GDPR FAQ (for third-party data subjects)
How long do we process your personal data?
We process your personal data either as a joint data controller with our clients or as a data processor on behalf of and under the directions of our clients.
When we act as a data controller jointly, we store your personal data for the entire period the particular client uses our services and 3 months following the termination of their account on our platform.
In some cases, two or more clients provide your data to us simultaneously. In such a case, we store your personal data during the entire period during which one of such clients uses our services and 3 months thereafter.
When we act as a data processor, we process your personal data only for the period of time specified by the client.
What is the legal basis for your personal data processing?
When we act as a data processor, we process your personal data only on the сlients’ behalf and due to their directions. In this case, we process your personal data on the basis of either our, the clients’, and your legitimate interests or duty to perform a contract with the clients.
We also urge our clients to ensure the presence of the legal grounds for your personal data processing under the GDPR and believe that clients have the rights to provide your personal data to us.
What rights do you have under the GDPR?
You have all the rights provided under the GDPR. These include:
- right to access
- right to rectification
- right to erasure (“right to be forgotten”)
- right to restriction of processing
- right to be informed
- right to data portability
- right to object
- right to withdraw the consent
- right not to be subject to a decision based solely on automated processing
- right to lodge a complaint with the supervisory data protection authority
You may exercise any of your rights by contacting us at email@example.com or via live chat in the lower right corner.
Please make sure to provide your name, contact information, personal data processed and details for the reason/justification of your request.
When we are unable to solely fulfill your request without the involvement of a data controller, we will promptly direct your request to a data controller and assist the data controller in fulfillment of your request the best we can by providing necessary information and performing requested technical and organisational measures.
Can you request to provide you with a copy of your personal data?
Yes, you can.
You may request to provide the following information:
- access to your personal data
- the copy of your personal data
- the purposes of the processing
- the categories of personal data concerned
- the recipients of the personal data, if any
- the retention period (or the criteria used to determine such period)
- the source from where the personal data were obtained
- your rights regarding your personal data
Before fulfilling your request, we have to confirm your identity. That means we may request additional information to confirm the identity if required.
Can you delete your data?
Yes, you can.
You may request us to delete (‘erase’) your personal data that we process as a joint data controller at any time by contacting us at firstname.lastname@example.org or via live chat on the website.
We will fulfill your request to deletion without undue delay where one of the following grounds applies:
- your personal data is no longer necessary for the purpose for which it was collected
- there is no legal ground for processing
- you object to the processing of your personal data
- your personal data has been unlawfully processed
- your personal data has to be erased for compliance reasons, i.e. to meet our legal obligations
- where the personal data was relevant to you as a child
Where we act as a data processor regarding your personal data, after we receive your request to delete your personal data we will promptly direct it to the data controller who is solely responsible for its fulfillment.
How does Snov.io comply with articles 13 and 14 of the GDPR?
At the same time, Article 26 of the GDPR provides that where personal data is processed by joint controllers, they have to determine their responsibilities for compliance with obligations under the GDPR themselves.
Under our Joint Controllership Agreement concluded with each our client, our and clients’ responsibilities are divided as follows:
- we are responsible for the technical and organizational security of your personal data
- clients are responsible for informing you regarding the processing of your personal data
When we act as a data processor, it is the responsibility of the respective data controller to provide you with the respective information under the Articles 13 and 14 of the GDPR.