COREFLUX
PRIVACY POLICY
The protection and security of your personal data are important to us. Personal data means any information relating to an identified or identifiable natural person (data subject) (“Personal Data”). This privacy policy (“Privacy Policy”) tells you how we collect, use, share and protect your Personal Data which is collected through our website https://coreflux.org/ (the “Site”), our platform, which can be downloaded on the Site (“Platform”) and when you use our products and services (collectively, the “Services”)
COREFLUX PORTUGAL, LIMITADA, with registered office at Centro Empresarial Sarcol, Rua do Tronco, nº 375, Sala W0.3, 4465-275 São Mamede Infesta (Portugal) and with the identification and taxpayer number 517225310 (“Company”), is the controller of your Personal Data collected pursuant to the General Data Protection Regulation (“GDPR”) and any other applicable data protection legislation.
Please read this Privacy Policy to understand how the Company may process your Personal Data via your use of our Services.
1 INFORMATION WE COLLECT:
When you interact with us through the Services, we may collect Personal Data and other information from you, as further described below:
- Personal Data that you provide: We collect Personal Data from you when you voluntarily provide such information, such as when you create and account or purchase our products and services.
- Personal Data provided to us: When you log in our Services with your Google or Github account, these companies will provide us with certain Personal Data about you, including your name, email address, preference of language and profile image.
- Usage of the Services: We may also process information about your usage of our Services, as well as the make and model of your device, operating system, operating system version, the services you engage with and your actions in relation to them.
2 OUR USE OF YOUR PERSONAL DATA AND OTHER INFORMATION:
We process your Personal Data to enable us via the Services to perform the contract we are about to enter into or have entered into with you, to ensure compliance with local legal and regulatory requirements and for the purposes of our legitimate business interests, as detailed in the table below. If you use the Services as representative of a corporate entity, we will process your data for the purposes of our legitimate business interest in providing the services covered by the contract we are about to enter into or have entered into with the company you represent.
If you do not provide us with the data required for the purposes of preforming the contract we have entered into with you (as detailed below), we will not be able to provide you with the Services (or some Services).
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. You can also find the retention periods we apply to your Personal Data in the table below.
Purposes of the processing
- Management of any communication or request you may send to us relating to the Services (for example a request for information or assistance).
Legal basis of the processing
- For consumers: The processing of your personal data for this purpose is necessary for the performance of our contract with you about the use of the Services (under article 6.1.b of the GDPR).
- For representatives of corporate clients: The processing of your personal data for this purpose is necessary for the purposes of our legitimate interest in providing the services covered by the contract we are about to enter into or have entered into with the company you represent (Art 6.1.f GDPR).
Retention period
- Until your request is definitively answered.
Purposes of the processing
- Management of the creation of your account on the Services and of any information associated to it.
Legal basis of the processing
- For consumers: The processing of your personal data for this purpose is necessary for the performance of our contract with you about the use of the Services (under article 6.1.b of the GDPR).
- For representatives of corporate clients: The processing of your personal data for this purpose is necessary for the purposes of our legitimate interest in providing the services covered by the contract we are about to enter into or have entered into with the company you represent (Art 6.1.f GDPR).
Retention period
- Until you cease to have your account.
Purposes of the processing
- Management of purchases made on the Services, including customer support, reminders/follow-up on your purchase and cancellations.
Legal basis of the processing
- For consumers: The processing of your personal data for this purpose is necessary for the performance of our contract with you about the use of the Services (under article 6.1.b of the GDPR). Your data will also be processed for tax purposes, this processing being necessary for our compliance with tax obligations (Art 6.1.c GDPR).
- For representatives of corporate clients: The processing of your personal data for this purpose is necessary for the purposes of our legitimate interest in providing the services covered by the contract we are about to enter into or have entered into with the company you represent (Art 6.1.f GDPR).
Retention period
- While this is necessary to manage your purchase and for a period of 10 years for tax purposes. We will also maintain these data associated to your account until you cease to have an account in the Services.
Purposes of the processing
- Management of any complaint or exercise of rights you may send to us relating to the Services or its use
Legal basis of the processing
- The processing of your personal data for this purpose is a legal obligation (Art 6.1.c GDPR) or, when your complaint is not based on your legal rights, our legitimate interest in answering to any of your complaints (Art 6.1.f GDPR).
Retention period
- Maximum period of 6 (six) months from the proper and comprehensive management of your complaint or util the expiration of the relevant statute of limitation, whichever occurs later.
Purposes of the processing
- Sending you communications about important information relating to the Services (such as information about periods during which scheduled maintenance of the Services will occur or changes to the Services).
Legal basis of the processing
- For consumers: The processing of your personal data for this purpose is necessary for the performance of our contract with you about the use of the Services (under article 6.1.b of the GDPR).
- For representatives of corporate clients: The processing of your personal data for this purpose is necessary for the purposes of our legitimate interest in providing the services covered by the contract we are about to enter into or have entered into with the company you represent (Art 6.1.f GDPR).
Retention period
- Until you cease to have your account or use the Services, whichever happens later.
Purposes of the processing
- Sending you communications about our products and services.
Legal basis of the processing
- If you are a client or represent a client: The processing of your personal data for this purpose is a necessary for the purposes of our legitimate interests in providing you with information relating to the Services (Art 6.1.f GDPR).
- If you are not a client, by have subscribed to our newsletter: Your consent (Art 6.1.a GDPR).
Retention period
- If you are a client or represent a client: Until you cease to have your account or use the Services (whichever happens later), or until you object to the processing of your data for this purpose.
- If you are not a client, by have subscribed to our newsletter: Until you withdraw your consent.
Purposes of the processing
- Compliance with legal obligations. In certain circumstances, legislation obliges us to use your personal data (for example to inform you of a potential security breach involving your data and the measures we have taken to address the situation).
Legal basis of the processing
- The processing of your personal data for this purpose is a legal obligation (Art 6.1.c GDPR).
Retention period
- Until you cease to have your account or use the Services, whichever happens later, and, afterwards, until the expiration of the relevant statute of limitation.
Purposes of the processing
- Improvement of our services, the content and the functionality of the Services
Legal basis of the processing
- The processing of your personal data for this purpose is a necessary for the purposes of our legitimate interests in improving our Services (Art 6.1.f of the GDPR).
Retention period
- Until you cease to have your account.
Purposes of the processing
- Detect security incidents and problems in the Services, and protect you and the Services against malicious, deceptive, fraudulent, or illegal activity.
Legal basis of the processing
- The processing of your personal data for this purpose is a necessary for the purposes of our legitimate interests in guaranteeing the correct functioning of the Services (Art 6.1.f of the GDPR).
Retention period
- Maximum period of 6 (six) months from the proper and comprehensive management of the issue identified.
Purposes of the processing
- Defense of our rights on any judicial or extra-judicial proceedings. In particular, we may process your data if it is required for the assessment and prosecution of crimes, prevention and protection from threats to public security or to allow us to ascertain, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
Legal basis of the processing
- The processing of your personal data for this purpose is a necessary for the purposes of our legitimate interests in ensuring the defense of the rights of the Company and others (Art 6.1.f GDPR).
Retention period
- Until the expiration of the relevant statute of limitation or until the final decision of the relevant judicial or extra-judicial proceeding, whichever occurs later.
For technical reasons, the termination of the processing and the consequent erasure of your personal data, or its anonymization, will take place within 30 (thirty) days from the terms indicated above.
If we intend on using any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected.
3 RECIPIENTS OF YOUR PERSONAL DATA AND OTHER INFORMATION
There are certain circumstances in which we may share your Personal Data with certain third parties for the purposes described above or in which certain entities may process personal data on our behalf, as set forth below:
- Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets, based on ours and the buyer’s legitimate interest in carrying out the relevant business transfer and carrying out appropriate due diligence.
- Data processors appointed by us: For the provision of our services, we may use the services of third parties (such as Stripe for processing payments and other suppliers of computer, technological and telematic services), which will process your data on our behalf and according to our instructions.
- Legal Requirements: We may disclose your Personal Data if required to do so by court or administrative order; where we are legally required to assist public authorities within their legal competences or in order to protect and defend our rights or to protect the personal safety of users of the Services or the public.
In the various contexts described in this section, we may contract the provision of services to an entity and such provision may require the transfer of personal data to countries outside the European Economic Area.
Your personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA), which, however, offer an adequate level of data protection, as established by specific resolutions issued by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
The transfer of your personal data to countries that do not belong to the EU/EEA and that do not ensure adequate levels of protection, in particular, the USA (except when the relevant adequacy decision applies), will be carried out only after the Company and the recipients of the data have concluded specific agreements, containing safeguard clauses and appropriate guarantees for the protection of your personal data, so-called "standard contractual clauses", also approved by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en).
You may ask us for more information on the content of the safeguards adopted at any time through the contact details provided in section 10 below.
4 EXCLUSIONS
This Privacy Policy does not apply to any Personal Data collected by us other than Personal Data collected through the Services. This Privacy Policy will not apply to any unsolicited information you provide to us through the Services.
5 CHILDREN
We do not knowingly collect Personal Data from children under the age of 18. If you are under the age of 18, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Services without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Data to us through the Services, please contact us, and we will endeavor to delete that information from our databases.
6 LINKS TO OTHER WEB SITES
This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by us (the “Third Party Sites”). The policies and procedures we described here do not apply to the Third Party Sites. The links from the Services do not imply that we endorse or have reviewed the Third Party Sites. We suggest contacting those sites directly for information on their privacy policies.
7 SECURITY
We take reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, the Internet is not fully secure or error free. Therefore, you should take special care in deciding what information you send via the Services. Please keep this in mind when disclosing any Personal Data to us.
8 CHANGES TO COMPANY’S PRIVACY POLICY
This Privacy Policy was last updated on the date indicated below. The Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time and from time to time. Please review this policy periodically, and especially before you provide any Personal Data. If we update this policy, we will change the date of its last update below and inform you of the change made.
9 YOUR RIGHTS
As data subject, you have the right to:
- Have confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to the data and related information (in particular, the purposes of the processing; categories of personal data concerned; recipients or categories of recipients to whom the data have been or will be disclosed; the period of retention of the data or the criteria for determining it; the existence of the right to rectify or erase the data or to limit or oppose the processing; the right to lodge a complaint with a supervisory authority; the source of the data; the possible existence of an automated decision-making process, including profiling and, in such cases, significant information on the logic involved and the importance and envisaged consequences of such processing for the data subject; the appropriate safeguards in case of transfer of personal data outside the EU/EEA), as well as a copy of such personal data, provided that this does not adversely affect the rights and freedoms of others (right of access);
- Obtain the rectification of your personal data, i.e., to obtain the correction, modification or updating of any inaccurate or no longer correct data, as well as to obtain the integration of incomplete personal data, including by providing a supplementary statement (right of rectification);
- Request the erasure of your personal data when these, in particular, (i) are no longer necessary in relation to the purposes for which they were collected or processed, or (ii) they have been processed unlawfully, or (iii) they must be erased in order to comply with a legal obligation (right to erasure);
- Obtain a restriction on the processing of your personal data, i.e., that the Company retains such data without being able to use them. This right can be exercised only when, in particular, (i) the accuracy of the personal data is contested, for the period necessary for the Company to verify the accuracy of such data, or (ii) the processing of the data is unlawful and a restriction on the use of the data is requested, instead of their erasure, or (iii) although the Company no longer needs them for the purposes of processing, the personal data are necessary for you to establish, exercise or defend legal claims (right to restriction of processing);
- Receive from the Company your personal data, processed on the basis of a contract or your consent, in a structured, commonly used and machine-readable format, and that they are transferred, where technically possible, directly to a third party indicated by you (right to data portability);
- Object at any time, for reasons related to your particular situation, to the processing of your personal data, in particular, for marketing purposes, including profiling (right to object);
- Withdraw any consent given to us to process your personal data at any time, without that affecting the lawfulness of processing based on consent before its withdrawal (right to withdraw your consent).
We may ask you for additional information to confirm your identity and for security purposes, before disclosing information requested to you.
If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the data protection authority (in Portugal, the Comissão Nacional de Proteção de Dados, for more information www.cnpd.pt). The complaint can also be made to a data protection authority other than that of Portugal, if said data protection authority is that of the EU Member State in which you have your habitual place of residence or of the place where the alleged breach took place.
If you wish to exercise any of your rights, please contact us using the information provide in the “Contact Us” section below.
10 CONTACT US
If you have any questions about this Privacy Policy or our information practices, please email contact@coreflux.org.
When you contact us, we will do our best to address any concerns you may have about our processing of your Personal Data.
Last update: [22/02/2024]