For the purpose of this document "Service" or "Services" means the services available within the Website, including the use of the account, as well as services provided via the Website.
For the purpose of this document “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC
The separate rules of personal data processing may be laid down in terms and conditions of each Service.
The Controller makes every effort to protect the privacy of the users of the Website and all data and information obtained in connection with the use of the Website. The Controller selects and applies protection measures with due diligence, both programming and procedural, thus ensuring protection against their disclosure, loss, destruction, unauthorized modification or processing in violation of applicable laws.
The data collected by the Controller shall be processed lawfully, fairly and in transparent manner. The data shall be collected to the minimum extent necessary for the specified purposes and processed in accordance with such purposes. The data shall not be further processed in a way incompatible with those purposes, shall be adequate and correct in relation to the purpose for which they are intended and shall be stored in such a way as to enable the identification of data subjects.
1. Who is the data controller ?
The Controller of personal data processed in connection with registration and use of the Website is TP-LINK CORPORATION LIMITED. Address: Room 901, 9/F., New East Ocean Centre, 9 Science Museum Road, Tsim Sha Tsui, Kowloon, Hong Kong.
In all matters concerning personal data, please contact the Controller on following e-mail address: email@example.com.
2. What data do we process ?
The Website is intended for entities professionally involved in providing Internet services. Therefore, we primarily process data concerning the names of such entities, their addresses and tax identification numbers. Moreover, we process data of representatives of such entities, such as the name and surname of the representative, his e-mail address and the representative's contact telephone number.
While using the Website, the Controller also collects information concerning the user's device to ensure the correct functioning of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data concerning activity in the Website, including on individual subpages; if the user has consented to this, the Controller also collects geolocation information to provide more customised offers of products and services. The above information collected in the course of using the Website does not include data concerning the identity of natural persons, however, in combination with other information, it may constitute personal data, and therefore the Controller shall fully protect it.
3. What is the purpose and legal basis of the data processing?
Personal data collected in connection with the registration and use of the Website will be processed for the following purposes:
For the purpose of creating an account and provide the Services, in accordance with the terms of each Service. The legal basis for the processing of personal data for this purpose is Article 6(1)(b) of the GDPRF.
For the purpose of compliance with the Controllers's legal obligations related to the Website maintenance and providing the Services, such as tax, accounting or statistical obligations - resulting from the applicable regulations. The legal basis for processing personal data for this purpose is Article 6(1)(c) of the GDPR
For the purpose of consideration of complaints, defence against claims, establishment and exercise legal claims related to the use of the Website and provision of Services. The legal basis for processing personal data for this purpose is Article 6(1)(f) of the GDPR, (the Controller's legitimate interest).
For the purpose of verification the right of a given entity to use the Website or Services. The legal basis for the processing of personal data for this purpose is Article 6(1)(f) of the GDPR (the Controller's legitimate interest).
For the purpose of conducting marketing activities of the Controller's own products or services and maintaining relations with entities using the Controller's products or services in their business or professional activity. The legal basis for the processing of personal data for this purpose is Article 6(1)(f) of the GDPR (the Controller's legitimate interest), and for the contact via e-mail or telephone, Article 6(1)(a) of the GDPR, (the consent of the data subject.)
4. Is it mandatory to provide data ?
The provision of personal data is a contractual requirement. The User is not obliged to provide data, however, providing such data is a condition for creating an account and using the Services. The consequence of failure to provide the data is the impossibility to create an account and use the Services.
5. What are the rights concerning the processing of personal data?
The data subject has the right to obtain confirmation from the Controller whether his or her personal data are being processed. If such a person's data are processed, he or she is entitled to access them and obtain the following information: about the purposes of the processing, categories of personal data concerned, recipients or categories of recipients to whom the data have been or will be disclosed, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; the right to request the rectification, erasure or restriction of the processing of personal data to which the data subject is entitled and to object to such processing, information about the right to lodge a complaint with the supervisory authority; if the personal data have not been collected from the data subject, all available information about the source of the data; information about automated decision making, including profiling; information about adequate safeguards for the transfer of personal data to a third country or an intergovernmental organisation. (Article 15(1) and (2) of the GDPR);
The data subject shall have the right to obtain a copy of the data to be processed, the first copy being free of charge, and for subsequent copies the Controller may impose a reasonable charge resulting from the administrative costs (Article 15(3) GDPR);
The data subject has the right to request the rectification of personal data concerning him/her that are inaccurate or to have incomplete personal data completed. (Article 16 of the GDPR);
The data subject has the right to request the erasure of his or her personal data in the cases indicated in Article 17 (1) of the GDPR, in particular if the controller no longer has a legal basis for their processing or the data are no longer necessary for the purposes of processing (Article 17 of the GDPR);
The data subject has the right to request a restriction on the processing of personal data by the Controller (Article 18 of the GDPR) where: it contests the accuracy of personal data - for a period enabling the controller to verify the accuracy of the data; or the processing is unlawful and the data subject opposes its erasure by requesting a restriction on its use; or the controller no longer needs the data but the data subject needs it for establishment, exercise or defence of legal claims; or the data subject has objected to the processing - pending the verification whether the legitimate grounds of the controller override those of the data subject.
A data subject shall have the right to obtain, in a structured, commonly used machine-readable format, personal data relating to him/her which he/she has supplied to the Controller and to request that the data be sent to another controller, where the data are processed on the basis of the data subject's consent or an agreement concluded with him/her and where the data are processed by automated means (Article 20 of the GDPR);
The data subject has the right to object to the processing of his or her personal data for the legitimate purposes of the Controller, for reasons related to his or her particular situation, including profiling. In such a case the Controller may no longer process the personal data unless the Controller demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims. (Article 21(1) GDPR);
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing. Where the data subject objects to the processing of personal data relating to him/her for the purposes of direct marketing, personal data may no longer be processed for such purposes. (Article 21(2) and (3) GDPR)
Where data are processed on the basis of consent, it may be revoked at any time. The withdrawal of consent shall not affect the lawfulness of the processing of personal data carried out on the basis of consent prior to its withdrawal.
The data subject has the right to lodge a complaint with a supervisory authority in the Member State of his or her habitual residence, place of work or place of establishment if he or she believes that the processing of personal data concerning him or her violates GDPR.
6. Can the data be disclosed to other entities?
Data may be disclosed to entities indicated in the legislation providing for the obligation to disclose certain data (e.g. administrations, tax authorities, courts, etc.).
The data may be disclosed to entities providing services to the Controller to which the Controller has entrusted the processing of personal data on the basis of agreements concluded with these entities. This concerns, for example, entities providing accounting, legal, marketing, postal, courier, technical, IT services.
In connection with the performance of business relations between the Controller and the user of the Website, personal data may also be disclosed to banks, electronic payment operators and entities conducting settlements.
In order to ensure the highest quality of Service and efficient customer service, data recipients may be, in compliance with GDPR provisions, entities belonging to the TP-Link group based in the European Union.
7. Can data be transferred to third countries or international organisations?
The Controller is based outside the European Union. The data may only be transferred to companies within the TP-Link group, based in another third country only if they provide adequate safeguards and provided that enforceable rights of the data subjects and effective legal remedies are in place. Adequate safeguards shall be provided by means of the standard data protection clauses referred to in Article 46(2)(c) of the GDPR.
The controller shall not provide for data transfers to international organisations.
8. How long will the data be stored?
The storage period depends on the purpose of the processing and is limited to the time when the intended purpose is achieved.
The data processed for the purpose of creating an account on the Website and providing the Services, in accordance with the terms of the individual Services, shall be stored for the period of maintaining the account on the Website and providing the Services.
The data processed for the purpose of fulfillment the Controllers's legal obligations connected with Website maintenance and providing Services, such as tax, accounting or statistical obligations shall be stored for the period resulting from the applicable regulations imposing these obligations on the Co
The data processed for the purpose of consideration of complaints, defence against claims, establishment and exercise legal claims related to the use of the Website and provision of Services shall be stored until the limitation period has expired or the claim has been concluded.
The data processed for the purpose of marketing the Controller's products or services as well as for the purpose of maintaining relations with entities using the Controller's products or services shall be stored until the withdrawal of consent for processing, and when such data are processed on a basis other than consent until an objection is raised.
Data processed for the purpose of handling requests and applications and ensuring accountability shall be stored for a period of 3 years.
9. Will data be processed in an automated way?
We will not process the data provided by automated means, including in the form of profiling, in such a way that any decisions may be taken, other legal effects may arise or would otherwise affect the data subject as a result of such automated processing.
In the course of using the Website, we collect information related to browsing the content of the Website, such as the number and source of visits, the time of the visit, the content viewed, the number and type of subpages opened, the references used, or the IP number of the computer. We do not combine such information with your personal data. We use this information solely for market research and Internet traffic research purposes within the Website and for statistical purposes.
10. Do we install cookies or other software on your computer when using the Website?
The Website uses small files called cookies. These files are saved and stored on the computer or other end user's device. Cookies are installed if the browser settings allow it. Cookies usually contain the name of the domain they come from, the time of their storage on the device and the assigned value.
Cookies are used to optimize the process of using the Website, in order to collect statistical data that allow to identify the way users use the Website. They are also necessary to maintain the user's session after he or she leaves the Website.
The Website uses two types of cookies:
Session cookies (temporary): are stored on the terminal device and remain there until the end of a browser session. The stored information is then permanently deleted from the device memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the terminal device.
Permanent cookies: they are stored on the terminal device and remain there until they are deleted. Ending a session of a given browser or switching off the device does not cause their deletion. Permanent Cookies do not allow the collection of any personal data or any confidential information from the terminal device.
You can change your cookie settings at any time, including blocking cookies. However, such action may make it difficult or impossible to use the Website or individual Services.
The change of settings concerning cookies is made in the Internet browser. Already installed cookies can be removed manually at any time. Detailed instructions and information concerning cookies are contained in the help menu of the Internet browser currently used by the user.