Last updated on 16/02/2021
Previously updated on 04/01/2020
While operating Dayspedia.com (the "Website", "Dayspedia") and all related services (the "Services"), provided by the entity indicated at the bottom of this document (the "Company", "we", "us", "our"), we are committed to being fully transparent as regards our privacy practices. For general use of the Services, please see our Terms.
- what data we process, how and for what purposes we process your personal data;
- when and how we can share your personal data with third parties;
- how long we retain your personal data;
- our protection measures to keep your personal data secure;
- your rights in respect of processing your personal data.
What is Personal Data?
Personal data (or data) is any information relating to you and that alone or in combination with other pieces of information gives the opportunity to a person that collects and processes such information to identify you as an individual. It can be your name, address, your location data, or information related to your physical, physiological, genetic, mental, economic, cultural or social identity. Personal data also usually includes such technical information as a Media Access Control address (MAC-addresses), International Mobile Equipment Identity (IMEI), Unique Device Identifier (UDID), the Identity for Advertisers (IDFA), Internet Protocol address (IP-address), browser and system information.
Processing of the personal data means any action with it, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means and so on.
What Data do We Collect?
You may visit our site anonymously. In such case, we may collect certain information automatically or through the contract form, if you send us your requests. Otherwise, we also collect the account data and the configuration data which is connected to your authorization on the Services.
Account Data. For your better user experience, you may log in through Facebook, Google, Twitter and other OAuth third party providers. When you log in on our Website, basic contact details are collected: your profile photo, email address and name. Any additional information may be collected only upon your consent and you are informed about such collection when logging in with the use of the respective OAuth third party providers.
- Cities you have selected;
- Your location;
- Other website settings, which separately usually do not constitute personal data (clock and time format and additional buttons on homepage).
- Your IP number in anonymized form;
- The date and time of the latest login (based on your consent).
After login, you are issued with a cryptographic token which is used both as a proof of your consent and authorisation. This token is stored in your cookie, and sent with each request by your browser to Dayspedia.Data We Need to Answer Your Request. When you are filling in the form with a request, we collect the following information:
- Your name;
- Your email;
- Your message.
We kindly ask you not to provide us with the excessive personal data in your requests.
Automatic Collection. We may collect some of your personal data automatically with the help of cookies and other similar technologies. The data collected automatically could include the date and time of the latest login etc. For more information, please see the "Cookies" section below.
You must be at least the age of majority in your place of residence to use the Website. We do not permit children under 13 years of age (or under 16 years of age for children residing in the EU/EEA) to register and do not knowingly collect any personal information from them. If you are under the age of 13 (or under the age of 16 if you reside in the EU/EEA), please do not use our Website and do not provide us with your consent for data processing. In the event that we learn affirmatively that we have obtained or collected information from or about children under 13 (or, where applicable, 16) years of age, we will use our best efforts to remove such information from our servers. If you are aware of any child under these age limits who use our Services, please contact us by emailing at firstname.lastname@example.org.
Purposes and Legal Bases for Processing
General Information on Legal Basis. The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b) whatever is may be applicable.Any of the information we collect from you may be used for one or more of the following purposes:
Account data: to establish a primary channel of communication with you. We process personal data that is required for the account registration to provide you with our Services, including creating and maintaining your account, ensuring that everything works smoothly within your preferred email client, communicating with you at your request and identifying you, enabling the secure login for you in the Service. The legal basis for such processing is the performance of the Agreement.
Configuration Data: to provide you with the Services and to personalize your use of our Services. The legal basis for such processing is the performance of the Agreement.
Log-In Data: to identify you as the Dayspedia user and to enable secure login for you in the Service. The legal basis for such processing is the performance of the Agreement.
Data We Need to Answer Your Request. We may process your email, name and message on the basis of your consent you provide when filling in the request.
Automatic Collection. We use such information either on the basis of your consent, or, in case of necessary cookies – on the basis of our legitimate interest, and to improve our Services, as well as to produce and display cookie declarations.
The cookies are tiny pieces of code that may remain in your device after you have visited some website.
In some (but not all) cases, cookies are used to collect personal data, such as IP addresses and data linked to the IP address. The usage of such cookies is regulated by the data protection laws, and you as a user obtain more rights to control the collection and processing of these data.
We use the following cookies divided by groups:
Necessary cookiesThese cookies are strongly required for the error-free operation of the Site, as well as for its accessibility. You may decline these cookies by changing your browser settings, but this may affect the functioning of Dayspedia. There are several types of necessary cookies:
- Authorization token (we generate unique cryptographically signed token on every request from the browser, we validate this token and associate it with the User’s name, email, current language and site settings);
- Selected cities;
- Website settings;
- Current language;
- Cookie settings.
Marketing cookies help us and our partners to fit the adverts and content you see during and after visiting our site to your interests. We use Google Doubleclick for Publishers (Google AdSense) https://policies.google.com/privacy.
These cookies allow us to track your activity on the Dayspedia to optimize it for our users. For instance, we may count the number of visitors, measure sessions durations, check the geographical location of the visitors, characteristics of their devices etc. The cookies are set by third-party analytics service Google Analytics https://policies.google.com/privacy. The data collected in such a way is stored in aggregated form, and it does not constitute personally identifiable information.
The cookies consent message is the first message that you were likely to see when you visited our Site. You may choose the types of cookies for the use of which you agree. If you want to change your cookies preferences, you can make it by the button below:The following links might be useful for you to configure the cookies on the Site with the use of the best option of browser and OS for the users of:
See more information on the retention policies in the table below.
|Type of data||When we delete such data and why|
|As long as you keep your account active and within 29 days after the account deletion to be able to reactivate your account if you change your mind, and to be able to reach you in case of any dispute.|
|Data we need to answer your requests.||Within 29 days after the account deletion, but no longer than we need it for communication with you.|
You cannot require us to change any of the default retention periods, except for the reasons for erasure as it is stated above, but may suggest changes for compliance with specific sector laws and regulations.
Please note that sometimes we may process your data for the period longer than indicated in the sections above. Such processing could be carried only for statistical purposes and subject to the appropriate safeguards in accordance with applicable data protection laws.
What are statistical purposes? Statistical purposes mean any collection and processing of personal data necessary for statistical surveys or to produce statistical results. The statistical purpose implies that such statistical result does not include personal data, but only aggregate data. The statistical results may further be used for various purposes, for example, to assess our business development, understand the market demands and improve our Services.
In most cases, we will anonymize your data before starting processing it for the statistical purposes. As a result, such data will be no longer considered personal and its use will be not governed by data protection laws.
Additionally, we may process your data for the compliance with our legal obligations and for the purposes of the legitimate interests pursued by the Company or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Services or to protect ourselves, our sub-contractors, partners and affiliates against damages of any kind).
If we decide to change the purposes of processing specified above, we will inform you on such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes (unless additional purpose of processing is compatible with those listed above).
Accessing and Sharing Your Personal Data
We do not sell, trade or otherwise transfer to outside parties any personal data.
However, in order to provide high-quality services, to support different features of our Services and ensure their overall functioning, the Company hires people, enters into agreements with independent contractors as well as cooperates with other services providers, companies and organizations. For those reasons, some of your personal data can be passed to the mentioned persons.
When we transfer data to the country not recognised by the European Commission as ensuring an adequate level of data protection, we secure such transmission by choosing service providers certified under EU-U.S. Privacy Shield Framework, including standard contractual clauses compliant with the EU data protection laws into our data processing agreements or using alternative safeguards according with the applicable laws.
No transfer of your data will be carried unless appropriate safeguards are in place.
You also have to know that the Company may disclose your personal data to enforce and comply with the laws. In other words, we may disclose information necessary for the investigation or legal process on official request or the official bodies acting within their powers. When governments make a lawful demand for your data from the Company, we strive to limit the disclosure. We will only release specific data mandated by the relevant legal demand. If compelled to disclose your data, the Company will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
California Consumer Privacy Act (CCPA)
CCPA is a law designed to protect the data privacy rights of citizens living in California. Under this law you have important rights, describing below:
How your data is being used
Opt out of having your personal information been used
Find out how your data is been used by third party, which is Google for our project: https://policies.google.com/privacy
You can choose to opt out of having your personal information sold or been used by third-parties and businesses, such as Google Doubleclick or Google Adsense.
By clicking on the button below you will restricts Google to use your personal data. Google will only show you non-personalized ads. Non-personalized ads are based on contextual information, such as the content of our website.
Your Rights as to Your Personal Data
You have the following rights regarding your personal data the Company collects and processes:
You have a right to access to your personal data processed by the Company and right to data portability.
You may at any time obtain confirmation from the Company as to whether or not personal data concerning you are being processed. You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by the Company as files in CSV format. Logical relations between datasets will be preserved in the form of unique identifiers.
You have a right to request from the Company to rectify your personal data.
You can request all the inaccurate personal data concerning you being corrected. You may also request to complete your personal data if you consider that something is missed.
You have a right to request the Company to erase personal data.
You may without undue delay request the erasure of personal data concerning you, and the Company shall erase the personal data without undue delay when one of the following applies:
- if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
- if you object to the processing in case the processing is for direct marketing purposes;
- if the personal data have been unlawfully processed; or
- if the personal data have to be erased for compliance with a legal obligation in EU or national law.
You have a right to restrict the processing of your personal data by the Company.
You may at any time request us to restrict the processing of personal data when one of the following applies:
- if you contest the accuracy of the personal data, for a period enabling the Company to verify the accuracy of the personal data;
- if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
- if the Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims.
You have a right to withdraw your consent.
You can withdraw your consent for the processing of your personal data at any time by simply contacting us, without affecting the lawfulness of processing based on the consent before its withdrawal. After receiving such a withdrawal request from you, we will process it in a timely manner and will no longer process your personal data unless otherwise is set by law.
You have a right to object to the processing.
In some cases, prescribed by the applicable laws you can object to processing of your personal data. You can object to the processing of your personal data when the processing is related to the performance of our task carried in the public interest or in the exercise of official authority vested in us; or if we process your data to pursue our or third party’s legitimate interests, and you believe that such interests are overridden by your interests or fundamental rights and freedoms.
How to Exercise Your Rights as to Your Personal Data?
Any requests to exercise your rights can be directed to the Company via the contact details provided below. These requests are free of charge. Please note that we may ask you to verify your identity before responding to such requests.
Time for Reply and Reaction to Your Request
We will provide information on action taken on your request related to your rights as to your personal data specified above within one month of receipt of the request for the longest. That period may be extended by two months if the Company is overwhelmed by the number of requests or the request at issue is complicated and requires a lot of action. We will inform you of any such extension within one month of receipt of the request, together with the reasons of such delay.
Where do We Store the Information?
All data are stored in databases and file repositories hosted in Falkenstein, Germany (Hetzner DC5). All data are automatically replicated in real time to secondary hot failover databases and file repositories Falkenstein, Germany (Hetzner DC5). Databases are continuously backed up to enable restore to any point in time within a retention period. Backups are stored on file storage in Falkenstein, Germany (Hetzner DC7).
No stored data will be transferred, backed up and/or recovered by the Company outside of the European Union.
No installation of software is required to use the Service. The login-protected Services are accessible through a standard web browser.
Accountability, Security of Data and Breach Notifications
We will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.
Accountability. We use logs all system updates, configuration changes and access to provide an audit-trail if unauthorized or accidental changes are made. You may request a data protection audit performed by an independent third party who is also accepted by the Company. You may pay a Fee associated with the request plus applicable taxes as well as any other costs related to the audit as the case may be.
The Company processes your data using computers and/or other IT enabled tools. We also take technical and organizational measures to ensure the personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Availability. We use distributed system and doing its best to provide the best availability possible, but service is provided as is, and the Company is not responsible for any damage which might be caused by interruptions.
Confidentiality. All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties. The personal data can be only accessed through private network over an encrypted connection and only from the limited set of IPs. Also any access by authorized personnel is logged. We do not store personal information outside of the private servers even temporarily.
Transparency. We will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used. We will also provide the summaries of any independent audits of the Service (if applicable).
Isolation. All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorized personnel. Authorized personnel are granted a minimum access on a need-to-have basis.
The ability to intervene. The Company enables your rights of access, rectification, erasure, blocking and objection mainly by providing built-in functions for data handling in the Service, and also by informing about and offering you a possibility of objection when the Company is planning to implement changes to relevant practices and policies.
Monitoring. We use security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made. System performance and availability is monitored from both internal and external monitoring services.
While taking necessary steps to secure your data, we have no choice than to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violation of your rights as a data subject, we would inform you and the respective data protection agencies as to the accidents.
In the event that your data is compromised, the Company will notify you and competent Supervisory Authority(ies) within 72 hours by email with information about the extent of the breach, affected data, any impact on the Services and the Company's action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
We will also do our best to minimize any such risks.
Third Party Links
At our discretion, we may include or offer third party products or services on our Services. These third party websites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our Services and welcome any feedback about these websites.
FinalLevel OU, Pärnu mnt 158, 11317 Tallinn, the Republic of Estonia
Also You may at any time lodge a complaint with a supervisory authority regarding Dayspedia’s collection and processing of your personal data.
The Data Protection Inspectorate will continue to act as the supervisory authority in Estonia. Data Protection Inspectorate, Väike-Ameerika 19, 10129 Tallinn, Estonia, www.aki.eeThank You for choosing Dayspedia and enjoy our Services! :)