This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. According to EU law ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Privacy Policy
Introduction
Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.
General information
Controller of your personal data is: Lordicon Sp. z o.o. (limited liability company) with its registered office at ul. Podwale 62/313, 50-010 Wrocław, Poland, incorporated under the laws of Poland and registered in the companies register of the National Court Register held by District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Division of National Court Register (Sąd Rejonowy dla Wrocławia-Fabrycznej we Wrocławiu, VI Wydział Gospodarczy KRS) under (KRS) no. 0000975713, having EU VAT ID: PL8992927559 and the share capital in the amount of 40 000 PLN.
What personal information do we collect from the people that visit our website?
In most cases, we cannot identify you. Sometimes we can identify you if we gather or you provide us with more information. For instance, if your e-mail address contains your name and surname or high-profile pseudonym or you published your e-mail on the Internet with information that identifies you we will be able to connect it with other information about you. We collect information in multiple ways, including when you provide information directly to us; when we passively collect information from you, such as from your browser or device; and from third parties.
Information You Provide Directly to Us
We will collect any information you provide to us. We may collect information from you in a variety of ways, such as when you:
- (a) contact us or provide feedback,
- (b) subscribe to our newsletter (also in case of registration),
- (c) buy the icons,
- (d) create an account on the Platform, depending on the selected type of registration.
- When you (a) contact us or provide feedback we will process (includes gathering) data that is necessary for:
communicating with you [your consent (article 6 (1) (a) of EU General Data Protection Regulation) or your request of prior to entering into a contract article 6 (1) (b) of EU General Data Protection Regulation or for compliance with a legal obligation article 6 (1) (c) and articles 15-22 of EU General Data Protection Regulation for example response for your request based on General Data Protection Regulation],
seeking compensation of your actions or gathering information about infringement of the Terms and Conditions, processing your messages for giving context to your actions in future [purposes of the legitimate interests pursued by the controller - article 6 (1) (f) of EU General Data Protection Regulation].
This information includes your email address and may include text of your message or information put by you to your email address. We may also collect additional demographic and other information about you. The data will be kept for a period of limitation - 1 year since your last contact with us.
When you (b) subscribe to our newsletter we will process (includes gathering) your email (performance of a contract to which you are party article 6 (1) (b) of EU General Data Protection Regulation). The data will be processed for the duration of the newsletter, unless you unsubscribe earlier. However, unsubscribing from the newsletter does not mean deleting the data from the database. Your data will still be stored in the mailing system in order to defend against any claims related to sending the newsletter, in particular, to demonstrate a concluded contract with regard to receiving the newsletter by you, which states legitimate interest referred to in article 6 (1) (f) of the GDPR.
When you (c) buy the icons we will process your data including a name, surname and address of residence (if you are a consumer) or company/business name, including your legal form, an address of the registered office or business address and TAX/VAT ID (if you run a business activity) and payment data (without credit card details) to perform the contract -article 6 (1) (b) of EU General Data Protection Regulation. We may also use this data to: communicate with you, seeking compensation of your actions, gathering information about infringement of the Terms and Conditions or looking for context to your actions in future [purposes of the legitimate interests pursued by the controller - article 6 (1) (f) of EU General Data Protection Regulation]. The data will be kept for a period of limitation - 5 years since the last day of the year of your purchase (article 118 § 1 of Polish Act of 29 September 1997 r. - Tax ordinance).
When you (d) create an account on the Platform, depending on the selected type of registration, you provide us with your personal data contained in the registration form you filled out or personal data contained in your profile in a social medium. We can also need a scan of the relevant document confirming your identity, in that case we immediately delete it after we confirm your data. The data provided to us when registering on the Platform and setting up an account is processed in order to provide you with electronic services (Article 6 (1) (b) of the GDPR) and to protect against claims related to the use of the Platform (Article 6 (1) (f) of the GDPR). The above data may be processed until the claims related to the use of the Platform are time-barred.
Information that Is Automatically Collected
Device/Usage Information
We may automatically collect certain information about the computer or devices (including mobile devices or tablets) you use to access the Services. As described further below, we may collect and analyze (a) device information such as IP addresses, location information (by country and city), unique device identifiers, IMEI and TCP/IP address, browser types, browser language, operating system, mobile device carrier information, and (b) information related to the ways in which you interact with the services, such as referring and exit web pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, statistical information about the use of the Services, the amount of time spent on particular pages, the date and time you used the services, the frequency of your use of the Services, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
Cookies and Other Tracking Technologies
We also collect data about your use of the services through the use of Internet server logs and on-line tracking technologies, like cookies and/or tracking pixels. A web server log is a file where website activity is stored.
A cookie is a small text file that is placed on your computer when you visit a website, that enables us to:
- (a) recognize your computer;
- (b) store your preferences and settings;
- (c) understand the web pages of the Services you have visited and the referral sites that have led you to our Services;
- (d) enhance your user experience by delivering content specific to your inferred interests;
- (e) perform searches and analytics;
- (f) assist with security administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, on-line ads and/or email, and that are designed to provide usage information like ad impressions or clicks, measure popularity of the Services and associated advertising, and to access user cookies. We may also use tracking technologies in our license buttons and/or icons that you can embed on other sites/services to track the website addresses where they are embedded, gauge user interaction with them, and determine the number of unique viewers of them. If you receive email from us (such as the newsletter), we may use certain analytics tools, such as clear GIFs, to capture data such as whether you open our message, click on any links or banners our email contains, or otherwise interact with what we send. This data allows us to gauge the effectiveness of our communications and marketing campaigns. As we adopt additional technologies, we may also gather additional information through other methods.
We use our own analytical cookies to be provided with analytical and statistical information about your use of the site. This usage data (including geolocation data) is not anonymous but assigned to your Account in our database. It is not visible to anyone apart from Lordicon (it means no third-parties have access to such data). We use it to make Users profiles to better understand your preferences e.g. we can send you educational information regarding implementing and displaying icons so you can better use them for your own purposes. This data IS NOT and WILL BE NOT used to send any personalized commercial information. The use of such cookies is based on our legitimate interest in improving user experience when visiting our site or using our products and/or Services (Article 6 (1) (f) of the GDPR). All the data is stored on our servers for the duration of the User’s Account ownership and after the deletion of the account it shall be anonymized so it cannot be related to the User anymore.
Facebook Pixel. We use the marketing tools provided by Facebook Inc., as part of which we can target Facebook ads to you. The Facebook Pixel service implemented on the Platform enables us to automatically collect anonymous information about your use of the Platform’s subdomains. Detailed information on how Facebook uses user data for its own purposes is available at: https://www.facebook.com/privacy/explanation. The use of Facebook Pixel is based on our legitimate interest in the form of marketing our own products and services (Article 6 (1) (f) of the GDPR).
Google Analytics. Our website uses cookies that can be read by the Google LLC IT system (third party cookies) in connection with our use of Google Analytics. Google Analytics is an online tool for analyzing website statistics that automatically collects information about your use of the Platform. We do not identify Platform’s users with this software, and its use is only for statistical purposes. Detailed information on how Google uses user data is available at: https://policies.google.com/technologies/partner-sites.
We have activated IP anonymization. Your IP address is shortened before forwarding. Only in exceptional cases the full IP address is transferred to the Google LLC server in the USA and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is, as a rule, not combined with other Google LLC data.
During the first visit to the Platform, you are shown information about the use of cookies. You can prevent the recording of the data collected by cookies regarding your use of the Platform, as well as the processing of this data, by installing the browser plug-in at the following address: https://tools.google.com/dlpage/gaoptout.
If you are interested in details related to data processing under Google Analytics, you can read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.
Some cookies are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and make it possible to recognize your browser the next time you visit the website (persistent cookies).
The use of both types of cookies when collecting personal data is based on our legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the proper operation of the Platform, the creation of statistics and their analysis in order to optimize the Platform.
User and event data related to cookies are stored by Google Analytics on Analytics servers for a period of 50 (fifty) months. After the end of the period, the stored data will be automatically deleted once a month.
Due to the use of the services of Google LLC based in California, USA and Facebook, Inc. based in California, USA your data may be transferred to the United States of America (USA) in connection with its storage on American servers. These entities use the compliance mechanisms provided for by the GDPR, such as standard contractual clauses, in order to ensure an adequate level of personal data protection required by European regulations. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the services. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since the browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If users disable cookies in their browser:
If you turn cookies off it will turn off some of the features of the site. Google and others Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We, along with third-party vendors such as Google and Paddle.com Market Limited with its registered office at 15 Briery Close, Great Oakley, Corby, Northamptonshire NN18 8 JG, United Kingdom, Paddle Payments Limited with its registered office at Core B, Block 71, The Plaza, Park West, Dublin 12, Ireland and Paddle.com Inc with its registered office at 3811 Ditmars Blvd, 1071 Astoria, NY 11105-1803, all operating on the site: https://paddle.com/ (hereinafter as: Paddle) use first-party cookies (such as the Google Analytics cookies) and third-party cookies for purpose of site traffic analytics (Google, Paddle) and technical availability of payment.
Opting out: Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
Information from Third Parties
We may also collect information about you or others through third parties. To the extent permitted by law, we may also collect information from third parties, including public sources, social media platforms, and marketing and market research firms. Depending on the source, this information collected from third parties could include name, contact information, demographic information, information about an individual’s employer, information to verify identity or trustworthiness, and information for other fraud or safety protection purposes.
We do use third party cookies and we do use third party services on our website that send cookies to the users.
We especially gather from Paddle specific information about your payments to Paddle for marketing analysis, contact with you and settlement with Paddle.
This information includes:
- any refunds that have been issued, notification if you contacted your bank (another entity) and requested a charge-back for your purchase,
- your messages directed to Paddle connected with our products.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To Provide and improve the services, including to develop new features or services, promote Lordicon collaboration, take steps to secure the services, and for technical and customer support;
- To improve our website in order to better serve you.
- To send periodic emails regarding your order or other products and services.
- To fulfill the purposes for which you provided it;
- To process purchases of services;
- To send you information about your relationship or transactions with us, account alerts, or other communications, such as newsletters to which you have subscribed;
- To process and respond to your inquiries or to request your feedback;
- To conduct analytics, research, and reporting, including to synthesize and derive insights from your use of our services;
- To comply with the law and protect the safety, rights, property, or security of Lordicon, the services, our users, and the general public; and
- To enforce our Terms and Conditions including investigating potential violations thereof.
Please note that we may combine information that we collect from you and about you (including automatically collected information) with information we obtain about you from our affiliates and/or non-affiliated third parties, and use such combined information in accordance with this Privacy Policy.
We may aggregate and/or de-identify information collected through the services. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes.
Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information. We provide your Personally Identifiable Information determined on your Account to the payment provider. Please note that all supplied sensitive/credit Information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the Information confidential. After a transaction, your private Information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
If you subscribe to the newsletter during logging or registration on Lordicon's Platform, we provide your email address to Peaberry Software Inc. managing https://customer.io/ domain and SendGrid, Inc. managing https://sendgrid.com/ domain.
We may also process information for legitimate interests of our users and business partners.
- Legal Compliance. We may need to use and disclose information in certain ways to comply with our legal obligations.
- Consent. Where required by law, and in some other cases where legally permissible, we handle information on the basis of consent. Where we handle your information on the basis of consent, you have the right to withdraw your consent; in accordance with applicable law. Providing information based on your consent is freely given.
Third-party links
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
What are your rights?
You have following rights provided by the GDPR:
The right to be informed - Lordicon has published this privacy policy to keep You informed of what Lordicon does with Your personal data.
The right of access - You have the right to access Your personal data and to request a copy of it.
The right to rectification - You have the right to rectify Your personal data by contacting Lordicon through the use of the contact details provided in this privacy policy.
The right to erasure (“the right to be forgotten”) - In some circumstances You have the right to erasure of Your personal data without undue delay. Those circumstances include situations when: the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; Your consent withdrawal to consent-based processing; the processing is for direct marketing purposes; and the personal data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
The right to restriction of processing - In some circumstances You have the right to restrict the processing of your personal data. Those circumstances are the following: Your contest of the accuracy of the personal data; processing is unlawful but You oppose erasure; Lordicon no longer needs the personal data for the purposes of the processing, but You require personal data for the establishment, exercise or defense of legal claims; and You have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, Lordicon may continue to store Your personal data. However, Lordicon will only otherwise process it: with Your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
The right to personal data portability - Lordicon must allow You to obtain and reuse Your personal data for Your own purposes across Services in a safe and secure way without it affecting the usability of Your personal data. This right only applies to personal data that You have provided to Lordicon as the data controller. The personal data must be held by Lordicon by consent or for the performance of the Terms and Conditions and the processing has to be carried out by automated means.
The right to object - In certain circumstances, You have the right to object to the processing of Your personal data where, for example, Your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for Lordicon to continue to process Your personal data, or if Your personal data is being processed for direct marketing purposes.
The right to withdraw consent - If You have given Lordicon consent to process Your personal data, You have the right to withdraw Your consent at any time, and Lordicon has to stop processing the data unless Lordicon has other legal grounds for processing the personal data. The withdrawal of consent does not affect the compliance of the processing which was made on its basis before the withdrawal of consent.
The right to complain to a Supervisory Authority - You have the right to lodge a complaint with the relevant Supervisory Authority in particular if You feel that Lordicon has not responded to requests to solve a problem regarding data protection.
The contact data of the Supervisory Authority of the Lordicon is as follows:
Bureau of the President of the Personal Data Protection Office (PUODO) Address: Stawki 2, 00-193 Warszawa (Poland) Telephone: (+48 22) 531 03 00
Please contact us if you wish to exercise your right e.g. you want your Account to be deleted or you want to unsubscribe from the newsletter (please go to the “Contact us” section at the end of this privacy policy).
How do we protect your information?
We outsource processing of your data to specialized entities (Paddle, Peaberry Software Inc). We use only temporary files for viewing content provided by those entities.
We do not use vulnerability scanning and/or scanning to PCI standards. In this context, we also use only secure cloud servers, including AWS cloud – a secure, private cloud platform. Amazon Web Services is our processor. AWS Amazon cloud platform uses various security technologies and procedures to protect personal data and is compliant with third-party assurance frameworks such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, PCI DSS Level 1, and SOC 1, SOC 2, and SOC 3. For more details please see AWS Amazon security and privacy policy at www.aws.amazon.com. We use SSL and a regular Malware Scanning.
California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA, we agree to the following:
- Users can visit our site anonymously.
- Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.
- Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.
You will be notified of any Privacy Policy changes: On our Privacy Policy Page or if you are a registered user and have an account in the Platform also by direct email (2 weeks prior coming into force).
Can change and send request connected with your personal information: By emailing us
How does our site handle Do Not Track signals? We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking? It’s also important to note that we allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
Do we let third-parties, including ad networks or plug-ins collect PII from children under 13?
We do not specifically market to children under the age of 18 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in lie with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to: Send information, respond to inquiries, and/or other requests or questions Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following: Not use false or misleading subjects or email addresses. Identify the message as an advertisement in some reasonable way. Include the physical address of our business or site headquarters. Monitor third-party email marketing services for compliance, if one is used. Honor opt-out/unsubscribe requests quickly. Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails: Follow the instructions at the bottom of each email. and we will promptly remove you from ALL correspondence.
Contact Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
Lordicon Sp. z o.o.
ul. Podwale 62/313, 50-010 Wrocław, Poland
(KRS) no. 0000975713 EU VAT ID: PL8992927559
Phone number: +48 733 927 559
Email address: hi@lordicon.com
March 16th, 2024