2. Your rights as a someone we have personal data about (data subject)
1. Right of access – you have the right to request a copy of the information that we hold about you.
2. Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
3. Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. If we are legally obligated to keep the information or if it is impossible or unproportionate, we won’t delete it but we will only keep it for as long as it is needed and we have time limits on our data systems.
4. Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
5. Right of portability – you have the right to have the data we hold about you transferred to another organization.
6. Right to object – you have the right to object to certain types of processing such as direct marketing.
7. Right to object to automated processing, including profiling – you also have the right not to have a computer make decisions about you directly (this doesn’t include general marketing based on your age or gender).
8. Right to judicial review – if we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain.
One thing to bear in mind before contacting us. Our sites and applications may contain links to other sites not owned or controlled by us. It could as an example be social media platforms/services. We are not responsible for the privacy practices of those sites, so if you have questions regarding such sites, you need to contact the site directly. We also really encourage you to be aware and read the privacy policies of other sites because they may very easily be collecting, storing, using and sharing your personal information.
3. Complaints about our behavior
You can complain about:
1. How your personal data has been processed;
2. How your request for access to data has been handled;
3. How your complaint has been handled;
4. Appeal against any decision made following a complaint.
4. Our rules for collecting data
We take your privacy seriously, so we’ll only ask for the information we need to have so we can give you great service. Whenever we collect customer data, we make sure:
1. We ask for permission to collect the data
2. We only use the data for the agreed reason and for the time it’s needed
3. We will as a minimum meet the local data protection laws in the country where we provide you with a service via our website or our applications.
4. We keep data that we’re legally required to have on record
5. We explain why we need the data and how we’ll use it (unless we have legitimate reason not to)
6. We check and update privacy information on a regular basis (we might also cross-check the data against other database to make sure it’s correct)
7. We don’t share data with anyone unless we have a legal or legitimate reason, or we have permission from you or if you are a child under 16 from your parents.
5. Collecting data in our online channels
We collect your personal and anonymous information from you when you visit any of the sites on our Dragonshield.com domain. When you visit our online channels, you’ll be able to check if we’re collecting data under terms and conditions of the site. We also receive information via third party when you visit our page on social media sites or channels (e.g Facebook, Twitter, Youtube, Instagram, Snapchat etc).
6. Types of personal information we collect
When you’re visiting any of these online channels, we may collect:
1. Registration information that we use to help you set up an account (e.g. your name, country, gender, date of birth, email address, username and password).
2. Payment or transactional information that we use when you buy products or use online services (e.g. postal address, phone number or credit card number).
3. Location information or your IP Address that we use to give you relevant online content.
4. Information you’ve shared publicly on our forums.
5. Information you’ve sent to an individual or group using our messaging, chat or post services
6. Information you provide when you use our own online channels or third-party channels (such as social networks) or if you link your DRAGON SHIELD registration account to a third-party platform.
7. Why we need to process personal data
1. Customers can buy products from our online DRAGON SHIELD Shop and have them delivered where they want
2. Customers are able register for any accounts and services they want to use
3. Customers can use the online and offline DRAGON SHIELD experiences we’ve created for them
4. Customers can share information on our public forums
5. We can send customers any information they’ve asked us for or answer their questions
6. We can ask customers to give us feedback on our services through questionnaires and surveys
7. We can provide our customers with relevant marketing information about our products.
Always keep in mind, that if you’re using a DRAGON SHIELD service through a third-party channel like social media, your personal data may also be processed by that third-party according to their own privacy processes. We may use automated decision making in processing your personal information for some services and products. An example is our fraud prevention and detection efforts on Dragonshield.com/shop/eu. You can request a manual review of the accuracy of an automated decision if you are unhappy with it.
8. How we process personal data
9. Sharing information with trusted subsidiaries (other companies)
Our subsidiaries (the other companies in our Group) may sometimes need to access your information to provide services to you on our behalf. Because the Group is passionate about your privacy, so you can feel safe no matter where we are using your data. Legally, other Group companies will then be acting as ‘data processors’ and will be subject to data processing laws. They need your personal data so they can:
1. Deliver products and services you’ve requested
2. Get in touch with you about your account or transactions
3. Send you information about our sites, applications and policies
4. Send you any newsletters you’ve signed up for (you can unsubscribe at any time)
5. Process information that the subsidiary is formally contracted to process on our behalf, e.g. carry out a purchase placed by you
6. Identify, review and stop any activities that could breach our policies or break the law Sharing information on Social Media (Features) and Widgets
10. Sharing information on Social Media (Features) and Widgets
11. Sharing information with other companies
We won’t share your personal information outside the Group except:
2. When we need to protect the safety, security, rights and property of our customers or third-party partners;
3. When we need to meet legal processes or if disclosure of the data is required by law;
4. When we’re asking other companies like e.g. couriers, shipping and warehouse service provides, payment providers, IT platform providers, fraud detection and prevention providers, survey providers, product catalogue providers and customer service suppliers to deliver services on our behalf; We have contracts with the companies to make sure they only use your personal information for agreed services and meet legal requirements;
5. When we store your information using secure cloud storage services/facilities. We have contracts with companies to make sure they only use your personal information for the agreed services and meet legal requirements;
6. If a merger, acquisition or sale of assets ever meant we needed to share information with a third party - in this case we’d email you and post a notice on our website to publish the change of owner and we’d also tell you how your data would be used and give you options regarding your personal data;
7. When you’ve given us permission to share your information with third parties so they can send you information on their products and promotions (you can opt out of these emails)
8. When you have given us permission to share your information with third parties, so they can provide you with marketing information and promotions regarding our products (as an example personalized advertising provided via a social media platform). You can opt out of such marketing activities by adjusting your cookie settings on your device. In some cases, you may also need to contact the third party directly (in case of social media adjust your privacy settings and request deletion of collected information by the third-party site)
9. When you’ve asked us to share your personal information with third-party sites or platforms like social networking sites – once it’s been shared, your personal data will be processed by that third-party according to their own privacy processes
12. How long do we keep your personal information
We’ll keep your personal information as long as your account is active or as long as it’s needed to provide a service. We have so called retention polices for each of the categories of personal information that we process. If you’d like to cancel your account or for us to delete your data, we’ll only keep information that we need for legal reasons, to resolve disputes or to enforce our agreements.
Cookies are small data files that your browser places on your computer or device. A cookie itself does not contain or collect information. However, when it is read by a server via a web browser it can help a website deliver a more user-friendly service – for example, remembering previous purchases or account details.
Like most websites, our online channels and our applications (apps) collect some information (e.g. information on IP addresses, browsers, internet service providers, referring pages, exit pages, operating systems, date stamps, time stamps and clickstream data). This information won’t be linked to any other information we collect about you unless you have given your consent that we may do this.
14. Data security and integrity
The security, integrity and confidentiality of customer information is extremely important to us. We use technical, administrative and physical security measures to protect personal information from unauthorized access, disclosure, use and modification. All external transfers that contain personal information are done using encrypted technology. Credit card information is handled by approved service providers that meet PCI (Payment Card Industry) standards and have appropriate safeguards in place. Although we regularly review our security procedures and evaluate new technology and methods to make our online channels safer, no security measures are perfect or impenetrable.
Our customers, employees and partners also play an important role in protecting information. We encourage customers to choose passwords that are difficult for others to guess and to keep their personal passwords secret.
Should you notice any flaws or concerns in our security, please contact our Customer Service team as soon as possible.
If we ever experience a data breach in which customer information is at risk of being misused, we’ll contact customers according to legal requirements. If necessary, we’ll also contact data protection authorities.
15. Data transfers, storage and processing globally