Privacy Policy

Policy date – 05 March 2020 (Last update – 24 December 2021)

Thanks for visiting our website! We are Serokell, and here we explain why and how we collect, use, disclose and store your personal data when you are browsing our website.

About us

Our business name is Serokell OÜ, and we are registered as a private limited company in the Republic of Estonia under Estonian laws with company registration number: 14049961. Place of our business is at Pille tn 7/5-13, Kesklinna linnaosa, Tallinn, Harju maakond, 10135, Estonia.

By “Serokell”, “us”, and “our”; we mean Serokell OÜ. By “website” we refer to the website located at serokell.io. We also have a Serokell Shop, which is located at shop.serokell.io Basically, the conditions of collecting and processing of your personal data are the same for the website and Serokell Shop, but there are some differences that we have specified in this policy.

We are your personal data controller – that means that we determine the purposes and means of the processing of your personal data. The legal basis for each category of personal data is indicated in the respective sections of this policy.

Updating

We may update this policy by posting the updated version on this page. Unfortunately, we cannot notify you about any changes personally, so you should check this page from time to time. The effective date of this privacy policy is stated at the top.

Personal data

Personal data means any information related to an identified or identifiable natural person. You may find more details about personal data definition in [Article 4][gdpr:definitinos] and Recital 30 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

We do not knowingly collect any other personal data except stated in sections “User-provided information” and “Data processors”, so we encourage you not to provide any other personal data except the stated below if it is not related to our website or shop. Please do not provide sensitive personal information.

User-provided information

We collect your personal information provided by you in cases described in this section:

“Let’s Have a Chat” form

We may collect your Personal Data that you provide to us when you contact us via the “Let’s Have a Chat” form on our website. Through this form you provide to us your name and email address, which is necessary for us to contact you and answer your request. We have a legitimate interest in processing and responding to your request.

We do not knowingly collect any other Personal Data except stated above, so we encourage you not to provide any other Personal Data except stated above, if it is not related to your request.

Newsletter

Our blog posts (available at https://serokell.io/blog) contain a “Subscription” button which allows you to subscribe to our mailing list. By subscribing to our newsletter you provide us with your email address and we may upon occasion send you emails. In this case we will share your email with The Rocket Science Group LLC d/b/a Mailchimp to include you into the mailing list in order to send you emails. You may find more information about Mailchimp GDPR compliance here and learn about their Privacy Policy here. You may unsubscribe from our newsletter at any moment by managing your preferences with a special link provided in any newsletter email.

Serokell Shop

If you place an order at shop.serokell.io, we collect your name, your shipping address and your email address. We need this information in order to execute your order and to fulfill a contract of sale.

Data processors

Data processor processes personal data on our behalf. Third-party services integrated into the pages of our website and Serokell Shop also may store some information that can be considered personal data. You can find more details about them in the corresponding section below.

Google Analytics

We use Google Analytics to get a better understanding of how people use our website. It allows us to collect various statistical data, such as the number of users visiting and their geographic distribution. We have a legitimate interest in making our website operate efficiently.

We do not share any of this data with Google or other third-parties and we do not use Remarketing or Advertising Reporting Features. Neither do we use User-ID. Also, we have configured Google Analytics to anonymise your IP address.

We believe this configuration restricts the information collected to the bare minimum required for us to obtain meaningful statistical data. Neither we, nor other parties use it for targeting ads or any equally evil marketing purposes.

You may opt-out of making your site activity available to Google Analytics by using the Google Analytics Opt-out Add-on.

Leadfeeder

We use Leadfeeder (https://www.leadfeeder.com/) to collect the visitor IP address to detect the company and geographic location. Leadfeeder only shows company visits; it automatically filters out all users visiting from residential IP addresses. All visit data is aggregated at the company level.

Leadfeeder automatically collects the following data:

You may find a detailed description of Leadfeeder GDPR compliance here.

Tilda

We use Tilda (https://www.tilda.cc/) for Serokell Shop. Tilda does not process personal data collected by us on our website and only provides the computing capacity that could be used for data collection. Data collected on Serokell Shop is kept in our personal account in the Tilda system for 30 days.

You may find Tilda’s Privacy policy here and learn more about their GDPR compliance here.

Usage data

We collect some default information about usage of our service: log data (including its date and time), IP address, browser type, some browser settings and browser plugins, device information (your screen resolution, operating system, device settings etc.).

Any website may work differently depending on your device. We use this information in order to make our website work as designed on your device.

Payment getaways

All payments are made via PayPal and Stripe (secure third-party online payment gateways). We do not have access to your card number, its period of validity and CVC code. If you wish to learn more about payment transactions, see here for PayPal and here for Stripe. Your financial information is kept private, and every PayPal or Stripe payment is followed by an email confirming your transaction.

Tilda may receive partial data about a successful payment in order to facilitate cooperation between the website and payment system.

Personal data disclosure

We do not sell your Personal Data.

We will not disclose or share any of your Personal Data with third parties except:

  1. We have a legitimate interest:

    • We will share your personal data provided to us with our employees or contractors who are responsible for contacting you, if you contact us via the “Let’s Have a Chat” form on our website.
    • We also will share your personal data with our successor in case of transferring the rights.
  2. Based on your consent:

    • If you give us your consent to receive emails from us, we will share your email with The Rocket Science Group LLC d/b/a Mailchimp to include you into the distribution list in order to send you emails. You may find more information about Mailchimp GDPR compliance here and learn about their Privacy Policy here.
  3. In order to fulfill a contract of sale:

    • If you place an order at shop.serokell.io, we will store your name, shipping address and email address in our personal account in the Tilda system for 30 days, in order to fulfill your order.
  4. If disclosure is required by law or court order.

Personal data storage and transfer

Personal data collection and storage

Website (serokell.io)

The website server is located in Ireland. However, your personal data may be transferred outside the European Union, since it is not possible to ensure the normal operation of the website without using international services.

Serokell Shop (shop.serokell.io)

We use Tilda as a platform for running an online store and processing your orders. Data at shop.serokell.io is collected and stored on Tilda servers located in the Russian Federation. All personal data is processed via a safe encrypted connection using the HTTPS protocol. Tilda also implements security measures designed to protect personal data, including physical, electronic, and procedural measures. Tilda and its data center has provided appropriate safeguards to ensure your data security. All enforceable data subject rights and effective legal remedies for data subjects are available in Russia according to the Federal Law N 152.

Personal data transfer

Where is your data transferred:

Google

Your personal data provided via “Let’s Have a Chat” is stored on Google’s servers, as we use the Google Mail service to process emails.

Our email server supports TLS encryption to ensure the security of sending and receiving emails. However to take advantage of it, your email service provider needs to support it too.

If you contact us via email, your message will be stored on Google servers which may be located in various countries, so your data can be transferred to other countries outside the EU, but Google is using the European Commission’s Standard Contractual Clauses (SCCs).

You can find more information about Google Cloud GDPR compliance here and here.

Mailchimp

Mailchimp is headquartered in and has offices in the United States. Our servers are also located in the United States. This means data we process may be transferred to, stored, or processed in the United States. Mailchimp ensures reliable transfer and storage of personal data. For more information, see Mailchimp and European Data Transfers.

Cookies

Cookies are files that are downloaded to your device when you visit a website. You can learn more about how we use cookies and similar technologies here.

We do not support the Do Not Track browser option.

We use the following cookies:

First-party cookies

This cookie is strictly necessary for our website since it is used for defending against CSRF attacks. The cookie contains a completely random value which is regenerated each time you load a page and is not stored on our side, so it is impossible for us or anyone else to use it to identify you.

Our CSRF cookie expires after 5 years or less.

This cookie stores your previous visited page URL and expires at the end of your session.

Third-party cookies

Google Analytics

We use Google Analytics which sets its own cookies:

Cookie Purpose Expiry
_ga Used to distinguish users. 2 years
_gid Used to distinguish users. 1 day
_gat Controls throttling requests to Google servers. 1 day

Google Analytics does not collect information that identifies the visitor. You can find more details about these cookies in Google’s own guide.

Any private data that Google stores on their servers is deleted and any cookies that they set in your browser expire after the period shown in the table above.

Leadfeeder

Leadfeeder also sets its own cookies:

Cookie Purpose Expiry
_lfa Used for identifying the IP address of devices
visiting the website.
1 year

The cookie collects information such as IP addresses, time spent on website and page requests for the visits. This collected information is used for retargeting multiple users routing from the same IP address.

More information about cookies set by Leadfeeder may be found here.

Tilda

The following third party cookies may be placed on your computer or device by Tilda:

Cookie Purpose Expiry
tildasid Used to analyse site usage statistics End of session
tildauid Used to analyse site usage statistics End of session

This website may contain links to third party websites, which are governed by their own privacy policies. We are not responsible for the content or privacy of third-party websites, so we encourage you to check third parties’ privacy and security policies before providing them with any information.

Children

Our website is not directed at children under 16, and we do not knowingly collect Personal Data from children under 16. If a child under the age of 16 has provided us with personal data, the child’s parent or guardian may contact us and request that such information be deleted.

Your data protection rights

General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) provides data protection rights for each user. Here they are:

Contact

If you would like to access, erase, update, or rectify any of your personal data that we hold, or exercise any other of your data protection rights, please contact us:

Murad Murzaev <legal@serokell.io>
Serokell OÜ
Pille tn 7/5-13
Tallinn, 10135
Estonia

Data Protection Authority

If you wish to lodge a complaint, you may contact Estonian Data Protection Inspectorate:

info@aki.ee
+372 627 4135
39 Tatari St.
Tallinn, 10134
Estonia