SIA INGAIN TECHNOLOGIES (Ltd.), registration No. 50203431551, legal address: Maskavas Street 322S, Riga, Latvia, LV-1063 (“us”, “we”, “our” or the “Company”) as the Data Controller operates the https://ingain.com/ website providing loan management system (the “Program”) integration services and Program support services (the “Service”).
This Privacy Policy informs you (the “User” or the “Customer”) of our policies regarding the processing (collection, storage, use, disclosure, erasure etc.) of Personal Data when you visit our website.
If the User does not agree with the Privacy Policy or certain provisions thereof, the User does not have to provide Personal Data to the Company.
If the Personal Data provided by the User has changed or the information processed by the Company about the User is inaccurate or incorrect, the User has the right to request to change, clarify or correct this information. The Company shall not be liable for inaccurate or incomplete data submitted by the User.
- DEFINITIONS
- Data Controller
Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data. Definition shall have the same meaning as in Article 4 (7) of GDPR.
- Data Processor (or Service Providers or Sub-contractors)
Data Processor (or Service Provider or Sub-contractor) means any person (other than an employee of the Data Controller) who processes the Personal Data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your Personal Data more effectively. Definition shall have the same meaning as in Article 4 (8) of GDPR.
- Data Subject
Data Subject is any living individual (natural person) who is the subject of Personal Data.
- Cookies
Cookies are small pieces of data stored on a User’s device.
- GDPR
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Personal Data
Personal Data means data about a living individual (natural person) who can be identified or identifiable from those data (or from those and other information either in our possession or likely to come into our possession). Definition shall have the same meaning as in Article 4 (1) of GDPR.
- Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data. Definition shall have the same meaning as in Article 4 (10) of GDPR.
- Usage Data
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (information that your browser sends whenever you visit our webpage or when you access the Service by or through a mobile device, for example, your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the duration of a page visit, unique device identifiers and other diagnostic data, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data).
- User
The User is the individual using our website. The User corresponds to the Data Subject, who is the subject of Personal Data.
- CATEGORIES AND TYPES OF PERSONAL DATA PROCESSED, LEGAL BASIS FOR PROCESSING AND PURPOSES OF PROCESSING
The Company processes the User’s personal data in accordance with the following legal basis and purposes for processing personal data:
- THE SOURCES OF PERSONAL DATA.
Personal Data may be obtained directly from the User (the User provides information by completing submissions, through social media, by mail, by email, by telephone, or through any other media or services) as well as from the use of the Services (the email communications and documents including interactions and communications with the Company).
- RETENTION OF DATA
The Company will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.
We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. The Company will also retain Usage Data for internal analysis purposes.
Where the same personal data are processed for more than one purpose, they shall be kept for the longer applicable retention period.
The storage period of the processed personal data may be based on the Customer’s (data subject’s) consent (until revocation, if there is no other basis for processing the personal data), the Contract (to provide evidence against claims of non-compliance with the Service and/or performance of the obligations under the Contract, as well as to provide evidence against a potential claim, arising from a tort, the retention period is ten years from the date of performance of the service or the Contract), the legitimate interests of the Controller or a legal obligation to which the Controller is a subject arising from applicable laws and regulations (e.g. laws and regulations on archiving of documents, etc.).
If none of the legal grounds for processing personal data no longer exist and the normative acts do not provide for a longer period of storage of personal data, the Controller shall delete the personal data.
- TERRITORY OF PROCESSING OF PERSONAL DATA AND TRANSFER OF PERSONAL DATA
Personal data is processed in the European Union / European Economic Area (EU / EEA).
However, if the Personal Data is transferred outside the EU / EEA, the Company undertakes to take all necessary security measures to ensure the same level of security of Personal Data as in the EU / EEA, and appropriate guarantees in accordance with the provisions of Article 46 of the GDPR. The Company shall transfer Personal Data to a third country or to an international organisation only if there is a legitimate basis for it and appropriate safeguards have been put in place:
(a) the European Commission has decided in accordance with Article 45 of the GDPR that the third country or organisation concerned ensures an adequate level of protection; or
(b) the controller or processor has provided adequate guarantees in accordance with Articles 46 or 47 of the GDPR: (i) binding corporate rules; (ii) standard contractual clauses adopted and approved by the European Commission or the national supervisory authority; (iii) other ad hoc contractual clauses, if approved by the competent national supervisory authority; (iv) an approved code of conduct together with a binding and legally enforceable commitment by the third-country data controller or processor to apply the relevant safeguards; (v) an approved certification mechanism together with a binding and legally enforceable commitment by the third-country data controller or processor to apply the relevant safeguards; or
(c) there is an exception set out in Article 49 of the GDPR ((i) the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards; (ii) where the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person; (iii) the transfer is necessary for the establishment, exercise or defence of legal claims; (iv) where the transfer is necessary for important reasons of public interest; (v) where it is necessary for the protection of the vital interests of the data subject or of another natural person, where the data subject is physically or legally incapable of giving consent.
Upon a written request, the User can receive more detailed information on the transfer of Personal Data to countries outside the EU / EEA.
In the event of any onward transfer, the Company will comply with all other safeguards, in particular the purpose limitation. The Company will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data and other personal information.
- DISCLOSURE OF DATA
When the Company receives and transfers your Personal Data to Data Processors who process Personal Data on behalf of the Company, the Company shall take all necessary measures to ensure that the Personal Data is processed by the Data Processors in accordance with the agreement or regulatory enactments and documented Company instructions.
When the Company receives and transfers your Personal Data to the Third parties (independent Data Controllers), the Third parties, as independent Data Controllers, process the Personal Data in accordance with their privacy policies, which are available on the website of the respective service provider.
- Legal Requirements
Under certain circumstances, the Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. Consumer Rights Protection Centre, State Revenue Service, courts, government agency, out-of-court dispute resolution institutions, insolvency process administrators, sworn bailiffs, etc).
The Company may disclose your Personal Data:
- To comply with a legal obligation
- To protect and defend the rights or property of the Company
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of Users of the Service or the public
- To protect against legal liability.
- Service Providers (Sub-contractors)
The Company may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on the Company’s behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
The Company may disclose your Personal Data to the Service Providers including, but not limited to:
– companies in the same group as the Company and the authorities of the country of residence of their shareholders/members, if so requested by such authorities;
– persons who provide services to or otherwise cooperate with the Company in order to provide services or perform their obligations under the agreement where disclosure of personal data is necessary for the provision of that service or cooperation;
– a person to whom (or through whom) the Company transfers or the Company intends to transfer a right of claim arising under the contract (assignment);
– server providers and data storage providers selected by the Company; website and mobile application operators; video surveillance system providers; tele-marketing, marketing and survey service providers, email and SMS gateway service providers, online intermediaries and other third parties involved in the provision of the services provided by the Company (incl, banks, archiving, postal and courier service providers, etc.), ensuring that such parties will process the Customer’s personal data only to the extent and for the purposes (purposes) set out in this Privacy Policy;
– persons who, on behalf of the Company, carry out a statistical, market or public opinion study or survey, if the disclosure of personal data is necessary for the purpose of carrying out the study or survey in question;
– any accounting service provider, auditor, financial adviser, legal adviser, solicitor, notary public and/or bailiff selected by the Company.
These Service Providers have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- Analytics (Sub-contractor)
We may use third-party Service Providers to monitor and analyze the use of our Service.
- Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page
- Behavioral Remarketing (Sub-contractor)
The Company uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use Cookies to inform, optimize and serve ads based on your past visits to our Service.
- Google Ads
Google Ads remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page.
Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
- Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
- CHILDREN’S PRIVACY
Our Service does not address anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
- SECURITY OF DATA
The Company has established necessary legal, organizational, physical and technical security measures to protect your Personal Data against unauthorised access, accidental or unlawful alteration, disclosure, loss, destruction, erasure, including measures against threats caused by physical exposure and measures implemented by means of software. Some examples of the measures we use:
Physical measures – paper-based documents containing Personal Data are stored in locked rooms and cabinets to which only certain employees have access for fulfilling their job duties; data processing rooms and IT-systems are sufficiently protected against fire, overheating, water, current instability and power outages.
Technical measures – all employee work computers are protected with password protected screensavers when the employee leaves; it is ensured that the IT- system does not accept new login attempts and locks the username if certain number of access attempts has been exceeded; it is ensured that especially vulnerable systems (e.g. laptops, smartphones) are sufficiently protected (using encryption or other means).
Organizational means – all IT system Users are assigned roles and profiles; it is ensured that access rights are deleted when an employee leaves the Company; it is ensured that there is no access from publicly used rooms to rooms where Personal Data is being processed.
In case we use external companies for providing services, which include data processing, we conclude data protection agreements with such Service Providers obligating them to: a) take appropriate measures to ensure confidentiality and security of the Personal Data and ii) process Personal Data in accordance with the applicable legal requirements.
- YOUR RIGHTS
- Right to be informed and Right of access
If you wish to be informed what Personal Data we hold about you and receive a copy of the Personal Data we hold about you, please contact us. Please note that we may ask you to verify your identity before responding to such requests.
- Right to rectification
You have rights to request updating any personal information about you if it is inaccurate or incomplete.
- Right to erasure
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have Personal Data erased and to prevent processing in specific circumstances: (i) where the Personal Data is no longer necessary in relation to the purpose for which it was originally collected/processed; (ii) the Personal Data is processed in relation to the offer of information society services to a child; (iii) when you withdraws consent; (iii) the Personal Data was unlawfully processed (i.e. otherwise in breach of the GDPR); (iv) when the individual objects to the processing and there is no overriding legitimate interest or other legal basis for continuing the processing; (v) the Personal Data has to be erased in order to comply with a legal obligation.
- Right to restrict processing
You have rights under certain circumstances to request to ‘block’ or suppress processing of Personal Data for a certain period (e.g. if you have objected to Personal Data processing). When processing is restricted, we are permitted to store the Personal Data, but not further process it.
- Right to object
You have the right to object to such data processing which is based on the Company’s legitimate interest incl. profiling based on our legitimate interest. We shall stop processing your Personal Data when you present an objection, unless we can demonstrate compelling legitimate grounds for the processing or processing is needed for the establishment, exercise or defense of legal claims. You also have the right to object at any time to processing of your Personal Data concerning for direct marketing. Upon receiving such objection, we shall stop processing your Personal Data for direct marketing.
- Right to data portability
In case processing the Personal Data is based on your consent or on a contract between us and Personal Data is processed automatically, you have the right to access Personal Data concerning you which you have given to us in a structured, generally usable and in machine readable form. You have rights to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way. We will provide all Personal Data in a structured way using open formats like CSV.
- Right to withdraw your consent
You have right to withdraw your consent where the personal data is provided to the Company on the basis of your consent (withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal);
- Right to not be subject to fully automated decision-making, including profiling
You have right not to be subject to fully automated decision-making, including profiling, where such decision-making has legal effects or similarly significantly affects you (data subject). This right shall not apply if the decision-making is necessary for entering into or performance of a Contract with the Customer (data subject), if the decision-making is permitted under applicable laws or regulations or if the Customer (data subject) has given its explicit consent.
- Right to contact us, submit a complaint to the Data State Inspectorate of Republic of Latvia and the court
If you want to exercise any of the abovementioned rights, please contact us using the e-mail address privacy@ingain.com. In order to respond to your inquiry, we must first authenticate you to avoid granting information to unauthorized persons. We will respond to your inquiries within 30 days.
We respect your privacy and wish that processing your Personal Data by us would be understandable and transparent. For that we have also drafted these Privacy Policy. Should you need further information about processing your Personal Data or exercising your rights, please contact us at e-mail address privacy@ingain.com.
If you believe that processing of your Personal Data violates the GDPR requirements, you have the right to turn to the Data State Inspectorate of Republic of Latvia (info@dvi.gov.lv) and the courts to protect your rights and interests.
- CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
- CONTACT US
If you have any questions about this Privacy Policy, please contact us by email: privacy@ingain.com.