Privacy & Data Protection Policy

The following Policy applies at Extilum as of 01.08.2020. and replaces any previous version of this Policy.

1. Handling of personal data

The customer’s right to privacy is of great importance to Extilum. Extilum recognizes that when a customer chooses to provide Extilum with personal information and data, the customer places confidence in our ability to handle customer privacy in a responsible manner.

This Privacy & Data Protection Policy explains how information about you is collected, used and disclosed by Extilum when you use our website and other online products and services (collectively, the “Services”) or when you otherwise interact with us. It will also be the foundation you need to authorise when we start processing personal data on our systems.

We may amend this Policy from time to time. If we make changes, we will revise the date at the top of the notice and, depending on the specific amendments, we may provide you with additional notice. We encourage you to review the Privacy, Product & Data Protection Policy whenever you access our Services to stay informed about our information practices and the ways you can help protect your privacy.

1.1 Extilum acting as data controller and data processor

Extilum acts as data controller for you as our customer, and for any personal information you provide upon registering to and using our service. We have the responsibility as data controller for this information.

If you store personal information on our servers, Extilum will act as data processor for this information only in exceptional cases as we normally do not access the data stored on your websites or servers nor do we process them in any way.

Note that if you only use our services for processing of personal data for purely personal or household activities and you are a natural individual then the EU Privacy Regulation does not apply to you and you do not need a DPA.

We encourage you to keep your personal details updated.

The customer can help Extilum improve the effectiveness and quality of service by keeping Extilum notified of any changes to the customer’s name, address, phone number or email address. The customer can do this by updating the customer’s personal details when logged into the customer’s Extilum Client area.

2. Collection of personal data

2.1 Collection at purchase

When you make a purchase with Extilum, Extilum will collect the following information:

  • Name
  • Surname
  • Address
  • Email
  • Phone number

When you wish to register a certain top-level domains, we may require further identification like your Personal identification number to be able to register the domain on your behalf.

You can help Extilum keep your personal information accurate by logging in to the Extilum Client area. We advise you to do so every time your personal details change.

2.2 Other collection

When you access or use our Services, we may automatically collect information about you, including:

  • Log Information: we log information about your use of our Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
  • Device information: we collect information about the device you use to access our Services, including information about the device’s software and hardware, Media Access Control (“MAC”) address and other unique device identifiers, device token, mobile network information and time zone.
  • Usage information: we collect information relating to your use of our Services, including which applications you use.
  • Consumption information: we collect information about your consumption habits relating to your use of our Services, including which purchases you make.
  • Information collected by cookies and other tracking technologies: we use various technologies to collect information and this may include sending cookies to your device. Cookies are small data files stored on your device’s hard drive or in device memory that help us to improve our Services and your experience and see which areas and features of our Services are popular. Please refer to our “6. Cookies” section for further information.
  • Information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.
  • We also collect other information you provide directly to us, such as when you participate in a contest and promotion, request customer support, send us an email or otherwise interact with us. The types of information we may collect about you include your name, email address and any other information you choose to provide.
  • We may also obtain information from other sources and combine that with information we collect through our Services. We may also collect information from app stores when you download or update one of our applications.

If you are ordering on behalf of a company/legal entity then this privacy notice applies when we collect personal data on you as a contact person.

3. Use of personal data

We may use information about you for various purposes, including to:

  • Provide, maintain and improve our current Services;
  • Develop new Services;
  • Respond to your comments, questions and requests and provide customer service and support;
  • Send you technical notices, updates, security alerts and support and administrative messages;
  • Communicate with you about products, services, offers, promotions and events offered by Extilum and others, and provide news and information we think will be of interest to you;
  • Improve our Services
  • Personalize and tailor advertisements, content or features to you personally -so called profiling and behavioural marketing;
  • Process and deliver contests and rewards;
  • Monitor and analyse trends, usage and activities relating to our Services;
  • Link or combine with information we get from others to help understand your needs and provide you with better service; and
  • Carry out any other purpose for which the information was collected.

We may share information about you as follows or as otherwise described in this Privacy Notice:

  • In response to a request for information if we believe disclosure is in accordance with any applicable legal requirement;
  • If we believe your actions are inconsistent with the spirit or language of our terms or policies, or to protect the rights, property and safety of Extilum or others;
  • To report abuse or clearly illegal activity
  • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company;
  • We also may share aggregated information or otherwise anonymized information, which cannot reasonably be used to identify you.
  • Our Services may offer social sharing features and other integrated tools (such as the Facebook “Like button”), which let you share actions you take on our Services with other media, and vice versa. The use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing relating to social sharing features, please visit the privacy policies of the entities that provide these features.
  • We may allow third parties to serve advertisements and provide analytics services relating to our Services. These entities may use cookies, web beacons and other tracing technologies to collect information about your use of our Services, including your IP address, MAC address, device identifiers, software and hardware information, browser information, time zone and usage information. This information may be used by Extilum and others to, among other things, analyse and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests and better understand your activity on our Services. Third-party analytics technologies are integrated into our Services, so if you do not want to be subjected to these technologies, do not use or access our Services. Our Services may also integrate third party Application Program Interfaces (APIs), which allow others to collect and process information about you, including your geolocation information, to provide you with tailored advertisements, offers and other content. You have the ability to control the collection and use of your geolocation information at all times. You may disable location based services at any time by adjusting the settings of your device.

4. Recipients of your personal data

“Your personal data” are the data we collect about you upon purchase (as described in section 2.1) and other collection (as described in section 2.2.).

4.1 Disclosure to other Extilum entities

We disclose your personal data to recipients, which we collaborate with when we use your personal data as described in section 3. This includes (i) our support centers located in Croatia, (ii) our server parks located in Croatia and Sweden and (iii) system operations activities in Sweden and Croatia. These recipients process your data on some occasions. Our support centers process your data (customer data), when it is necessary to provide support to you and only after you have provided explicit consent. Our data centers are the place where we host the data you place on our your web sites.

4.2 Disclosure to Extilum’s collaborating partners

In case of sharing personal data with the company’s contract partner who is not covered by the sales contract, the buyer’s written permission / consent will be requested. Check our Terms of Service for rules and regulation when purchasing third party products and domains.

4.3 Disclosure to domain name authorities

As part of our obligations as a domain name registrar, Extilum is required to provide certain information to naming authorities around the world about customers who register domain names at Extilum. This information will vary according to the guidelines from the domain name authority. As a general rule, the data we provide includes your contact details (name and address), but may also include your email, telephone number and personal identification number. The relevant naming authority may make such information available for the public through open, accessible directories of domain name owners, so called WHOIS.

At Extilum’s request, the customer is obliged to present his/her valid identification documents, or other documents that Extilum may consider necessary for certain domains.

4.4 Disclosure of data to courts or authorities

Your data (customer data) is any information you have placed on your web space at Extilum, for example emails, internet pages, photos and database content. Extilum does not form any opinion or perform any legal review of your data (the customer data) on your web space account. We refer to our Terms of Service for further info on disclosure to courts and/or authorities.

5. Deletion of personal data

We will delete your personal data when we no longer needed to process them in relation to one or more of the purposes set out above.

Generally, we will store your personal data for as long as there is still an active subscription and when required to deliver the service and support. Otherwise we may store your personal data for up to 8 weeks, longer if legal requirements demand us to do so. All accounting related data is stored for as long as it is required according to the law of the country where company is registered.

However, the data may be processed and stored for a longer period in anonymized form in order for us to improve the service.

6. Cookies

We use cookies on our website. When you visit Extilum’s website, we store cookies on your device.

6.1 Cookies for statistics

On our websites we use cookies in an aggregate form for statistical purposes. It gives us e.g. opportunity to get an overview of how many people visit the different sections of our website, so we can make it as user friendly as possible.

Cookies make Extilum able to track information during the domain name registration and the package sign-up process. These cookies do not track personal information. Information Extilum may track includes:

  • The customer’s Internet Protocol address
  • Browser version or computer operating system used by the customer
  • Number of links the customer click within the website
  • State or country from which the customer accessed the site
  • Date and time of the customer’s visit
  • Name of the customer’s Internet service provider
  • Web page the customer came from when visiting our website
  • Pages the customer viewed on the site

We use statistics to improve the usability and the information in the statistics are anonymous and will not be linked to you as a user.

6.2 Cookies for advertising purposes

On our websites we may use cookies for advertising purposes. We use first-party cookies and third party cookies.

Extilum and third-party vendors, use first-party cookies and third-party cookies together (1) to inform, optimize, and serve ads based on someone’s past visits to the website and (2) to report how ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our websites.

Client area, webmail and web applications that prompt you as a user to log in with username and password, do not use third party cookies.

If you don’t want us to set cookies, please disable cookies in your browser. This will reduce the usability of the site significantly.

Extilum does not know (and have no interest in knowing) the identity behind the visitors on our websites.

7. Security

We have implemented security measures to ensure that our internal procedures meet our high security policy standards. Accordingly, we strive to protect the quality and integrity of your personal data. This includes encryption of data and use of pseudonymization or anonymization whenever applicable.

It also includes physical and logical access control, backup, logs, encrypted communications and other measures to mitigate risks.

8. Customer data policy

8.1 Customer Data

By Customer data is meant any information the customer has placed on his/her web space at Extilum, for example emails, internet pages, photos and database content.

8.2 The Customer’s Data on the Account

Registration of a domain through Extilum makes the customer the owner of the domain. The customer maintains all rights to the content that the customer places on his/her Extilum web space. The templates and images placed at customer’s disposal by Extilum, remains property of Extilum. However, Extilum does not claim any rights to the content that the customer has placed on the account. The account holder is, on the other hand, legally responsible for the content placed on the account.

Extilum does not form any opinion or perform any legal review of the content on a customer’s web space account. However, in case of obvious illegal content for example child pornography, phishing attempts or the like, Extilum will act as a responsible company and inform the relevant authorities. In all other cases Extilum will take action if any relevant authority orders Extilum to do so.

8.3 The Customer’s Responsibility for the Account at Extilum

The customer should always log out of any account when finishing a session to ensure that others can not access the customer’s private personal information. The customer should take this precaution even if the customer is not using a device on a public network.

8.4 Data Security and data processing

Extilum recognizes the special responsibility that comes with the hosting of personal data on customer’s web space accounts. We want our customers to consider Extilum a trusted place for data storage. The Extilum data center is therefore designed to meet the highest standards of security. All customer data entered into our system is registered on our servers located in a specially secured data centers, locked under constant surveillance with access only to authorized employees of the Company.

Data stored on our servers is encrypted and is not shared with third parties (unless explicitly stated in Terms of Use and this policy). It is not used for marketing purposes or advertised on public search engines (such as Google). This primarily applies to personal data stored in connection with our web site or in our control panel. All data on virtual or dedicated servers, storage platforms, etc. are not processed in any way except storing encrypted backups of this data from a disaster perspective. We do not process such information, share them with a third party without customer’s explicit consent or copy them outside the European Union. We always try to collect and store data within the EU. In exceptional cases where customer data should be used outside the EU, we always require that there are safeguards, such as a data transfer agreement or customer’s explicit consent, so that recipients can treat the data in the same secure way as we.

8.5 Payment gateway

We don’t collect credit card or any such data. We are using third party payment gateway for purchase through our website and you should familiarize yourself with their terms of use. We only keep purchase logs for purposes of accounting and to obey the rules of other authorities or domain registrars.

9. Newsletter

CONTENTS OF THE NEWSLETTER

We send newsletters only with the consent of the recipient or a legal permission. Our newsletters contain information about new product announcements, blog updates and promotions.

USE OF THE SHIPPING SERVICE PROVIDER “MailerLite”

To send our newsletter, we use the service provider MailerLite Limited, an Irish registered company at Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland.

By subscribing to our newsletter, you acknowledge that your information will be transferred to MailerLite for processing. Learn more about MailerLite’s privacy practices here.

To protect your personal data, MailerLite has supplemented these with further safeguards to prevent access to your data. Read more about the Data Processing Addendum.

DOUBLE OPT-IN AND LOGGING

The registration for our newsletter takes place in a so-called double opt-in procedure. That after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with external email addresses. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Similarly, the changes to your data stored with MailerLite will be logged.

How long we keep your data?

We keep your data for the purpose of sending you our newsletter(s) for as long as you have not withdrawn your consent or objected to such processing of your data.

What are your rights?

Where we rely on your consent to our processing your personal data for sending you the newsletter(s), you have the right to withdraw your consent. Where we rely on our legitimate interest, you can object to the processing of your personal data for this purpose at any time. If at any point you want to withdraw your consent or object to the processing you should either follow the link by clicking the “unsubscribe” button or send us an email. If you do that, we will update our records to reflect your wishes.

How do we use your data?

We use your data to send you our newsletter(s). We also gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter.

How do we collect your data?

We collect the data from you when you subscribe to the newsletter(s).

What data do we use?

In order to send you our newsletter(s) we need your email address.

10. Your rights

You are at any time entitled to be informed of the personal data that we process about you, but with certain legislative exceptions. You also have the right to object to the collection and further processing of your personal data including profiling/automated decision making. Furthermore, you have the right to have your personal data rectified, erased or blocked. Moreover, you have the right to receive information about you that you have provided to us and the right to have this information transmitted to another data controller (dataportability).

If you wish to know more and/or exercise any of these rights, please contact us.

11. Withdrawal of consent

You may, at any time, withdraw any consent you have given and we will no longer process your personal data, unless we can continue the processing based on another purpose. If you wish to withdraw your consent, please contact us.

12. Amendment of data

If you want us to update, amend or delete the personal data that we process about you, if you wish to get access to the data, or if you have any questions concerning the above guidelines, you may contact us.

13. Complaints

If you wish to appeal against the processing of your personal data, please contact us as indicated above. You may also contact the Croatian or Swedish Data Protection Agency:

Agencija za zaštitu osobnih podataka
Martićeva ulica 14
10 000 Zagreb

or

Datainspektionen
Box 8114
104 20 Stockholm