PRIVACY POLICY

Version dated November 19, 2024

This Privacy Policy (“Policy”) outlines how we, Compubyte Limited, process your personal information (“Personal Information”) during your use of the Survey Ninja service (“Service”), including:

By this, you consent to the processing of your Personal Information under the terms of this Policy. Your actions aimed at using the Service constitute your unconditional acceptance of the terms of the Policy and the conditions of Personal Information processing specified therein.

Before starting to use the Service, you must carefully read the Policy in its entirety and ensure that you fully understand, agree with its terms, and meet the necessary requirements for accepting them. If you have not read it fully, do not understand it, do not accept the terms of the Policy, or do not meet the necessary requirements, you may not use the Service and must immediately cease any interaction with it.

A necessary requirement for accepting the terms of the Policy is that you are of an age that allows you to independently manage your Personal Information in accordance with the laws of your jurisdiction; if there are limitations on your legal capacity, you must obtain the appropriate permission from your legal representative (or guardian) to accept the terms of the Policy; if you are acting on behalf of another person, you must have confirmation of the relevant authority to accept the terms of the Policy.

Under the applicable law, you are not obligated to provide us with any Personal Information; however, providing such information is a mandatory condition for using the Service. By this, you confirm, guarantee, and agree that any information you provide to us is given of your own free will, that this consent is specific, unambiguous, and reflects your actual desire for us to use your Personal Information for the purposes described in the Policy.

You may withdraw your consent for the processing of your Personal Information at any time. We guarantee that the process for withdrawing consent will be as simple as the process for providing it. The withdrawal of consent does not affect the legality of the processing of Personal Information based on consent prior to its withdrawal.

1. COLLECTION OF PERSONAL INFORMATION

1.1. In our operations, we are guided by the applicable laws of Cyprus regarding the processing of personal data and the General Data Protection Regulation (GDPR).

1.2. The legal basis for collecting Personal Information is your consent to the collection of information in accordance with point (a) of Article 6(1) of the General Data Protection Regulation (GDPR).

1.3. In accordance with the principle of "data minimization," we collect Personal Information only to the extent necessary for using the Service and achieving the purposes for which it is collected.

1.4. During your use of the Service, we collect:

1.5. You accept and agree that, in some cases, we have the right to request additional information about you, as well as copies of documents to verify the provided details, and to make any other requests when necessary based on reasonable assumptions and legitimate interests.

2. PURPOSES OF COLLECTING PERSONAL INFORMATION

2.1. We use your Personal Information for the following purposes:

2.2. Your Personal Information will not be used for purposes other than those stated above.

2.3. You confirm that the purposes for which we use your Personal Information align with your interests, and the consent for processing your Personal Information, expressed at the beginning of using the Service, is given for each purpose of processing specified in the Policy.

3. DISCLOSURE OF PERSONAL INFORMATION

3.1. We are committed to not disclosing your Personal Information to third parties, except in the following cases:

3.2. Information may be transferred to third parties only in strict accordance with this Policy and the laws of Cyprus.

4. TERRITORY OF STORAGE AND TRANSBORDER TRANSFER OF PERSONAL INFORMATION

4.1. We store and process your Personal Information within the European Union. The storage and processing of your Personal Information are carried out either directly by us or with the help of third parties specializing in information storage. These parties are required to protect and safeguard the Personal Information in accordance with this Privacy Policy, the laws of Cyprus, and the General Data Protection Regulation (GDPR).

4.2. If you are located outside the European Union, by accessing or using the Service or otherwise providing us with your Personal Information, you consent to the processing and transborder transfer of your Personal Information to the territory of the European Union countries.

4.3. We will strive to protect your Personal Information to at least the same extent as required in your jurisdiction, provided that it does not violate the laws of Cyprus or the General Data Protection Regulation (GDPR).

5. YOUR RIGHTS REGARDING THE PERSONAL INFORMATION PROVIDED

5.1. Under this Policy, you have all the rights granted to you by the General Data Protection Regulation (GDPR), which include:

6. USE OF TRACKING TECHNOLOGIES

6.1. We use certain tracking technologies (cookies) to maintain, ensure, and continuously improve the operation of our Service, as well as to enhance your experience while using the Service. By default, we use several such technologies for authentication, session management, security, saving your preferences (such as default language and settings), connection stability, monitoring Service performance, marketing campaigns, and for providing and improving the Service.

7. STORAGE PERIOD OF PERSONAL INFORMATION

7.1. We retain your Personal Information for the duration of your use of the Service (the active period of your account) or until it is no longer needed for providing the Service, or until a longer retention period is established (if we are required to retain it longer due to Cyprus law or for resolving disputes with our users, preventing fraud and abuse, and/or protecting our legitimate interests).

8. INFORMATION SECURITY

8.1. We take all necessary and sufficient organizational and technical measures, in accordance with Cyprus law, to protect your Personal Information from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, and other unlawful actions by third parties. In our operations, we use widely recognized industry standards to protect data. The protection of Personal Information is implemented by default at the design level of the Service during its development. Security measures include firewall protection, data encryption, data minimization, system resilience to failures, the ability to restore availability and access to Personal Information in case of physical or technical incidents, physical access control to data centers, and access control to data. We regularly monitor our systems for potential vulnerabilities and attacks, assess the effectiveness of technical and organizational measures for ensuring the security of Personal Information, and continuously seek new ways and service providers to further enhance the security of our Service and protect the privacy of our users. All third parties who have access to Personal Information and are involved in providing access to the Service adhere to security measures for protecting Personal Information that are at least as stringent.

8.2. We cannot guarantee absolute security, and therefore, we encourage you to exercise caution, set a strong password for your account, and avoid providing any sensitive information whose disclosure could cause you significant harm.

8.3. In the event of any breach of personal information confidentiality, we take all necessary measures to eliminate or minimize potential negative consequences, as well as ensure immediate notification of you and the relevant supervisory authorities, providing all available information about the breach. Such incidents are recorded in a special incident log, which we are required to maintain in accordance with the General Data Protection Regulation (GDPR).

8.4. A breach of personal information confidentiality, as defined in this Policy, refers to a security incident that results in the unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal information that we process.

9. AMENDMENT AND INTERPRETATION OF POLICY

9.1. Policy, its interpretation, and any claims or disputes related to it are governed, construed, and enforced exclusively in accordance with the laws of Cyprus and the General Data Protection Regulation (GDPR).

9.2. By this, you agree that any disputes arising shall be resolved exclusively by the courts in the location of our residence, in accordance with the procedures established by the laws of Cyprus.

9.3. We reserve the right to amend the Policy at any time. If we deem the changes to be significant (at our sole discretion), we will notify you before the changes take effect. In other cases, we are not obligated to provide such notice.

9.4. We recommend that you periodically review this page for the most up-to-date information on our Policy. Unless otherwise explicitly stated, our most recent version of the Policy applies to all information we hold about you.

10. INTERACTION WITH US AND RESPONSES TO YOUR INQUIRIES

10.1. If you have any questions or notices regarding this Policy and the use of your Personal Information, please contact us through the designated form or via email at [email protected].

10.2. You can also send a letter to our address: 55 Arch. Makariou III, Athienou 7600 Larnaca, Cyprus.

10.3. We will respond to your inquiry within a reasonable time frame, but no later than the period specified by applicable law.

10.4. In cases where the Policy or applicable law imposes an obligation on us to provide you with copies of information or documents, we will provide them in a single copy, subject to your reimbursement of the costs for preparation and delivery of these documents. If you make the request electronically, and unless otherwise specified by you, we will provide the response in a widely used electronic format at our discretion.

10.5. If we reasonably believe that your requests are unjustified or excessive, particularly due to their repetitive nature, we reserve the right to refuse to act on the request.

10.6. If we have reasonable doubts regarding the identity of the person making the request, we may ask for additional information necessary to verify the identity of the requester.