Home

Privacy

Privacy

PRIVACY POLICY

This Privacy Policy contains information on how Cookie3 OÜ (we/us/our) processes your Personal Data, in particular when you visit our website at www.cookie3.co (Website), access our Cookie3 Analytics platform (Platform), use any services we provide to you via the Website and the Platform (Services) or enter into any relationship with us.

 

  1.    DATA CONTROLLER – WHO WE ARE AND HOW YOU CAN CONTACT US

 

  1. We are Cookie3 OÜ, a company established under the laws of Estonia with its registered office in Tallinn, address: Harju maakond, Tallinn, Nõmme linnaosa, Rännaku pst 12, 10917, entered in the register of enterprises kept by the Registration Department of Tartu County Court, under the No.: 16457724, tax ID number (VAT): EE102487893.
  2. We are the Controller of your Personal Data, in particular when you visit our website at www.cookie3.com (Website), access our Cookie3 Analytics platform (Platform), use any services we provide to you via the Website and the Platform (Services) or enter into any relationship with us.
  3. If you have any questions about this Privacy Policy or the way that we use your Personal Data, please contact us at:

 By post: Harju maakond, Tallinn, Nõmme linnaosa, Rännaku pst 12, 10917 Tallin, Estonia.

 By email: laura@cookie3.co

 

 

  1.    DEFINITIONS

 

  1. To make our Privacy policy more transparent for you, below we present a list of definitions we use.
  2.      Controller (or we/us/our) – means Cookie3 OÜ, a company established under the laws of Estonia with its registered office in Tallinn, address: Harju maakond, Tallinn, Nõmme linnaosa, Rännaku pst 12, 10917, entered in the register of enterprises kept by the Registration Department of Tartu County Court, under the No.: 16457724, tax ID number (VAT): EE102487893;
  3.      Personal Data – means information relating to a natural person, identified or identifiable by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology;
  4.      Policy – means this Privacy policy;
  5.      GDPR – means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
  6.      Website – means the website operated by the Controller at www.cookie3.co;
  7.      User – means any natural person visiting the Website or using one or more of the services or functionalities described in the Policy;
  8.      Platform – means the online platform (SaaS) through which Cookie3 can provide you with the Services;
  9.      Customer – means any person who has entered into Agreement with us and uses our Services, or this person’s representative.
  10.   Services – means Services provided by Cookie3 as functionalities within the access to the Platform, that is: Analytics Dashboard, Customer Relationship Manager, Campaign manager, API Integration.

 

 

  1.    DATA SOURCES – HOW WE COLLECT INFORMATION ABOUT YOU

 

  1. We use different methods to collect Personal Data from and about you including through:
  1.       Direct interactions – you may give us your Personal Data by corresponding with us by email, regular mail, through the Website, the Platform, or the Services.
  2.       Automated technologies or interactions – as you interact with the Website, the Platform, or the Services, we will collect information about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies. Please see our Cookie policy for more information.
  3.        Third parties or publicly available sources – we may receive Personal Data about you from various third parties and public sources such as public blockchain networks or social media providers.

 

  1.    PURPOSES AND LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

 

  1.        We process your Personal Data for different purposes and on different legal bases. Below we present the detailed rules and purposes of processing your Personal Data when you:
    1.              use our Website;
    2.              subscribe to our newsletter or mailing list;
    3.              contact us (through an email, regular mail or contact form);
    4.              are our Customer and use our Platform and Services based on the Agreement with us;
    5.              are our contractor or supplier and enter into an agreement with us;
    6.                are a contact persons, employers or a representative of our Customer or our contractor or supplier;
    7.              visit our profiles in social media;
    8.              holder of crypto wallet address and/or Twitter, Discord or Telegram user.
  2.            We do not collect any special categories of Personal Data about you (this includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health data, genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

 

WEBSITE USERS - USE OF THE WEBSITE

If you use our Website we collect your Personal Data (including IP address or other identifiers and information collected through cookies or other similar technologies).

We process your Personal Data:

  1.          to perform marketing activities of our own Services or services and products of third parties. This may consist in displaying marketing content matching your interests (behavioural advertising). The legal basis for processing your data is your consent.
  2.          for analytical and statistical purposes. The legal basis for processing your data is our legitimate interest consisting in conducting analyses of your activities, as well as your preferences in order to improve the functionalities used and services provided through our Website;
  3.          to establish and exercise or defend against claims. The legal basis for processing is our legitimate interest in being able to defend against or assert claims, or otherwise protect our rights and interests;
  4.          for technical, administrative purposes, to ensure the security of our IT system and efficient management of this system. The legal basis for processing is our legitimate interest in being able to ensure security and continuity of services we provide on our Website.

Marketing: To carry out marketing activities, in some cases we use profiling. This means that, through automatic data processing, we evaluate the selected factors about you to analyse your behaviour or create a forecast for the future. This allows that the content we display to you is better tailored to you individual preferences and interests. We and our trusted partners process your Personal Data, including Personal Data collected through cookies and other similar technologies, for marketing purposes in connection with targeting you with behavioural advertising (i.e. advertising that is tailored to your preferences). In such a case the processing of your Personal Data also includes the profiling.

 

SUBSCRIBERS TO NEWSLETTER OR MAILING LIST

If you subscribe to our newsletter or mailing list we will sent you our newsletter or information you have requested by subscribing to our mailing list.

We process your Personal Data:

  1.                 to provide you with the newsletter service or information you have requested by subscribing to our mailing list. The legal basis for the processing is our legitimate interest in being able to provide interested parties with information about our Services, Platform or other activities. You have expressed your interest in this information by subscribing to the newsletter or mailing list;
  2.                 for analytical and statistical purposes. The legal basis for the processing is our legitimate interest consisting in conducting analyses of your activities on the Website in order to improve the functionalities used;
  3.                 to establish and exercise or defend against claims. The legal basis for processing is our legitimate interest in being able to defend against or assert claims, or otherwise protect our rights and interests.

If you fail to provide your Personal Data (email address), we will be unable to send you information you have requested.

PERSONS CONTACTING US THROUGH E-MAIL, REGULAR MAIL OR CONTACT FORM

If you contact us through e-mail, regular mail or contact form on our Website in a matter not related to our contractual relationship, we will process your Personal Data:

  1.       to provide you with answers to your questions and resolve any issues you may raise. The legal basis for the processing is our legitimate interest in being able to communicate with you and answer your questions relating to our business activities.
  2.       to establish a relationship with you or your employer or entity you represent. The legal basis for processing your data is our legitimate interest in establishing and maintaining a business relationship.
  3.        to establish and exercise or defend against claims. The legal basis for processing is our legitimate interest in being able to defend against or assert claims, or otherwise protect our rights and interests.

 

CUSTOMERS USING OUR PLATFORM AND SERVICES

If you are our Customer and have concluded an Agreement with us, we will process your Personal Data: 

  1.       to contact you with day-to-day matters, including in matters concerning the execution of the Agreement, provide you with offers, receive orders or answer your questions. The legal basis for the processing is our legitimate interest in being able to contact our Customers on an ongoing basis.
  2.       to ask you for your opinion or feedback regarding our Services and Platform. The legal basis for the processing is our legitimate interest in being able to improve our Services based on feedback from our Customers.
  3.        to invite you to participate in our events or trainings and to provide you with other information about our activities and possible forms of cooperation. The legal basis for the processing is our legitimate interest in maintaining relationships with our Customers.                       
  4.       to establish and exercise or defend against claims. The legal basis for processing is our legitimate interest in being able to defend against or assert claims, or otherwise protect our rights and interests.

 

CONTRACTORS AND SUPPLIERS WHO ENTER INTO OTHER AGREEMENTS WITH US

If you enter with any other agreement with us, in particular if you are our supplier or vendor, we will process your Personal Data: 

  1.       to contact you on an ongoing basis, in particular matters concerning the execution of the agreement. The legal basis for the processing is our legitimate interest in being able to contact you and resolve any problems or questions we may have on an ongoing basis.
  2.       to establish and exercise or defend against claims. The legal basis for processing is our legitimate interest in being able to defend against or assert claims, or otherwise protect our rights and interests.

 

CONTACT PERSONS, EMPLOYERS OR REPRESENTATIVE OF OUR CUSTOMERS, OTHER CONTRACTORS OR SUPPLIERS

If you are a contact person, employer or representative our Customer or other contractual partner or supplier, we will process your Personal Data:

  1.       to contact you with day-to-day matters, including the execution of agreements between us and your employer or entity you represent, provide you with offers, receive orders or answer your questions. The legal basis for the processing is our legitimate interest in being able to contact our contractual partners (i.e. their employees or representatives). The legal basis for processing your data is our legitimate interest to be able to contact our contractors (i.e. their employees/co-workers) on an ongoing basis.
  2.       to invite you to participate in our events or trainings and to provide you with other information about our activities and possible forms of cooperation. The legal basis for the processing is our legitimate interest in maintaining relationships with our contractors' employees and colleagues.
  3.        to establish and exercise or defend against claims of the entity where you work or which you represent. The legal basis for processing is our legitimate interest in being able to defend against or assert claims, or otherwise protect our rights and interests.

 

VISITORS OF OUR SOCIAL MEDIA PROFILES

 

If you visit our social media profiles (Facebook, Twitter, LinkedIn, Telegram and Medium) and contact us by any of these means, we will process your Personal Data to:

  1.     provide you with answers to your questions regarding our business, including contacting you for this purpose. The legal basis for processing your data is our legitimate interest in being able to provide you with an answer to a question about our business.
  2.     establish a relationship with you or your employer/entity you represent. The legal basis for processing your data is our legitimate interest in establishing and maintaining a business relationship with you or your employer/ entity you represent.
  3.     gain insight into your activity (e.g., what posts or messages you like, react to or comment) to better tailor the information we publish on our social media profiles, find out what content is of interest to our audience and to improve our Services. The legal basis for processing your data is our legitimate interest in being able to improve our services and increase the relevance of the content we publish.

 

 

HOLDERS OF CRYPTO WALLET ADDRESSES AND/ OR USERS OF TWITTER, DISCORD OR TELEGRAM

If you are a holder of a crypto walled address we will collect (extract) your Personal Data from public blockchain networks (so-called on-chain data). Such Personal Data may include:

            crypto wallet address (transaction sender);

            crypto wallet address (recipient of the transaction);

            the time of the transaction;

            the value of the transaction;

            the object of the transaction (type and name of the token);

            the assets (tokens) held now and in the past - including their names,

From publicly available sources (Twitter, Discord, Telegram), we may also collect your following Personal Data:

  1.         Twitter: your unique username, crypto wallet address (if provided on your account), NFT (e.g. from profile picture, provided NFT is verified), your activity on the Twitter platform, including number of tweets, time of publication of tweets, time of profile creation, information about following other users, profile description, geolocation;
  2.         Discord: your username and your activity on the platform;
  3.          Telegram: your username and your activity on the platform;

 

We process your Personal Data presented above to build our database and provide our Platform and Services to our Customers. You can learn about Services we offer to our Customers on our Website https://www.cookie3.co/. The legal basis for processing your Personal Data is our legitimate interest in providing our Services to our Customers based on publicly available data about you. Please contact us if you would like to know how we process your Personal Data (contact details in point 1 above).

 

  1.    DURATION OF DATA PROCESSING – HOW LONG WE KEEP YOUR INFORMATION?

 

  1. Where we act as the Controller, we will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for.
  2. The duration of data processing depends on the type of service we provide and the purpose of processing. To decide how long to keep Personal Data, we consider the volume, nature, and sensitivity of the Personal Data, the potential risk of harm to you if an incident were to happen, whether we require the Personal Data to achieve the purposes we have identified or whether we can achieve those purposes through other means, and any applicable legal requirements.
  3. As a rule, we will process Personal Data for the duration of the provision of Services, until you withdraw your consent (in cases where the legal basis for processing is your consent) or effectively object to processing (in cases where the legal basis for processing is our legitimate interest).
  4. Use of Website: If you visit our Website or use our Platform or Services, we keep your Personal Data collected for only for as long as necessary to fulfil the purposes we collected it for, or until you withdraw your consent or object to the processing.
  5. Newsletter and mailing list: if you have subscribed to our newsletter or mailing list, we keep your Personal Data until you ask us to stop contacting you (i.e. until you withdraw your consent or object to the processing).
  6. Email, regular mail and contact form: if you have asked for information from us, we will process your Personal Data for the duration of our ongoing relationship (e.g. answering questions, providing offers, exchanging correspondence) and after the relationship has ended for a period of one year. After this period, we may contact you to enquire about the possibility of further processing of your Personal Data.
  7. Use of our Platform and Services: we will process your Personal Data for the period of performance of the Agreement that you that you have entered into with us (or your employer or entity you represent has entered into with us), and thereafter until limitation period for claims under the contract expires.
  8. Other agreements: if we have a contractual relationship with you, we will process your Personal Data for the period of performance of the agreement that you have entered into with us (or your employer or entity you represent has entered into with us), and thereafter until limitation period for claims under the contract expires.
  9. Social networks: we will process your Personal Data until you object to processing or withdraw your consent.
  10.  5.10.Holder of crypto wallet address and/or Twitter, Discord or Telegram user: we will process your Personal Data until you object to processing.
  11.  5.11.The data processing period may be extended if the processing is necessary for us to establish and exercise possible claims or defend against claims, and thereafter only if and only to the extent required by law. After the expiry of the processing period, we will irreversibly delete or anonymise Personal Data.

 

 

  1.    DATA SUBJECT RIGHTS

 

You have specific legal rights in relation to your Personal Data. These rights include: 

  1.          the right of access: you must be told if your Personal Data is being processed and you can ask for a copy of your personal data as well as information about how we are using it;
  2.          the right to rectification - you can ask us to correct your Personal Data if it is inaccurate or incomplete and we are obliged to rectify any inconsistencies or errors in the Personal Data processed and to complete them if they are incomplete;
  3.          the right to data erasure - you can ask us to delete or remove your Personal Data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (e.g., by withdrawing your consent). If we think we are still authorised to process your Personal Data you have asked us to delete, we will let you know and explain our decision;
  4.          the right to restrict processing - you can ask us to restrict how we use your personal data. If you make such a request, we are generally obliged to cease performing operations on your Personal Data, with some exceptions – if any of these apply we will let you know and explain our decision.
  5.          the right to object to processing for marketing purposes – if applicable, youmay object at any time to the processing of Personal Data for marketing purposes, without the need to justify such objection;
  6.           the right to object to other purposes of data processing - you may object at any time, for the reasons relating to you particular situation, to the processing of your Personal Data which is carried out based on our legitimate interest. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision;
  7.          the right to data portability – you have the right to receive your Personal Data you provided to us in a structured, commonly used, machine-readable format. You can send this data to another controller or request that we send your data to another controller. However, we will only do this if such a transfer is technically feasible. You have the right to data portability only in respect of the data that we process on the basis of your consent or contract;
  8.          the right to withdraw consent - to the extent we process your Personal Data based on your consent, you have the right to withdraw your consent to data processing at any time. Withdrawal of consent does not affect the lawfulness of processing performed on the basis of your consent before its withdrawal.

To exercise the above rights, please contact us (contact details in point 1 above).

The right to lodge a complaint. Apart from the above rights you have also the right to lodge a complaint to the relevant supervisory authority in charge of personal data protection, if you are unhappy with the way we collect and use your Personal Data.

 

  1.    SUBMITTING REQUESTS FOR THE EXERCISE OF RIGHTS

 

  1.            To speed up the process of reviewing and responding to your request, we recommend that you indicate in your request:
    1.          what right do you wish to exercise (e.g. right of access, right to data erasure);
    2.          what processing does your request concern (e.g. use of a particular service, activity on a particular website);
    3.          which purposes of the processing does your request concern (e.g. purposes relating to the provision of Services).
  2.            It is usually free to you exercise your rights and we aim to respond within one month. We may extend this period by two further months if your request is particularly complex or we receive multiple requests at once. If it is necessary to extend this period, we will inform you of the reasons for such extension.
  3.            If we are unable to identify you on the basis of the request submitted, we will request additional information from you. The provision of such data is not mandatory, but if you fail to do so we will not be able to fulfill your request.
  4.            We can decide not to take any action in relation to a request where we have been unable to confirm your identity or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens, we will always inform you in writing.
  5.            You can submit your request in person or through a proxy (e.g. a family member). For reasons of data security, we encourage you to use a power of attorney in a form certified by a notary public or an authorised legal advisor or attorney, which will significantly accelerate the verification of the authenticity of the request.
  6.            Where you have sent your request to us by electronic means of communication or in writing, we will respond in the same form, unless you have requested a response in another form.
  7.            We do not respond directly to requests which relate to Personal Data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action.

 

  1.    DATA RECIPIENTS

 

  1.            Your Personal Data will be disclosed to the third parties with whom we have entered into appropriate contracts, in particular:
    1.         our Customers - in connection with the provision of our Services;
    2.         our suppliers to whom we outsource certain Personal Data processing services, such as cloud or IT service providers responsible for the operation of IT systems, marketing agencies (with regard to marketing services) or payment service providers (such providers will process your data on the basis of a contract with us and only in accordance with our instructions);
    3.          the companies forming part of our (capital) group.
  2.            To the extent required by law, we may also have to disclose your Personal Data to the relevant public authorities or to third parties who submit a request for such information based on the appropriate legal basis and in accordance with the provisions of the applicable law.

 

  1.    TRANSFER OF DATA OUTSIDE THE EEA

 

  1. The level of protection of Personal Data outside the European Economic Area (EEA) may differ from that provided by European Union law. For this reason we will transfer your Personal Data to entities located in third countries (i.e. outside the European Economic Area (EEA)) only when necessary and ensuring an adequate level of protection based on:
  1.                   adequacy decisions of the European Commission referred to in Article 45 GDPR, determining an adequate level of protection of Personal Data;
  2.                   the standard contractual clauses referred to in Article 46(2)(c) GDPR (SCC) adopted by the European Commission (together with the required additional security measures, these provide the same protection to Personal Data as they enjoy in the European Union; you can find the SCC here).
    1. Such entities process your Personal Data on the basis of a contract with us. If you have any questions regarding the transfer of your Personal Data to third countries, please contact us (contact details in point 1).

 

  1. PERSONAL DATA SECURITY

 

  1.  10.1.We conduct a risk analysis on an ongoing basis to ensure that we process your Personal Data in a secure manner. In particular, we ensure that only the authorised persons have access to your Personal Data and only to the extent necessary for the performance of their tasks. We also ensure that all operations on your Personal Data are recorded and performed only by authorised employees and associates.
  2.  10.2.We take all necessary measures to ensure that also our subcontractors and other entities we cooperate with guarantee the application of appropriate security measures whenever they process your Personal Data at our request. Such entities process your Personal Data on the basis of a contract with us and only in accordance with our instructions.

 

 

 

  1. CHANGES TO THE PRIVACY POLICY

 

  1.  11.1.This Policy is verified on an ongoing basis and can updated as necessary. We will inform you of all material changes to this Policy in advance.
  2.  11.2.The current version of the Policy is always available at https://www.cookie3.co/privacy. Any changes to this policy will be made available directly at this address.

 

Converted to HTML with WordToHTML.net

Public Beta just launched!

Sign up now to get early access to the platform!