Nebo respects personal data of its Clients and Nebo Platform users, and fulfills conditions deriving from the law, especially from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
The terms written with initial capital letters shall be understood in a way indicated in the General Terms of Service.
Nebo ensures that its employees and contractors were given training in protection of personal data.
Nebo Devices Ltd. with its registered office in Hong Kong, ROOM 606, 6/F, HOLLYWOOD CENTRE, NO. 77-91 QUEEN'S ROAD WEST, SHEUNG WAN.
The contact with the data controller is possible through:
- postal address: Hong Kong, ROOM 606, 6/F, HOLLYWOOD CENTRE, NO. 77-91 QUEEN'S ROAD WEST, SHEUNG WAN.; and
- e-mail address: firstname.lastname@example.org
Purposes and legal basis for processing personal data
our personal data may be processed for the purpose of:
- performing a contract or taking an action at your request prior to the conclusion of a contract, and for the purpose of pursuing claims under the contract (Article 6(1)(b) and (f) GDPR);
- answering the questions you asked via the contact form, which is in the exercise of the Nebo's legitimate interest (Article 6(1)(f) GDPR);
- fulfilling Nebo's legal obligations, including tax and accounting legislation (Article 6(1)(c) GDPR);
- direct marketing activities through the information channel of your choice, which are in the exercise of the Nebo's legitimate interest (Article 6(1)(f) GDPR).
Your personal data may be processed by entities such as:
- Nebo's employees and/or contractors;
- legal and/or accounting services providers;
- postal operators and delivery companies;
- hosting and/or cloud services providers;
- e-mail service providers;
- payment service providers;
- Software as a Service providers enabling Nebo internal communication, project and task management;
- Software as a Service providers enabling Nebo customer relation management.
Your personal data may be transferred outside the European Economic Area (EEA) to entities such as Amazon Web Services, Inc.,Google LLC, Inc., Microsoft Corporation, Slack Technologies, Inc., Stripe, Inc.
Nebo transfers personal data to recipients outside the European Economic Area (so-called recipients from a third country) under the terms of Chapter V of the GDPR. Therefore, the transfer of your personal data to a third country may be based on the following legal mechanisms:
- standard contractual clauses – Nebo transfers personal data to entities outside the EEA that have committed themselves to use standard contractual clauses and provide an adequate level of security for the personal data received. There are currently three European Commission decisions on standard contractual clauses in force: (i) decision 2001/497/WE; (ii) decision 2004/915/WE; (iii) decision 2010/87/UE. All of the aforementioned decisions are available in the database of European Union legislation (Access to European Union Law) at http://eur-lex.europa.eu;
- performance of the contract – in certain exceptional cases where a data recipient from a third country has not committed itself to the application of standard contractual clauses, your data may be transferred where this is necessary to perform the contract between you and Nebo or to implement pre-contractual measures taken at your request;
- your consent – if none of the above grounds for data transfer to a recipient outside the EEA apply, Nebo will only transfer your data to a recipient from a third provided you have given your explicit consent. Nevertheless, we would like to inform you that in such a case there is a risk that your personal data will not be adequately protected when transferred to a recipient outside the EEA.
Personal data storage period
Your personal data will be processed:
- no longer than until the execution of the agreement, and after its execution until the expiry of the statute of limitations for claims related to the agreement (as a rule, a three-year statute of limitations) and the execution of obligations arising from the law (including tax and accounting legal obligations);
- in case of processing of personal data for the marketing purposes, until such processing is objected to (Article 21(1) of the GDPR) or until the withdrawn of the consent to receive information of a marketing nature;
- where the processing of personal data is based on your consent – until it is withdrawn.
The rights of the data subject
The data subject has the right to request from the controller access to personal data concerning him/her and to obtain information about the purposes of its processing, categories of data processed, recipients of data, storage period of data (if it is impossible to indicate the period, the data subject has the right to information about the criteria used to determine this period).
The data subject has also the right to rectify personal data if they are incorrect and the right to request supplementing incomplete personal data.
The data subject has the right to request the erasure of personal data without undue delay if:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- a consent to the processing of personal data has been effectively withdrawn;
- the data subject objects to the processing of personal data for marketing purposes;
- the data subject objects to the processing (also by profiling) of personal data, based on the legally legitimate interest pursued by the controller or by the third party, unless there are valid, legally justified grounds for processing of the data subject's personal data that override the interests, rights and freedoms of the data subject, or there are grounds for establishing, investigating or defending claims.
The data subject has the right to request restriction of processing of personal data when:
- the data subject contests the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the personal data;
- the processing is, according to the data subject, unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- the data subject has objected to processing (pursuant to Article 21(1) of the GDPR) pending the verification whether the legitimate grounds of the controller override those of the data subject.
If the data subject requests restriction of processing of personal data, data controller will refrain from processing them without the consent of the data subject, except for storing them or processing them in order to establish, exercise or defend claims, protect the rights of another natural or legal person, or due to important reasons of public interest of the Union or a Member State. The data subject will be informed about this before the restriction of processing is lifted.
The data subject has the right to object in case of processing of the personal data for the purposes of direct marketing, including profiling, to the extent that it is related to such direct marketing. After submitting the objection, data controller will refrain from processing the personal data of the data subject for direct marketing purposes (including profiling). The data subject has the right to submit objections by automated means using technical specifications.
The data subject has the right to receive in a structured, commonly used and machine-readable format, the personal data that the data subject has provided to the data controller, as well as the right to transfer his/her personal data to another controller without interference on data controller's part, if:
- processing takes place on the basis of the data subject's consent or a contract, which performance needs processing of data; and
- the processing is carried out by automated means.
The data controller is obliged to send the data subject's data directly to another controller (if it is technically possible) at the data subject's request.
The data subject has the right to withdraw the consent to the processing of personal data at any time, but the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
With regard to the processing of the personal data, the data subject has the right to lodge a complaint to the president of the office for the protection of personal data.
Cookies and server logs
In order to facilitate the use of the Platform and to monitor its use, the management mechanism uses a technology called Cookies – data saved by the Platform's server, a hosting operator on the user's computer or mobile device.
The Platform uses three types of Cookies:
- Session Cookies – temporary files, saved on the Platform user's device until he or she signs out, leaves the website or shut downs the browser;
- Permanent Cookies – saved on the Platform user's device for the time specified in its parameters or until its deletion by the user;
- Local storage– stored on the Platform user's device for a definite or indefinite period or until its deletion by the user.
The purpose of using Cookies is not to collect any personal data about the users visiting the Platform, however it is possible that the information collected through Cookies will be recognized as personal data.
The Platform user may at any time disable the option of accepting Cookies in the settings of his web browser, however, that might cause malfunctions in the functioning of the Platform.
The links to guides concerning disabling the option of accepting Cookies in the most popular browsers are presented below:
The Cookies are used in order to:
- create statistics helping to understand the use of the Platform so as to improve its content;
- maintain the Platform user's session, thanks to which signing in every time is not required;
- personalize the commercials;
- generate statistics that help in administering the Platform and improve the quality of services offered. These summaries are consolidated and do not contain data identifying visitors of the Platform. These data are not disclosed to other persons and entities.
Data collected within Cookies may be shared with Nebo's trusted partners such as Sensors sponsors, Platform sponsors or Nebo's clients and/or contractors.
Collected server logs, containing, among others the Platform user's IP address, time of arrival of the request, the first line of the http request, the http response code, number of bytes sent by the server, information about the user's browser, information about errors that occurred during the HTTP transaction, information about the type of devices are stored indefinitely.