PURSUANT TO THE ART. 13 OF REGULATION (EU) 679/2016 (“GDPR”)

1. WHO WE ARE

The company SOFYAN LIMITED, with registered office in Amathus Avenue, 4532 Agios Tychonas, Limassol, Cyprus, Registration Number: HE 445193 (hereinafter “Sofyan” or the “Company”), in its capacity as data controller with regard to Personal Data collected on the website (hereinafter also referred to as the “Site”), pays the utmost attention to the security and confidentiality of Personal Data in the performance of its activities.

This privacy policy (hereinafter “Privacy Policy”) may be subject to periodical amendments, additions or updates, also in consideration of possible changes in the applicable legislation, or measures of the competent Data Protection Authority and/or the European Data Protection Board (“EDPB”). Substantial changes and updates to the Privacy Policy will be brought to the attention of those concerned by updating the link to the Privacy Policy in the footer of the Site.

We invite you to regularly read this Privacy Policy in order to be aware of its latest version and to be informed at all times of how we process your Personal Data. 

In the event of significant changes that affect your rights as User (as defined in the Terms of Use), we will inform you by e-mail with reasonable notice.

1. WHICH PERSONAL DATA MAY BE COLLECTED

Personal data means any information about an individual from which that person can be identified. The following categories of personal data relating to you, which you voluntarily provide, may be collected by the Company in the performance of its activities (the term “Personal Data” shall mean all the categories listed below, jointly considered):

• Contact details: information about your first name, surname, telephone number, email address; 
• Other personal data: information about your gender, age, photograph(s), as well as other data you may provide spontaneously while browsing the Website;
• Special Categories of personal data: information that may be related to your lifestyle and sexual behaviour;
• Site Usage data: IP address, User Agent software and information acquired via cookies (see our Cookie Policy which regulates the details).

We also collect, use and share aggregated data such as statistical or demographic data which is not Personal Data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals’ usage data to calculate the percentage of users accessing a specific Site feature in order to analyse general trends in how users are interacting with our Site to help improve the Site and our service offering.

1. HOW WE COLLECT YOUR PERSONAL DATA

The Company collects and processes your Personal Data in the following circumstances:

• if you visit and navigate the Site;
• if you complete and forward the form on the Site;
• when carrying out and replying to your support requests and/or reports.

We ask you to keep your Personal Data up to date and to inform us of any changes.

1. WHAT PURPOSES CAN YOUR PERSONAL DATA BE USED FOR

The processing of Personal Data is carried out for the following purposes and is legitimised by the legal bases provided for in the applicable legislation, as described below:

1. Operational management and purposes strictly related to accessing, browsing on the Site.

The Company may process your Personal and Contact Data, Other Personal Data and Site Usage Data to enable you to access, browse the Site as well as completing of the form for reports and/or request of support with requesting Users.

Legal basis of the processing: performance of a contract to which you are a party or of pre-contractual measures taken at your request.

Providing your Personal Data for such purpose is mandatory in order to respond to your requests; failure thereof, would prevent the Company to process the requests.

1. Reply to your reports and/or request of support. 

The Company may process your Contact details, in particular, your email address and/or telephone number, to reply to your report and/or request of support by completing the form on the Site.

Legal basis for processing: performance of a contract to which you are a party or of pre-contractual measures taken at your request.

The Company may also process for the same purpose your photograph, as well as Special Categories of personal data to reply to your reports and/or request of support.
Legal basis for processing: consent, that will be asked to you both for the possible processing of your photograph and/or for the possible processing of your Special categories of personal data. 

Failure to provide consent will not prevent you from forwarding a report or request of support. Consent may be withdrawn at any time by sending an email at the following address privacy.secure@skokka.com

1. Market and statistical research to improve the service.

The Company may process your Contact details to analyse and improve its services for a better customer satisfaction.

Legal basis for processing: legitimate interest of the Company in verifying and improving its services.

Providing your Personal Data for such purpose is mandatory; failure thereof would prevent the Company from carrying out market and statistical researches to improve its services.
However, you may object, at any time, to the processing of your Contact details for the above purpose. The request for objection can be made by sending an email at the following address privacy.secure@skokka.com.

1. Defend a right in the course of judicial, administrative or extra-judicial proceedings and in the context of disputes arising in connection with the services offered.
   The Company may process your Personal Data to defend its rights or act or even claim anything against you or any third party.

Legal basis for processing: legitimate interest of the Company to defend its rights in court.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of Personal Data concerning you carried out by the Controller in pursuit of its legitimate interests. 

Providing your Personal Data for such purpose is mandatory; failure thereof would prevent the Company from defending its rights.

1. Purposes relating to obligations provided for by laws, regulations and European legislation, by provisions / requests for authorities entitled to do so by law and/or by supervisory and control bodies.

The Company may process your Personal Data in order to comply with requests from Judicial Authorities and/or Supervisory Authorities, or to fulfil a legal obligation.
Legal bases for processing: legal obligation.

Providing your Personal Data for such purpose is mandatory; failure thereof would prevent the Company from complying with specific legal obligations.

1. HOW WE KEEP YOUR PERSONAL DATA SAFE

The Company uses a wide range of security measures to improve protection and maintain the security, integrity and accessibility of your Personal Data.

All of your Personal Data is stored on our secure servers (or on secure paper copies or other durable storage means) or on those of our suppliers, and may be accessed and used based on our standards and our security policies (or equivalent standards for our suppliers).

1. HOW LONG DO WE STORE YOUR INFORMATION FOR

The Company will keep your Personal Data only for the time necessary to achieve the purposes for which they were collected or for any other related and lawful purpose. 
Therefore, if Personal Data is processed for two different purposes, we will store such Personal Data until the processing purpose with the longest term ends; however, we will no longer process Personal Data for the purpose for which the retention period has expired.

We restrict access to your Personal Data only to those who need to use it for relevant purposes.
When your Personal Data is no longer required, or when there is no longer any legal basis for storing such Personal Data, it will be irreversibly anonymized or securely destroyed.

The retention periods relating to the different purposes described above are indicated as follows:

1. Purposes strictly related to accessing and browsing the Site, including registration to the Site and reports and/or requests of support: Personal Data being processed for such purpose will be stored by the Company for the time strictly necessary to provide you access to the Site and in any case no later than 2 years after your last access to the Site. We keep the last 2 years-worth of server log files.
2. Reply to reports and/or request of assistance: Personal Data being processed for such purpose will be stored by the Company no later than 1 year after the publication of the advertisement.
3. Market and statistical research in order to improve the service: Personal Data being processed for such purpose will be stored by the Company for 2 years from its collection.
4. Defend a right in the course of judicial, administrative or extra-judicial proceedings and in the context of disputes arising in connection with the services offered: Personal Data being processed for such purpose will be stored by the Company for the time strictly necessary to achieve such purpose.
5. Purposes relating to obligations provided for by laws, regulations and legislation, by provisions / requests for authorities entitled to do so by law and/or by supervisory and control bodies: Personal Data being processed for such purposes will be stored by the Company for the time strictly necessary to achieve such purposes.
6. WHO WE CAN SHARE YOUR PERSONAL DATA WITH

Your Personal Data may be accessed by duly authorised employees, as well as by external suppliers providing support for the provision of services, if any, designated as data processors, including all IT suppliers involved in the provision of the services offered by the Website, (including but not limited to those providing payment gateways for orders placed through the Website, providers of age verification services, etc.). Please contact us at the following email address: privacy.secure@skokka.com if you wish to see the list of data processor and other entities we share data with.

1. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

For the performance of processing operations, your Personal Data may be transferred outside the European Economic Area (hereinafter “Non-European Countries”). In such circumstances, if the non-European countries to which your Personal Data may be transferred are not considered adequate by the European Commission and the cases of exemption under Article 49 of the GDPR do not apply, the Company shall take appropriate safeguards to protect your Personal Data in accordance with applicable law and in particular Article 46 of the GDPR. You have the right to obtain information about the appropriate safeguards adopted for the transfer of Personal Data and the means of obtaining a copy of such Personal Data or the place where it has been made available. 

1. CONTACTS

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights (as provided in paragraph 10), the contact details for the Company, in its capacity as data controller, are the following:

SOFYAN LIMITED

registered office: Amathus Avenue, 4532 Agios Tychonas, Limassol, Cyprus, 

Registration Number: HE 445193 

Email: privacy.secure@skokka.com 

1. YOUR PERSONAL DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE A COMPLAINT BEFORE THE SUPERVISORY AUTHORITIES

You have the right to:

• Obtain confirmation of the existence or non-existence of Personal Data concerning you, obtain access to your Personal Data and obtain a copy thereof (“Subject access request”);
• In the event that the processing is carried out by automated means on the basis of consent or contract, to receive your Personal Data in a structured, commonly used and machine-readable format or to request its transmission to another controller without hindrance (Right of portability);
• Obtain the rectification of Personal Data processed by us that is inaccurate or the integration of incomplete Personal Data (Right of rectification);
• Obtain the deletion of Personal Data processed by us if any of the grounds set forth in Article 17 of the GDPR apply (Right to erasure);
• Revoke your consent to the processing at any time if the processing is based on your consent, without prejudice to the lawfulness of the corresponding processing until the time of revocation (Article 7(3) of the GDPR – Right to revoke consent);
• Request to limit the processing to certain Personal Data only, if one of the grounds set out in Article 18 of the GDPR exists (Right to restrict processing);
• Object in whole or in part to the processing of Personal Data relating to you (so-called Right of Objection); 

Requests to exercise the above rights should be addressed to the following address: privacy.secure@skokka.com.

The exercise of these rights is free and is not subject to any formal constraints. Should you exercise any of the aforementioned rights, it shall be the responsibility of the Company to verify that you are entitled to exercise them and to reply to you, as a rule, within one month.

1. COMPLAINTS

In the event that you believe that the processing of your Personal Data is in violation of the provisions of the Data Protection Legislation, you have the right to lodge a complaint with the local competent authority or to take legal action. We would, however, appreciate the chance to deal with your concerns before you approach the competent authority or take legal action so, please contact us in the first instance.