ebooklet’s Privacy Policy

Protecting the privacy and safeguarding the personal and financial information of our clients and is one of our highest priorities. The following Privacy Policy explains how we collect and protect your information. By using ebooklet (the “app”), you give your consent to the collection and use of personal information by us as explained in this Privacy Policy.

1.0 Introduction

1.1 In order to service our clients Nvyromedia (hereinafter “the Company”, “our”, “we” or “us”) needs to collect personal data from you, the user of our app.

In light of the above, we want to ensure a high level of data protection as privacy is a cornerstone in gaining and maintaining the trust of our clients and/or potential clients, and thus, ensuring our future business.

Protection of personal data requires among other things that appropriate technical and organizational measures are implemented to demonstrate a high level of data protection. We have adopted a number of internal and external data protection policies, which must be followed by our employees.

Additionally, we will monitor, audit and document internal compliance with the data protection policies and applicable statutory data protection requirements, including the General Data Protection Regulation (“GDPR”).

We will also take the necessary steps in order to enhance data protection compliance within the organization. These steps include the assignment of responsibilities, raising awareness and training within data protection of staff involved in processing operations. Kindly note that this Privacy Policy will be reviewed from time to time to take into account any new obligations. Retention of personal data will be governed by our most recent retention policy.

This Privacy Policy constitutes the overall framework for processing of personal data within the Company.

1.2 “Personal data” is any information which may be related to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, phone number, age, gender, etc.

1.3 Personal data can be categorized as ordinary non-sensitive personal data or special categories of personal data (sensitive personal data). Special categories of personal data are exhaustively outlined in the GDPR and include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade unionmembership, and the processing of genetic data, bio-metric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Ordinary non-sensitive personal data include all information that is not categorized as special categories of personal data (sensitive personal data). Such information can be name, address, telephone number, employee id, information about education, etc. Certain ordinary non- ensitive personal data may be considered confidential. This may, for instance, include information on income and wealth, and information on internal family relationships/matters. Confidential, ordinary non-sensitive data are normally subject to further security measures.

The category of personal data will have an impact on which legal basis the processing of such personal data can be based on.

1.4 Although information regarding companies/businesses is not as such personal data, kindly note that information relating to contact persons within such companies/businesses, e.g. name, title, work email, work phone number, etc. is
considered personal data. However, personal data relating to a personally owned and run business are considered as personal data even if the personal data concern the business. Such personal data are considered as relating to an identified or identifiable natural person.

1.5 We collect and use personal data for a variety of legitimate business purposes, including establishment and management of customer relationships, communication, fulfillment of legal obligations or requirements, providing services to clients, etc. When carrying out such processing activities, the first step is to ensure that the general principles relating to the processing of personal data are complied with.

1.6 Pursuant to the general principles personal data shall always be:

• • Processed lawfully, fairly and in a transparent manner in relation to the data subject (principle of lawfulness, fairness and transparency);
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of purpose limitation);
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimization);
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed (principle of storage limitation);
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and againstaccidental loss, destruction or damage, using appropriate technical or organizational measures (principle of integrity and confidentiality).

1.7 We shall be responsible for and be able to demonstrate compliance with the above (principle of accountability). This principle is one of the reasons that we have prepared this Privacy Policy and why it is important that you read it thoroughly.

2.0 Collection of Personal Information

We collect your personal information directly from you and indirectly as a result of your relationship with us. We may use the information collected from you to verify your identity and contact information, issue you a secure password, and contact you, among other reasons. This information also helps us improve our services to you and inform you about additional products
and services that may be of interest to you.

You directly provide us with the majority of information we collect. This information includes your telephone number, contact list, image gallery, and location.

You provide us with this information by completing the user registration process and related documentation or by sending us an e-mail.

The information we may collect indirectly from you includes your Internet protocol ("IP") address, Internet service provider (ISP), and time stamps.

3.0 Legal Basis for the Processing Of Personal Data

3.1 Besides complying with the general principles relating to the processing of personal data, the processing of the personal data must also be based on a legal basis. The legal basis will depend on, which category of personal data is being processed.

The most predominant legal bases for processing ordinary non-sensitive personal data, such as telephone number, credit card information, etc., within the Company are:

• • The performance of a contract to which the data subject is party;
  • A legal obligation or requirement to which we are a party; and
  • Legitimate interests pursued by us.

In certain cases, if none of the above legal bases can be applied, we will obtain the data subjects' consent to the processing.

The most predominant legal bases for processing special categories of personal data (if any) within our company are:

• • Explicit consent from the data subject(s) for one or more specific purposes;
  • To comply with obligations and exercising specific rights of the Company or the data subject; and
  • If the processing is necessary for the establishment, exercise or defense of legal claims.

4.0 Processing and Transfer of Personal Data

4.1 The Company as a Data Controller

4.1.1 The Company is in most cases processing personal data as a data controller, as the Company determines the purposes and means of the processing of personal data, e.g. when the processing relates to our clients.

4.2 Use of data processors

4.2.1 An external data processor is a company, which processes personal data on behalf of the Company and in accordance with the Company’s documented instructions, including for the Company’s purposes and by means set-out by the Company, e.g. in relation to third party IT providers, etc. When the Company outsources the processing of personal data to data processors, the Company ensures that said company as a minimum implements the same degree of security measures for the protection of personal data protection as the Company. If this cannot be guaranteed, the Company will choose another data processor. The processing by a data processor is governed by a data processing agreement.

4.3 Data processing agreements

4.3.1 Prior to transfer of personal data to the data processor, the Company shall assess whether the data processor provides sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subjects. After the assessment is carried out and it is determined that the data processor meets such requirements, the Company shall enter into a written data processing agreement with the data processor. The data processing agreement ensures that the Company controls the processing of personal data, which takes place outside the Company for which the Company is the data controller and thereby responsible.

4.3.2 If the data processor/sub-data processor is located outside the EU/EEA, the conditions of clause 4.4.2 below will apply.

4.4 Disclosure of personal data to other independent data controllers

4.4.1 Before disclosing personal data to others, i.e. other independent data controllers, it is the responsibility of the Company to ensure that the general principles relating to the processing of personal data are complied with. Further, it is the Company's responsibility to ensure that the disclosure of the personal data is based on a legal basis.

4.4.2 If the third-party recipient is located outside the EU/EEA in a country that does not ensure an adequate level of personal data protection, the transfer can only be completed if the Company is providing appropriate safeguards. This will be done by entering into a transfer agreement between the Company and the third party. The transfer agreement shall be based on the EU Standard Contractual Clauses.

5.0 Rights of the Data Subjects

Subject to various terms and conditions and exceptions, the data subjects have the following
rights:

5.1 Duty of information when the personal data are obtained from the data subject

5.1.1 When we process, and register personal data about data subjects, we are obligated to inform such persons about the following:

• The purposes of the processing for which the personal data are intended as well as the legal basis for the processing;

• the categories of personal data concerned;

• the legitimate interests pursued by us, if the processing is based on a balancing of interests;

• the recipients or categories of recipients of the personal data, if any;

• where applicable, the fact that we intend to transfer personal data to a third country and the legal basis for such transfer;

• the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

• the existence of the right to request from us access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;

• where the processing is based on the data subject’s consent, the existence of the right to withdraw consent at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal;

• the right to lodge a complaint with us via the correct procedure or with a supervisory authority;

• whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the
possible consequences of failure to provide such data;

• the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

5.1.2 If the personal data are not obtained from the data subject, he/she must also be informed about the source from which the personal data originate, and if applicable, whether it came from publicly accessible sources.

5.2 Right to access

5.2.1 Any person whose personal data we process, including but not limited to clients, potential clients, etc. has the right to obtain from us confirmation as to whether or not personal data concerning him/her are being processed,
and if that is the case, request access to the personal data which we process about him/her in addition with the information outlined in clause 5.1.1 above.

5.3 Right to rectification

5.3.1 The data subject shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning him or her.

5.4 Right to erasure (right to be forgotten)

5.4.1 The data subject shall have the right to obtain from us the erasure of personal data concerning him or her and we shall have the obligation to erase personal data without undue delay, unless it is required by law to retain any information for a prescribed period of time, for example, by financial regulators or tax authorities.

5.5 Right to restriction of processing

5.5.1 The data subject shall have the right to obtain from us restriction of processing, if applicable.

5.6 Right to data portability

5.6.1 The data subject shall have the right to receive the personal data registered in a structured and commonly used and machine-readable format.

5.7 Right to objection

5.7.1 The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on a balancing of interests, including profiling.

5.8 Any requests received from a data subject to exercise the rights in this clause will be answered as soon as reasonably possible, and no later than 30 days from receipt. Requests shall be forwarded without delay to our customer service team. The customer service team will be supported by our Data Protection Officer to process the request to meet the reply deadline.

6.0 When We May Share Your Information

We may share your personal information with:

• any regulatory, law enforcement or tax authority;
• such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police;

• our associated companies; and courts, tribunals, regulatory or tax authorities and government agencies to enable us to
enforce our agreement with you or to comply with the requirements of a court, regulator, tax authority or government agency.

Generally, we require that organizations outside our associated companies with whom we share your personal information acknowledge the confidentiality of your data and undertake to respect your right to privacy.

7.0 Security

7.1 All information you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our app, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

7.2 Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our app; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

8.0 Changes to This Privacy Statement

From time to time, we may update this Privacy Policy. In the event we change this Privacy Policy, the revised Privacy Policy will promptly be posted to the app and we will post a notice on the app informing you of such changes. You agree to accept posting of a revised Privacy Policy electronically on the app as actual notice to you. Any dispute over our Privacy Policy is subject to this notice. We encourage you to periodically check back and review this policy so that you always will know what information we collect and how we use it. If you have any questions that this statement does not address, kindly contact us.