Our Use of Personal Information
On this website onlineprivacyreviews.com, we may be in a position to receive and process personal information relating to you. As the controller of this information, we provide this Privacy Policy to explain our approach to personal information.
We intend only to process personal information fairly and transparently as required by data protection law, including the General Data Protection Regulation (GDPR). In particular, before obtaining information from you, we intend to alert you to this Privacy Policy and let you know how we want to process the information. And (unless the processing is necessary for at least one of the 5 reasons outlined in clause 2 below) we will only process the information if you consent to that processing. The GDPR also defines specific special categories of personal information that are considered more sensitive. These categories require a higher level of protection, as explained below.
Users may be subject to different protection standards, and broader standards may apply to some. Users can refer to the applicability section to learn more about the protection criteria.
This document contains a section dedicated to Californian consumers and their privacy rights.
This document contains a section dedicated to Brazilian users and their privacy rights.
Of course, you may browse parts of this website without providing any information about yourself and without accepting cookies. In that case, it is unlikely we will possess and process any information relating to you. This Privacy Policy will set out the conditions we must satisfy before processing your data. However, you may wish to skip to the Policy Summary Section, which summarizes the use of our cookies.
This Privacy Policy also explains some of the security measures we take to protect your personal information and tells you certain things we will or won’t do.
Sometimes, when you take a new service or product from us or discuss taking a new service or product but decide against it, we might wish to provide you with further information about similar services or products by email or other written, electronic communication. In that situation, we will always allow you to refuse to receive that further information, or if you change your mind, please let us know. We will endeavor to remind you of your right to opt out on each occasion that we provide such information.
Policy Summary
Personal Data collected for the following purposes and using the following services:
Full Privacy Policy
1. Identity and contact details
Online Privacy Reviews – 9/307, Moo 1, Nong Han, San Sai 50290 – Thailand
Owner contact email: contact@onlineprivacyreviews.com
By visiting this link: https://onlineprivacyreviews.com/contact-online-privacy-reviews
2. When allowed to collect information from you
We will only collect personal information relating to you if one of the following conditions have been satisfied:
- You have told us that you consent to collect that information for a specific purpose or purposes that we have specified.
- The processing is necessary to perform a contract that we have with you.
- The processing is necessary so that we can comply with the law.
- The processing is necessary to protect someone’s life.
- The processing is necessary for performing a task that is in the public interest.
- The processing is necessary for our or another’s legitimate interest – but in this case, we will balance those interests against your interests.
3. How to consent
- At the point of collecting the information, we will endeavor to explain how we intend to use the information and which of these purposes apply. If we rely on consent, we will provide you with the opportunity to tell us that you are happy to provide the information.
- If at any point in time you change your mind and decide that you don’t consent, please let us know. We will endeavor to stop processing your information in a specified manner, or we will delete your data if there is no continuing reason for possessing it.
- If you don’t consent to a particular bit of processing, we will endeavor to ensure that the website and our service continue to operate without the need for that information.
Sensitive information
Certain information we collect may be considered special categories of personal information. If we collect such information as specified in clause 4.1, we will also ensure that one of the additional reasons for processing outlined in Article 9 of the GDPR applies.
4. Information we expect to collect from you
4.1 We envisage asking for the following types of information from you:
Information
Website traffic
Purpose and related details
We ask this to gather anonymous visitor stats using Publytics
Justification
Visitor statistics
4.2 We may collect personal information about you from several sources, including the following:
- From you when you agree to take a service or product from us, in which case this may include your contact details, date of birth, how you will pay for the product or service, and your bank details.
- From you when you contact us with an inquiry or in response to a communication from us, in which case, this may tell us something about how you use our services.
- From documents available to the public, such as the electoral register.
- From third parties to whom you have provided information with your consent to pass it on to other organizations or persons – when we receive such information, we will let you know as soon as it is reasonably practicable.
4.3 If you refuse to provide the information requested, then if that information is necessary for a service we provide to you, we may need to stop providing that service.
4.4 At the time of collecting information, by whichever method is used, we will endeavor to alert you and inform you about our purposes and legal basis for processing that information, as well as whether we intend to share the information with anyone else or send it outside of the European Economic Area. If you think we have invited you to provide information without explaining why feel free to object and ask for our reasons.
5. Using your personal information
5.1 Data protection, privacy, and security are important to us, and we shall only use your personal information for specified purposes. We shall not keep such personal information longer than is necessary to fulfill these purposes. The following are examples of such purposes. We have also indicated below which GDPR justification applies. However, it will depend on the circumstances of each case. At the time of collecting, we will provide further information, and you may always ask for details from us:
- To help us to identify you when you contact us. This will typically be necessary for the performance of our contract.
- To help us to identify accounts, services, or products that you could have from selected partners or us from time to time. We may do this by automatic means using a scoring system, which uses the personal information you have provided or any information we hold about you and personal information from third-party agencies (including credit reference agencies). We will only use your information for this purpose if you agree to it.
- To help us administer and contact you about improved administration of any accounts, services, and products we have provided before, do provide now or will or may provide in the future. This will often be necessary, but sometimes the improvements will not be required, in which case we will ask whether you agree.
- To allow us to conduct marketing analysis and customer profiling (including transactional information), conduct research, and create statistical and testing information. This will sometimes require that you consent but will sometimes be exempt as market research.
- To help to prevent and detect fraud or loss. This will only be done in certain circumstances when we consider it necessary or the law requires it.
- To allow us to contact you by written, electronic means (such as email, text or multimedia messages) about products and services offered by us where:
- these products are similar to those you have already purchased from us,
- you are given the opportunity to opt-out of being contacted by us at the time we originally collected your personal information and at the time of our subsequent communications with you, and
- you have not opted out of us contacting you.
- To allow us to contact you in any way (including mail, email, telephone, visit, text, or multimedia messages) about our products and services and selected partners where you have expressly consented to us doing so.
- To keep you up to date with our member benefit scheme under which, as part of your membership benefits, we will give you membership information and details of discounts and offers we negotiate from time to time on behalf of our members. We will only do this if you have told us that you would like this benefit.
- We may monitor and record communications with you (including phone conversations and emails) for quality assurance and compliance.
- Before doing that, we will always tell you our intentions and the specific purpose of making the recording. Sometimes such recordings will be necessary to comply with the law. Alternatively, sometimes the recording will be required for our legitimate interest, but in that case, we will only record the call if our interest outweighs yours. This will depend on all the circumstances, particularly the importance of the information and whether we can obtain the information in another less intrusive way.
- If we think the recording would be helpful to us but that it is not necessary, we will ask whether you consent to the recording and provide an option for you to tell us that you consent. In those situations, if you don’t consent, the call will either automatically end or will not be recorded.
- When required by law, we will check your details with fraud prevention agencies. If you provide false or inaccurate information and suspect fraud, we intend to record this.
5.2 We will not disclose your personal information to any third-party except under this Privacy Policy, and in particular in these circumstances:
- They will be processing the data on our behalf as a data processor (where we will be the data controller). In that situation, we will always have a contract with the data processor as set out in the GDPR. This contract provides significant restrictions as to how the data processor operates so that you can be confident your data is protected to the same degree as provided in this Privacy Policy.
- Sometimes, it might be necessary to share data with another data controller; we will always tell you before doing that. Note that if we receive information about you from a third party, then as soon as reasonably practicable afterward, we will let you know; the GDPR requires that.
- Alternatively, sometimes we might consider it in your interest to send your information to a third party. We will always ask whether you agree before sending if that is the case.
5.3 Where you give us personal information on behalf of someone else, you confirm that you have provided them with the information set out in this Privacy Policy and that they have not objected to such use of their personal information.
5.4 In connection with any transaction which we enter into with you:
- We may carry out one or more credit checks where you have given us your express consent.
- We may carry out one or more fraud prevention checks with licensed fraud prevention agencies.
- They and we may keep a record of the search. Information held about you by these agencies may be linked to records relating to other people living at the same address with whom you are financially linked. These records may also be taken into account in credit and fraud prevention checks. Information from your account’s application and payment details will be recorded with one or more of these agencies. It may be shared with other organizations to help make credit and insurance decisions about your household members with whom you are financially linked and for debt collection and fraud prevention. This includes those who have moved house and who have missed payments.
- If you provide false or inaccurate information to us and we suspect fraud, we will record this and may share it with other people and organizations. We and additional credit and insurance organizations may also use technology to detect and prevent fraud.
- If you need details of those credit agencies and fraud prevention agencies from which we obtain and with which we record information about you, please write to our Data Protection Officer as detailed in clause 1.
- We may need to transmit the payment and delivery information provided by you during the order process to obtain authorization from your bank or PayPal.
5.5 We may allow other people and organizations to use the personal information we hold about you in the following circumstances:
- If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets.
- If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
- We may employ companies and individuals to perform functions on our behalf. We may disclose your personal information to these parties for the purposes set out above, for example, for fulfilling orders, delivering packages, sending postal mail and email, removing repetitive information from customer lists, analyzing data, providing marketing assistance, providing search results, and links (including paid listings and links), processing credit and debit card payments and providing customer service. Strict contractual provisions will bind those parties with us and will only have access to personal information needed to perform their functions, and they may not use it for any other purpose. Further, they must process the personal information under this Privacy Policy and as permitted by the GDPR. From time to time, these other people and organizations to whom we may pass your personal information may be outside the European Economic Area. We will take all steps reasonably necessary to ensure that your personal information is treated securely per this Privacy Policy and the GDPR.
6. Protecting information
- We have strict security measures to protect personal information.
- We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software to encrypt the information you input.
- We reveal only the last five digits of your credit card numbers when confirming an order. Of course, x we transmit the entire credit card number to the appropriate credit card company during order processing.
- We maintain physical, electronic, and procedural safeguards to collect, store, and disclose personally identifiable customer information. Our security procedures mean that we may occasionally request identity proof before disclosing personal information to you.
- You need to protect against unauthorized access to your password and your computer. Be sure to sign off when you finish using a shared computer.
- The lawful basis of collecting this information is the Terms and Conditions of Business.
7. The internet
- If you communicate with us using the internet, we may occasionally email you about our services and products. When you first give us personal information through the website, we will typically give you the opportunity to say whether you would prefer that we don’t contact you by email. You can also always send us an email (at the address set out below) at any time if you change your mind.
- Please remember that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless encrypted. Your communications may go through several countries before they are delivered – this is the nature of the internet. We cannot accept responsibility for unauthorized access or loss of personal information beyond our control. We exclude all liability for loss that you may incur when interacting with these third-party websites.
8. Cookies and other internet tracking technology
8.1 When we provide services, we want to make them easy, helpful, and reliable. This sometimes involves placing small amounts of information on your computer, which is sent back to us at a later time. These are called cookies. These cookies are listed in the table in clause 8.5. Some websites don’t use cookies but use related technology for gaining information about website users, such as JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to measure the effectiveness of their ads and to personalize advertising content. Multiple cookies may be found in a single file, depending on which browser you use.
8.2 Where applicable, this section of the Privacy Policy also relates to that technology, but the term cookie is used throughout.
8.3 Some of these cookies are essential to the services you have requested from us, whereas others are used to improve services for you, for example, through:
- Letting you navigate between pages efficiently
- Enabling a service to recognize your computer, so you don’t have to give the same information during one task
- Recognising that you have already given a username and password, so you don’t need to enter it for every web page requested
- Measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast
8.4 To learn more about cookies, you may wish to visit: www.allaboutcookies.org, www.youronlinechoices.eu or www.google.com/policies/technologies/cookies/
8.5 This website uses or allows the use of the following cookies:
8.6 The distinctions referred to in the above table are as follows:
- First-party versus third-party cookies – we set first-party cookies ourselves; other entities set third-party cookies via our website.
- Session versus persistent cookies – session cookies only persist for the duration of that visit; persistent cookies last for longer
- Categories 1-4 are found in the ICO UK Cookie guide, as explained below. Category 1 cookies don’t require the user’s consent, though you must still tell them about the cookies. Categories 2-4 do require their specific and informed consent.
8.7 As with any other information we may collect from you, we will work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software to encrypt the information you input.
8.8 The website may include third-party advertising and links to third-party websites. We do not provide any personally identifiable customer personal information to these third-party advertisers or third-party websites except where you have consented under this Privacy Policy. However, as to cookies, please see the above clause Cookies and other internet tracking technology.
9. Information for Californian consumers
This part of the document integrates with and supplements the information contained in the rest of the Privacy Policy and is provided by the business running this website and, if the case may be, its parent, subsidiaries, and affiliates (for this section referred to collectively as we, us, our).
The provisions contained in this section apply to all users who are consumers residing in the state of California, United States of America, according to The California Consumer Privacy Act of 2018. (Users are referred to below, simply as you, your, yours), and, for such consumers, these provisions supersede any other possibly divergent or conflicting provisions contained in the Privacy Policy.
This part of the document uses the term personal information defined in The California Consumer Privacy Act (CCPA).
Categories of personal information collected, disclosed or sold
This section summarizes the categories of personal information that we have collected, disclosed or sold and the purposes thereof. You can read about these activities in detail in section 8. Cookies and other internet tracking technology within this document.
Information we collect: the categories of personal information we collect
We have collected the following categories of personal information about you: identifiers and internet information.
We will not collect additional categories of personal information without notifying you.
How we collect information: what are the sources of the personal information we collect?
We collect the categories as mentioned above of personal information directly or indirectly from you when you use this website.
For example, you directly provide your personal information when submitting requests via any form on this website. You also provide personal information indirectly when you navigate this website, as personal information about you is automatically observed and collected. Finally, we may collect your personal information from third parties that work with us in connection with the service or with the functioning of this website and features thereof.
How we use the information we collect: sharing and disclosing of your personal information with third parties for a business purpose
We may disclose the personal information we collect about you to a third party for business purposes. In this case, we enter a written agreement with such a third party that requires the recipient to keep the personal information confidential and not use it for any purpose(s) other than those necessary for the performance of the agreement.
We may also disclose your personal information to third parties when you explicitly ask or authorize us to do so in order to provide you with our service.
To find out more about the purposes of processing, please refer to the relevant section of this document.
Sale of your personal information
For our purposes, the word sale means any selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic means, a consumer’s personal information by the business to another business or a third party, for monetary or other valuable consideration.
This means that, for example, a sale can happen whenever an application runs ads, or makes statistical analyses on the traffic or views, or simply because it uses tools such as social network plugins and the like.
Your right to opt-out of the sale of personal information
You have the right to opt out of the sale of your personal information. This means that we will abide by your request whenever you request us to stop selling your data. Such requests can be made freely, at any time, without submitting any verifiable request simply by following the instructions below.
Instructions to opt out of the sale of personal information
If you would like to know more or exercise your right to opt-out regarding all the sales carried out by this website, both online and offline, you can contact us for further information using the contact details provided in this document.
What are the purposes for which we use your personal information?
We may use your personal information to allow the operational functioning of this website and features thereof (business purposes). In such cases, your personal information will be processed in a fashion necessary and proportionate to the business purpose for which it was collected and strictly within the limits of compatible operational purposes.
We may also use your personal information for other reasons such as for commercial purposes (as indicated within section 8. Cookies and other internet tracking technology within this document), as well as for complying with the law and defending our rights before the competent authorities where our rights and interests are threatened, or we suffer actual damage.
We will not use your personal information for different, unrelated, or incompatible purposes without notifying you.
Your California privacy rights and how to exercise them
The right to know and to portability
You have the right to request that we disclose to you:
- the categories and sources of the personal information that we collect about you, the purposes for which we use your information and with whom such information is shared;
- in case of sale of personal information or disclosure for a business purpose, two separate lists where we disclose:
- for sales, the personal information categories purchased by each category of recipient; and
- for disclosures for a business purpose, the personal information categories obtained by each category of recipient.
The disclosure described above will be limited to the personal information collected or used over the past 12 months.
If we deliver our response electronically, the information enclosed will be portable, i.e., delivered in a readily usable format to enable you to transmit the information to another entity without hindrance – provided that this is technically feasible.
The right to request the deletion of your personal information
You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as including but not limited to, where the information is used to identify and repair errors on this website, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights, etc.).
If no legal exception applies, we will delete your personal information and direct any of our service providers to do so as a result of exercising your right.
How to exercise your rights
To exercise the rights described above, you need to submit your verifiable request by contacting us via the details provided in this document.
To respond to your request, we must know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:
- provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
- describe your request with sufficient detail that allows us to understand, evaluate, and respond to it appropriately.
We will not respond to any request if we cannot verify your identity and therefore confirm that the personal information in our possession actually relates to you.
If you cannot personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.
If you are an adult, you can make a verifiable request on behalf of a minor under your parental authority.
You can submit a maximum number of 2 requests over a period of 12 months.
How and when we are expected to handle your request
We will confirm receipt of your verifiable request within 10 days and provide information about how we will process your request.
We will respond to your request within 45 days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to 90 days to fulfill your request.
Our disclosure(s) will cover the preceding 12 month period.
Should we deny your request, we will explain to you the reasons behind our denial.
We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. We may charge a reasonable fee or refuse to act on the request in such cases. In either case, we will communicate our choices and explain the reasons behind them.
10. Information for users residing in Brazil
This part of the document integrates with and supplements the information contained in the rest of the Privacy Policy and is provided by the entity running this website and, if the case may be, its parent, subsidiaries, and affiliates (for this section referred to collectively as we, us, our).
The provisions contained in this section apply to all users who reside in Brazil, according to the Lei Geral de Proteção de Dados. (Users are referred to below, simply as you, your, yours). These provisions supersede any other possibly divergent or conflicting provisions contained in the Privacy Policy for such users.
This part of the document uses the term personal information as it is defined in the Lei Geral de Proteção de Dados (LGPD).
The grounds on which we process your personal information
We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows:
- your consent to the relevant processing activities;
- compliance with a legal or regulatory obligation that lies with us;
- the carrying out of public policies provided in laws or regulations or based on contracts, agreements, and similar legal instruments;
- studies conducted by research entities, preferably carried out on anonymized personal information;
- the carrying out of a contract and its preliminary procedures, in cases where you are a party to said contract;
- the exercising of our rights in judicial, administrative or arbitration procedures;
- protection or physical safety of yourself or a third party;
- the protection of health – in procedures carried out by health entities or professionals;
- our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests; and
- credit protection.
To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.
Categories of personal information processed
To find out what categories of your personal information are processed, you can read the section titled 8. Cookies and other internet tracking technology within this document.
Why we process your personal information
To find out why we process your personal information, you can read the sections titled 5. Using your personal information and 8. Cookies and other internet tracking technology within this document.
Your Brazilian privacy rights, how to file a request and our response to your requests
You have the right to:
- obtain confirmation of the existence of processing activities on your personal information;
- access to your personal information;
- have incomplete, inaccurate or outdated personal information rectified;
- obtain the anonymization, blocking, or elimination of your unnecessary or excessive personal information, or of information that is not being processed in compliance with the LGPD;
- obtain information on the possibility to provide or deny your consent and the consequences thereof;
- obtain information about the third parties with whom we share your personal information;
- obtain, upon your express request, the portability of your personal information (except for anonymized information) to another service or product provider, provided that our commercial and industrial secrets are safeguarded;
- obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions are provided for in art. 16 of the LGPD apply;
- revoke your consent at any time;
- lodge a complaint related to your personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies;
- oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law;
- request clear and adequate information regarding the criteria and procedures used for an automated decision; and
- request the review of decisions made solely based on the automated processing of your personal information, which affects your interests. These include decisions to define your personal, professional, consumer, and credit profile or aspects of your personality.
You will never be discriminated against or otherwise suffer any detriment if you exercise your rights.
How to file your request
You can file your express request to exercise your rights free from any charge, at any time, by using the contact details provided in this document or via your legal representative.
How and when we will respond to your request
We will strive to respond to your requests promptly. In any case, should it be impossible for us to do so, we will make sure to communicate to you the factual or legal reasons that prevent us from immediately or otherwise ever complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests if we are in the position to do so.
If you file an access or personal information processing confirmation request, please make sure that you specify whether you would like your personal information to be delivered in electronic or printed form.
You will also need to let us know whether you want us to answer your request immediately, in which case we will respond in a simplified fashion or if you need a complete disclosure instead.
In the latter case, we will respond within 15 days from the time of your request, providing you with all the information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing, and the purposes of the processing, while safeguarding our commercial and industrial secrets.
If you file a rectification, deletion, anonymization, or personal information blocking request, we will make sure to immediately communicate your request to other parties with whom we have shared your personal information to enable such third parties to also comply with your request – except in cases where such communication is proven impossible or involves a disproportionate effort on our side.
Transfer of personal information outside of Brazil permitted by the law
We are allowed to transfer your personal information outside of the Brazilian territory in the following cases:
- when the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, according to the legal means provided by the international law;
- when the transfer is necessary to protect your life or physical security or those of a third party;
- when the ANPD authorizes the transfer;
- when the transfer results from a commitment undertaken in an international cooperation agreement;
- when the transfer is necessary for the execution of a public policy or legal attribution of public service;
- when the transfer is necessary for compliance with a legal or regulatory obligation, the carrying out of a contract or preliminary procedures related to a contract, or the regular exercise of rights in judicial, administrative, or arbitration procedures.
11. Further information
11.1 If you would like any more information or comments about this Privacy Policy, please write to us as detailed in clause 1. Identity and contact details.
11.2 Please note that we may have to amend this Privacy Policy on occasion, for example, if we change the cookies that we use. We will publish the amended version on the website if we do that. We will endeavor to alert you to the change in that situation, but it is also your responsibility to check regularly to determine whether this Privacy Policy has changed.
11.3 You can ask us for a copy of this Privacy Policy by writing to the above address or emailing us at contact@onlineprivacyreviews.com. This Privacy Policy applies to the personal information we hold about individuals. It does not apply to information we hold about companies and other organizations.
11.4 If you would like access to the personal information that we hold about you, you can do this by emailing us at contact@onlineprivacyreviews.com or writing to us at the address noted above. There is not usually a fee for such a request. However, if the request is unfounded, repetitive, or excessive, we may request a fee or refuse to comply with your request. You can also ask us to send the personal information we hold about you to another controller.
11.5 We aim to keep the personal information we hold about you accurate and up to date. If you tell us that we are holding any inaccurate or incomplete personal information about you, we will promptly amend, complete, or delete it accordingly. Please email us at contact@onlineprivacyreviews.com or write to us at the address above to update your personal information. You have the right to complain to the Information Commissioner’s Office if we don’t do this.
11.6 You can ask us to delete the personal information we hold about you if we relied on your consent to retain that information or if it is no longer necessary. You can also restrict or object to our processing of your personal information in certain circumstances. You can do this by emailing us at contact@onlineprivacyreviews.com or writing to us at the address noted above.
11.7 We will tell you if there is a breach, or a likely breach, of your data protection rights.
________________________________________
Last updated: 7 April 2024