Last Modified: February 22, 2019
2. Data Subjects
We also collect information about visitors on the Website via cookies and similar technologies. But this information is never combined with the data of our Members, except for an IP address that may be linked to a Member account with a view to assure safety and compliance and related purposes as described below. We always request your consent for cookies to be properly placed and read on your device.
3. Data Controller
4. Data Collection
Data Sources. We collect or obtain your personal data from the following sources:
- When you provide us with your data by a conscious affirmative action, for example, when you choose to use your data in mandatory (e-mail, profile name, password) or optional (data of birth, gender, etc.) fields at your Member account, or when you submit us with your bio with a view to have it been published together with your Expert article or other contribution;
- When you communicate with other Members or users on the Website, for example, when you communicate with someone in a direct message or publicly post your data, such as a picture or name;
- When you communicate directly with us, for example, via email, text, and other electronic messages;
- When any data is obtained through cookies or similar technologies.
Third-Party Sources. We never seek your personal data from third-parties, such as data brokers, or search for any publicly available data. All personal data that we process we collect directly from you.
Cookies and Similar Technologies. When you visit the Website, we usually place cookie files on your device, or read such files already on your device, as well as utilize similar technologies, subject always to obtaining your consent in an appropriate consent form on the Website. We use those technologies to record information about your device, your browser and, in some cases, your preferences and browsing habits without identifying you personally as a data subject. This information is never combined with any data available to us thus leading to identification of any particular individual, except for IP addresses which we may combine with the data of Member accounts only with a view to maintain safety and integrity of your account and the Website as a whole. Without any such combination, we can use your IP address for purposes of web analytics via Google Analytics and Google AdSense, see below in more detail.
5. Data Processed
Personal data processed. We process the following categories of personal data:
- Identification information, with respect to data you choose to provide on your Member account, whether at mandatory (e-mail, profile name, password) or optional (data of birth, gender, etc.) fields;
- Biographical information, with respect to Experts who provide use with those data for the purpose of their publishing and posting on the Website together with Expert Contributions;
- Account session information, including your IP address, time and date, Client Host, with respect to your actions via Interactive Features, such as voting on products, posting, sending messages etc.;
- Consent and other administrative records together with the date and time, means of consent and any related information (e.g., the subject matter of the consent) if such a consent is necessary under the law;
- Communications addressed to and from us, as well as between Members on the Website;
- Any other information voluntarily transmitted to us by a conscious affirmative action.
Sensitive personal data. We do not seek to collect or otherwise process sensitive data as set out in Article 9 of the GDPR. Furthermore, we encourage you to be particularly careful with sharing such information on the Website, either publicly or via direct messages, or as your account information, since erasuer or removal such information from public access or otherwise from the Website may not be necessarily guaranteed by us in light of our legitimate interests, such as preserving integrity of communications, and burdens of such erasure or removal.
6. Purposes of Data Processing
General purposes. The purposes for which we may process your personal data include:
- Social Network Platform Communications: all communications on and within the Website, including via Interactive Features related to product review;
- Marketing and Informational Communications: sending regular newsletters and other direct marketing and informational communications;
- Surveys: from time to time, we may request that you answer several questions which can make our Website more relevant, interesting, and beneficial to you;
- Maintaining Safety and Integrity of Information and Communications: preserving data and information of ours and other Members, as well as is protection from unauthorized or prohibited actions of others;
- Improving Website and Services: fixing issues and improving the Website functionality, as well as employing IT security measures, including audits;
- Legal Compliance: compliance with our legal and regulatory obligations;
- Other Legitimate Interests: such as proper and efficient operating of the Website as a whole, detecting, and protecting against, breaches of our policies, contracts and applicable laws; or establishing, exercising or defending our legal rights.
No Automated Decision Making or Profiling. We do not profile you, neither do otherwise use automated decision making with regards to you.
No Requirement for Data Protection Impact Assessment. Under the GDPR, every data controller is under a duty to conduct a data protection impact assessment (DPIA) if their processing presents a “high risk” to data subjects’ rights and freedoms. At this time, we do not process anything in a manner and scope that may entail a high risk for you that would invoke the necessity for conducting a DPIA.
7. Legal Bases Employed for Data Processing
(2) We have obtained your prior consent to the processing. We seek your consent for, among others, sending newsletters and other direct marketing communications. Please, note that whenever you give us your consent for some processing, you have always a right to withdraw such a consent at any time and free of charge. We strive to make this right as easily realizable as possible. If you cannot find a form or any other modality to withdraw your consent on the Website or in newsletter e-mails, please, send us your withdrawal by e-mail to: email@example.com.
(3) We may have a legitimate interest in carrying out the processing of your data. This may be the ground when, for example, those data is necessary for: (i) preserving integrity of data and communications on the Website and protection of rights and interests of other Members; (ii) providing or improving our services, such as developing Interactive Features; (iii) fulfilling our regulatory and compliance obligations; (iv) detecting, and protecting against, breaches of our policies, contracts and applicable laws; or (v) establishing, exercising or defending our legal rights and interests. We can rely on this ground only to the extent that such legitimate interest is not overridden by your fundamental interests, rights, or freedoms.
(4) The processing is necessary for compliance with a legal obligation established by law. This is the case when we are required to produce to a law-enforcement agency any of your data in which case we will endeavor to inform you about such a request unless it is prohibited by applicable law.
8. Third Party Recipients of Data
Third Party Recipients. We may share your personal data with companies that provide services to support the Website activities to the extent those data are required for the performance of the relevant services to us. We do not sell your personal data to third parties that can process data for their own purposes. Most time your data are transferred in a way that may not allow the recipients to identify any particular data subjects because the data are encrypted or anonymized. The categories of recipients of your data may include webhosting (e.g., ChemiCloud), content management systems (e.g. WordPress), other online services, web developers, legal and other professional consultants.
Data processing agreements. If we engage a third party processor to process your personal data, the processor will be subject to binding contractual obligations as prescribed under Article 28 of the GDPR. Among others, the processer will have to: (i) process your personal data only on documented instructions from us; and (ii) implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks pertinent to such a processing. We will regularly conduct audits to make sure that these and other obligations of the processor are properly complied with.
Google Analytics and AdSense. Our websites use Google Analytics and AdSense, web analytics services provided by Google, Inc., USA. Those services may employ cookies which are used to generate information about your use of the Website (including your IP address). This information is then transmitted to and stored by Google. Google will use this information in aggregate form for the purpose of evaluating use of the Website, compiling reports on user activity and providing other services relating to websites activity and Internet usage. Google will not associate your IP address with any other data held by Google. For more information about Google’s privacy policies, please, visit http://www.google.com/analytics/
Other Global OSPs and Software Providers. We may utilize a range of globally recognized online services, including SaaS and cloud solutions, which may process your data in some form. Most of such providers have their storages and processing facilities in Europe so that your data do not leave the EU. Where they do not have such facilities or let data leave the EU, they are under obligation to comply with the GDPR. For information about compliance with applicable data protection laws you can find on the website of the OSPs and software providers.
9. International Data Transfers and Safeguards Employed
We may employ some of our contractors, more often developers with limited access to personal data, beyond the European Union, including in countries in respect of which the European Commission has not provided an adequacy decision pursuant to Article 45 of the GDPR. That means that sometimes, specifically to effectuate some administrative operations, we will transfer some of your data beyond the EEA for a limited time and limited purposes.
To make such transfers fully compliant with the GDPR, unless there is another compliance mechanism in place, we conclude with our contractors legally binding agreements based upon the EU Standard Contractual Clauses in accordance with Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council. You can request the copies of such agreements by e-mail directed to: firstname.lastname@example.org.
10. Direct marketing
We may send to you direct marketing communications, including Newsletters. Since we do not generally sell or offer to sell you any services or goods, except for special cases, such as with respect to Featured Events, most of such communications will be for informational, rather than marketing, purposes.
In most cases, we will send you such communications subject to your consent given to us at the registration of your account or later on. Yet, from time to time we may send you communications without such consent, specifically when you previously purchased “Featured Events”.
At all times, may choose to stop receiving our newsletters or other marketing or informational communications and withdraw your consent accordingly by following the unsubscribe instructions included in these emails or by sending us e-mail to: email@example.com.
11. Retention periods
Deletion or Anonymizing. Once the periods above have concluded, we will either permanently delete or destroy the relevant personal data, or anonymize them.
12. Rights of Data Subjects
Under the GDPR, you have a set of rights which may or may not be applicable to you depending on particular circumstances of your case, including the legal basis of processing of particular data:
Right of access. You may have the right to obtain from us confirmation as to whether or not your personal data are being processed, and access to those personal data and other relating information. You can exercise this right by reviewing information at your Member account. Alternatively, you can send us a request in accordance with the procedures stated below in this section.
Right to rectification. You may have the right to obtain from us the rectification of inaccurate personal data concerning you. You can exercise this right by updating information at your Member account. Alternatively, you can send us a request in accordance with the procedures stated below in this section.
Right to erasure. You may have right to obtain from us the erasure of personal data concerning you unless we are under a legal duty or have a legitimate ground to retain certain data. You can exercise this right by use of a special feature at your Member account, if available, or by sending us a request in accordance with the procedures stated below in this section.
Right restriction of processing. Under relevant conditions set out by the law, you may have the right to obtain from us restriction of processing of your data. You can exercise this right by sending us a request in accordance with the procedures stated below in this section.
Right to object to processing. You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. You can exercise this right by sending us a request in accordance with the procedures stated below in this section.
Right to data portability. You may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format as well as the right to transmit those data to another controller without hindrance. You can exercise this right by sending us a request in accordance with the procedures stated below in this section.
Right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint regarding our processing of your personal data with a data protection authority which can be any of the data protection authority of the EU Member State in which you live, or in which you work, or in which the alleged infringement occurred.
Contact Details for Request. With regard to any of the rights above, you can address us via a written request, accompanied with all necessary information, sent to the following address: Portner Media Limited, Ground Floor, Palace Court, Church Street, St. Julians, STJ 3049, Malta. Additionally, you can send us e-mail to: firstname.lastname@example.org.
Portner Media Limited
Ground Floor, Palace Court