Privacy Policy
Policy date – 05 March 2020 (Last update – 24 December 2021)
Thanks for visiting our website! We are Serokell, and here we explain why and how we collect, use, disclose and store your personal data when you are browsing our website.
About us
Our business name is Serokell OÜ, and we are registered as a private limited company in the Republic of Estonia under Estonian laws with company registration number: 14049961. Place of our business is at Pille tn 7/5-13, Kesklinna linnaosa, Tallinn, Harju maakond, 10135, Estonia.
By “Serokell”, “us”, and “our”; we mean Serokell OÜ. By “website” we refer to the website located at serokell.io. We also have a Serokell Shop, which is located at shop.serokell.io Basically, the conditions of collecting and processing of your personal data are the same for the website and Serokell Shop, but there are some differences that we have specified in this policy.
We are your personal data controller – that means that we determine the purposes and means of the processing of your personal data. The legal basis for each category of personal data is indicated in the respective sections of this policy.
Updating
We may update this policy by posting the updated version on this page. Unfortunately, we cannot notify you about any changes personally, so you should check this page from time to time. The effective date of this privacy policy is stated at the top.
Personal data
Personal data means any information related to an identified or identifiable natural person. You may find more details about personal data definition in [Article 4][gdpr:definitinos] and Recital 30 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
We do not knowingly collect any other personal data except stated in sections “User-provided information” and “Data processors”, so we encourage you not to provide any other personal data except the stated below if it is not related to our website or shop. Please do not provide sensitive personal information.
User-provided information
We collect your personal information provided by you in cases described in this section:
“Let’s Have a Chat” form
We may collect your Personal Data that you provide to us when you contact us via the “Let’s Have a Chat” form on our website. Through this form you provide to us your name and email address, which is necessary for us to contact you and answer your request. We have a legitimate interest in processing and responding to your request.
We do not knowingly collect any other Personal Data except stated above, so we encourage you not to provide any other Personal Data except stated above, if it is not related to your request.
Newsletter
Our blog posts (available at https://serokell.io/blog) contain a “Subscription” button which allows you to subscribe to our mailing list. By subscribing to our newsletter you provide us with your email address and we may upon occasion send you emails. In this case we will share your email with The Rocket Science Group LLC d/b/a Mailchimp to include you into the mailing list in order to send you emails. You may find more information about Mailchimp GDPR compliance here and learn about their Privacy Policy here. You may unsubscribe from our newsletter at any moment by managing your preferences with a special link provided in any newsletter email.
Serokell Shop
If you place an order at shop.serokell.io, we collect your name, your shipping address and your email address. We need this information in order to execute your order and to fulfill a contract of sale.
Data processors
Data processor processes personal data on our behalf. Third-party services integrated into the pages of our website and Serokell Shop also may store some information that can be considered personal data. You can find more details about them in the corresponding section below.
Google Analytics
We use Google Analytics to get a better understanding of how people use our website. It allows us to collect various statistical data, such as the number of users visiting and their geographic distribution. We have a legitimate interest in making our website operate efficiently.
We do not share any of this data with Google or other third-parties and we do not use Remarketing or Advertising Reporting Features. Neither do we use User-ID. Also, we have configured Google Analytics to anonymise your IP address.
We believe this configuration restricts the information collected to the bare minimum required for us to obtain meaningful statistical data. Neither we, nor other parties use it for targeting ads or any equally evil marketing purposes.
You may opt-out of making your site activity available to Google Analytics by using the Google Analytics Opt-out Add-on.
Leadfeeder
We use Leadfeeder (https://www.leadfeeder.com/) to collect the visitor IP address to detect the company and geographic location. Leadfeeder only shows company visits; it automatically filters out all users visiting from residential IP addresses. All visit data is aggregated at the company level.
Leadfeeder automatically collects the following data:
- pages accessed;
- time of visit;
- time of last visit;
- name of the owner of the IP address;
- reverse domain of the IP address;
- referring site, application, or service, including the relevant search queries that led you to Leadfeeder’s website;
- browser information;
- operating system and device information;
- IP address (from users signing in to the service, for security purposes).
You may find a detailed description of Leadfeeder GDPR compliance here.
Tilda
We use Tilda (https://www.tilda.cc/) for Serokell Shop. Tilda does not process personal data collected by us on our website and only provides the computing capacity that could be used for data collection. Data collected on Serokell Shop is kept in our personal account in the Tilda system for 30 days.
You may find Tilda’s Privacy policy here and learn more about their GDPR compliance here.
Usage data
We collect some default information about usage of our service: log data (including its date and time), IP address, browser type, some browser settings and browser plugins, device information (your screen resolution, operating system, device settings etc.).
Any website may work differently depending on your device. We use this information in order to make our website work as designed on your device.
Payment getaways
All payments are made via PayPal and Stripe (secure third-party online payment gateways). We do not have access to your card number, its period of validity and CVC code. If you wish to learn more about payment transactions, see here for PayPal and here for Stripe. Your financial information is kept private, and every PayPal or Stripe payment is followed by an email confirming your transaction.
Tilda may receive partial data about a successful payment in order to facilitate cooperation between the website and payment system.
Personal data disclosure
We do not sell your Personal Data.
We will not disclose or share any of your Personal Data with third parties except:
-
We have a legitimate interest:
- We will share your personal data provided to us with our employees or contractors who are responsible for contacting you, if you contact us via the “Let’s Have a Chat” form on our website.
- We also will share your personal data with our successor in case of transferring the rights.
-
Based on your consent:
- If you give us your consent to receive emails from us, we will share your email with The Rocket Science Group LLC d/b/a Mailchimp to include you into the distribution list in order to send you emails. You may find more information about Mailchimp GDPR compliance here and learn about their Privacy Policy here.
-
In order to fulfill a contract of sale:
- If you place an order at shop.serokell.io, we will store your name, shipping address and email address in our personal account in the Tilda system for 30 days, in order to fulfill your order.
-
If disclosure is required by law or court order.
Personal data storage and transfer
Personal data collection and storage
Website (serokell.io)
The website server is located in Ireland. However, your personal data may be transferred outside the European Union, since it is not possible to ensure the normal operation of the website without using international services.
Serokell Shop (shop.serokell.io)
We use Tilda as a platform for running an online store and processing your orders. Data at shop.serokell.io is collected and stored on Tilda servers located in the Russian Federation. All personal data is processed via a safe encrypted connection using the HTTPS protocol. Tilda also implements security measures designed to protect personal data, including physical, electronic, and procedural measures. Tilda and its data center has provided appropriate safeguards to ensure your data security. All enforceable data subject rights and effective legal remedies for data subjects are available in Russia according to the Federal Law N 152.
Personal data transfer
Where is your data transferred:
Your personal data provided via “Let’s Have a Chat” is stored on Google’s servers, as we use the Google Mail service to process emails.
Our email server supports TLS encryption to ensure the security of sending and receiving emails. However to take advantage of it, your email service provider needs to support it too.
If you contact us via email, your message will be stored on Google servers which may be located in various countries, so your data can be transferred to other countries outside the EU, but Google is using the European Commission’s Standard Contractual Clauses (SCCs).
You can find more information about Google Cloud GDPR compliance here and here.
Mailchimp
Mailchimp is headquartered in and has offices in the United States. Our servers are also located in the United States. This means data we process may be transferred to, stored, or processed in the United States. Mailchimp ensures reliable transfer and storage of personal data. For more information, see Mailchimp and European Data Transfers.
Cookies
Cookies are files that are downloaded to your device when you visit a website. You can learn more about how we use cookies and similar technologies here.
We do not support the Do Not Track browser option.
We use the following cookies:
First-party cookies
CSRF cookie
This cookie is strictly necessary for our website since it is used for defending against CSRF attacks. The cookie contains a completely random value which is regenerated each time you load a page and is not stored on our side, so it is impossible for us or anyone else to use it to identify you.
Our CSRF cookie expires after 5 years or less.
PreviousUrl cookie
This cookie stores your previous visited page URL and expires at the end of your session.
Third-party cookies
Google Analytics
We use Google Analytics which sets its own cookies:
| Cookie | Purpose | Expiry |
|---|---|---|
_ga |
Used to distinguish users. | 2 years |
_gid |
Used to distinguish users. | 1 day |
_gat |
Controls throttling requests to Google servers. | 1 day |
Google Analytics does not collect information that identifies the visitor. You can find more details about these cookies in Google’s own guide.
Any private data that Google stores on their servers is deleted and any cookies that they set in your browser expire after the period shown in the table above.
Leadfeeder
Leadfeeder also sets its own cookies:
| Cookie | Purpose | Expiry |
|---|---|---|
_lfa |
Used for identifying the IP address of devices visiting the website. |
1 year |
The cookie collects information such as IP addresses, time spent on website and page requests for the visits. This collected information is used for retargeting multiple users routing from the same IP address.
More information about cookies set by Leadfeeder may be found here.
Tilda
The following third party cookies may be placed on your computer or device by Tilda:
| Cookie | Purpose | Expiry |
|---|---|---|
tildasid |
Used to analyse site usage statistics | End of session |
tildauid |
Used to analyse site usage statistics | End of session |
Third-party links
This website may contain links to third party websites, which are governed by their own privacy policies. We are not responsible for the content or privacy of third-party websites, so we encourage you to check third parties’ privacy and security policies before providing them with any information.
Children
Our website is not directed at children under 16, and we do not knowingly collect Personal Data from children under 16. If a child under the age of 16 has provided us with personal data, the child’s parent or guardian may contact us and request that such information be deleted.
Your data protection rights
General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) provides data protection rights for each user. Here they are:
- Right to access – you have the right to request from us a confirmation as to whether or not any personal data concerning you has been processed. You also can request a copy of your personal data that we hold.
- Right to rectification – you have the right to request us to correct your personal data you believe is inaccurate or incomplete.
- Right to erasure – in certain circumstances, you can ask for your personal data we hold to be erased.
- Right to restriction of processing – in certain circumstances, you can request us to limit the way we use your personal data.
- Right to data portability – in certain circumstances, you can request us to transfer your personal data to another company.
- Right to object – you have the right to challenge certain types of processing, such as direct marketing.
Contact
If you would like to access, erase, update, or rectify any of your personal data that we hold, or exercise any other of your data protection rights, please contact us:
Murad Murzaev <legal@serokell.io>
Serokell OÜ
Pille tn 7/5-13
Tallinn, 10135
Estonia
Data Protection Authority
If you wish to lodge a complaint, you may contact Estonian Data Protection Inspectorate:
info@aki.ee
+372 627 4135
39 Tatari St.
Tallinn, 10134
Estonia