PRIVACY POLICY

This Privacy Policy describes how Winity ("Winity", "our", "us" or "we") collects, uses, and shares information gathered from your ("you", "your", "Client" or "Customer") use of our website, products and services ("Service" or "Services").

If you have any questions about our Privacy Policy, please contact info[at]winity.io. Any changes made to this Privacy Policy will be available on this page.

The data controller of your personal information is Nodisto LTD DBA Winity.

Your privacy matters to us so please read the privacy policy thoroughly and also see our data protection policy. If you have questions please contact us.

Information We Collect

Winity may collect information about you as follows:

Use of Information

We will use your personally identifiable information only as follows:

Authorised Disclosures

Without prejudice to anything contained in this Privacy Policy and in the interest of full transparency, We reserve the right to disclose (and otherwise process) any relevant Personal Data relating to You which We may be processing (including in certain cases relevant IP addresses) to authorised third parties in or outside the EU/EEA if such disclosures are allowed under the Data Protection Laws (whether or not You have provided Your consent) including but not limited to:

Internet Communications

You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done by You or any third party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union, and this, by any technological means whatsoever (for example, WhatsApp, Skype, Dropbox etc.).

Moreover, We shall accept no responsibility or liability whatsoever for the security of Your data while in transit through the internet unless Our responsibility results explicitly from a law having effect in UAE.

Accuracy of Personal Information

All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible. You can check the information that We hold about You at any time by accessing and updating Your account information in the Cloudways platform to achieve accuracy, in addition you can contact us in the manner explained above. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable data protection law.

Legal Basis for Information Processing

Our legal basis for collecting and processing your personal data depends on the specific data involved and the context in which we collect it. These reasons include:

Information About Consent

Should You exercise Your right to withdraw Your consent at any time (by writing to Us at the physical or email address below), We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data (for example, on the basis of a legal obligation to which We are subject) where We would be legally authorised (or even obliged) to process Your Personal Data without needing Your consent and if so, notify You accordingly.

When We ask for such Personal Data, You may always decline, however should You decline to provide Us with necessary data that We require to provide requested services, We may not necessarily be able to provide You with such services (especially if consent is the only legal ground that is available to Us).

Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. Contractual necessity, Legitimate interest, Legal obligation may also our be bases for collecting your data.

Storage of Personal Data

As a general rule, the data We process about You (collected via the Site, any of our Apps or otherwise) will be stored and processed within the European Union (EU)/European Economic Area (EEA) or any other non-EEA country deemed by the European Commission to offer an adequate level of protection.

Transfers to Third Countries

In some cases, it may be necessary for Us to transfer Your Personal Data to a non-EEA country not considered by the European Commission to offer an adequate level of protection. For example, for the implementation of Your desired transaction it can be necessary that We disclose Your Personal Data to other payment processors outside the EEA.

In such cases, apart from all appropriate safeguards that We implement, in any case, to protect Your Personal Data, We have put in place additional adequate measures. For example, We have ensured that the recipient is bound by the EU Standard Contractual Clauses (the EU Model Clauses) designed to protect Your Personal Data as though it were an intra-EEA transfer. You are entitled to obtain a copy of these measures by contacting Us as explained above.

Protection of Personal Data

The personal information which We may hold (and/or transfer to any affiliates/partners/subcontractors as the case may be) will be held securely in accordance with Our internal security policy and the law.

We use reasonable efforts to safeguard the confidentiality of any and/or all Personal Data that We may process relating to You and regularly review and enhance Our technical, physical and managerial procedures so as to ensure that Your Personal Data is protected from:

To this end We have implemented security policies, rules and technical and organisational measures to protect the Personal Data that We may have under Our control. All our members, staff and data processors (including specific subcontractors, including cloud service providers, who may have access to and are associated with the processing of Personal Data, are further obliged (under contract) to respect the confidentiality of Our Users' or clients' Personal Data as well as other obligations as imposed by the Data Protection Laws.

Despite all the above, We cannot guarantee that a data transmission or a storage system can ever be 100% secure. For more information about Our security measures, please contact Us in the manner described above.

Authorised third parties, and external/third party service providers, with permitted access to Your information (as explained in this Privacy Policy) are specifically required to apply appropriate technical and organisational security measures that may be necessary to safeguard the Personal Data being processed from unauthorised or accidental disclosure, loss or destruction and from any unlawful forms of processing.

As stated above, the said service providers (Our data processors) are also bound by a number of other obligations in line with the Data Protection Laws (particularly, Article 28 of the GDPR). For the avoidance of all doubt, these are the same obligations that we are bound by when acting as data processor on behalf of one or more data controllers.

Data Retention

We will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria We use to determine what is 'necessary' depends on the particular Personal Data in question and the specific relationship We have with You (including its duration).

Our normal practice is to determine whether there is/are any specific EU and/or UAE law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law). For example, any data that can be deemed to be 'accounting records' must be kept for ten (10 years).

We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually five (5) years). In the latter case, We will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary.

Where Your Personal Data is no longer required by Us, We will either securely delete or anonymise the Personal Data in question.

Updating, Deleting, and Downloading Your Data

You may update your data at any time either through the client area Account section or by submitting a support ticket. We may require proof of identification in order to change certain data fields.

You may may request that Winity export your personal data by opening a support ticket.

Customers with no active services may request that their account be closed and personal data be deleted from Winity's databases, with the exception of: billing system access logs, which may be stored for any duration of time at Winity's discretion, cases where financially fraudulent or otherwise illegal activity is deemed to have occurred (as determined by Winity management or law enforcement officials), in which case personal information may be retained indefinitely for purposes of ongoing investigation and prevention of fraud recurrence, or cases where a violation of the Terms of Service has resulted in termination of Customer's account, in which case personal information may be retained indefinitely for purposes of prevention of further use of Winity's services in the future by the offending Customer.

Winity will not delete any data required to comply with our legal obligations and financial requirements, or any data required to resolve disputes and enforce our legal agreements and policies.

Communication

We may contact you directly or through a third-party service provider regarding products or services you have ordered from us. We may also send you marketing emails if you have opted-in through the client area. Communication methods may include: email, text (SMS) message. Winity does not offer phone support and will not call you directly at any time.

Use of Non-Personally Identifiable Information

We may share aggregate statistical data about our customers with third parties, such as advertisers or suppliers. This aggregate statistical data will not identify you personally.

Cookies

We may also place a "cookie" that will identify you to us as a repeat visitor or a customer when you visit our website. A cookie is an alphanumeric identifier that is unique to your browser. The cookie will identify your browser to us when you visit our website so that we may customize your visit.

Your Rights Under GDPR

If you are a resident of the EEA, you have the following data protection rights, which you may exercise by contacting us via support ticket:

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.

GDPR Data Processing Agreement

You do not need to sign the DPA. By agreeing to our Terms of Service and using our products and services, you are automatically accepting our DPA. If you choose to sign it, you may send a copy to info[at]vpsdime[.]com

California Online Privacy Protection Act Compliance

Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent. As part of the Online Privacy Protection Act, all users of our site may make any changes to their information at anytime by logging into their control panel and going to the 'Edit Profile' page.

Children's Privacy

Our service is not available to children under the age of 18, and we will not intentionally maintain personal information about anyone under the age of 18.

Last updated: April 17, 2021