Your privacy and security are of great importance to us. We are focused on giving you the best possible experience, while showing consideration to the information you are sharing with us by using our Services. This policy is meant to give you a detailed description of how we handle your data and how you can manage it.
By using the Services you are accepting and consenting to the practices described in this Policy. Please note that this includes consenting to the collection and processing of any personal information you provide, as described below.
We may revise, modify, amend, update or supplement this Policy from time to time so please check it occasionally to ensure that you agree with any changes. Your continued use of our Services will constitute your acceptance of, and agreement to, any changes.2. PURPOSE
(i) the kinds of Personal Information we may collect about you and how it may be used;
(iii) disclosure of Personal Information to third parties;
(iv) the transfer of your Personal Information within and outside of the European Economic Area (“EEA”);
(v) your ability and rights to correct, update and delete your Personal Information;
(vi) the security measures we have in place to prevent the loss, misuse, or alteration of Personal Information under our control;
(vii) ChangeX’s retention of your Personal Information.3. RESPONSIBLE PERSON
For any matters relating to data protection you may contact [email protected] in writing by e-mail.4. DATA PROCESSING
4.1 INFORMATION WE AUTOMATICALLY COLLECT
When you access or use our Services, we automatically collect information about you. This information is used to provide statistical data about our users browsing actions and patterns, and does not personally identify individuals. This information may include:
(i) Log Information: the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our services.
(ii) Device Information: information about the computer or mobile device you use to access our services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
(iii) Information processed in relation to push notifications - Device operating system and Device IDFA.
The collection and processing of this technical data is for the purpose of enabling the use of our Services, continuously ensuring system security and stability, optimising our Services, and for internal statistical purposes. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.
4.2 IP ADDRESSES
We may collect information about your device, including your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
Furthermore, the IP addresses will be evaluated, together with other data, in case of attacks on the network infrastructure or other unauthorised use or misuse of the Services, for the purpose of intelligence and protection, and if appropriate, used in criminal proceedings for identification and civil and criminal proceedings against the relevant users. This is our legitimate interest in the processing of data in the sense of Art. 6 Par. 1 lit. f GDPR.
4.3 USAGE OF COOKIES
By continuing to use our Website you agree to the following cookies:
(i) Cookies that are strictly necessary to operate our Services: cookies to log in, transact and otherwise use our Services;
(ii) Cookies for analytical and performance purposes;
(iii) Cookies for targeting user actions;
(iv) Cookies from third parties;
The strictly necessary cookies are not an object of consent by users because they are required for the normal operation of our services. You can provide your consent for the use of the other types of cookies with a click on the button “I accept and agree” in the cookie banner which is situated at the bottom of the screen.
We use third party service providers, to assist us in better understanding the use of our Services. Our service providers will place cookies on your device and will receive information that we select that will educate us on such things as how visitors navigate around our Services, what products are browsed, and general Transaction information. Our service providers analyse this information and provide us with aggregate reports. The information and analysis provided by our service providers will be used to assist us in better understanding our visitors' interests in our Services and how to better serve those interests. The information collected by our service providers may be linked to and combined with information that we collect about you while you are using the Services. Our service providers are restricted from using information they receive from our Services other than to assist us.
Third-party providers that we use include:
4.4 E-MAIL SUBSCRIPTION
Users who complete the e0mail registration process on our Services can at the same time grant ChangeX permission to send them e-mail messages for marketing and general communication purposes at the e-mail address they have provided. This consent constitutes the legal basis for our processing of your e-mail address in the sense of Art. 6 Par. 1 lit. a GDPR. All information gathered this way will never be passed on or sold to any third party.
At the end of each newsletter a link is provided by means of which you can unsubscribe at any time. After unsubscribing your personal data will be deleted.
4.5 INFORMATION PROCESSED IN RELATION TO PUSH NOTIFICATIONS
4.5.1 Тo send push notifications to your device in order to provide service activity information, service updates, promotional communications and other related messages;
4.5.2 Your consent to the processing of your personal data for the above-mentioned purposes can be withdrawn at any time through your devicesettings or through contacting our support at [email protected]
4.6 SOCIAL MEDIA
Your Personal Information may be disclosed to third parties and/or legal authorities under the following circumstances/conditions:
5.1 DISCLOSURE TO THIRD PARTIES
We may disclose your Personal Information with third parties including:
(i) Business partners, suppliers, sub-contractors and other service providers;
(ii) Advertisers and/or advertising networks that require data in order to select and show you relevant advertisements;
(iii) Analytics and/or search engine providers that assist us in the optimization of our Services.
(iv) All our third party service providers are bound by contract to protect and use our users’ Personal Information only for the purposes listed above, except as otherwise required by law.
5.2 DISCLOSURE TO LEGAL AUTHORITIE
We may share your Personal Information with law enforcement, data protection authorities, government officials, and other authorities in the following cases:
(i) If we believe disclosure is in accordance to any law, regulation or legal procedure;
(ii) If we think disclosure is needed to prevent any harm or financial loss;
(iii) If disclosure is necessary to report certain illegal activity;
(iv) To protect the rights, property or safety of ChangeX and its community.
We store and process your Personal Information in data centers around the world, wherever ChangeX facilities or service providers are located. As such, we may transfer your Personal Information outside of the EEA. Such transfers are undertaken in accordance with our legal and regulatory obligations.7. MINORS
THE SERVICE IS NOT FOR PERSONS UNDER THE AGE OF 18 OR FOR ANY USERS PREVIOUSLY SUSPENDED OR REMOVED FROM THE SERVICE. IF YOU ARE UNDER 18 YEARS OF AGE, THEN YOU MUST NOT USE OR ACCESS THE SERVICE AT ANY TIME OR IN ANY MANNER. By accessing or using the Services, you affirm that you are at least 18 years of age.
ChangeX does not knowingly collect or use any personal data from minors. A minor may be able to willingly share personal information with others, depending on the products and/or media channels used. If a minor provides us with their information without the consent of their parent or guardian, we will ask the parent or guardian to contact us for the purpose of deleting that information.8. LINKS
ChangeX may provide references and/or links to other websites. This Policy applies only to ChangeX’s Services.9. YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM
You have the right to:
(i) Withdraw your consent for the push notifications;
(ii) Request access to the personal data that we hold about you in a portable format;
(iii) Request correction of any collected personal data when the data is inaccurate;
(iv) Receive a copy of your personal data in electronic format;
(v) You have the right to request the deletion of your data – “the right to be forgotten”, which right, however, is not absolute (exceptions – the personal data holds is needed to exercise the right of freedom of expression; there is a legal obligation to keep that data; for reasons of public interest);
(vi) Receive information from us about our activities in connection to your personal data, including the purposes of collection and storage, the period of time for storage, the methods of collecting, the presence of automated processing, etc.;
(vii) You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that there is personal data breach.
(viii) To exercise your rights you can always contact us at [email protected] or through the support channels of the service you are using. You can also send us a letter to bul. Simeonovsko shose 33, Sofia 1700, Bulgaria.
We will respond to all privacy related requests in a timely fashion. If you have an unresolved privacy or data use concern you may contact your local data protection authority.10. SECURITY OF PERSONAL INFORMATION
We undertake all necessary technological, technical and organizational measures to protect your personal data. Your personal data is stored on protected servers with strictly controlled access. Only strictly defined people have access to your personal data in connection to the provision of our Services. Our Services have SSL certificates which represent Internet security protocols and they provide additional guarantee for the safe use of our services. We implement other appropriate technical and organizational measures to ensure a level of security appropriate to the risk such as pseudonymisation and encryption of personal data, we ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and we regularly test and evaluate the effectiveness of the measures. Some of the above-mentioned information is stored in such a form that could not be used to identify you directly. In case of breach, we will undertake every possible action according to the applicable legislation in an appropriate and timely manner, to avoid any material or non-material damage to users and to protect the personal data of users. We have undertaken measures to ensure the ability to restore the availability and access to personal data in a timely manner in the event of physical or technical incident.11. RETENTION OF PERSONAL INFORMATION