NorthQ ApS Principles of Personal Data Processing
We attach great importance to the protection and handling of your personal data in accordance with the applicable law, in particular in accordance with the General Data Protection Regulation of 27 April 2016 ("GDPR"). Our goal is to provide you with full information and control regarding the processing of your data and the availability of tools that allow you to take advantage of the rights arising from the law.
Below we present information on how we process your personal data, how we care for their security and who we share it with. If you have additional questions about how we use your personal data, write to us at the following e-mail address: email@example.com.
HOW HAVE WE ACQUIRED YOUR DATA?
We use your personal data because you:
- have decided to make purchases in our online store www.store.northq.com ("Store") or agreed to receive commercial information by e-mail to the e-mail address provided by the Store or otherwise you gave us your data using the Store's website. The store operates based on the Regulations, which you can read here.
- set up an account on our platform HomeManager (“Platform”). The platform operates based on the Regulations, which you can read here.
- send us a support request (“Ticket”).
WHO IS THE ADMINISTRATOR OF YOUR DATA?
The personal data administrator is NorthQ ApS, Bryggervangen 19, 2.sal, 2100 København Ø, Denmark, VAT DK31048850, which will be further called "Administrator" or "NorthQ".
HOW CAN YOU CONTACT THE DATA PROTECTION OFFICER?
You can send an email to: firstname.lastname@example.org
or a regular mail to:
Att.: Data Protection Officer
Bryggervangen 19, 2.sal
2100 København Ø
HOW ARE WE PROCESSING YOUR DATA?
- If you use our Store, we will process your personal data for the following purposes:
- In order to carry out the sales contracts concluded with you from the Store - the basis for processing your data will be in this case, the contract concluded with the Administrator by accepting the Store's rules. In this respect, we will require the largest amount of data from you, but only to the extent necessary to implement the contract of sale and delivery of purchased goods to you; providing your personal data for this purpose is not mandatory but necessary for the performance of the contract.
- In order to keep your account on the Store's website - the basis for processing your data will be the contract concluded with the Administrator by creating an account and accepting the Store's terms and conditions. Creating an account in the Store will also allow you to access the data you have provided, including the history of your purchases, and to exercise certain rights related to data processing; providing your personal data for this purpose is not mandatory but necessary for the performance of the contract.
- In order to conduct complaint processes - in this case the basis for processing is the Administrator's obligation resulting from the provision of the law regarding the warranty for defects in the item sold. Providing data in the complaint form is mandatory for the proper consideration of your complaint.
- If you express your separate consent, we will send to the e-mail address provided by you commercial information regarding the goods offered for sale in the Store, including promotional offers - in this case the basis for processing is your consent, which is not mandatory and you can withdraw at any time by contacting the above data or clicking on the link that we send in each email containing commercial information. Withdrawal of consent does not affect the correctness of data processing in the period before its withdrawal.
- If you express your separate consent, we will send commercial information on the mobile phone number provided by you to the store, including promotional offers - in this case the basis for processing is your consent, which is not mandatory and you can withdraw it at any time, contacting us, for example, on the data given above. Withdrawal of consent does not affect the correctness of data processing in the period before its withdrawal.
- For marketing purposes - we may send information on the offer of the NorthQ Store or the offer of our trading partners from time to time to the delivery address provided by you. The basis for the processing of your data in this respect will be the legitimate interest of our or our partners in the marketing of the goods indicated in the offer. You can object to the processing of your data at any time, and we will stop doing so. You can express your opposition by contacting us at email@example.com.
- For statistical purposes for internal needs of the Administrator - in this case, the basis for processing will be the legitimate interest of the Administrator consisting in collecting information enabling the development of activities and customizing services to the needs of the Store's users.
- In order to confirm the performance of our obligations and assert claims or defend against claims that may be directed against us, prevent or detect fraud - the basis for processing your data in this case will be the legitimate interest of the Administrator, which is the protection of rights, confirmation of performance and obtaining in this respect due remuneration from the Administrator's clients.
- If you use our HomeManager Platform, we will process your personal data for the following purposes:
- Service availability - setting up the HomeManager account, from which you will have an access to the services,
- Identification of you as a user on the platform,
- Service-related communication with you,
- Normal operation of the system,
- Sending you notifications from the installed devices (e.g. motion detection from the Q-Motion),
- Quality of service and reliability,
- Identification of your resources and providing budget information to you.
We focus on the transparency of processing your personal data. If you have any question about the process or rules of processing, please contact us.
We process your data in accordance with the law, ensuring that it remains current and correct. Therefore, from time to time we will remind you about the need to update the data by sending a message to the e-mail address provided by you.
Your personal data will not be processed for automated decision making without your consent.
IS PROVIDING PERSONAL DATA MANDATORY?
It is up to you to decide whether and what data you provide us with, but remember that when making purchases in the Store, providing certain data will be mandatory to perform the contract of sale, because without them we will not be able to process your order.
Failure to provide the data we require results in failure to place an order. It is not obligatory to express your consent to receive commercial information at the email address provided or the telephone number provided for the performance of the Goods sales contract concluded. If you give your consent, you will be able to withdraw it at any time.
It is up to you to decide whether and what data you provide us with on HomeManager, but remember that when setting up an account on the Platform, providing certain data will be mandatory to provide you the service, because without them you will not be able to login to your secure account, have access to the functionalities of the Platform, manage and control your integrated devices and/or receive notifications from the devices.
WHO WILL WE SHARE YOUR PERSONAL INFORMATION WITH?
- We will pass your data to entities that cooperate with us in the performance of the contract for the sale of goods purchased by you:
- GLS (General Logistics Systems),
- DHL Express,
- Other entities that will provide delivery services for goods purchased by you in the Store in the future.
- Depending on your choice of payment method for purchased goods, we will share your data necessary for collection or payment for purchased goods to the following entities:
- BAMBORA (EPAY.EU) - if you have chosen the epay payment system as the payment method,
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
- If you have agreed to receive commercial information on the e-mail address or telephone number provided by you, we will share your information with the entities providing on our request with the service of sending commercial information, such as:
- We may also share your personal data with other entities from the above categories with which we will establish cooperation.
HOW LONG WILL WE BE PROCESSING YOUR PERSONAL DATA?
The personal data provided by you will be processed by you in the period:
- Necessary for the implementation of the contract of sale, as well as your claims for claims, as well as confirmation of our obligations and pursuing claims or defending against claims that may be directed against us - however not longer than 10 years from the date you provided us with your data,
- In the event that you submit a request to delete your account in the store, we may process your data within the time necessary to confirm our obligations and claim or defend against claims that may be directed against us - no longer than 10 years from the date of transferring us by you your data.
- Necessary for the use of HomeManager Platform, we will be processing your data as long as the service is required.
HOW ARE WE PROTECTING YOUR DATA?
We use a range of IT and organizational security measures aimed at minimizing the risk of data leakage, their destruction and disintegration, such as: firewall system, cyber security good practices, internal access procedures, data processing and emergency recovery, as well as a multi-level backup system.
Our Platform and Apps are using: Amazon Web Services (AWS), Hetzner, Nabto, Push notification services (Google Cloud Messaging, Apple Push Notification service, Firebase Cloud Messaging), Google+ G Suite. All of the aforementioned services are trusted platforms with big communities. NorthQ is using latest security standards in order to use, build on top off and/or integrate with those services.
Our Store operates on a Shopify platform with a very high level of security and we use a high level of encryption HTTPS/SSL connection in accordance with accepted best practices, we work with a carefully selected hosting provider that has certificates in accordance with ISO 9001 quality management and AQAP-2110 requirements as well as the information security management certificate according to ISO/IEC 27001. Remember that using the Internet always brings with it the risk of certain security incidents, but we assure you that thanks to the implemented regular procedures reviews of information systems and their updates, and active monitoring of critical points of the system, we want to reduce this risk as much as possible.
WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROCESSING OF YOUR PERSONAL DATA BY US?
According to GDPR, you have a number of rights in connection with providing your personal data to us, such as:
- The right to know how your personal data is processed - if you have questions about whether and how we process your data, please contact us by sending information to firstname.lastname@example.org, we will be happy to answer them,
- The right to access and update data - you always have access to your personal data on your account in the Store and on the Platform (or via App). You can edit the data provided to us and update it. If you have not created an account in the Store or on the Platform, please contact us by writing to our Data Protection Officer requesting access to your data - we will inform you about your data and update it at your request,
- Under the terms of GDPR, you also have the rights to:
- Data deletion - if you want us to stop processing your data, you can delete your account in the Store or on the Platform or report such a request to us. Remember, however, that this is not an absolute right and we may refuse to delete your data about which we have a basis for its processing (eg the fulfillment of a legal obligation or pursuing claims or defending against claims that may be directed against us),
- Request to limit the processing of your data,
- Object to the processing of your data if the basis for processing is a legitimate interest of the Administrator or performance of tasks in the public interest,
- Withdrawal of consent, if the data is processed on the basis of your consent,
- Data transfer, if the processing is based on a contract or your consent.
You can do all the above rights by contacting our Data Protection Officer (email: email@example.com).
HOW LONG TIME WILL IT TAKE FOR YOU TO GET THE ANSWER FROM US?
We will try to complete your requests as quickly as possible and answer your questions about your data. In any case, you should receive a message from us not later than within 30 days of receiving your request. During this period we will give you an answer or inform you about the extension of the deadline and explain the reasons. If we have doubts as to whether you are making a specific request, we may ask a few more questions to verify your identity.
INFORMATION ON THE COMPETENT AUTHORITY TO BRING A COMPLAINT
If you feel that we are processing your personal data unlawfully, you can also file a complaint with Data Protection Agency in Denmark (https://www.datatilsynet.dk/).
If you have any questions related to the processing of your personal data by us or you want to use the rights resulting from the GDPR, please use the contact form or write directly to our Data Protection Officer: firstname.lastname@example.org.
INFORMATION ON THE USE OF "COOKIES"
- Administrator - means NorthQ ApS, Bryggervangen 19, 2.sal, 2100 København Ø, Denmark, VAT DK31048850 (CVR: 31048850), which provides electronic services and stores and gains access to information on User devices,
- Website - means a website or application under which the Administrator runs a website that operates in the following domains: http://northq.com/, https://store.northq.com, https://homemanager.tv.
- Cookies - means IT data, in particular small text files, saved and stored on devices through which the User uses the Website pages,
- Administrator's Cookies - means Cookies placed by the Administrator related to the provision of electronic services by the Administrator via the Website.
- External Cookies - means Cookies placed by the Administrator's partners via the Website,
- Device - means an electronic device through which the User gains access to the Website,
- User - means an entity for which services may be provided electronically or with which an Agreement for the provision of electronic services may be concluded in accordance with the Regulations and legal regulations.
TYPES OF COOKIES USED
- Cookies used by the Administrator are safe for the User's Device. In particular, it is not possible for viruses or other unwanted software or malicious software to enter User Devices. These files allow to identify the software used by the User and adjust the operation of the Website individually to each User. Cookies usually contain the name of the domain from which they originate, their storage time on the Device and the assigned value.
- The administrator uses two types of cookies:
- a) SESSION COOKIES: they are stored on the User's Device and remain there until the session of the given browser ends. The saved information is then permanently removed from the Device's memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the User's Device,
- b) PERMANENT COOKIES: they are stored on the User's Device and remain there until they are deleted. Ending the session of a given browser or turning off the Device does not delete them from the User's Device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the User's Device.
- The User has the ability to limit or disable the access of cookies to his Device. If you use this option, the use of the Website will be possible, in addition to functions that, by their nature, require cookies.
THE PURPOSES FOR WHICH COOKIES ARE USED
- THE ADMINISTRATOR USES OWN COOKIES IN FOLLOWING PURPOSES:
- SERVICE CONFIGURATION
- adjusting the content of the Website pages to the User's preferences and optimizing the use of the Website pages,
- recognize the Website User's device and its location and properly display the website, adapted to his individual needs.
- AUTHENTICATION OF THE USER ON THE WEBSITE AND PROVIDING THE USER'S SESSION ON THE SERVICE
- maintaining the Website User's session (after logging in), thanks to which the User does not have to re-enter their login and password on every subpage of the Website;
- correct configuration of selected Website functions, allowing in particular verification of the authenticity of the browser session,
- optimizing and increasing the efficiency of services provided by the Administrator.
- IMPLEMENTATION OF PROCESSES NECESSARY FOR FULL FUNCTIONALITY OF WEBSITES
- adjusting the content of the Website pages to the User's preferences and optimizing the use of the Website pages. In particular, these files allow to recognize the basic parameters of the User's Device and properly display the website, tailored to his individual needs;
- proper operation of the affiliate program, allowing in particular verification of sources of Users' redirects to the Website's websites,
- enabling the use of the "Clipboard" and "Cart" functions on the Website.
- ANALYSIS AND TESTS AND WATCH AUDIT
- creating anonymous statistics that help to understand how the Website Users use Website pages, which allows improving their structure and content.
- ENSURING SAFETY AND RELIABILITY OF THE SERVICE
- THE SERVICE ADMINISTRATOR USES EXTERNAL COOKIES IN FOLLOWING PURPOSES:
- presenting multimedia content on the Website, which is downloaded from an external website, e.g. youtube,
- collecting general and anonymous static data via analytical tools, e.g. Google Analytics,
- logging in to the website using a social website, e.g. Facebook.com,
- use interactive functions to popularize the Website using social networking sites, including such as Facebook.com, Twitter.com,
- using the functions to facilitate communication via the Website, which are downloaded from an external internet service such as Zendesk Chat.
THE POSSIBILITY OF DETERMINING THE CONDITIONS FOR STORING OR ACCESSING COOKIES
- The User may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access to the User's Device via Cookies. Changes to the settings referred to in the previous sentence, the User can make using the web browser settings. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform them whenever Cookies are placed on the User's device. Detailed information about the possibilities and ways of handling cookies are available in the software (web browser) settings.
- The User may at any time delete cookies using the functions available in the web browser he uses.
Published on 24.05.2018