PRIVACY POLICY AT IT CRAFT

This page outlines the policies and guidelines for information processing and protection implemented by IT Craft ensuring compliance with the GDPR.

  • PeakFactory
  • Adorama
  • Nandos
  • Fielodne
  • flexwise
  • Diamonds
  • RocketRoute

Last update: 25.03.2024

As the operator of this website, IT Craft takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection rules, as outlined in this Privacy Policy. In this document, when we refer to data, we specifically mean personal data as defined by the General Data Protection Regulation or: a) the DSAnpUG-Eu (Act to Adapt Data Protection Law, new BDSG) for IT Craft YSA GmbH contracts & the website visitors related to IT Craft YSA GmbH; b) the PDPA (Personal Data Protection Act) for ITCraftIntl OU contracts & the website visitors related to ITCraftIntl OU.

CONTACT INFORMATION

IT Craft YSA GmbH:

Data Protection Officer: Norair Yesaian

Phone: +49 302 178 8747

E-Mail: dpo.itcraft.ysa.gmbh@itechcraft.com

Further as “IT Craft” (for IT Craft YSA GmbH contracts & the website visitors related to IT Craft YSA GmbH).


ITCraftIntl OU:

Data Protection Officer: Norair Yesaian

Phone: +49 302 178 8747

E-Mail: dpo@itcraft.ee

Further as “IT Craft” (for ITCraftIntl OU contracts & the website visitors related to ITCraftIntl OU).

DATA PROCESSING AND ITS PURPOSES

Below outlines the purposes for which IT Craft processes your personal data and the rationale behind these processing activities.

  1. Website Browsing and Usage: 
    Purpose: To improve your experience on our website, analyze website traffic, and understand user behavior to optimize our website's functionality and content. 
    Legal Basis: Legitimate interests in enhancing website functionality and user experience.

  2. Provision of Services
    Purpose: To perform the services requested by our clients, including but not limited to software development, IT consulting, and technical support. 
    Legal Basis: Performance of a contract and taking necessary steps at the request of the data subject prior to entering into a contract.

  3. Communication and Customer Support
    Purpose: To communicate with you regarding our services, and any customer support inquiries or feedback. 
    Legal Basis: Legitimate interests in providing efficient customer support and necessary communication for the performance of a contract.

  4. Marketing and Promotions: 
    Purpose: To send you marketing communications, newsletters, and promotional offers that may be of interest, based on your preferences and behavior. 
    Legal Basis: Consent until you unsubscribe (Click here to opt-out), or legitimate interests in promoting our services in a manner that is respectful of your privacy rights and expectations.

  5. Security and Fraud Prevention: 
    Purpose: To ensure the security of our services, protect against unauthorized access, detect and prevent fraud, and ensure compliance with our terms of service and legal obligations. 
    Legal Basis: Compliance with legal obligations and our legitimate interests in protecting our business and our clients.

  6. Compliance with Legal Obligations: 
    Purpose: To comply with legal obligations, such as tax laws, data protection regulations, and other applicable legislation. 
    Legal Basis: Compliance with legal obligations to which we are subject.

  7. Research and Development: 
    Purpose: To conduct research and development activities to improve our existing services and develop new offerings, based on the analysis of usage trends and feedback. 
    Legal Basis: Legitimate interests in innovating and enhancing our service offerings.

  8. Feedback and Surveys: 
    Purpose: To collect feedback on our services and conduct surveys to understand your needs and preferences, aiming to enhance service quality and client satisfaction. 
    Legal Basis: Consent (where required by law) or legitimate interests in improving our services and understanding client preferences.

CATEGORIES OF PERSONAL DATA PROCESSED

This section outlines the categories of personal data we collect and process.

  1. Identity Information: e.g. salutation, first name, last name.

  2. Contact Informatione.g. address, email address, telephone number.

  3. Professional Information: e.g. company details, position, role, department, job title, branch of industry, other information and records created as a result of your contact with IT Craft.

  4. Financial Information: e.g. bank account and credit card details, billing and invoice information, payment methods.

  5. Technical data: e.g. IP address, date and time of inquiry, access status/http status code, browser, operating system and its interface, language and browser software version.

STORAGE PERIOD OF PERSONAL DATA

The retention period for personal data is determined by the necessity to fulfill contractual obligations, comply with legal and regulatory mandates, and serve the purposes outlined above. Personal data necessary for the performance and execution of a contractual relationship are retained in accordance with mandatory retention periods required by commercial and tax law or for the duration specified in a contract. 

SECURITY OF PERSONAL DATA

We implement technical and organizational measures to protect your information from unauthorized access, alteration, loss, or disclosure. Key aspects of our data security approach include:

  • Encryption of all data transmitted over the Internet to ensure its safety during both transmission and when updating our databases.

  • Access to personal data is strictly limited to a selected group of authorized personnel, who are obligated by confidentiality commitments and permitted to access data solely for explicit, designated purposes.

  • Continuous monitoring of our IT systems to swiftly identify and mitigate any potential misuse or security threats.

Despite our rigorous security measures and routine checks, it is important to acknowledge that no system can guarantee absolute security against all potential threats. However, IT Craft is dedicated to continuously improving our security protocols and promptly addressing any vulnerabilities to ensure the highest level of protection for your personal data.

DATA SHARING 

We do not share or disclose any of your personal data without your consent, except as outlined in this Privacy Policy or when legally obligated. For the provision of services and business functions, we engage third-party service providers and our affiliates. Nonetheless, any processors working under our direction process your data strictly following our instructions, adhering to the guidelines of this Privacy Policy, and fully complying with data protection legislation and other relevant confidentiality and security standards.

INTERNATIONAL DATA TRANSFERS

Personal data may be transferred to locations outside of the EU. We commit to protecting the personal data with suitable safeguards, which may include any of the following: 

  • The receiving country is recognized by the European Commission as having an adequate level of personal data protection. 

  • The service provider has agreed to contractual obligations that are necessary and detailed under relevant data protection legislation.

AGE RESTRICTIONS 

In compliance with applicable laws, we restrict the use of our services and website to individuals aged 18 and above. Should you discover that someone under the age of 18 has improperly furnished us with personal data, please get in touch with us, and we will undertake actions to remove such data.

COOKIES AND TRACKING TECHNOLOGIES

We use cookies and other tracking technologies on our website for a number of purposes, including enhancing your user experience, checking load balancing, determining the popularity of content, analyzing website traffic and trends, and supporting our marketing activities. These technologies help us understand the online behavior of individuals who interact with our website. Please read more about our Cookie Policy and how you can manage your cookie preferences: https://itechcraft.com/cookie-policy/.

SERVER-SIDE ANALYTICS

We use server-side analytics to collect anonymous data about the usage of our website. The data collected includes metrics such as bounce rate, session duration, time on page, and other similar metrics. The data is collected solely for the purpose of improving the functionality and content of our website and is not used for profiling. This data helps us understand how users interact with our website, allowing us to make informed decisions about website enhancements and content improvements.

All data collected through our server-side analytics is completely anonymous. We ensure that this data cannot be used to identify individual users. We employ strict security measures to protect all collected data and comply with all applicable data protection laws and regulations.

RIGHTS OF THE DATA SUBJECT

In accordance with the GDPR, you are entitled to the following rights in particular:

Right of access (Art. 15 GDPR)

You may request information about the personal data we hold on you at any time. This information includes, but is not limited to, the categories of data we've processed, the purposes for processing this data, the source of the data if it was not collected directly from you, and, if applicable, the recipients to whom your data has been shared. You are entitled to a free copy of your data. If you are interested in obtaining additional copies, we reserve the right to charge you accordingly.

Right to rectification (Art. 16 GDPR)

You have the right to request the rectification of your personal data. This includes correcting any incorrect data and completing any incomplete data, considering the purposes of processing. We will implement appropriate actions to ensure that the information we maintain and process about you remains accurate, comprehensive, and current, reflecting the latest information at our disposal.

Right to erasure (‘right to be forgotten’) (Art. 17 GDPR)

You have the right to request that your data be deleted, assuming legal conditions justify such an action. This may be possible under Art. 17 GDPR in situations where:

  • The data is no longer necessary for the purposes for which it was originally collected or processed. 

  • You withdraw your consent, which was the basis for the data processing, and there is no other legal ground for processing.

  • You challenge the processing of your data and no compelling legitimate reasons for the processing exist, or you oppose the processing of data for direct marketing purposes.

  • The data has been unlawfully processed.

  • The data have to be erased for compliance with a legal obligation.

Right to restriction of processing (Art. 18 GDPR)

You may require us to restrict the processing of your data if one of the following conditions is met:

  • You contest the accuracy of the data for the duration needed for us to confirm its accuracy.

  • The processing is unauthorized, yet you opt against the deletion of your data, requesting instead that its usage be limited.

  • Your data is no longer required by us, but you require it for the establishment, exercise, or defense of legal claims;

  • You have raised an objection to the processing pending the determination of whether our legitimate grounds override your own.

Right to data portability (Art. 20 GDPR)

Upon your request, we can move your data to a different controller, provided it is technically feasible. This right is available to you exclusively when the processing of your data is contingent upon your consent or required for the fulfillment of a contract. Instead of obtaining a copy of your data, you have the option to request that we directly transfer the data to another controller of your choosing.

Right to object (Art. 21 GDPR)

You have the right to object the processing of your data at any moment due to circumstances specific to your situation, particularly if the processing relies on your consent, our legitimate interests, or those of a third party. Should you do so, we will cease processing your data. However, this cessation will not occur if we can demonstrate significant legitimate grounds for the processing that supersede your interests, or if your data is necessary for us to assert, pursue, or protect legal claims.

Right to withdraw consent (Art. 7 GDPR)

When our processing of your personal data is based on your consent, you have the right to withdraw that consent at any moment. Revoking your consent will not impact the legality of the processing that occurred prior to your withdrawal. Should you decide to withdraw your consent, it might render us unable to deliver certain services to you. In such instances, we will inform you of this when you retract your consent.

AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING

Every individual subjected to the processing of personal data is entitled to not be subject to a decision that relies solely on automated processing, including profiling, which has a significant impact or legal effect on them. 

As a responsible company, we do not rely on automated decision-making or profiling.

FULFILLMENT OF DATA SUBJECT RIGHTS

Should you wish to exercise your rights, you are welcome to reach out to our Data Protection Officer using the contact details provided above. We endeavor to address all requests within 30 days, though the timeframe may need extension based on the intricacies of your request or the specific rights involved.

Under specific circumstances, legal obligations may prevent us from disclosing all the information we hold about your data. Should we need to deny your request for information under these conditions, we will provide you with an explanation for the refusal at that time.

FILING COMPLAINTS WITH REGULATORY AUTHORITIES 

IT Craft deeply values your rights and grievances. Nonetheless, should you feel that we have not sufficiently resolved your complaints or issues, you have the right to lodge a complaint with an appropriate data protection regulatory authority.

Our clients
say

Go back