PRIVACY POLICY

1. INTRODUCTION

Carbyn Sàrl (“Carbyn” or “we”) is committed to protecting your privacy and cares about data protection. This privacy policy (the “Privacy Policy”) governs the processing and transfer of Personal Data that we, Carbyn Sàrl, collect, store, use, process, etc. in connection with our website and services; it namely describes the type of Personal Data we may collect from our users and how we may use such data.

The core mission of Carbyn Sàrlis to provide privacy-oriented services. As such, we have designed our data collection and processing practices to prioritize user privacy and data protection. We process your Personal Data primarily to:

  • a) to provide you with our services;
  • b) to ensure that our services are working properly and prevent attempts to break in our systems or use your Personal Data improperly;
  • c) where there is a legal obligation imposed on us to do so.

By using Privie and our services, you agree to the processing (including collection, storage, use, archiving or destruction) of your Personal Data as described in this Policy as well as to our terms of service (the “Terms of Service”). Any significant changes to this Policy will be published on our website.

2. DATA COLLECTION

2.1. What type of data does Carbyn collect?

We collect personal data and non-personal data. These two types of data are described as follows:

  • Personal data (“Personal Data”): means all information relating to an identified or identifiable person, such as first and last name, email address, phone number and postal address, etc.
  • Non-personal data (“Non-Personal Data”): means all data that cannot be linked to a single identifiable individual or that do not allow the identification of a single individual.

Please note that Carbyn does not intentionally collect any data which constitutes “sensitive personal data” and we urge you not to share with us any Personal Data of this type. Sensitive personal data includes data on religious, ideological, political or trade union-related views or activities; health, the intimate sphere or the racial origin; social security measures; administrative or criminal proceedings and sanctions.

2.2. How does Carbyn collect Personal and Non-Personal Data?

Currently, we collect data in the following ways:

  • Direct provision by you when creating an account or using our services;
  • Secure forms on our website, each requiring explicit consent;
  • Direct communications for customer support.

2.3. For what purposes does Carbyn collect data?

Carbyn collects Personal Data from you only where:

  • (i) we have your consent to do so,
  • (ii) where we need your Personal Data to perform a contract with you (e.g. to deliver the services you have requested), or
  • (iii) where we are required to process (including collect, retain or share) such data under applicable laws.

In this respect, we mainly process and collect data for the following purposes:

Type of Personal DataPurpose of processing
Account Information (name, email, contact, details)Provision of our services (including customer/user service and support)
Information about your payment instrumentsPayment of our services, including sending you statements, invoices, and payment reminders.
Minimal Analytics DataService improvement (non-personal, aggregated data only)
Email addressesMarketing and communication

3. DATA PROTECTION MEASURES

3.1 Encryption and Security

All Personal Data collected by Carbyn Sàrl is encrypted using industry-standard encryption protocols. Importantly, the encryption keys are not held by any third-party database providers. This measure is implemented to protect user data from potential breaches of third- party systems.

3.2 Data Access and Storage

Access to Personal Data within our organization is strictly limited to personnel who require such access to provide our services. All such access is logged and regularly audited.

3.3 Analytics and Tracking

In line with our commitment to privacy, we utilize analytics tools that do not collect any Personal Data. These tools provide aggregated, anonymized data that cannot be used to identify individual users.

4. THIRD PARTIES AND SERVICE PROVIDERS

We limit our use of third-party service providers to those essential for delivering our services. When such use is necessary, we ensure that: a) Only the minimum required data is shared; b) Data is transmitted securely and in encrypted form; c) Service providers are bound by strict confidentiality and data protection agreements.

We do not sell, rent, or lease Personal Data to any third parties.

5. PERSONAL DATA CONTROL – DATA SUBJECT RIGHTS

Subject to the restrictions provided by law, you (as a data subject) have the following rights:

  • right to be informed by us on any processing of your Personal Data;
  • right to obtain a copy of your Personal Data (right of access);
  • right to rectification of any incorrect or no longer relevant Personal Data;
  • right to erasure of your Personal Data;
  • right to object to the processing of your Personal Data, including the right to withdraw your consent (please note however that withdrawing consent may mean that your costumer account will be removed, and you will no longer be able to use our services);
  • right to restrict the processing of your Personal Data;
  • right to receive a copy of your Personal Data in a structured, commonly used and machine-readable format (right to portability);
  • right for your Personal Data to be transferred directly to another data controller if technically feasible.

All these rights can be exercised by reaching out to the following e-mail address: contact@privie.io.

6. DATA RETENTION

We retain Personal Data only for as long as necessary to provide our services or comply with legal obligations. Once the purpose of data collection has been fulfilled, we securely delete or anonymize the data.

7. TRANSFER OF PERSONAL DATA

We keep your Personal Data on servers located in the European Union. However, we use service providers, who need to use certain Personal Data to help us provide you with our services and may keep the data in other countries, as well, including in the United States.

In particular, it is important to be aware that your data may be transferred to other countries in Europe and the United States where service providers we use are located (such asMicrosoft, Paddle). If we transfer data to a country without adequate data protection laws, we employ corresponding contracts to ensure an appropriate level of protection, as provided for by law, or rely on legal or statutory stipulations pertaining to consent, conclusion or performance of contract, overriding public interest, establishment, exercise or enforcement of legal claims, or published (generally accessible) personal data or because it is necessary for the protection of the integrity of the data subjects.

Please note that, by using Carbyn, you consent to any such transfer of data outside of your country.

8. CHANGES AND UPDATES

We reserve the right to amend this Privacy Policy at any time without prior notification. We will post modifications to this Privacy Policy on our website and will notify you via e-mail if you provided us with your e-mail address.

Substantial changes will take effect 14 days after they are posted. All other changes are effective as soon as they are published on our website (as stated “Last Updated” date), and your continued use of our website or services after the Last Updated date will constitute acceptance of, and agreement to be bound by, those changes.

9. BUSINESS TRANSACTION

We may assign or transfer this Privacy Policy, as well as data covered by this Policy, in the event of a merger, sale, change in control, or reorganization of all or part of our business.

10. CONTACT US If you have any question

If you have any question or concern, or wish to have any more information on how we process your data, your rights as a data subject or any other privacy issue, please contact us at: contact@privie.io