Our websites within the scope:
Security and Privacy
Our Information Security Management System (ISMS) is certified to ISO/IEC 27001:2013 by BSI (Cert. # IS-67387). We believe we are exercising appropriate security controls to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our ISMS. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect to breaches that occur beyond our sphere of control.
Personal Data We Collect
We collect minimal data to operate effectively and to provide you the best experiences with our websites, our services, and our product resale transactions. When you visit our websites, cookies collect statistical data about your visit to our sites. This data provides us with general statistics regarding our sites, giving insight into how effective certain areas of our sites are to users and how we might improve user experience.
Types of personal information collected:
- unique IDs such as a cookie ID on your browser;
- IP addresses and information derived from IP addresses, such as geographic location;
- information about your device (browser, device type, operating system, the presence or use of ‘apps’, screen resolution, or the preferred language);
- the date and time you visited our websites;
- Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site.
We collect other personal data when you willingly provide it to us through e-mails; registering for product demonstrations, webinars or training’s; and when we process product resale transactions.
Please keep in mind that if you directly disclose personal data, personally identifiable information (PII), or personally sensitive data through Stiki’s public message boards (websites and social media platforms), this information may be collected and used by others.
How We Store Personal Data
We store the data collected in our secure onsite environment that is protected from unauthorized access, use, or disclosure through our ISMS. When personal data is transmitted within or outside of the EU, when appropriate we use encryption, such as the Secure Socket Layer (SSL) protocol.
How We Use Personal Data
Stiki has implemented and strictly enforces an internal Data Protection Policy. Personal data submitted to us is used by approved employees managing this information for specific purposes only. These purposes include contacting you (via email, phone, etc.) in an effort to respond to a request or to provide a service or product, and to notify you of events and other activities such as training. We may also contact you with surveys in order to conduct research about your opinion of current services or of potential new services that may be offered.
Reasons We Share Personal Data
We share your personal data with your consent or as necessary to complete any transaction you have requested or authorized. We also share data with our partners and vendors working on our behalf to fulfill your requests; when required by law to respond to legal process; to protect our customers; to maintain the security of our services; and to protect the rights or property of Stiki.
Your Rights as a Data Subject
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email firstname.lastname@example.org or use the information supplied in the Contact us section below. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
- The right to be informed
- The right of access
You may request a copy of the personal data we hold, but first we need to verify your identity and, if relevant, the authority of any third-party requester. After verification we will provide access to the personal data we hold about you as well as the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has been disclosed
- The retention period or envisioned retention period for that personal data
- When personal data has been collected from a third party, the source of the personal data
If there are uncommon circumstances resulting in our refusal to provide the information, we will explain them. Frivolous or provoking requests will be refused, as that is our right. If answering requests are likely to require additional time or incur unreasonable expense, we will inform you upfront and request your acceptance to pay the incurred costs.
- The right to rectification
Then you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
- The right to erasure
You may request that we delete the personal data, and we will comply, but only after we establish no overriding legal basis or legitimate reason for continuing processing personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
- The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
- The accuracy of the personal data is contested.
- Processing of the personal data is unlawful.
- We no longer need the personal data for processing but the personal data is required for part of a legal process.
- The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
- The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfillment of a contractual obligation.
- The right to object
You have the right to object to our processing of your data where:
- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing;
- Processing is for the purposes of scientific or historic research; or
- Processing involves automated decision-making and profiling.
We post customer testimonials on our website. These testimonials may contain personal data, such as the customer’s name. We obtain your consent prior to posting the testimonial, so that we can post your name along with the testimonial.
Cookies and Similar Technologies
Client-side cookies (small text files placed on your device) are used to verify the login status of customers using products or services linked directly with our website. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. You have a variety of tools to control cookies and similar technologies including browser controls to block and delete cookies, and controls from some third-party analytics service providers, to opt-out of data collection through web beacons and similar technologies. If a user rejects the cookie, they may still use our sites; however, the user may not be able to access all areas of our sites.
Third Party Websites
Our websites are not intended for people under the age of 18. We don’t knowingly solicit or collect information from children or minors (under the age of 18). Stiki complies with the EU-General Data Protection Regulation, the Children’s Online Privacy Protection Act (USA), The Personal Information Protection and Electronic Documents Act (Canada), and similar laws.
Notification of Changes
We welcome your comments regarding this statement of privacy. If you believe that Stiki has not adhered to this statement, please contact us at: email@example.com. We will do our best to respond promptly to determine and remedy your concerns.
Please contact us if you need more information.
Laugavegur 178, 4th Floor
Our telephone switchboard is open 9:00 am – 5:30 pm GMT, Monday to Friday. Our switchboard team will take a message and ensure the appropriate person responds as soon as possible.