Privacy Policy
-
Terms used in the Privacy Policy
-
Affire – Limited liability company Affire, Reg. No. 40203568784, Location: RÄ«ga, Latvia.
-
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
-
Personal data – any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as the person’s name, surname, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
-
Personal data processing – any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, analysing, structuring,, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
-
Controller – a natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal data.
-
Processor – a natural or legal person, public institution , agency or any other structure which processes Personal data on behalf of the Controller.
-
User – a natural or legal person which uses Affire platform and is receiving Affire provider services, as well as any visitor of the website www.affire.ai.
-
Data subject – directly or indirectly identified or identifiable natural person, including all Affire Users, partners, and their indicated contact persons, guarantors or trustees.
-
-
General provisions
-
This is the privacy policy (henceforth – Privacy Policy) of Affire - internal rules, which are designed to provide information on Affire Personal data processing purposes, legal basis, scope, protection, processing and storage periods, Personal data recipients, and Data subject’s rights during data acquisition and processing.
-
Privacy Policy is applied to the protection of privacy and Personal data regarding:
-
natural persons, namely, Affire Users, as well as third parties, who, in the context of information provided by Data subjects during the provision of Affire services or cooperation have been identified as contact persons or trustees;
-
legal persons, if their name consists of a natural person’s Personal data or if by the legal person’s provided information it is possible to directly or indirectly identify a natural person.
-
-
Privacy policy applies to Personal data processing, regardless of the form and/or context in which the Data subject provides Personal data (in writing, orally, by telephone, through a website, in paper or by email, etc.), and in which Affire systems or forms they are processed.
-
-
Information about the Controller and provided services
-
The Controller is Affire: Limited liability company Affire, Reg. No. 40203568784, Location: RÄ«ga, Latvia, e-mail: team@affire.ai
-
For questions related to the Affire processing of Personal data, contact the Affire designated person for the processing of Personal data or send a message to the electronic mail address: team@affire.ai. By using this contact information, the Data subject may request information about the processing of their Personal data in accordance with article 11.2. of this Privacy policy.
-
-
Legal basis for Personal data processing
-
To process Personal Data, Affire must determine the purpose and legal basis for processing Personal Data.
-
Affire may process Personal Data on one of the six legal bases set out in Article 6 of the GDPR. Still, in practice, the following legal bases are the most commonly used:
-
consent of the Data Subject (Article 6(1)(a) GDPR);
-
the conclusion and performance of a contract (Article 6(1)(b) GDPR);
-
compliance with legal obligations imposed by external laws and regulations (Article 6(1)(c) GDPR);
-
the pursuit of legitimate interests of Affire (Article 6(1)(f) GDPR). In pursuing the legitimate interests of Affire, the interests of the company are weighed against the rights of the Data Subject before the processing of Personal Data is carried out so that the legitimate interests of Affire of a commercial nature do not conflict with the interests and freedoms of the Data Subject. This legal basis will be used, for example, to apply to public administration, law enforcement and judicial authorities to protect the company's legitimate interests. Data subjects shall be entitled at any time to request the suspension of such data processing in accordance with Section 11.1. of the Privacy policy.
-
-
The following table 1.1. reflects all the cases when Data subject's Personal data and other information provided by the Data subject may be stored and processed by Affire, which may be considered as Personal data in cases where it is possible to directly or indirectly identify the Data subject and are used for the following purposes:
Table 1.1.
-
-
The source for acquisition of Personal data
-
Data subject’s Personal data which are processed by Affire have been obtained from the following sources, in accordance with respective legal basis for processing Personal data as provided in Section 4 of the Privacy policy:
-
Personal data which are submitted by the Data subject himself when buying Affire services through Affire platform or carrying out communication with Affire representatives, namely, by using electronic mail, phone or any other remote communication channel;
-
Through the use of Affire platform, based on User’s chosen preferences of data source, which may include:
-
Using an internet browser extension to retrieve data on browser-based applications;
-
Enabling direct integrations with chosen applications to retrieve data for analytics purposes.
-
-
public registers, databases and publicly available information systems, for instance, public databases, such as, Register of Enterprises;
-
information provided by a third party, if receiving such information has been established by effective regulatory acts.
-
-
-
Personal data processing at Affire
-
Personal data shall be processed in good faith, lawfully and in a transparent manner for the Data subject, using the organizational, financial and technical resources reasonably available to Affire.
-
Personal data are obtained for specific, explicit and legitimate purposes and their further processing is not for unintended purposes or in a manner incompatible with provided purposes.
-
Personal data shall be stored in such a way that one may identify the Data subject for no longer than is necessary for the purposes for which the data were collected or processed. Storage periods of Affire Personal data are set forth in Section 10. of this Privacy Policy.
-
Personal data is acquired by adhering to the principle of minimization of data processing, which means that the data is adequate, relevant and contains only that which is necessary for the purposes of processing.
-
Affire ensures the accuracy of Personal data and, if necessary, Personal data is updated according to current information or deleted.
-
Personal data is processed in such a way as to ensure adequate security of Personal data, i.e., protection against unauthorised or unlawful processing, accidental loss, destruction or accidental damage.
-
To ensure the fulfilment of obligations with respect to the Data subject, Affire is entitled to attract and authorise outsourced service providers to perform separate activities on behalf of Affire. If, in the course of these tasks, Affire partners process the Data subject's data at the disposal of Affire, the relevant partners or service providers shall be considered as Processors of Personal data at the disposal of Affire, and Affire shall have the right to transfer the Personal data of the Data subject to the Processors to the extent necessary for the performance of delegated activities.
-
In cases where Affire authorises the Processors to perform a specific task, both Affire and the Processors shall ensure the protection of the processing of Personal data in accordance with the GDPR, and shall not use the Personal data for any other purpose than the fulfilment of contractual obligations in respect to the Data subject on behalf of Affire.
-
-
-
Processors of Personal data at the disposal of Affire
-
Information on the Personal Data of the Data Subject and the sub-processors of the Processors held by the Processors shall be provided by Affire upon receipt of the Data Subject's request in accordance with Section 11.2 of the Privacy Policy.
-
Affire Processors may include service providers, such as, an accounting firm to provide accounting services for Affire.
-
-
-
Protection of Personal data
-
Affire protects Data subject’s Personal data with the use of modern technology, taking into account the existing privacy risks and organisational, financial and technical resources reasonably available to Affire, including by the use of the following security measures:
-
Affire uses an SSL-security certificate in operation of the www.affire.ai Website, providing encrypted data transmission between the Data subject and the server on which the Affire internal IT systems are stored and Data subject's Data, which has been received through the Website;
-
grants rights of access to the internal IT systems and databases of Affire only to a limited number of persons employed by Affire;
-
provides access to the Affire work rooms only to employees employed by Affire;
-
uses firewalls and antivirus programs;
-
carries out regular and appropriate security checks against the occurrence of intentional attacks on information systems, databases, emails and servers maintained by Affire, and checks whether any leakage of data has occurred;
-
ensures that persons who work with Personal data in the possession of Affire are properly trained, as well as have received appropriate and clear instructions regarding the processing of Personal data, including security instructions included in the Privacy Policy;
-
ensure that no unauthorised or unlawful deletion, damage, loss, correction, processing, public disclosure or disclosure to third parties of Personal data is permitted;
-
ensures that all paper format documents and confidential information is stored in a restricted availability location.
-
-
-
Transfer of Personal data to third parties
-
www.affire.ai website, may place links to other websites, including websites of other Cooperation partners. Affire does not control and shall not be held responsible for the content provided by a third-party website or Personal Data collected by a third-party website. For more information, please visit the Cookie policy of Affire.
-
Personal data held by Affire is not transferred to third parties, except when:
-
the data transfer to the third party concerned is required within the framework of a contract to perform a contractual obligation or legal obligation delegated by law;
-
Data subject has given explicit, unambiguous consent to the transfer of its Personal data;
-
to disclose Personal data is the obligation of Affire to persons specified in regulatory enactments at their reasoned request, in accordance with the procedures and in the amount prescribed by regulatory enactments;
-
for the protection of Affire legitimate interests, for example, by applying to a court or other state institutions against a person who has infringed the Affire legitimate interests, or receiving legal consultation;
-
if it is necessary for the purpose of providing services, in cases such as where certain data might be needed to transfer for the functioning of platform, including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, maintenance or problem-solving providers, and payment systems operators.
-
-
In case it is necessary or decided to transfer Personal data to third parties outside the scope of any of the aforementioned exceptions, Affire shall assess the security level of protection and processing of Personal data by the third party, to ensure the highest possible protection of the Data subject’s information. Affire notifies Data Subjects of this change. Information on third parties who may receive Personal Data is available at request.
-
-
Personal data storage periods
-
Affire processes Personal data at its disposal for as long as the following conditions are met:
-
During the time when Data subject is receiving Affire provided services;
-
while the contractual relationship with the Data subject is in effect;
-
for as long as Personal data is required for the purpose for which they were received (for instance, when a recruitment process has finished, the CV’s of Data subject’s are deleted unless a consent from Data Subject is received for a longer storage period);
-
or as long as necessary to ensure the fulfilment of legitimate interests of Affire or the Data subject, such as the ability of Affire or the Data subject to file an objection or to bring an action in court, as a defendant – to defend their rights;
-
while one of the parties has a legal obligation to store the data, for example in accordance with the Labor Law, Civil Law or the law “On Accounting”.
-
-
When none of the conditions mentioned in Section 10.1. can no longer be applicable, Personal data is erased.
-
-
Rights of the Data subject to access their Personal data
-
The Data subject has the right to be informed about what Personal data is at Affire disposal in relation to the processing of Data subject’s Personal data, and to request access to, correction, replenishment or deletion of their Personal data, to limit the processing, and to object to the processing of Personal data based on the legitimate interests of Affire, as well as to exercise the right to data portability, to the extent that Affire is able to provide it technically.
-
The Data subject may submit a request for the exercise of his rights, by submitting a request for exercising Data subject’s rights to Affire e-mail addess: team@affire.ai.
-
Upon the receipt of the Data subject's request, Affire verifies the identity of the Data subject, evaluates the request and executes it in accordance with regulatory enactments.
-
Affire shall send a reply to the Data subject's e-mail address within 30 days of receipt of the Data Subject's request by the person responsible for the processing of Personal data, or through postal services by signed-for mail. If there is a need to clarify the information or carry out a more detailed investigation before answering, the response may take longer than 30 days, depending on the content of the request, but not more than 60 days.
-
In cases where Personal data is processed on the basis of regulatory acts, on a contractual basis, or in order to implement the legitimate interests of Affire a request for deletion of Personal data may not be implemented, which shall be communicated to the Data subject within 30 days after Affire responsible person for processing Personal data has received a request to delete the respective data. The answer is provided with a clear, unequivocal justification for why it is not possible to carry out the deletion of Personal data. Conversely, upon receipt of a reasonable request for the deletion of Personal data, an appropriate deletion of Personal data within 30 days of receipt of the Data subject's request shall be ensured.
-
Disputes related to the processing of Personal data shall be resolved through negotiations between the Data subject and Affire. If the Data subject considers that the processing of Personal data violates the person's rights and interests in accordance with the applicable laws and regulations, the Data subject has the right to file a complaint to Affire responsible person for processing Personal data by submitting a filled-in complaint form, or straight to the Data State Inspectorate of the Republic of Latvia.
-
-
Cookies
-
Affire informs that cookies are used to ensure the functioning of the www.affire.ai website as well to improve user experience and to obtain user statistics.
-
Cookies are small files stored on Data Subject devices. At the time the Data subject accesses Affire website, the system reads these cookies and adjusts the settings accordingly. Cookies can be compared to a key that Data subject’s browser requests for customised information. Cookies are also used for other functions, such as, for obtaining statistics.
-
The website may use the following cookies:
-
Necessary cookies: provides customised website operation according to the choices made by the Data subject, for instance, by saving the cookie policy approval. Cookies are required to enable the Data subject to take full advantage of the features of the website and to navigate the site. Without these cookies, it is impossible to provide the services offered by the site to the Data subject, they are essential for the functioning of the site
-
Preference and Statistics cookies: Cookies do not collect personal data, the information is anonymous. Remembers Data subject habits, such as the most visited pages and improves site performance, as well as analyses usage and other activities.
-
Marketing cookies: Used to place advertisements on a website that are related to the Data subject’s interests and Internet usage habits
-
-
Each cookie is given an expiry for the length of time it stores personal data and processes it. The cookie may also not have a specific running time, such cookie categories can be further subdivided into session and persistent cookies, which describe the nature and time of the cookie:
-
Session: session cookies are placed for the duration of the site visit and the information obtained is not stored longer than the site visit session.
-
Persistent: the information is placed and stored on the Data subject’s computer even after the site visit. The expiry time of storing the information may vary for each cookie.
-
-
The Data subject has the right to control the amount of cookies being placed on the Data subject’s device, namely, the Data subject has the right to disable cookies of the website that provide functions that are not related to the provision of the basic functions of the website, namely the necessary cookies.
-
Unwanted cookies may be blocked by blocking them through the Data subject’s browser and managing cookies, upon visiting www.affire.ai website and adjusting cookie settings. Information on disabling cookies in the most commonly used Internet browsers is available: https://www.aboutcookies.org/.
-
-
Type of cookies Affire uses in the website www.affire.ai:
-
-
Third party service providers used by Affire
-
Google Analytics
-
In order to help Affire better understand its visitors, Affire uses the services of Google Analytics web analytics platform, which stores a Google Analytics cookie, which, in combination with the code embedded in Affire Website, collects information about Data Subject visits and sends it to Google servers in the European Union. In turn, Affire accesses and analyses the obtained statistics and uses it to customise the Website accordingly to create a better user experience for Data Subjects. The information collected is anonymised before Google stores it on its servers.The information which can be collected is:
-
Browser type / version,
-
operating system used,
-
Referrer URL (the previously visited page),’
-
Host name of the accessing computer (IP address),
-
Time of the server request.
-
If the Data Subject does not wish Google Analytics to process their personal data in question, the Data Subject may deny the placement and analysis of such cookies by installing an Google Analytics Opt-out Program on the Data Subject’s device.
-
-
Wix
-
Affire website is hosted on the Wix.com platform. Wix.com provides Affire with the online platform that allows us to showcase our products and services to our Users. Data Subject’s data may be stored through Wix.com’s data storage, databases and the general Wix.com applications.
-
Wix uses cookies and collects Personal data for reasons, such as:
-
To provide a great experience for our visitors and customers.
-
To identify our registered members (users who registered to our site)
-
To monitor and analyse the performance, operation and effectiveness of Wix's platform.
-
To ensure this platform is secure and safe to use.
-
For more information on how Wix.com processes Personal data, visit: https://www.wix.com/about/privacy
-
-
-
Links to other sites and social networks
-
Affire Website may place links to other websites, including websites of clients or partners. Affire does not control and shall not be held responsible for the content provided by a third-party website or Personal Data collected by a third-party website.
-
Affire uses the following third-party service providers and social media networks that may collect Personal data upon visit:
-
Linkedin;
-
-
Affire informs that when any of the aforementioned websites or any other third-party website is visited, a privacy policy of the third-party website holder applies to the processing of Personal data of the Data subject. The Data subject is strongly advised to get acquainted with the policies provided by third parties under the privacy section of the respective website.
-
-
Other provisions
-
Affire constantly develops and improves its operations, rules on internal order and security, thus, the Privacy Policy may be changed or supplemented at any time.
-
The current version of the Privacy Policy is available to any Data subject electronically at www.affire.ai. Additionally, the current version of the Privacy Policy, as well as the previous versions are available upon request.
-