Policy date – 05 March 2020 (Last update – 24 December 2021)
Thanks for visiting our website! We are Serokell, and here we explain why and how we collect, use, disclose and store your personal data when you are browsing our website.
Our business name is Serokell OÜ, and we are registered as a private limited company in the Republic of Estonia under Estonian laws with company registration number: 14049961. Place of our business is at Pille tn 7/5-13, Kesklinna linnaosa, Tallinn, Harju maakond, 10135, Estonia.
By “Serokell”, “us”, and “our”; we mean Serokell OÜ. By “website” we refer to the website located at serokell.io. We also have a Serokell Shop, which is located at shop.serokell.io Basically, the conditions of collecting and processing of your personal data are the same for the website and Serokell Shop, but there are some differences that we have specified in this policy.
We are your personal data controller – that means that we determine the purposes and means of the processing of your personal data. The legal basis for each category of personal data is indicated in the respective sections of this policy.
Personal data means any information related to an identified or identifiable natural person. You may find more details about personal data definition in [Article 4][gdpr:definitinos] and Recital 30 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
We do not knowingly collect any other personal data except stated in sections “User-provided information” and “Data processors”, so we encourage you not to provide any other personal data except the stated below if it is not related to our website or shop. Please do not provide sensitive personal information.
We collect your personal information provided by you in cases described in this section:
“Let’s Have a Chat” form
We may collect your Personal Data that you provide to us when you contact us via the “Let’s Have a Chat” form on our website. Through this form you provide to us your name and email address, which is necessary for us to contact you and answer your request. We have a legitimate interest in processing and responding to your request.
We do not knowingly collect any other Personal Data except stated above, so we encourage you not to provide any other Personal Data except stated above, if it is not related to your request.
If you place an order at shop.serokell.io, we collect your name, your shipping address and your email address. We need this information in order to execute your order and to fulfill a contract of sale.
Data processor processes personal data on our behalf. Third-party services integrated into the pages of our website and Serokell Shop also may store some information that can be considered personal data. You can find more details about them in the corresponding section below.
We use Google Analytics to get a better understanding of how people use our website. It allows us to collect various statistical data, such as the number of users visiting and their geographic distribution. We have a legitimate interest in making our website operate efficiently.
We do not share any of this data with Google or other third-parties and we do not use Remarketing or Advertising Reporting Features. Neither do we use User-ID. Also, we have configured Google Analytics to anonymise your IP address.
We believe this configuration restricts the information collected to the bare minimum required for us to obtain meaningful statistical data. Neither we, nor other parties use it for targeting ads or any equally evil marketing purposes.
You may opt-out of making your site activity available to Google Analytics by using the Google Analytics Opt-out Add-on.
We use Leadfeeder (https://www.leadfeeder.com/) to collect the visitor IP address to detect the company and geographic location. Leadfeeder only shows company visits; it automatically filters out all users visiting from residential IP addresses. All visit data is aggregated at the company level.
Leadfeeder automatically collects the following data:
- pages accessed;
- time of visit;
- time of last visit;
- name of the owner of the IP address;
- reverse domain of the IP address;
- referring site, application, or service, including the relevant search queries that led you to Leadfeeder’s website;
- browser information;
- operating system and device information;
- IP address (from users signing in to the service, for security purposes).
You may find a detailed description of Leadfeeder GDPR compliance here.
We use Tilda (https://www.tilda.cc/) for Serokell Shop. Tilda does not process personal data collected by us on our website and only provides the computing capacity that could be used for data collection. Data collected on Serokell Shop is kept in our personal account in the Tilda system for 30 days.
We collect some default information about usage of our service: log data (including its date and time), IP address, browser type, some browser settings and browser plugins, device information (your screen resolution, operating system, device settings etc.).
Any website may work differently depending on your device. We use this information in order to make our website work as designed on your device.
All payments are made via PayPal and Stripe (secure third-party online payment gateways). We do not have access to your card number, its period of validity and CVC code. If you wish to learn more about payment transactions, see here for PayPal and here for Stripe. Your financial information is kept private, and every PayPal or Stripe payment is followed by an email confirming your transaction.
Tilda may receive partial data about a successful payment in order to facilitate cooperation between the website and payment system.
Personal data disclosure
We do not sell your Personal Data.
We will not disclose or share any of your Personal Data with third parties except:
We have a legitimate interest:
- We will share your personal data provided to us with our employees or contractors who are responsible for contacting you, if you contact us via the “Let’s Have a Chat” form on our website.
- We also will share your personal data with our successor in case of transferring the rights.
Based on your consent:
In order to fulfill a contract of sale:
- If you place an order at shop.serokell.io, we will store your name, shipping address and email address in our personal account in the Tilda system for 30 days, in order to fulfill your order.
If disclosure is required by law or court order.
Personal data storage and transfer
Personal data collection and storage
The website server is located in Ireland. However, your personal data may be transferred outside the European Union, since it is not possible to ensure the normal operation of the website without using international services.
Serokell Shop (shop.serokell.io)
We use Tilda as a platform for running an online store and processing your orders. Data at shop.serokell.io is collected and stored on Tilda servers located in the Russian Federation. All personal data is processed via a safe encrypted connection using the HTTPS protocol. Tilda also implements security measures designed to protect personal data, including physical, electronic, and procedural measures. Tilda and its data center has provided appropriate safeguards to ensure your data security. All enforceable data subject rights and effective legal remedies for data subjects are available in Russia according to the Federal Law N 152.
Personal data transfer
Where is your data transferred:
Your personal data provided via “Let’s Have a Chat” is stored on Google’s servers, as we use the Google Mail service to process emails.
Our email server supports TLS encryption to ensure the security of sending and receiving emails. However to take advantage of it, your email service provider needs to support it too.
If you contact us via email, your message will be stored on Google servers which may be located in various countries, so your data can be transferred to other countries outside the EU, but Google is using the European Commission’s Standard Contractual Clauses (SCCs).
Mailchimp is headquartered in and has offices in the United States. Our servers are also located in the United States. This means data we process may be transferred to, stored, or processed in the United States. Mailchimp ensures reliable transfer and storage of personal data. For more information, see Mailchimp and European Data Transfers.
We do not support the Do Not Track browser option.
We use the following cookies:
This cookie is strictly necessary for our website since it is used for defending against CSRF attacks. The cookie contains a completely random value which is regenerated each time you load a page and is not stored on our side, so it is impossible for us or anyone else to use it to identify you.
Our CSRF cookie expires after 5 years or less.
This cookie stores your previous visited page URL and expires at the end of your session.
We use Google Analytics which sets its own cookies:
||Used to distinguish users.||2 years|
||Used to distinguish users.||1 day|
||Controls throttling requests to Google servers.||1 day|
Google Analytics does not collect information that identifies the visitor. You can find more details about these cookies in Google’s own guide.
Any private data that Google stores on their servers is deleted and any cookies that they set in your browser expire after the period shown in the table above.
Leadfeeder also sets its own cookies:
||Used for identifying the IP address of devices
visiting the website.
The cookie collects information such as IP addresses, time spent on website and page requests for the visits. This collected information is used for retargeting multiple users routing from the same IP address.
More information about cookies set by Leadfeeder may be found here.
The following third party cookies may be placed on your computer or device by Tilda:
||Used to analyse site usage statistics||End of session|
||Used to analyse site usage statistics||End of session|
This website may contain links to third party websites, which are governed by their own privacy policies. We are not responsible for the content or privacy of third-party websites, so we encourage you to check third parties’ privacy and security policies before providing them with any information.
Our website is not directed at children under 16, and we do not knowingly collect Personal Data from children under 16. If a child under the age of 16 has provided us with personal data, the child’s parent or guardian may contact us and request that such information be deleted.
Your data protection rights
General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) provides data protection rights for each user. Here they are:
- Right to access – you have the right to request from us a confirmation as to whether or not any personal data concerning you has been processed. You also can request a copy of your personal data that we hold.
- Right to rectification – you have the right to request us to correct your personal data you believe is inaccurate or incomplete.
- Right to erasure – in certain circumstances, you can ask for your personal data we hold to be erased.
- Right to restriction of processing – in certain circumstances, you can request us to limit the way we use your personal data.
- Right to data portability – in certain circumstances, you can request us to transfer your personal data to another company.
- Right to object – you have the right to challenge certain types of processing, such as direct marketing.
If you would like to access, erase, update, or rectify any of your personal data that we hold, or exercise any other of your data protection rights, please contact us:
Murad Murzaev <email@example.com> Serokell OÜ Pille tn 7/5-13 Tallinn, 10135 Estonia
Data Protection Authority
If you wish to lodge a complaint, you may contact Estonian Data Protection Inspectorate:
firstname.lastname@example.org +372 627 4135 39 Tatari St. Tallinn, 10134 Estonia