NexusMedia OÜ (doing business as “TK Digital”, hereinafter- “we”, “us”, “TK Digital”) is the Estonian company which provides different Shopify Apps to Users of shopify.com through a Software as a Service (SaaS) model.
Also our site does not sell your personal information to third parties. A “sale” of Personal Information under the CCPA is defined broadly to include the “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means” the Personal Information of a Consumer to another business or third party “for monetary or other valuable consideration.” If we decide to sell our website or App(s) (our business), we will inform you about this, so you can forbid us to transfer your personal data together with our business. If so, we will delete your data from the databases prior to a business transfer.
For the purposes of this policy, we define the term “Customer” as a person which have concluded the installation of any of TK Digital Apps through shopify.com, the term “Customer’s Client” as any individual who interacts directly with Customer without interacting directly with us and the term “Visitor” as an individual who visits our website (https://nexusmedia-ua.com) and fills our contact form.
We adhere to the following principles in order to protect your privacy:
1.1.1. In order to provide services to our Customers we collect its personally identifiable information.
1.1.2. After concluded the installation of any of TK Digital Apps at Shopify App store, Shopify provides us with information such as name, company name, email address, address and other relevant data. This information is used by us to identify the Customers and provide them with services, mailings, notification, support and marketing actions, and to meet other contractual obligations.
1.1.3. If you no longer wish to receive promotional emails, you may opt out of them by replying to one of such emails or send us an email with a request.
1.1.4. We are processing your Personal Data in order to fulfill contracts we might have with you for purposes to provide our services to you (including support, communication, marketing etc.). When we share such information with our contractors (which may be located outside of the European Economic Area) in order to provide high quality support services in emergency cases, we rely on your consent and your request to do so. Processing of Personal Data for marketing purpose is also relied on consent obtained from you. We use such data in ways you would reasonably expect and which have a minimal privacy impact.
1.1.5. You can withdraw your consents at any time by sending the email with your withdrawal and your Personal Data will be deleted in 48 hours.
1.2. Customer’s Clients
1.2.1. Customers may collect, store and process Personal Data of their own Clients via TK Digital Apps on their websites. We have no direct relationship to the individuals whose Personal Data is processed in this case. Each Customer is responsible for providing a notice to its Clients and third persons concerning the purpose for which Customer collects their Personal Data and how this Personal Data is processed.
1.2.2. We may be a processor with respect to such Personal Data and act on behalf of Customer. In this case we could process such Personal Data as email address, geolocation data and IP-address.
1.2.3. We do not collect information from children under 13 years. And we do not collect sensitive data. If we learn that we have Personal Data of a child under age 13, we will remove it. If you believe we have Personal Data about a child under the age of 13, please notify us.
1.2.4. While processing Personal Data of our Customer’s Clients, we rely on our contract between us and our Client to the processing of Personal Data for purposes to provide our services to our Customer. We act for the benefit of our Customer as this processing is necessary for proper functioning of our App integrated in our Customer’s websites.
1.2.5. When we share such information with our contractors (which may be located outside of the European Economic Area) in order to provide high quality support services in emergency cases, we rely on Customer’s consent and Customer’s request to do so.
2.1. For Visitors, Customers and Customer’s Clients located in the European Economic Area (EEA) privacy rights are granted and all processing of Personal Data is performed in accordance with regulations and rules following the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and the national legislation of the Republic of Estonia.
2.2. For Visitors, Customers and Customer’s Clients located in California all processing of Personal Data is performed in accordance with regulations and rules following the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”)
2.3. For Visitors, Customers and Customer’s Clients located in Brazilia, all processing of Personal Data is performed in accordance with regulations and rules following the Lei Geral de Proteção de Dados (“LGPD”).
2.4. We process Personal Data both as a Processor and as a Controller, as defined in the GDPR:
● TK Digital with whom you as a Customer has entered into an agreement when installing the Apps will be the Controller for Customer data as outlined above in “Customer” section.
● Also TK Digital will be the Controller for Visitor data, as outlined above in “Visitor” section.
2.5. For Customer’s Client data, as outlined in the “Customer’s Client” section, the Customer will be the Controller in accordance with Directive and GDPR, and TK Digital will be the Processor.
2.6. The processing and transfer of personal data is carried out in accordance with the requirements set out in the Personal Data Protection Act and Electronic Communications Act of the Republic of Estonia.
3.1. Visitors and Customers can review, correct, update, delete or transfer their personally identifiable information. For that, contact us directly at email@example.com. We will acknowledge your request within seventy-two (72) hours and handle it promptly and as required by law.
3.1.1. Right to access. Any Visitors and Customers may contact us to get confirmation as to whether or not we are processing Customer’s/Visitor’s personal data. Where we do process Customer’s/Visitor’s personal data, we will inform Customer/Visitor of what categories of personal data we process regarding him/her, the processing purposes, the categories of recipients to whom personal data have been or will be disclosed and the envisaged storage period or criteria to determine that period.
3.1.2. Right to withdraw consent. In case our processing is based on a consent granted by the Customer/Visitor, the Customer/Visitor may withdraw the consent at any time by contacting us or by using the functionalities of our Services.You can withdraw your consents at any time by replying the email with your withdrawal and your Personal Data will be deleted in 48 hours. Withdrawing a consent may lead to fewer possibilities to use our Services.
3.1.3. Right to object. In case our processing is based on our legitimate interest to run, maintain and develop our business, any Customer/Visitor has the right to object at any time to our processing. We shall then no longer process Customer’s/Visitor’s personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override Customer’s/Visitor’s interests, rights and freedoms or for legal claims. Notwithstanding any consent granted beforehand for direct marketing purposes, any Customer/Visitor has the right to prohibit us from using his/her personal data for direct marketing purposes, by contacting us or by using the functionalities of the Services or unsubscribe possibilities in connection with our direct marketing messages.
3.1.4. Right to restriction of processing. Any Customer/Visitor has the right to obtain from us restriction of processing of Customer’s/Visitor’s personal data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of personal data after Customer’s/Visitor’s contesting of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for Customer’s/Visitor’s legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.
3.1.5. Right to data portability. Any Customer/Visitor has the right to receive Customer’s/Visitor’s personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party, in case our processing is based on Customer’s/Visitor’s consent and carried out by automated means.
3.1.6. How to use these rights. To exercise any of the above mentioned rights, User should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, Customer shall send us a letter or email to the address set out below under Contact, including the following information: name, address, phone number, email address and a copy of a valid proof of identity. We may request additional information necessary to confirm User’s identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
3.2. You have the right to lodge a complaint with a supervisory authority if you think that we violate your rights. You could contact The Data Protection Inspectorate in Estonia via their website (http://www.aki.ee/).
3.3. If you are from California and dissatisfied with how we have used your personal information, you can complain to the Information Commissioner’s Office at firstname.lastname@example.org . Also You have the right to lodge a complaint with a supervisory authority if you think that we violate your rights. You could contact The California Department of Justice (Department) via their website (https://www.oag.ca.gov/privacy/caloppa/complaint-form/privacy-notice).
3.4. If you are from Brazil, you can also file a complaint with Brazil’s National Data Protection Authority (ANPD) through its official channels.
4.1. We will retain Personal Data for as long as you, as Customer, use our Apps or as you, as Visitor, are continue to communicate with our support team. Your information will be deleted if you did not communicate with the support team for more than 12 months.
4.2. Personal Data of Customer’s Clients will be deleted as soon as Customer stops to use our App. Any data collected for the purpose of analytics will be deleted in 12 months after being collected.
5.1. We care to ensure the security of personal data. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain technical, physical, and administrative security measures to provide reasonable protection for your Personal Data. When we or our contractors process Your information, we also make sure that your information is protected from unauthorized access, loss, manipulation, falsification, destruction or unauthorized disclosure. This is done through appropriate administrative, technical and physical measures.
5.2. We always use pseudonymisation as a method of securing the Personal Data we process as the Processor.
5.3. There is no 100% secure method of transmission over the Internet or method of electronic storage. Therefore, we cannot guarantee its absolute security.
5.4. We never process any kind of sensitive data and criminal offence data not as a Controller nor as a Processor. Also we never undertake profiling of personal data.
6.1. We work with third party service providers who provide website, application development, hosting, maintenance, and other services for us. They may be located outside of the EEA. These contractors may have access to, or process Personal Data on behalf of us as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions.
6.2. We hereby guarantee that we have data processing agreements in place with our service providers, ensuring compliance with the GDPR and our contracts with them requiring to maintain the confidentiality of such information. All data transfers inside and outside of the EEA are being done in accordance with these data processing agreements.
6.3. All data transfers are performed in accordance with the highest security regulations. Transfer of Personal Data to countries outside of the European Economic Area may be possible only in the case, when we have obtained your consent for it.
6.4. For a complete list of contractors - contact us.
10.1. If you have any questions, the practices of this Site, or your dealings with this website, please contact us at email@example.com.
Harju maakond, Tallinn,
Sepapaja tn 6, 15551,
Republic of Estonia.