations between the company and user.
- Data processing is statutorily enforced within the jurisdiction the company operates in.
- Data processing is carried out in the interest of the public and/or at the command of an official regulatory body.
- Data processing is a necessity for the commercial interests of the owner and/or an auxiliary third party.
In any case, the owner will gladly help to elucidate the specific legal basis that applies to the processing of data, and in particular whether the provision of personal data is a statutory and/or contractual requirement.
Jurisdictional / Border Laws
The data is strictly internally processed in situ, in our operating offices. Externally, it may be handled by third parties at legally recognised operational sites.
Contingent upon the user's location, data may have to be transferred across national borders. To find out more about the transnational processing of data, users are referred to the section on personal data processing.
Users are encouraged to inform themselves on the legal basis of data transfers to countries outside of the European Union. We also encourage users to inform themselves about international law within the context of E.U intra-border data regulation, namely the G.D.P.R.
Users may procure information about how their data is safeguarded by the company by reading the relevant sections of this document.
Inquiring with the owner via the information provided in the contact section is recommended if anything is unclear.
Data Retention Periods
Personal data that has been processed may be stored as long as is legally allowed. Exact data retention time varies contingent upon the purpose the data has been collected for.
The user is hereby informed that upon consummating a contract with the owner their data may be dutifully retained until the contract has expired. Contract expiration entails complete erasure of personal data.
The following rights - right to access, right to erasure, right to rectification and the right to data portability - are unenforceable after expiration of the data retention period.
Data may be retained past the expiration date of a contract provided the customer's informed consent has been given.
If legally obliged by a relevant overseeing authority, the owner may retain certain data past the expiration point of a contract without having to inform the subject of said data.
Users that wish to find out about the legitimate commercial interests pursued by the owner in relation to their data may do so by consulting the relevant sections of this document or directly contacting the owner.
The Rights of Users
Users may exercise certain rights regarding their processed data.
- Withdrawal of Consent - Users may rescind consent to data processing and retention where it has been previously granted.
- Objection to Data Processing - Users have the right to object to the processing of their data if they suspect the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Data Access and Inquiry into the Processing Procedure - Users have the right to learn if data is being processed by the owner, alongside the scope and methodology of said processing. Users may also procure a copy of their data that is being processed.
- Accuracy Verification and Rectification - Users have the right to verify the accuracy of their data and request it to be updated or corrected.
- Restrict Data Processing - Users have the right, under certain circumstances, to restrict the processing of their data. In this case, the owner will not process their data for any purpose, resorting to only storing it.
- Receive their Data and Transfer it to another Controller - Users have the right to receive their data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user's consent, on a contract which the user is part of or on pre-contractual obligations thereof.
- Legal Complaints - Users have the right to file a claim before their competent data protection authority.
Details about the right to object to processing
Users should be aware that their personal data may be accessed by a relevant authority, which may subpoena or otherwise compel the data controller to disclose it. Users retain the right to object to such disclosure by providing reasonable grounds related to their particular situation.
Users should also know that should their personal data be processed for direct marketing purposes, they can object to its processing at any time without having to provide a justification.
To learn whether the owner is processing personal data for direct marketing purposes, users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise user rights can be directed to the owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the owner as early as possible and always within one month.
Legal Action
The user's personal data may be used for legal purposes by the owner in court or in stages potentially leading up to legal action arising from improper use of this application or its related services. The user is hereby informed that the owner may be required to reveal personal data upon request of public authorities.
Additional information about user's personal data
In addition to the information contained in this privacy policy, this application may provide the user with additional and contextual information concerning particular services or the collection and processing of personal data upon request.
System logs and maintenance
For the purposes of daily operation and maintenance, this application and any auxiliary third-party systems may keep digital records of interactions with this applications (system logs). Personal data such as I.P addresses may be recorded within these system logs.
Information not contained in this policy
More details concerning the collection or processing of personal data may be requested from the owner at any time. Please consult the contact information at the end of this document.
How Do Not Track
requests are handled
This application does not currently support Do Not Track
requests. To determine whether any of the third-party services it uses honor Do Not Track
requests, please read their privacy policies.
Changes to this Privacy Policy
The owner reserves the right to make amendments to this privacy policy at any time by notifying its users via this page, the application itself, or – as far as technically and legally feasible – via sending a notice to users through any contact information recorded by the owner.
It is strongly recommended to check this page often, referring to the date of the last modification listed at the top of the document.
Should the changes affect processing activities performed on the basis of the user's consent, the owner shall collect new consent from the user, where required.
Newsletter
By registering to our newsletter, the user's email address will be added to our contact list of users who may receive email messages of a commercial or promotional nature from us.
Please note that your email address may also be added to this list after an account sign-up or a successful purchase.
Google Analytics
Google Analytics is a web analysis service provided by Google LLC ("Google"). Google utilizes the data collected to track and examine the use of this application, to prepare activity reports, and to internally coordinate various Google services.
Google may use the data collected to personalize the ads they provide users via their own advertising network.
Cookies and service usage data encompass the personal data collected towards this scope. You can read more here.
Cloudflare
Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. Cloudflare is integrated such that it filters all the traffic routed through this application (communications between this application and the user's browser), consequently enabling analytical data collection.
Cookies and a limited amount of service usage data encompass the personal data collected towards this scope. You can read more here.
Usage Data
Information collected automatically through this application (or by third-party services employed by this application), which can include: the IP addresses or domain names of the computers utilized by users, URI addresses (Uniform Resource Identifiers), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the HTTPS code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the user, time-elapsement details (such as the time spent on a particular page of the application), the sequence of pages visited, and other parameters about the device operating system and/or the user's IT environment.
User
The individual using this application who, unless otherwise specified, coincides with the data subject.
Data subject
The natural person to whom the personal data refers.
Data processor (or data supervisor)
The natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller, as described in this privacy policy.
Data controller (or owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including the security measures concerning the operation and use of this application. The data controller, unless otherwise specified, is the owner of this application.
Data application
The means by which the personal data of the user is collected and processed on the YourCarpet.com domain.
Service
Any service provided to the user upon accessing the YourCarpet.com domain.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Legal information
This privacy statement has been based on provisions of multiple legislations, including Article 5, Article 13 and Article 14 of Regulation of the (EU) 2016/679 (General Data Protection Regulation). If you would like to look up any section of the GDPR you may do so here.