Data privacy statement

GENERAL INFORMATION

ООО Data Delivery ("Company", "we" or "us") owns and operates several websites (www.rocketdata.io, ROCKETDATA) (individually, "Website" and collectively the "Websites"). This data privacy statement aims to inform you about how we collect, use, disclose and store information that may identify you as an individual, when you:

  • interact or use our Websites, including downloading materials from our resources page or requesting a demo;

  • use any of our products, services or applications (including any trial) (collectively the "Services") in any manner;

  • provide your feedback and reviews using QR-codes (when visiting offline businesses).
1. Who is responsible and how can I contact you?


Name of the controller: OOO Data Delivery, a company registered in Belarus under registration number 192980243.
Address: Republic of Belarus, Minsk, Nezavisimosti Av., 117A, Alexandrov Passage Shopping center, 3rd floor, phone +375 17 367 14 10
Email: EU-eu-representative@rocketdata.io

Data Protection Officer: Daria Zagranichnova
Representative in the EU: dpo@rocketdata.io

2. What is it about?

This data privacy statement fulfills the statutory requirements for transparency in the processing of Personal Data (as defined below). These comprise all information that relates to an identified or identifiable individual ("Personal Data"). Information from which we can make no connection to you as a person (or from which can make a connection only with disproportionate effort), e.g. as a result of anonymisation, does not constitute Personal Data. The processing of Personal Data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored Personal Data is erased as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further retention of the Personal Data. In the individual processing operations, we inform you of the specific retention periods and criteria for storage. Notwithstanding this, we store your Personal Data in certain cases for the enforcement, exercise or defence of legal claims and in the case of existence of statutory retention requirements.

3. Who will receive my Personal Data?

a. Categories of recipients and categories of personal data transferred

Your Personal Data processed by us are transferred to third parties by us only if this is necessary in order to fulfil the purposes and covered by the legal basis in the individual case. Furthermore, we transfer Personal Data to third parties in certain cases if this aids the enforcement, exercise or defence of legal claims.

Therefore, categories of recipients of Personal Data are the following:

  1. providers of data storage services (data centers). We need to transfer them your Personal Data since we need to store your Personal Data safely and create a reliable backup. We transfer them all Personal Data we received from you.

  2. email service providers (e.g., Mailgun). These recipients allow us to automate sending of emails, including newsletters and other materials. We transfer them your contact details (email address and name);

  3. providers of Website analytics (e.g., Google Analytics, Mixpanel). These recipients provide us valuable analytics which help us timely fix any issues with our Website or Services, further develop our products and improve our Services. We allow them to collect information about your usage of Website and our Services (analytics and information about interactions with our Website and user interface of our client's account, cookies, etc.). The list of Website analytics services could be found [on the following link] OR [in the section 7 "Analytics tools" below];

  4. CRM service providers (e.g., AmoCRM). These services allow us to effectively manage communication with our clients. We need to transfer them your Personal Data since we need to track our interactions with you, timely provide you with necessary support and develop relations with you and other clients. We transfer them your contact details;

  5. providers of customers support software (e.g., Freshdesk). These recipients provide services allowing us to effectively respond to your queries and support you, they provide us product feedback and helpdesk software. We need to transfer them your Personal Data since we need to provide you with efficient support. We transfer them your contact details;

  6. providers of content management (e.g., Tilda). The service allows us to deliver information about our products via the website, as well as to blog where we publish expert content and briefcases with our clients. Every case we publish in our blog, we pre-agree with our clients, because the case can contain personal information of the company.

  7. providers of marketing services (e.g., SendPulse). We use marketing services to increase the recognition of our products and deliver them to our audience. For example, with the help of the e-mail mailing service, we send out a newsletter about the updates of our product to the audience of our clients who have already signed up for our service and have bought licenses. In this case, we process with consent their personal data for distribution, with the possibility to refuse it at any time.

  8. providers of services on development of our Website and our software (Tilda). The service is intended for creation of pages of our website and their administration.

  9. in the event you provide your feedback and reviews using QR-codes, our existing clients. When we have an existing client using our Services we can provide it with the Personal Data collected using QR-codes in order to allow it to manage its brand reputation, identify and fix any issues it may have. We can transfer to it your contact details and the text of your feedback or review.

Also, possible recipients could include law enforcement agencies, lawyers, accountants, courts etc., if we need to exercise or defend a legal claim or if we receive an official request from state authorities.


b. International transfers

If we use service providers, we ensure that they process Personal Data on our behalf in accordance with art. 28 GDPR as part of contract processing.

Some of our providers are located outside European Economic Area (EEA). In relation to certain countries there are no adequacy decision of the European Commission, but we use Standard Contractual Clauses (SCC) (or any other measures) and other additional measures aimed at compliance with GDPR in our relations with such service providers. Copy of the relevant SCC and additional information could be requested by sending an email to [EU-eu-representative@rocketdata.io]. Moreover, we perform vendor assessment in relation to each service provider in order to ensure that they are reliable partners and are ready to perform SCC.

In particular, we use the following categories of recipients located outside EEA:

  1. email service providers (e.g., Mailgun). Their servers are located in the US.

  2. providers of Website analytics (e.g., Google Analytics, Mixpanel). Their servers are located in the US.

  3. CRM service providers (e.g., AmoCRM). Servers of AmoCRM are located in Russia;

  4. providers of customers support software (e.g., Freshdesk). Their servers are located in the US.

  5. providers of marketing services (Tilda). Servers of Tilda are located in Russia.

  6. payment processing providers (Sendpulse). Servers of Sendpulse are located in Russia.

  7. providers of content management (Tilda). Servers of Tilda are located in Russia.

4. Cookies use

Cookies are small text files that are sent by us to the browser on your terminal device and stored there in the course of your visit to our web pages. As an alternative to the use of cookies, information can also be saved in the local storage of your browser. Some functions of our Website cannot be offered without the use of cookies or local storage (technically essential cookies), whereas other cookies allow us to perform various analyses, so that we are able for example to recognise the browser you are using if you visit our website again, and send us various information (non-essential cookies). Among other things, cookies enable us to make the work of our Website more user-friendly and effective for you, such as by tracking your use of our Website and detecting your preferred settings (e.g. country and language settings). If third parties process information using cookies, they collect the information directly through your browser. Cookies are not harmful to your terminal device. They cannot run programms or contain viruses.

We process information received from the use of cookies on the basis of your consent. You can modify or withdraw your consent anytime by clicking on https://support.cookiebot.com/hc/en-us.

In the individual processing operations, we provide information about the respective services for which we use cookies. Detailed information about the cookies used can be found in the cookie settings of the consent manager or in section 7 ("Analytics tools") below.

The retention period of Personal Data collected through cookies is one year OR [indicated in section 7 "Analytics tools"].
5. What are my rights?

Under the requirements of the statutory provisions of the GDPR, you have the following rights as a data subject:

  • Information concerning the stored Personal Data about you, in the form of meaningful information about the details of the processing as well as a copy of your Personal Data, in accordance with art. 15 GDPR.

  • Rectification of inaccurate or incomplete Personal Data stored by us, in accordance with art. 16 GDPR.

  • Erasure of the Personal Data stored by us, in accordance with art. 17 GDPR, as long as the processing is not required in order to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the assertion, exercise or defence of legal claims.

  • Restriction of processing, in accordance with art. 18 GDPR, if the accuracy of the Personal Data is disputed, the processing is unlawful, we no longer require the Personal Data and you refuse their erasure because you require them for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with art. 21 GDPR.

  • Data portability, in accordance with art. 20 GDPR, if you have provided us with the Personal Data as part of consent in accordance with art. 6(1)(a) GDPR or on the basis of a contract in accordance with art. 6(1)(b) GDPR and these are processed by us by means of automated methods. You will receive your Personal Data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller if this is technically feasible.

  • Objection to the processing of your Personal Data, in accordance with art. 21 GDPR, if this is being done on the basis of art. 6(1)(e) or (f) GDPR and if there are grounds for this, which arise as a result of your particular situation or if the objection is to direct advertising. The right to object does not exist if prevailing, compelling and legitimate reasons for the processing are demonstrated or the processing takes place for the assertion, exercise or defence of legal claims. If the right to object does not exist in individual processing operations, this is indicated there.

  • Withdrawal of your issued consent, in accordance with art. 7(3) GDPR, with effect for the future (i.e. without affecting the lawfulness of processing based on consent before its withdrawal).

  • Complaint to a supervisory authority, in accordance with art. 77 GDPR, if you believe that the processing of your Personal Data is in violation of the GDPR. You can generally contact the supervisory authority for your usual place of residence, your workplace or the registered office of your company. In Poland the supervisory authority is the President of Personal Data Protection Office with whom you may contact under the address ul. Stawki 2, 00-193 Warsaw.
6. How is my Personal Data processed specifically?

Below, we provide you with information about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your Personal Data, and the respective retention period. No automated decision-making, including profiling, takes place in the individual case.


a. Website

Nature and scope of the processing

When our Website is opened and used, we collect the Personal Data that your browser automatically transmits to our servers. The following information is stored temporarily in a so-called log file:

  • [IP address of the requesting computer;

  • Date and time of the access;

  • Name and URL of the file retrieved;

  • Website from which the access occurs (referrer URL);

  • Browser used and possibly the operating system of your computer as well as the name of your access provider.]


Purpose and legal basis


The processing is undertaken to safeguard our legitimate interest to display our Website and to guarantee security and stability on the basis of art. 6(1)(f) GDPR. The data recording and the storage in log files are essential for operation of the Website. On the basis of the exception in accordance with art. 21(1) GDPR, there is no right to object to the processing. If further storage of the log files is required by law, the processing is undertaken on the basis of art. 6(1)(c) GDPR. There is no statutory or contractual obligation to provide the data, it is also not necessary to enter into a contract with you, and you are not obliged to provide this data, although access to our Website is technically impossible without provision of the data.


Retention period

The aforementioned Personal Data will be stored for the duration of display of the Website and beyond that for a maximum of [7 days] for technical reasons.




b. Contact form

Nature and scope of the processing

On our Website, we offer you the option to contact us using a form provided. The information collected via mandatory fields is required in order to be able to handle the enquiry. Furthermore, you can voluntarily provide additional information that you consider necessary for the handling of the contact enquiry.


Purpose and legal basis

Your Personal Data from the use of our contact form are processed for the purposes of communication and handling of your enquiry on the basis of consent, in accordance with art. 6(1)(a) GDPR. If your enquiry relates to an existing contractual relationship with us, the processing is undertaken for the purpose of contractual performance on the basis of art. 6(1)(b) GDPR. There is no statutory or contractual obligation to provide your data, and you are not obliged to provide these data but handling of your enquiry is not possible without provision of the information in the mandatory fields. Also, if you wish to enter into a contract with us, we obviously need to process your contact details, hence information in our contact form is necessary to enter into a contract with you. If you do not wish to provide these Personal Data, please contact us by other means.


Retention period

If we use your Personal Data collected through the contact form and rely on your consent, we store the collected Personal Data from every enquiry for the duration of [three years] beginning with the resolution of your enquiry.



c. Provision of Services

Nature and scope of the processing

We collect Personal Data about you when you use any part of our Services (email, name, other contact details, your queries, analytics of your usage of your account (location, IP-address, duration of the session, history of your interactions with the account, your interactions with the interface, etc). For example, if you are logged in to your account, we will collect Personal Data as to how often you use it, what queries you created or amended, and other data about how you interact with your account. We may also collect data about how you interact with messages we send to you, for example, whether you opened an email.

In particular, we may use your Personal Data for the following range of reasons:

  • Set up a user account;

  • Provide, operate and maintain the Services;

  • Process and complete transactions, and send related information, including transaction confirmations and invoices;

  • Manage our customers' use of the Services, respond to enquiries and comments, and provide customer service and support;

  • Send customers technical alerts, updates, security notifications, and administrative communications;

  • Investigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities; and

  • For any other purposes about which we notify our users.


Purpose and legal basis

We may process your Personal Data in order to perform a contract with you (such as to create and maintain your account). In other circumstances, we may process your Personal Data where the processing is in our legitimate interests, if those interests are not overridden by your rights and freedoms.

In particular, we use your Personal Data in this context based on the contract that we have in place with you. If you are a representative of our corporate client, we process your Personal Data on the basis of our legitimate interest in provision of Services to our corporate clients, maintain effective communication with our corporate clients and provide them all required support. Also, we rely on our legitimate interest in ensuring safety of our clients' data when we process your Personal Data for security purposes and business practice improvement (e.g., the prevention and investigation of fraudulent activities). We also rely on our legitimate interest in provision of best-in-class services when we need to personalize and improve our Service.

There is no statutory or contractual obligation to provide your Personal Data and you are not obliged to provide this data. However, provision of Personal Data in these instances might be necessary to enter the contract and perform the contract, since we obviously need to process your contact details. When we process your Personal Data for security purposes (as defined above) we need your Personal Data to protect your account. If we are not able to process those Personal Data, we will not be able to perform certain of our standard security procedures and effectively protect your account.


Retention period

If we process your Personal Data to provide the Services, we store the collected Personal Data for the duration of the contract and for three years after its termination, unless a longer period is required. You can find information about the term of the contract, its use and renewal in our Terms of Service. When the contract is terminated but you want us to store your account, we can process your Personal Data, if you give your consent until such consent is withdrawn. If we rely on legitimate interest, we process your data strictly until we achieve our purposes (e.g. in case of any legal proceedings to defend our rights etc.), but anyway no longer than the duration of the contract or the statutory limitation period.



d. Newsletters and other materials

Nature and scope of the processing

When you plug in your Rocket Data account and agree to receive our newsletters and/or our free reports, surveys, and other materials, we add your personal information (e-mail, phone) to our monthly product update newsletter, from which you can unsubscribe in the text of the letter.

You will then receive an e-mail in which you must confirm the registration for the newsletter (double opt-in). If you do not confirm the registration within 48 hours, it expires automatically and the Personal Data will not be processed for distribution of the newsletters or any materials.

For distribution of newsletters and other materials, we use a service of Sendpulse, which processes your personal data on our behalf in accordance with art. 28 GDPR. For more information about third parties to whom we transfer your Personal Data, please refer to section 3 above.


Purpose and legal basis

We process your Personal Data for the purpose of distribution of our newsletters and other free materials on the basis of your consent, in accordance with art. 6(1)(a) GDPR. By unsubscribing from the newsletter or any other materials, you can declare your revocation with effect for the future at any time, in accordance with art. 7(3) GDPR. There is no statutory or contractual obligation to provide your Personal Data, it is also not necessary to enter into a contract with you, and you are not obliged to provide this data. However, distribution of our materials is impossible without the provision of your Personal Data.


Retention period

[After registration for the newsletter or other materials, we store the Personal Data for a maximum of [48 hours], until confirmation of the registration]. After successful confirmation, we store your Personal Data until revocation of your consent (you unsubscribe from the newsletter) and beyond that for a maximum of [7 days] for technical reasons.



e. Direct marketing

Nature and scope of the processing

If you expressed an interest in our Services or the Company, you could receive an email, text or phone call from us for similar services. You could also receive marketing material from us via post or through personalized social media advertising.

For marketing purposes, we collect and process the following Personal Data: your name, address, company (where relevant), telephone numbers and email address. We also process your marketing preferences.


Purpose and legal basis

We process your Personal Data for direct marketing purposes on the basis of our legitimate interest or your consent as described below.


Purpose and Legal Basis

Where we have an existing relationships with you (i.e. you have purchased our Services from us) and you have provided your consent for direct marketing, we offer you the opportunity to withdraw such consent at any time. If you are an existing customer, we may send information about our products and services similar to those for which you expressed an interest. We will only use the contact information we have obtained over the course of our customer relationship with you.


Consent

We will ask your consent to send you information via electronic media. We will also ask your affirmative consent to send you direct marketing communications via social media.

You can withdraw consent at any time with effect for the future. You can also ask us to stop sending you any marketing material.

You can easily withdraw consent for any email marketing messages. You can do this by clicking the 'unsubscribe' link at the bottom of each marketing email.


Retention period

If you decide to withdraw your consent to our marketing, we will no longer use your Personal Data for this purpose. If your Personal Data is not needed for any other legally permitted purpose, we will delete the Personal Data without undue delay.



f. Feedback and reviews provided using QR-codes

Nature and scope of the processing

When you scan a QR-code at any place operated by an offline business, you are given an opportunity to provide your feedback and review about your experience at such place. Our standard feedback form requires you to provide certain Personal Data (your name, phone number, text of your review or feedback).


Purpose and legal basis

We process your Personal Data for the purposes of (i) preparing a pre-sale and marketing reports allowing us to show our potential clients our capabilities and demonstrate that we have information about their brand reputation and (ii) provision to our existing clients with valuable insights and information about their brand. Your Personal Data is processed on the basis of art. 6(1)(a) GDPR (your consent, given by using the QR-code). When we prepare pre-marketing reports for potential clients, we can use your Personal Data in an aggregated form (without disclosing any information which could identify you).

There is no statutory or contractual obligation to provide your Personal Data, it is also not necessary to enter into a contract with you, and you are not obliged to provide this data.


Retention period

We store your Personal Data until revocation of your consent, but in any case for a maximum term of 3 years. Before deletion of your Personal Data, we may contact you to inform that we are going to delete your Personal Data.

    7. Analytics tools

    We may use third-party automated tools to receive analytics information. You may consult with the list of third party automated tools currently used by the Company here.
    Third party analytics service Company Privacy policy of the third party
    Google analytics Google LLC https://policies.google.com/privacy?hl=en
    Yandex.Metrica YANDEX, LLC https://yandex.ru/legal/metrica_eea_termsofuse/
    Mixpanel MIXPANEL, INC https://mixpanel.com/legal/privacy-policy/
    Mail.ru Mail.ru LLC https://help.mail.ru/legal/terms/common/privacy
    Facebook analytics Facebook, Inc https://www.facebook.com/full_data_use_policy
    Smartlook Smartlook.com, s.r.o https://help.smartlook.com/en/articles/3244452-privacy-policy
    Roistat Business analytica LLC https://roistat.com/ru/privacy
    HubSpot HubSpot, Inc. https://legal.hubspot.com/privacy-policy
    If you decide to withdraw your consent to our marketing, we will no longer use your personal data for this purpose.