I. General provisions and definitions
2. The terms listed below have the meanings assigned to them in the Regulation (EU) 2016/679 (General Data Protection Regulation) and the accompanying Policy:
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Controller means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or the other applicable law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Data subject is an identified or identifiable natural person who can be identified, directly or indirectly, based on particular information representing personal data;
3. KUDO acknowledges the privacy of natural persons and makes efforts to protect them against any unlawful processing of their personal data. KUDO applies the relevant technical and organisational measures to protect the personal data of natural persons in accordance with the effective legislation.
II. Processing of personal data
4. KUDO, in its capacity as controller/processor of personal data, processes personal data in a manner that ensures appropriate level of security, including protection against unauthorised or illegal processing and against accidental loss, destruction or damage, while applying suitable technical and / or organisational measures in compliance with the following principles:
(a) lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”)
(b) data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“appropriateness in the processing of personal data and purpose limitation”)
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”)
(d) accurate and kept up to date
(e) limitation of the storage for periods not longer than necessary for the purposes for which they are processed (“storage limitation”)
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
5. KUDO processes personal data only if and to the extent at least one of the conditions listed below shall apply:
(a) Processing is required for the performance of an agreement with the KUDO under which the data subject is party or to undertake steps at the request of the data subject prior to the signing of an agreement with the KUDO.
(b) Processing is required for compliance with a legal obligation which applies to the KUDO in its capacity as controller/processor of personal data.
(c) the data subject has given consent for the processing of their personal data for one or more specific purposes. In the cases when personal data are processed solely on the grounds of consent, the data subject has the right to withdraw such consent at any time. Withdrawal of the consent of the data subject is not applicable in the cases when the processing of the data is based on the provisions of items “a” and “b” above.
6. KUDO, in its capacity as controller/processor, does not process personal data which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data solely for the purpose of identification of the natural person, data concerning health or data concerning sex life or sex orientation of the natural person unless the data subject have given an explicit consent for the processing of such data for one or more specific purposes.
According to CalOPPA, we agree to the following:
- Users can visit our site anonymously.
You can change your personal information by logging in to your account.
8. Children Online Privacy Protection Act – When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years.
9. CAN-SPAM Act – The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
KUDO collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org. You can also follow the instructions at the bottom of each email. After that and we will promptly remove you from ALL correspondence.
III. Purpose of personal data processing
10. Type of purpose
KUDO collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, create an account or enter information on our site.
KUDO may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, use the apps, or use certain other site features in the following ways:
- To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
- To improve our website or app in order to better serve you.
- To allow us to respond more accurately to your customer service requests.
- To quickly process your transactions.
- To send periodic emails regarding your order or other products and services.
- To follow up with them after correspondence (live chat, email or phone inquiries).
Based on your direct marketing preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. You can opt-out of our marketing communications at any time.
We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission.
KUDO may process the following data types – names, display names, e-mails.
IV. Rights of the data subjects (customers – natural persons whom the data relates to)
11. Right to information (in relation to the processing of the data subject’s personal data by the KUDO – the natural persons that are data subjects have the right to receive information* as to the KUDO as personal data controller/processor, as well as the processing of their personal data.
12. Right of access to own personal data – the data subjects have the right to receive from the KUDO confirmation as to whether personal data related to them are processed and if so, to be given access to the data and the following information: purpose of the processing; respective personal data categories; personal data recipients or categories of recipients, if any; the intention of the controller to transmit personal data to a third party (where applicable); personal data storage period; existence of the right to correct personal data, as well as the right to object against the processing of personal data; existence of automated decision making, including profiling (if any); information as to all rights that the data subject has; the right to file a complaint with the supervision authority.
13. Right to rectification of personal data (if data is not accurate) – the data subject has the right to request the KUDO to rectify, without undue delay, any incorrect data pertaining to the data subject.
14. Right to erasure of personal data (right “to be forgotten”) – the data subject may request from the KUDO to erase personal data, if any of the conditions listed below exist:
- Personal data are no longer needed for the purposes they have been collected for or processed otherwise;
- The data subject withdraws his / her consent, which data processing is solely based on, and no other legal grounds for the processing exist (processing due to regulatory obligation of the KUDO, an agreement signed with the KUDO);
- The data subject objects against the processing and no legal grounds for the processing exist that prevail;
- The personal data were processed unlawfully;
- The personal data should be erased in order to comply with a legal obligation under the European Union law or the other applicable law which apply to the KUDO in its capacity as personal data controller;
- The personal data have been collected in relation to the offering of information society services to children and consent was given by the holder of parental responsibilities for the child.
15. Right to limitation of processing by the KUDO or by the personal data processor – specific conditions are required to be in place for that right to be exercised, namely:
- Accuracy / up to date nature of the data is disputed by the data subject. In this case the limitation of the processing is over a period allowing the KUDO to check the accuracy of the personal data;
- The processing is unlawful, but the data subjects do not wish their personal data to be erased, but rather require limitation of their use;
- The KUDO no longer needs such personal data for processing purposes, but the data subject requires them for establishing, exercising or defending legal claims;
- The data subject has objected to the processing while awaiting a check to be performed whether the KUDO ‘s legal grounds prevail over the interests of the data subject.
16. Right to transferability (data portability) of the personal data between the various controllers – the data subjects have the right to receive personal data pertaining to them, which they have provided to the KUDO in a structured, widely used and machine readable format and have the right to transfer such data to another controller without hindrance by the KUDO to which personal data has been provided, when processing is based on consent or contractual obligation and the processing is automated. When exercising the right to transferability the data subject has the right to receive also direct transfer of the personal data from the KUDO to another controller, where technically feasible.
17. Right to object against the processing of their personal data – data subjects have the right to object before the KUDO against the processing of their personal data, whereby the KUDO shall cease such processing, unless KUDO is able to prove that compelling legitimate grounds for the processing exist that override the interests, rights and freedoms of the data subject, or for the establishment, exercising or defence of legal claims. In case of objection against the processing of personal data for direct marketing purposes the KUDO shall cease such processing forthwith.
18. The data subject also has the right not to be subject to decision based solely on automated processing, including profiling, which ensues legal consequences for the data subject or significantly affects the data subject otherwise.
19. Right to defence through judicial or administrative procedure if the data subject’s rights have been breached – if the data subjects decide that their right to personal data protection and privacy has been violated, they may file a complaint with the relevant supervision authority – or to file a claim with the court to defend their rights.
V. Disclosure of personal data
20. KUDO may disclose the personal data to the following categories of persons:
- The persons whom the data relate to, namely: persons using KUDO services or products, or persons filing a request to use KUDO services, as well as persons who are party to KUDO and / or other transactions and contractual relations with the KUDO;
- Persons that have right to access to personal data by virtue of law or another regulation;
- Persons as to whom the right to disclosure is stipulated in an agreement signed with the KUDO.
VI. Exercise the rights
21. (1) In exercising their right to access natural persons have the right to request from KUDO at any time:
1. Confirmation as to whether data related to them are processed by the KUDO, the purpose of the processing, the data category and recipients of such data or the categories of recipients’ data is disclosed to;
2. To send them a message in an understandable format, containing the personal data subject to processing and any information available as to the source of such data;
3. Information as to the logic of any automated processing of personal data pertaining to natural persons, at least in the case of automated decisions under the provisions of the General Data Protection Regulation
(2) Upon request KUDO provides the information under paragraph 1 free of charge.
(3) Natural persons have the right to request at any time that KUDO:
1. erases, rectifies or blocks their personal data the processing of which is not compliant with the requirements of the effective legislation
2. notifies the third parties to which the personal data of the natural persons have been disclosed as to any erasure, rectification or blocking in accordance with item 1 above, except when this proves to be impossible or would involve a disproportionate effort.
22. (1) Natural persons exercise their rights by filing a written request (by e-mail) to the KUDO, containing as a minimum the following information:
1. name, personal ID number, address and other data allowing identification of the respective natural person;
2. description of the request;
3. Signature, date, correspondence address and telephone number.
(2) The filing of the request is free of charge.
(3) Upon filing of a request by an authorised person, the notarised power of attorney must be attached to the request.
(4) In case of death of the natural person, his / her rights are exercised by his / her heirs and certificate of heirs shall be attached to the request.
23. The KUDO shall review and pronounce on the request within 1 month as of its filing. This period may be extended by further two months, if necessary. The KUDO informs the data subject as to any such extension within 1 month as of receipt of the request, stating the reasons for the delay. When the data subject files a request by electronic means, the information is provided electronically, if possible, unless the data subject has requested otherwise.
24. The KUDO provides an answer to the requesting person taking into account their preferred form for the provision of the information (orally or in writing – as a hard copy of electronically).
25. Where data do not exist or their provision is forbidden by law, access of the requesting party to such data is refused.
26. If the requesting party is not satisfied with the response received and / or believes that their rights related to personal data protection were violated, they are entitled to exercise their right to defence.
VII. Information for the data subject
Contact details with KUDO
- Name: KUDO Inc
- Address: 225 W.35th Street, 16th New York NY 10001
- Manager: Parham Akhavan
- E-mail: email@example.com
- Telephone: +1 347 943 9056
- Internet site: https://www.kudoway.com
Contact details with Data Protection Officer (Response person for GDPR):
- Name: Parham Akhavan
- E-mail: firstname.lastname@example.org