Flagsheep | Privacy Policy

Last updated December 19, 2023

1. Introduction

This privacy policy pertains to Flagsheep e.U. ("Company," "we," "us," or "our") and explains the collection, storage, and protection of your information while using our services ("Services"). This includes your visits to our website at https://flagsheep.io or any other website of ours that links to this privacy policy.

If you have any questions or concerns, reading through this privacy policy will provide insights into your privacy rights and choices. Should you disagree with our policies and practices, we kindly ask that you refrain from using our Services. For further inquiries or concerns, please reach out to us at privacy@flagsheep.io.

2. Information Collection

The information that we collect depends on your interactions with us and the Services, as well as the choices you make and the features you use. The personal information we may collect includes:

Payment Processing: We do not collect sensitive payment card details (such as credit card numbers, expiration dates, or CVV codes) on our servers. For payment processing, we rely on a trusted third-party payment processor, Stripe, handling payment transaction processing. Stripe may collect and process payment card information as needed to complete payments, following their privacy policy: https://stripe.com/privacy.

In cases of purchases made via our platform or services, we collect and retain the client's name and billing address solely for fulfilling our legal taxation obligations. This data is crucial for tax reporting, compliance, and record-keeping, as stipulated by applicable tax laws and regulations. We take necessary measures to secure and protect this information in line with our Privacy Policy. This information is not used for marketing and isn’t shared with third parties, except as required by law or for transaction processing. By making a purchase, you acknowledge and consent to the collection and storage of your name and billing address for taxation purposes.

3. Processing Your Information

We engage in the processing of your personal information for various purposes, which depend on your interactions with our Services. These include:

4. The Legal Basis for Processing Your Information

In Short: We process your personal information only when we deem it necessary and have a valid legal justification (i.e., legal basis) under applicable law. This includes situations involving your consent, compliance with laws, fulfilling contractual obligations, protecting your rights, or pursuing our legitimate business interests.

If you are in the EU or UK, this section is relevant to you.

Data processing for performance of a contract: If you want to use our service or buy virtual currency or virtual items via our website, the conclusion of the contract requires that you provide the personal data listed in this Privacy Policy, which we need to process your order. To prevent unauthorized access by third parties to your personal data, in particular financial data, the ordering process is encrypted using SSL technology. The processing of your data, including the personal data you provide, is carried out by us and the recipients listed in this Privacy Policy on the legal basis of Article 6 (1) S 1 lit b GDPR, in order to be able to identify you as a customer, in order to be able to adequately process the present order, and to correspond with you. Data processing is carried out at your request and is necessary for the stated purposes for the appropriate processing of your order.

If you are in Canada, this section applies to you.

We may process your information based on specific permission (i.e., express consent) for a particular purpose or instances where your permission can be inferred (i.e., implied consent). You have the right to withdraw your consent at any time.

Under applicable law, there are exceptional cases where we may be legally permitted to process your information without your explicit consent. These include, for example:

5. Sharing Your Personal Information: Circumstances and Recipients

Your data may be passed on in whole or in part, but only to the extent and to the extent necessary, to the following controllers: Banks, Tax advisor, Debt collection agencies, Legal representative, Courts, Administrative authorities, and Stripe Inc. In addition, your data may be passed on to Microsoft Corp. as data processors; we have concluded a data processing agreement and verified the appropriate technical and organizational measures (TOMs).

6. Use of Cookies

We exclusively utilize strictly necessary first-party cookies to access or store essential information. Detailed information about our use of these cookies is available in our Cookie Policy, accessible at:
https://flagsheep.io/cookie_policy

7. Information Retention Period

After termination of the registration process or the purchase process, the data stored by us will be deleted. Due to corporate and tax law requirements, we are required to store your address, payment and order data for a period of 7 years. If you contact us to conclude a contract, the data will be deleted at the end of the 7th year after the last document has been posted (§ 132 BAO). If a contract is concluded, all data from the contractual relationship will therefore be stored until the end of this period. However, we will restrict processing after 2 years, i.e. your data will only be used to comply with legal obligations. Statuty/legal storage obligations or contractual obligations, e.g. towards customers due to warranty or compensation or against contractual partners, are another basis for continuing to store your data. (Article 6 (1) (c) GDPR; Article 17 (3) (e) GDPR).

8. Ensuring the Security of Your Information

We have implemented suitable and rational technical and organizational security measures to safeguard the processing of any personal information. Nonetheless, despite our protective measures, no electronic transmission over the Internet or data storage technology can assure 100% security. Therefore, we cannot guarantee immunity from unauthorized access, collection, theft, or modification of your information by hackers, cybercriminals, or other unauthorized third parties. While we strive to protect your personal information, the transmission of such data to and from our Services is undertaken at your own risk. It is advisable to access our Services within a secure environment.

9. Understanding Your Privacy Rights

In various regions, such as the EEA, UK, and Canada, you hold specific rights as outlined by relevant data protection laws. These rights may encompass (i) requesting access to and obtaining a copy of your personal information, (ii) seeking rectification or erasure, (iii) restricting the processing of your personal data, and (iv) where applicable, ensuring data portability. Under certain circumstances, you might also have the right to object to the processing of your personal information. To make such requests, please use the contact details provided in the section titled "Contacting Us Regarding This Policy" below.

We will assess and respond to any requests in compliance with applicable data protection laws.

If you reside in the EEA or UK and believe that we are unlawfully processing your personal information, you retain the right to file a complaint with your local data protection supervisory authority. You can locate their contact information here:
https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

For individuals in Switzerland, the contact details for the data protection authorities can be found here:
https://www.edoeb.admin.ch/edoeb/en/home.html

Revoking your consent: If we rely on your consent to process your personal information, whether express or implied depending on applicable law, you have the right to withdraw your consent at any time. To do so, please use the contact details provided in the section titled "Contacting Us Regarding This Policy" below.

However, please be aware that withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal, nor will it affect processing conducted in reliance on lawful grounds other than consent, where permitted by applicable law.

Managing Your Account Information

If you wish to review, modify, or terminate your account information, you can access your account settings and make necessary updates.

Upon requesting account termination, we will deactivate or delete your account and its associated information from our active databases. However, certain data may be retained in our records to prevent fraudulent activities, address troubleshooting issues, aid in investigations, enforce our legal terms, and/or comply with relevant legal obligations.

Cookies and similar technologies: Typically, most web browsers are configured to accept cookies automatically. However, you can adjust your browser settings to delete or reject cookies if you prefer. Please note that opting to remove or reject cookies might impact specific features or services within our platform. For more details, refer to our Cookie Policy:
https://flagsheep.io/cookie_policy

If you have inquiries or comments regarding your privacy rights, feel free to reach out to us via email at privacy@flagsheep.io.

10. Rights of California Residents Regarding Personal Information

If you are a California resident, you have specific privacy rights under the California Civil Code Section 1798.83, also known as the "Shine The Light" law. You can request information, free of charge and once a year, about the categories of personal information (if any) we shared with third parties for direct marketing purposes in the previous calendar year. Additionally, you can obtain the names and addresses of those third parties. To make such a request, please send a written request to the contact information provided below.

If you are under 18 years old, a California resident, and have a registered account with our Services, you have the right to request the removal of any unwanted data that you have publicly posted on our Services. To request the removal of such data, please contact us using the provided contact information. Include your account's associated email address and a statement confirming your California residency. We will ensure that the data is not publicly displayed on our Services. However, please note that the data may not be entirely removed from all our systems (e.g., backups, etc.).

11. Updates to Our Privacy Policy

Periodically, we may revise this privacy policy. The modified version will display a "Last updated" date and becomes effective upon accessibility. In case of significant alterations to this privacy policy, we may notify you through conspicuous posting of the changes or by directly sending a notification. We encourage regular review of this privacy policy to stay informed about how we safeguard your information.

12. Contacting Us Regarding This Policy

If you have inquiries or feedback concerning this policy, please reach out to us at:

Flagsheep e.U.
Berg 3, 3071 Böheimkirchen
Austria

privacy@flagsheep.io

13. Managing Your Data Collected by Us

Depending on the laws applicable in your country, you might have the right to access, modify, or delete the personal information we gather from you. If you wish to review, update, or delete your personal data, please send a Data Subject Access Request (DSAR) via email to privacy@flagsheep.io.