1. Scope of Policy
This LeoPays Privacy and Information Security Policy applies to LeoPays s.r.o. ("LeoPays"), and all of its contractors, representatives, agents, and resellers while they are working on behalf of LeoPays (collectively “we” or “us”). LeoPays s.r.o. is a data controller of personal data processed in accordance with this policy. This policy applies to the following situations and activities that we engage in:
This means situations in which you or the users of your device or computer (collectively “you”) visit a website that we own or operate including LeoPays.com , or other websites under our direct control. This also includes circumstances where use a LeoPays service online, regardless of the site where you use it, or who owns or operates that site.
This includes calls for sales, service, or customer support. This policy will apply to any information that is collected from you when you call us.
Sometimes we may appear at a "live" or in-person event such as a trade show or promotion. If we collect any personally identifiable information in such a case, this policy will apply.
This refers to information that is collected from prospective LeoPays resellers at the time they apply to join the LeoPays reseller program. Certain information may be collected regarding the reseller or its individual representative(s), including contact information such as telephone number and email address. Similar information may be obtained regarding sub-resellers, where applicable.
When we refer to "personally identifiable information," "personal data," or "personal information," we mean information that can identify you such as name, identification number, email address, phone number, or other information that refers specifically to you. We generally do not mean information that only refers to a business or organization but does not describe any specific individual. We also generally do not mean information that has been "anonymized," or stripped of all identifiers that refer to you specifically.
2. Information We Collect When You Visit Our Website
Use of "cookies" and other similar technologies.
Google Analytics and Yandex.Metrika: In addition to the foregoing, we currently use two analytics tools: Google Analytics and Yandex.Metrika.
Google Analytics and Yandex.Metrika help us understand the use of our site by our visitors. Because Google Analytics and Yandex.Metrika require cookies to function, users who wish to avoid tracking by Google Analytics and Yandex.Metrika while on our site can disable cookies on their web browsing software (see above).
There are many opportunities to contact us via our website. There are links that allow you to reach us by email or by requesting online service or support. In general, the amount of information that we collect when you contact us will be in proportion to the nature of the contact. For example, if you contact us by email, we will require your email address in order to reply.
You may also join the Customer Portal at LeoPays.com . Certain features require registration in order to participate. When you register for the Support Portal you will be asked to provide your full name and email address, and select a password. No other information is required to register. This information is not shared with other users.
Third-party content and sites.
There may be times when we offer links to third-party sites such as Twitter, Facebook, or others.
3. Information We Collect When You Use our Service, Request Support, or Pay for Products and Services
When you use our services or request support.
We may at times collect personally identifiable information from you in the course of providing our services or support. This information may be collected from you verbally, from your computer, or via electronic communication (including communications between your computer and us, or other automated communications). If you request support we may offer you the option of accepting a remote session in which we take control of your device or computer; in such a case we may acquire information via communication between your computer and ours.
This information is collected to help us provide the service or support that you have requested.
We may at times request personal information such as name, home or work address, email address, telephone or mobile phone number(s), or other information by which we may identify you. This information is collected for identification purposes, and to confirm that transactions with you are legitimate and not with an imposter. We will not use this information for direct marketing purposes unless you "opt in" to receive such communications, except that we may notify you of similar products or services that we offer to the extent that we are permitted to do so by law. If you contact us for support, or initiate a transaction with us, we may suggest that you upgrade or update products or services. We may also contact you if your product license has expired or is about to expire.
In cases where you request individual support or assistance we may also ask you to provide information about your device or computer, your means of accessing the Internet, or your Internet service provider. This information may include, without limitation, your email address, IP address, information about your hardware and software, the URLs of sites you have visited, files stored on your computer (including potentially dangerous or infected files), email messages (whether stored on your computer or elsewhere), information regarding senders and receivers of email messages, and the like. This information is collected to help us to provide services and support, to identify and remove computer viruses, and to help us solve your technology problem(s). For purposes of this section we will use any such information only when providing individual support or assistance at your request, and will not retain such information any longer than necessary for this purpose. This information will not be stored in a way that identifies you personally in any record that we keep of your request for assistance.
The service provider may request billing information such as your name, home or work address, email address, telephone or mobile phone number(s), plus payment information including credit card number, expiration date, name of your issuing bank, and the like. The purpose of this information is to enable payment for products or services that you order. The third-party service provider may transmit some of your personal information to us, but not including payment information, unless you specifically agree (as may be the case in the event of a purchase with auto-renewal). We may use the information we receive (not including payment information) to verify your registration or license status, to contact you about the status of your account, or for renewal of your subscription, if applicable.
In all cases where your payment data is processed by a third-party service provider, we have determined that the service provider follows data privacy and security procedures that we deem adequate. Some of these third-party service providers are subject to the enhanced data privacy rules of the European Union. Others have registered for, and certified compliance with, the so-called "Safe Harbor" framework of the U.S. Department of Commerce for the handling of personal information. In all cases, such third-party service providers have executed agreements with us promising not to use personal information of our users for their own marketing purposes, and not to share this information with other parties.
4. Special Types of Personal Information
We never collect "sensitive" personal data such as sexual preference, religion, political views, or health. We do not wish to receive any such data and will not request it from you.
Data on children.
Persons under the age of 18 should not transfer personal information to us unless they have the consent of their parent(s) or guardian(s). Except for children of LeoPays employees, we do not knowingly collect, nor do we want to receive, personal information about individuals who are under 13 years of age.
5. Storage, Retention, and Deletion of Personal Information
Storage of information.
Information that we collect is stored on our servers or on the servers of our subsidiaries, affiliates, contractors, representatives, contractors, agents, or resellers who are working on our behalf. Personally identifiable information on our servers is only accessible from our physical premises, or via an encrypted virtual private network (VPN). Access is limited to authorized personnel only, and company networks are password protected, and subject to additional policies and procedures for security.
Access by our contractors.
Maintenance of personally identifiable information is performed either by us or by contractors who we hire, or by our subsidiaries, affiliates, representatives, agents, or resellers who are working on our behalf. All such third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. All have agreed not to share personal information of our users with other parties, and not to use such personal information for their own direct marketing purposes.
Disclosure to third parties.
There may be limited circumstances in which we are required to disclose your personally identifiable information to unrelated third parties.
There may be a few other limited cases in which we might share our users' personal information with third parties. For example, if you request a specific service or product from us, and if that product or service is administered by a third party who is working for us, we may share your personal information with the third party in order to respond to your request. The third party who is working for us may also transmit back to us any new information obtained from you in connection with providing the service or product.
Deletion of personal information.
In general, our policy is to keep personal information for no longer than reasonably necessary in light of the purpose for which the information was collected, plus any additional period that is permitted or required by law thereafter. Following the expiration of the purpose for which we collected personal information plus any additional period that is permitted or required by law, we will either delete or de-identify the information from our systems.
If you subscribe to a recurring newsletter, we will keep the information in order to fulfill your subscription request until you cancel your subscription.
If you purchase a paid service, we or our third-party service providers will retain payment information for as long as is necessary to complete payment, plus any period of time thereafter that is required or permitted by law.
If you participate in a giveaway or promotion that we offer, we will retain your data long enough to administer the promotion, plus any additional time that is permitted or required by law.
We strive to delete or de-identify inactive data as soon as is reasonably possible after the above time periods have passed. We attempt to take this action every 90 days unless we have a specific reason to delete data sooner — for example, if you contact us to request that your information be removed from our system. In the case of Support Portal, or LeoPays news and blogs, your account is kept active until you delete it, but we reserve the right to remove you from our database and delete your credentials if you have not been active for an extended period of time.
6. Information Security
Safeguards for protection of personal information.
We maintain administrative, technical, and physical safeguards for the protection of personal information. These safeguards include the following:
Administrative safeguards: Access to our personal data of users is limited to authorized personnel who have a legitimate need to know based on their job descriptions — for example, employees who provide technical support to end users, or who service user accounts. All such data is subject to password protection. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. Where an individual employee no longer requires access, that individual's credentials are revoked.
Technical safeguards: Personal information of users that is stored in our database using the protections described above in the section entitled "Storage of information." In addition, we utilize up-to-date firewall protection for an additional layer of security. We utilize high-quality antivirus and anti-malware software, and regularly update virus definitions. Third parties who we hire to provide services and have access to our users' data agree to implement privacy and security practices that we deem adequate.
Physical safeguards: Access to user information in our database by Internet is not permitted except using an encrypted virtual private network (VPN). Otherwise access is limited to our physical premises; removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.
Deletion of personal information.
By retaining personal information no longer than is reasonably necessary for the function for which we originally collected it, we effectively reduce the quantity of personal information that is in our possession at any given time. This, in turn, helps reduce the degree of risk associated with our maintenance and storage of personal information on the whole: the less data we store, and the shorter time we keep it, the smaller the risk of overall harm in the event a breach.
We also strive to collect no more personal information from users than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.
Notification in the event of breach.
In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected. The method of notice may be tailored to suit the facts of a particular case — for example, if the only contact information that we have for a particular user is an email address, then the notification will necessarily be by email. We may elect to give notice via the in-product messaging system described above. In an unusual case — for example, if we believe there are users for which we have no contact information on file — we may give notice via publication on our company website. In any case we reserve the right to delay notification is we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.
7. Compliance with Laws and Dispute Resolution
Residents of the EU.
For residents of the EU, the handling of personal information is subject to EU Directive 95/46/EC, also known as the EU Privacy Directive, as well as local law. Additional information on the Office for Personal Data Protection is available here: http://www.ceecprivacy.org/main.php .
There may be occasions in which we transmit personal data collected from EU residents to a location outside of the EU, including potentially the United States and Russia. The personal data may be transmitted to locations that may have less protective personal data protection legislation than the country of your residency. We comply with all conditions required by law for transmission of personal data to such locations.
We are also subject to certain provisions of EU Directive 2002/58/EC (also known as the E-Privacy Directive) governing privacy in various types of electronic communications. Additional information is available here: http://europa.eu/legislation_summaries/information_society/legislative_framework/l24120_en.htm .
Residents of Switzerland.
The collection and handling of personal information of residents of Switzerland are governed by the Swiss Federal Act on Data Protection, also known as the Data Protection Act ("DPA"). There may be cases where personal data is collected from Swiss residents and subsequently transmitted to locations outside of Switzerland, such as the United States. Additional information on the Swiss DPA can be found here: http://www.dataprotection.eu/pmwiki/pmwiki.php?n=Main.CH .
Residents of the United States.
The collection and handling of personal information in the United States is subject to federal legislation, regulation by federal government agencies, and regulation on the state level. The federal agency with primary jurisdiction over our data handling practices is the Federal Trade Commission ("FTC").
Sharing of information among LeoPays entities in different jurisdictions.
Our data collection and data management practices do not vary by location. We follow the same minimum data security and data privacy procedures with respect to all personal data in our possession, regardless of the jurisdiction from which it was collected, and regardless of whether the data is transferred from one LeoPays entity to another.
We make every effort to conduct our business in a fair and responsible manner. In the unlikely event of a disagreement or complaint about the way that your personal data is handled, the following procedures will apply.
For all users: informal dispute resolution:
If you have a disagreement with us relating to our handling of your personal information, we ask that you contact us to work it out. We are always happy to hear from you, and we promise to try our best to respond to any concerns you may have.
There are several ways you can reach us:
You can always reach us by email at firstname.lastname@example.org. Please type “PRIVACY REQUEST” in the message line of your email so we can have the appropriate member of the LeoPays team respond.
8. How to Request Changes to Your Personal Information
You may request information on the way your personally identifiable information is stored. In addition, you may also request changes to the information we have on file for you — this could be the case if you believe that some information we have about you is incorrect, or there is some information about you that has changed (for example, if you no longer use a former email address). To request information or changes regarding your personally identifiable information that we have on file, please email email@example.com with the headline “PRIVACY REQUEST” in the message line.