WEB SITE PRIVACY POLICY
1. TERMS USED IN THE WEB SITE PRIVACY POLICY
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). - Personal data – any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as the person’s name, surname, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. - Personal data processing – any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. - Controller – a natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of Personal data. - Processor – a natural or legal person which processes Personal data on behalf of the Controller. - Data subject – indirectly or directly identified or identifiable natural person - VEFRESH Hackathon project’s website www.citytosea.eu visitors.
2. GENERAL PROVISIONS
This website Privacy Policy (henceforth – Privacy Policy) are a set of rules set by VEFRESH designed to provide information about VEFRESH Personal data processing purposes, legal basis on processing data from the Website www.citytosea.eu, scope, protection, processing and storage periods, Personal data recipients, and Data subject’s rights during data acquisition and processing. The full VEFRESH Privacy Policy on processing of Personal data can be accessed by request, by sending a request to the VEFRESH e-mail address.
3. THE CONTROLLER
Association VEFRESH Registration No: 40008285662 Legal address: Gustava Zemgala gatve 78 - 1, Rīga, LV-1039 Contacts: kristaps.volks@vefresh.com
4. CONTACT PERSON IN PERSONAL DATA PROTECTION MATTERS
In case of any questions concerning the processing of Personal data carried out by VEFRESH, we kindly ask to contact us by sending a message to the e-mail address: kristaps.volks@vefresh.com
5. CATEGORIES AND PURPOSE OF THE PROCESSED PERSONAL DATA
The VEFRESH web site www.citytosea.eu, (hereinafter – Website) processes Personal Data, providing customers with the opportunity to familiarize themselves with the VEFRESH organised hackathon project “City to Sea” (hereinafter - the Project), its offer, as well as ensures convenient and rapid communication, using the contact form available on the Website for sending messages to VEFRESH. VEFRESH processes the following categories of Personal Data or the specific following purposes:
| Purpose of processing Personal data | Personal data category |
|---|---|
| Receiving and administering applications or messages obtained from the Web site contact form. | Contact details – e-mail; Other information — Name and content of the message or request |
| For the ensuring of functioning and analytics of the Web site. | Cookies and their stored information (see Table 1.1) |
| To send reminders, replies or information related to the Project | Contact details – e-mail; Other information — Information about the request or message received |
6. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
VEFRESH processes Personal data based on the following legal grounds contained in Article 6 of GDPR:
● The conclusion and performance of a contract – in order to ensure the processing of applications or messages received, the conclusion of a contract and the further execution of the Project.
● Legitimate interest – in order to ensure that the rights and interests of the Data subjects or VEFRESH are defended, to execute the legitimate interest of VEFRESH to carry out direct marketing activities, provide answers to information requests from Data subjects and complaints.
● Consent– in certain cases, the processing of Data subject’s Personal may be carried out on the basis of freely made and unambiguous consent. Such consent may be requested by the VEFRESH to provide other data processing activities where this is necessary for legitimate purposes and does not endanger the rights and freedoms of the client, such as the deployment of cookies and the analysis of visits related to the Website.
7. SOURCES OF PERSONAL DATA
The main source of the Personal data acquired from the Website is the Data subject itself, for example, a message from the Website’s contact form is filled by the Data subject. Personal data may also be obtained by VEFRESH if the Data subject has voluntarily contacted the Controller, as well as in the process of the hackathon and concluding contracts.
8. DATA PROCESSORS
In order to ensure the functioning of the Website and the fulfillment of obligations against the Data subject, VEFRESH is entitled to attract and authorize external service providers to carry out separate activities on behalf of VEFRESH, for example, through the involvement of IT service providers or other partners who help to execute the Project. If, in the performance of these tasks, entities authorized by VEFRESH process the Data subject’s data held by VEFRESH, the authorized party of the relevant task shall be deemed to be the Processors of Personal Data held by VEFRESH , and VEFRESH shall have the right to transmit the necessary Personal data
of the Data Subject to the Processors in the extent it is necessary to perform the allocated activities. Information on the Personal Data held by the Processors and sub-processors VEFRESH provides at the request of the Data Subject.
9. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Personal data held by VEFRESH shall not be transferred to third parties except in cases where:
● the third party concerned must transfer the data within the framework of the contract in order to carry out any function necessary for the performance of the Project, any concluded contract with the Data subject or that is delegated by law;
● for the transfer of Personal data, the Data subject has given clear, unambiguous consent;
● the disclosure of Personal data to the persons provided for in external regulatory enactments, upon a reasonable request is an obligation imposed on VEFRESH by law, nd in accordance with the procedures and to the extent specified in the external regulatory enactments;
● the protection of the legitimate interests of VEFRESH must be ensured, e.g. by turning to a court or other State authorities against a person who has infringed the legitimate interests of VEFRESH.
When transferring personal data to third parties, VEFRESH assesses the level of protection provided by third parties in accordance with regulatory enactments in order to ensure the greatest protection possible of the Data subject’s information.
10. PERSONAL DATA PROTECTION
VEFRESH protects Personal data of the Data Subject by using opportunities provided by modern technologies, taking into account existing privacy risks and the reasonably available organizational, financial and technical resources of VEFRESH, including, by ensuring the following security measures:
● provides protection against unauthorized access to VEFRESH internal IT systems, maintained databases and Personal data stored in electronic mail.
● VEFRESH uses an SSL-security certificate in operation of the www.citytosea.eu Website, providing encrypted data transmission between the Data subject and the server on which the Data subject's Data, which has been received through the Website, is stored; ● grants rights of access to the internal IT systems and databases of VEFRESH only to a limited number of persons employed by VEFRESH;
11. STORAGE OF PERSONAL DATA
Personal data for the purpose of providing a response to incoming Data subject’s messages, shall be stored until the Data subject withdraws his Consent or objects to the Processing of Personal data or for a period of three years after the provision of services
12. COOKIES
VEFRESH informs that cookies are used to ensure the functioning of the https://www.citytosea.eu/ Website, as well to improve user experience and to obtain user statistics. This Cookie policy is not the full Cookie policy of all VEFRESH owned websites and informs only of the Cookies which are used on the Project’s “City to Sea '' Website. To get acquainted with the full company’s Cookie policy, please contact the person responsible for Data protection at kristaps.volks@vefresh.com.
13. WHAT ARE COOKIES?
Small files stored on User devices. At the time the User accesses VEFRESH Website, our system reads these cookies and adjusts the settings accordingly. Cookies are like a key that your browser requests for customized information. Cookies are also used for other functions such as for obtaining statistics.
14. WHAT ARE THE CATEGORIES OF COOKIES?
This Website may use the following cookies:
● Necessary cookies - provides customized Website operation according to the choices made by the User, for instance, by saving the cookie policy approval. Cookies are required to enable the User to take full advantage of the features of the Website and to navigate the site. Without these cookies, it is impossible to provide the services offered by the site to the User, they are essential for the functioning of the site.
● Preference and Statistics cookies - Cookies do not collect personal data, the information is anonymous. Remembers User habits, such as the most visited pages and improves site performance, as well as analyzes usage and other activities.
● Marketing cookies - Used to place advertisements on a Website that are related to the user's interests and Internet usage habits.
● Third party cookies - Any third-party cookies, such as Google Analytics, YouTube, etc.cookies resulting from the use of third party provider services, which are needed to enable a third party full service to the Website owner.
15. SUBCATEGORIES OF COOKIES AND EXPIRY
Each cookie is given an expiry for the length of time it stores personal data and processes it. The cookie may also not have a specific running time, such cookie categories can be further subdivided into session and persistent cookies, which describe the nature and time of the cookie:
● Session - session cookies are placed for the duration of the site visit and the information obtained is not stored longer than the site visit session.
● Persistent - the information is placed and stored on the user's computer even after the site visit. The expiry time of storing the information may vary for each cookie.
16. WHAT TYPE OF COOKIES DOES VEFRESH USE IN THEIR WEBSITE https://www.citytosea.eu/?
| Cookie name | Provider | Category | Cookie purpose description | Type | Expiry |
|---|---|---|---|---|---|
| hs | citytosea.eu | Necessary | Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. | HTTP | Session |
| ssr-caching | citytosea.eu | Necessary | This cookie is necessary for the cache function . A cache is used by the website to optimize the response time between the visitor and the website. The cache is usually stored on the visitor’s browser. | HTTP | 1 day |
| XSRF-TOKEN | citytosea.eu | Necessary | Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor. | HTTP | Session |
| bSession | citytosea.eu | Statistics | Sets a unique ID for the session. This allows the website to obtain data on visitor behavior for statistical purposes. | HTTP | 1 day |
| _ga | citytosea.eu | Statistics | Registers a unique ID that is u sed to generate statistical data on how the visitor uses the website. | HTTP | 2 years |
| ga_# | citytosea.eu | Statistics | Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit. | HTTP | 1 day |
| _hjAbsoluteSessionInProgress | citytosea.eu | Statistics | This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice. | HTTP | 1 day |
| _hjFirstSeen | citytosea.eu | Statistics | This cookie is used to determines if the visitor has visited the website before, or if it is a new visitor on the website. | HTTP | 1 day |
| _hjIncludedInPageviewSample | citytosea.eu | Statistics | Used to detect whether the user navigation and interactions are included in the website’s data analytics. | HTTP | 1 day |
| _hjIncludedInSessionSample | citytosea.eu | Statistics | Registers data on visitors’ website-behavior. This is used for internal analysis ad website optimization. | HTTP | 1 day |
| _hjRecordingLastActivity | citytosea.eu | Statistics | Sets a unique ID for the session. This allows the website to obtain data on visitor behavior for statistical purposes. | HTML | Session |
| hjSession_# | citytosea.eu | Statistics | Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. | HTTP | 1 day |
| _hjSessionRejected | citytosea.eu | Statistics | Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. | HTTP | Session |
| _hjSessionUser_# | citytosea.eu | Statistics | Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. | HTTP | 1 year |
| _hjTLDTest | citytosea.eu | Statistics | Registers statistical data on users’ behavior on the website. Used for internal analytics by the website operator. | HTTP | Session |
| bSession | v3-170-0-dot-wixlabs-wix-faq-11.uc.r.appspot.com | Statistics | Sets a unique ID for the session. This allows the website to obtain data on visitor behavior for statistical purposes. | HTTP | 1 day |
| fedops.logger.sessionId | citytosea.eu | Statistics | Registers statistical data on users' behavior on the website. Used for internal analytics by the website operator. | HTML | Persistent |
| hjViewportId | citytosea.eu | Statistics | Sets a unique ID for the session. This allows the website to obtain data on visitor behavior for statistical purposes. | HTML | Session |
| _hjRecordingEnabled | citytosea.eu | Marketing | This cookie is used to identify the visitor and optimize ad-relevance by collecting visitor data from multiple websites – this exchange of visitor data is normally provided by a third-party data-center or ad-exchange. | HTML | Session |
| svSession | citytosea.eu | Marketing | Tracks a visitor across all wix.com sites. The information collected can be used to make advertisements more relevant for the visitor. | HTTP | 2 years |
17. GOOGLE ANALYTICS
In order to help VEFRESH better understand its visitors, VEFRESH uses the services of Google Analytics web analytics platform, which stores a Google Analytics cookie, which, in combination with the code embedded in VEFRESH Website, collects information about User visits and sends it to Google servers in European Union. In turn, VEFRESH accesses and analyzes the obtained statistics and uses it to customize the Website accordingly to create a better user experience for Users. The information collected is anonymized before Google stores it on its servers. The information which can be collected is:
● Browser type / version,
● operating system used,
● Referrer URL (the previously visited page),
● Host name of the accessing computer (IP address),
● Time of the server request.
If the User does not wish Google Analytics to process their personal data in question, the User may deny the placement and analysis of such cookies by installing an Google Analytics Opt-out Program on the User's device.
(Google Chrome Opt-out Tool available at: https://tools.google.com/dlpage/gaoptout?hl=en)
18. HOTJAR
This Website uses Hotjar technology services for analytical purposes. Hotjar is used for the purposes of :
● better understanding Users’ needs and optimizing VEFRESH service and Websites experience.
● better understanding Users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables VEFRESH to build and maintain VEFRESH service with user feedback.
Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during User’s session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display VEFRESH Project’s Website.
Hotjar stores this information on VEFRESH behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on VEFRESH behalf. For further details, VEFRESH advises to get acquainted with the ‘about Hotjar’ section of Hotjar’s support website: https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar
19. LINKS TO OTHER SITES AND SOCIAL NETWORKS
VEFRESH Project’s Website may place links to other websites, including websites of Project partners. VEFRESH does not control and shall not be held responsible for the content provided by a third-party website or Personal Data collected by a third-party website. Given that VEFRESH uses the following third-party service providers and social media networks:
● Hacktribe
VEFRESH informs that when any of the aforementioned websites or any other third-party website is visited, a privacy policy of the third-party website holder applies to the processing of Personal data of the Data subject. The Data subject is strongly advised to get acquainted with the policies provided by third parties under the privacy section of the respective website.
20. DISABLING COOKIES:
The User has the right to control the number of cookies being placed on the User's device, namely, the User has the right to disable cookies of the Website that provide functions that are not related to the provision of the basic functions of the Website, namely the necessary cookies. Most Internet browsers can be set up to block the storage of cookies on your device. Information on disabling cookies in the most used Internet browsers is available: https://www.aboutcookies.org/.
21. EXERCISING OF DATA SUBJECT’S RIGHTS
The Data subject has the right to be informed about what Personal data is at VEFRESH disposal in relation to the processing of Data subject’s Personal data, and to request access to, correction, replenishment or deletion of their Personal data, to limit the processing, and to object to the processing of Personal data, including the processing based on the legitimate interests of VEFRESH , as well as to exercise the right to data portability, to the extent which VEFRESH is able to provide technically. The rights of the Data subject shall be exercised to the extent that they do not conflict with VEFRESH obligations under the regulatory enactments. The Data subject may submit a request for the exercise of his rights by submitting a form for the implementation of Data subject’s rights to the VEFRESH e-mail address: kristaps.volks@vefresh.lv
VEFRESH shall send a reply to the Data subject's electronic mail address within 30 days of the receipt of the Data Subject's request by the person responsible for the processing of Personal data, or through postal services by signed-for mail. If there is a need to clarify the information or carry out a more detailed investigation before answering, the response may take longer than 30 days, depending on the content of the request, but not more than 60 days.
Disputes related to the processing of Personal data shall be resolved through negotiations between the Data subject and VEFRESH. If the Data subject considers that the processing of Personal data violates the person's rights and interests in accordance with the applicable laws and regulations, the Data subject has the right to file a complaint to VEFRESH responsible person for processing Personal data by submitting a complaint, or by turning straight to the Data State Inspectorate of the Republic of Latvia, address: Blaumaņa Street 11/13-11, Riga, LV-1011, Latvia, e-mail address: info@dvi.gov.lv.