Privacy Policy

Customertimes is a personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR") and CCPA (The California Consumer Privacy Act of 2018).

This Privacy Policy explains how Customertimes collects, processes, and protects your data, and outlines your rights regarding it. It is available to all users, and we encourage you to contact us at any time if you have questions or concerns about the processing of your data.

Customertimes reserves the right to update this Privacy Policy at any time. In the event of a change, we will notify you promptly by posting the revised version on our website. We encourage you to check this page regularly for any changes.

Section I - Information about the Company Processing and Storing Your Data

Art. 1. (1) The data you share on this website are processed and stored by:

- Name: CUSTOMERTIMES, CORP.

- Company No.: 436028

- Headquarters: 3 COLUMBUS CIRCLE, 1513, NEW YORK, NY, 10019

- Address for Correspondence: 3 COLUMBUS CIRCLE, 1513, NEW YORK, NY, 10019

- Phone: 212-520-0059

- Email Address: legal@customertimes.com

Section II - Data Protection Officer (DPO)

Art. 2. (1) Customertimes has appointed a Data Protection Officer (DPO) to oversee compliance with data protection regulations. You can contact the DPO at legal@customertimes.com.

Section III - Definition of Terms

Art. 3. For the purposes of this Privacy Policy, the following terms shall be interpreted as follows:

1. "Personal Data" means any information relating to an identified or identifiable natural person. Individual data, which, when aggregated, may lead to identifying a specific individual, also constitutes personal data. Examples include first and last names, home addresses, email addresses, location data, and Internet Protocol (IP) addresses.

2. "Website" refers to a distinct global Internet network accessible through its unified address (URL) via HTTP, HTTPS, or other standardized protocol containing system files, databases, text content, and graphic elements to promote Customertimes’ activities.

3. "Processing" means any operation or set of operations performed on personal data or a set of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, alignment, combination, restriction, erasure, or destruction.

4. "Administrator" is a natural or legal person, public authority, agency, or other body which, alone or jointly with third parties, carries out the collection, processing, and storage of personal data.

5. "Data Protection Notices" are notices containing information provided to data subjects explaining how Customertimes collects information about them and how it uses such data. These notices can be either general (e.g., addressed to employees or notices on the website) or specific to processing for a particular purpose.

6. "Pseudonymisation" is the substitution of information that directly or indirectly identifies an individual with one or more identifiers ('pseudonyms') so that the individual cannot be identified without access to additional information, which must be kept separate and confidential.

7. "Consent" refers to a freely given, specific, informed, and unambiguous indication of the data subject's wishes, expressed through a statement or explicit affirmative action, which demonstrates consent to the collection and/or processing of personal data relating to them.

8. "Anonymised Data" means personal data that has been processed in such a way that the data subject can no longer be identified.

9. "Data Subject" is a natural person to whom the personal data relates. In other words, it is the person whose information is collected, held, used, or processed by an organization.

Section IV - Basis for Collecting, Processing, and Storing Your Data

Art. 4. Customertimes collects, processes, and stores your data in connection with the use of the website, the provision of certain functionalities such as contact initiation, and the recruitment process based on Art. 6 para. 1, Regulation (EU) 2016/679 (GDPR), particularly based on the following circumstances:

1. Your explicit consent has been obtained;

2. Initiation of the contact process;

3. Recruitment process;

4. Compliance with legal reporting obligations to government and regulatory authorities applicable to the Company;

5. For the legitimate interests of Customertimes;

6. In other cases expressly provided for by law.

Section V - Purposes and Principles for the Collection, Processing, and Storage of Your Data

Art. 5. Customertimes collects, processes, and stores personal data that you provide in connection with the use of the website, specifically in the following cases:

1. When sending an email newsletter with information about new products, special offers, and promotional campaigns, subject to your prior consent and the indication of your email in the relevant subscription field;

2. Sending a response to a request made to the Company via the website or by email;

3. Recruitment process;

4. Statistical and marketing needs to optimize the user experience and improve functionality and design using cookies.

Art. 6. Customertimes shall comply with the following principles when collecting, processing, and storing your data:

1. Lawfulness, Fairness, and Transparency: We handle your data transparently, following GDPR and applicable law, to ensure you are fully informed about how your data is used.

2. Data Minimization: We only process the minimum data set necessary to achieve the purposes for which it was collected. We do not collect or store unnecessary information that is not essential for using the website.

3. Limitation of Retention Period: We retain your data only for the period necessary to fulfill the purposes for which it was collected. Once these purposes have been achieved, we will delete or anonymize your data following our policies and legal requirements.

4. Data Accuracy and Timeliness: The information you provide is processed and stored to ensure accuracy. We regularly update our data to align with the latest information. In the event of inaccuracies, we will promptly correct or delete them.

5. Security and Confidentiality: We take the security and confidentiality of your data seriously. We apply strict protection measures to safeguard your data, using state-of-the-art technology and protection methods.

6. Encryption or Data Anonymization: Encryption converts data into an unreadable format that can only be decrypted with an authorized key. This ensures that, even in the event of unauthorized access, your data remains secure. Anonymization is the process of removing personal data from a dataset so that it cannot be used to identify a specific individual.

7. Limited Access to Data: Access to your data is restricted to employees or contractors who need it to fulfill the purpose of data collection and processing. These individuals are trained to handle your data responsibly and are bound by confidentiality agreements. We may also provide access to your data to third parties, but only when necessary to fulfill the purpose of data collection and processing or to comply with a legal obligation. In such cases, we ensure that the third party processes your data in compliance with GDPR and our data protection policies.

Section VI - Types of Personal Data that Customertimes Collects, Processes, and Stores

Art. 7. (1) Customertimes shall not collect or process personal data relating to the following:

1. Racial or ethnic origin;

2. Political, religious, or philosophical beliefs, or membership in trade unions, political, or non-governmental organizations;

3. Genetic and biometric data, health data, or data on sex life or sexual orientation;

4. Data of minors.

Art. 8. (1) Customertimes shall process the following categories of personal data and information for the purposes and grounds set out below:

1. Your Data (name, surname, telephone, email, address)

- Purposes for Collection: Providing feedback or responding to contact queries; Processing job applications.

- Basis for Processing: Accepting this Privacy Policy, applying for an open job proposal, or submitting a contact request. On this basis, personal data is processed under Art. 1 (b) GDPR.

2. Sending Newsletter (Email Address)

- Purpose for Collection: We collect your email address for our newsletter, subject to your explicit consent. The newsletter contains valuable information about our products, services, company updates, industry news, and special offers. By subscribing, you agree to receive these communications regularly.

- Basis for Processing: We process your data based on your explicit consent. You can withdraw your consent at any time by clicking the unsubscribe link at the bottom of any newsletter. We will remove your details from our newsletter distribution list upon withdrawal.

Section VII - Retention Period of Collected Personal Data

Art. 9. (1) Customertimes shall keep the personal data collected only for the period necessary to achieve the purposes set out in this Policy, and where it has the right or obligation under law to keep them longer. The length of retention is determined by various factors, such as the duration of service provision, if necessary to establish, exercise, or defend our legal claims, or whether we have a legal obligation to retain the data. The appropriate periods are based on various legal requirements, including:

- Purpose of Processing: The longer the data is needed to achieve the original purpose, the longer it can be retained.

- Nature of the Data: Some personal data may require a shorter retention period.

- Legal Requirements: Specific legal obligations may dictate how long data must be retained (e.g., tax records, employment records).

- Business Needs: We may need to retain data for operational or business reasons, such as auditing or dispute resolution.

(3) The time limits that Customertimes shall observe in processing and storing data are as follows:

- Recruitment data may be retained for six months to one year after the recruitment process is finished.

- Customer data may be retained for the customer relationship for 3-5 years after the end of the contract.

- Website visitor data may be retained for up to two years from the last visit to the website.

Section VIII - Rights of the Data Subject in Collecting, Processing, and Storing Personal Data. Withdrawal of Consent to the Processing of Personal Data

Art. 10. (1) The data subject has the right to withdraw their consent to processing by contacting us via legal@customertimes.com. This right may be exercised if the data subject does not wish all or part of their data to continue to be processed by Customertimes for any or all specific processing purposes.

(2) Consent may be withdrawn after the purpose is executed if there is a valid agreement between the data subject and Customertimes.

(3) The data subject may withdraw their consent to the processing of personal data for direct marketing by selecting the "Unsubscribe" option at the bottom of each email message. If such an unsubscribe option is unavailable, you should contact us and inform us of your unwillingness to have your data processed.

(4) The withdrawal of consent shall not affect the lawfulness of the processing of personal data that Customertimes has carried out up to that point, as well as the data to be stored for a statutory period.

Art. 11. (1) The data subject shall have the right to request and obtain confirmation from us regarding whether personal data relating to them are being processed, what personal data are being processed, and other information relating to the processing of personal data.

(2) We shall provide, upon request, a copy of the processed personal data relating to the subject in electronic or other appropriate form.

(3) Providing data access is free, but we reserve the right to charge an administrative fee in case of repeated or excessive requests.

Art. 12. (1) The data subject shall have the right to request the rectification of personal data shared if they are inaccurate or need to be supplemented according to the purposes of the processing.

Art. 13. (1) The data subject shall have the right to request the erasure of personal data stored by Customertimes. In such cases, we shall erase all data about the subject that we store.

(2) To exercise the right to deletion, the user shall take the following steps:

- Submit the request by email.

- Identify themselves as the account holder.

(3) Once we verify the identity of the person who made the request and the person to whom the data relates, we will delete the data of the concerned individual.

(4) The exercise of the right to be forgotten will not affect the lawfulness of the processing of personal data that Customertimes has carried out up to that point, as well as the data to be stored for a statutory period.

Art. 14. (1) The data subject shall have the right to retrieve or request and receive the data stored and processed for them in a machine-readable format in connection with using the website's functionalities. This right shall be exercised through a request by email.

(2) The personal data that the Company stores may be obtained by:

- A request to the Company to provide your data in a readable format;

- A request to the Company to transfer your data that it processes to another Company/data controller.

Art. 15. (1) In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and provide information about the nature of the breach, the potential consequences, and the measures we have taken to address it.

Section IX - Children’s Privacy

Art. 16. (1) Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under this age. If you believe we have collected such data, please contact us to request deletion.

Section X - Persons Who Have Access to Your Data

Art. 17. (1) In connection with the provision of full functionality of the website, it is necessary to provide your data to the following entities that process or store them:

1. Employees responsible for processing requests from the website;

2. Staff in the accounting and legal departments;

3. Employees in the technical department who perform services related to the maintenance and development of the website;

4. Hosting service providers;

5. State and regulatory authorities upon express request based on an act of governmental authority, a court order, or other document issued by a government official.

(2) The persons who process personal data shall comply with all legality and security requirements in processing and storing them.

(3) The third parties who have access to the data have a confidentiality agreement with us to ensure the security of the personal data they process.

Section XI - Storage and Processing of Personal Data

Art. 18. (1) Customertimes stores and processes your data within and outside the European Union (EU) and the European Economic Area (EEA). We may transfer your data to and store it in the United States of America (USA).

(2) When transferring your data outside the EU/EEA, the Company will ensure that appropriate safeguards protect your data. This includes:

1. Trusted Service Providers: We use only trusted service providers committed to high standards of data protection, even if they are located outside the EU/EEA.

2. Contractual Clauses: We include strict contractual clauses with service providers that oblige them to protect your data when transferred outside the EU/EEA. These clauses ensure that your data is processed in compliance with EU data protection laws.

3. Technical and Organizational Measures: We implement robust technical and organizational measures to protect your data, such as encryption and access control, regardless of where the data is stored or processed.

(3) If Customertimes determines that the standard safeguards described above are insufficient to provide an adequate level of protection for your data when transferred to the USA, it will adopt additional technical or organizational security measures on a case-by-case basis, following the recommendations of the European Commission.

(4) You can contact us at any time using the contact details listed above to learn more about the countries to which we transfer your data and the specific safeguards we have in place regarding these transfers.

Section XII - Privacy Notice for Data Subjects Who Are Residents of the State of California

Art. 19. (1) According to California law, some California residents have specific rights regarding their personal information, as described below. These rights are subject to certain exceptions.

(2) When legally required, we will respond to requests within 30 days unless we reasonably need to extend our response time.

Art. 20. (1) As a California resident, you can opt out of selling your personal information to third parties. If you submit a valid and authenticated request and we confirm your identity or authority to make the request, we will cease selling your personal information.

(2) You may exercise your rights under the CCPA/CPRA without discrimination. For example, unless the CCPA/CPRA provides an exception, we will not limit functions of the website in any way.

Art. 21. As a California resident, you have the right to request a list of the categories of personal information we have shared with third parties for their direct marketing purposes during the preceding calendar year. We will provide you with a notice that includes the names and addresses of all third parties with whom we have shared your personal information. To obtain this notice, please contact us.

Section XIII - Final Provisions

Art. 22. If you believe your rights under applicable data protection law have been violated, you have the right to file a complaint with the Personal Data Protection Commission.

Art. 23. (1) We may amend this Privacy Policy to appropriately notify all website users.

(2) The parties agree that any amendment or modification of this document will be effective against the data subject in one of the following events, whichever occurs first:

1. After being expressly notified, and if the data subject does not declare within 14 days that they reject it; or

2. After publication on the website, and if the user does not state within 14 days of publication that they reject it; or

3. By the data subject's explicit acceptance through the website or any other action constituting explicit consent.

Art. 24. This Privacy Policy will enter into force on 26.05.2025