This is a description of how your personal data is collected, used and deleted while you visit our website www.fractory.com, register your account and using our products or services.
The personal data is processed and controlled jointly by
Fractory Solutions OÜ, located at Raekoja plats 16, 51104, Tartu, Estonia
Fractory Ltd, located at Regency House, Chorley New Road, Bolton BL1 4QR, United Kingdom
(hereinafter jointly referred to as Fractory).
2. How we get personal information?
Most of the personal information we process is provided to us directly by you in order to register yourself as our Customer and using our services.
In addition, we may also collect your personal data indirectly. When visiting Fractory website, we and our service providers acting on our behalf may collect certain data using tracking technologies like cookies, web beacons and similar technologies.
Indirectly collected data may fall under the terms of third party privacy policies while they act as independent data controllers.
3. What kind of data is processed and why?
|Processing activity||Data categories||Purpose||Legal basis|
|Customer communication via email||Personal Identification Information||Communication with customers||Performance of Contract|
|Customer feedback management||
Personal Identification Information, Consumption habits
|Quality evaluation of sold product or provided service||Performance of Contract|
|Customer invoicing||Personal Identification Information||Customer invoicing||Legal Obligation, Performance of Contract|
|Customer payment processing||Electronic identification data||Payment processing||Performance of Contract|
|Customer profile management||Personal Identification Information, Consumption habits||Enablement of service||Performance of Contract|
|Delivery of customer’s orders||Personal Identification Information||Delivery of purchased goods||Performance of Contract|
|Profiled email marketing to B2C customers||Personal Identification Information, Consumption habits||Customer marketing campaigns||Legitimate Interest, Directive 2002/58/EU article 13 section 2/|
|Transactional email communication to customers||Personal Identification Information||Delivering product-related messages||Performance of Contract|
|Processing invoices of manufacturers||Identification details, issued by the government||Business operations||Performance of Contract|
|Social media marketing||Personal Identification Information, Consumption habits, Social contacts||Customer marketing campaigns||Legitimate Interest|
|Candidates||Name, ID number, Address – private, Phone number – private, Email address – private, Work responsibilities||Recruitment||Request of the data subject prior to entering into a contract|
|Service call recordings||Name, phone numbers, call recordings||Record phone calls for quality assurance purposes and for any future requests or inquiries by a customer.||Legitimate Interest|
4. Sharing your personal data
Any data you provide will not be publicly displayed or shared with other users. Certain employees of Fractory have access to personal data to the extent necessary for the performance of their work duties.
We use third-party processors to help provide our service. They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
Why and with whom we share your personal data?
|Categories of Recipients||Reason for sharing|
|Service providers||We work with service providers that work on our behalf which may need access to certain personal data to provide their services to us. These companies include those we have hired to operate the technical infrastructure that we need to provide service, assist in protecting and securing our systems and services, manage Customer relations and help market our service.|
|Payment processors||We will share your personal data with our payment processors as necessary to enable them to process your payments, and for anti-fraud purposes.|
|Companies providing logistics service||Delivery of customer orders to their selected addresses using logistics service providers.|
|Advertising partners||We work with advertising partners to enable us to customize the advertising content you may receive. These partners help us deliver more relevant ads and promotional messages to you, which may include interest-based advertising (also known as online behavioural advertising), contextual advertising, and generic advertising. We and our advertising partners process certain personal data to help us understand your interests or preferences so that we can deliver advertisements that are more relevant to you.|
|Client communication||When using our Chatbot which is provided as third-party service, your conversations with us are not personalized until you sign-up account on our platform. Access to Client conversations is only provided to us.|
Some of our services are cloud-based so your personal information will be sent outside the European Economic Area. In such instances, we will ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place.
Please contact us firstname.lastname@example.org if you would like to get more detailed information about partners we may share your data with.
5. Ensuring the security of personal data
We have taken necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse or other processing in violation of applicable law.
6. Retention and deletion of personal data
The storage period of personal data depends on whether we have legal obligations to store data (i.e accounting regulations), contractual obligations, legitimate interest or your explicit consent.
|Data type||Purpose||Retention Time|
|Personal Identification Information, Consumption habits||Customer marketing campaigns||After the withdrawal of consent (unsubscribed)|
|Delivering product-related messages||45 days since sending of the message|
|Customer marketing campaigns||90 days since pixel event tracking|
|Customer marketing campaigns||Maximum 180 days|
|Quality evaluation of the sold product or provided service||1 year|
|Enablement of service||3 years after termination of the agreement|
|Delivery of purchased goods||3 years since the delivery date|
|Customer invoicing||7 years after the end of the financial year when the transaction took place|
|Customer marketing campaigns||Data is deleted after processing|
|Communication with customers||3 years after termination of the agreement|
|Electronic identification data||Advertising||90 days since the last visit|
|Identification details, issued by the government||Business operations||7 years after the end of the business year when the invoice was sent|
|Behaviour data||Website improvement||1 year after the last visit|
|Anonymized identification data||Customer support||90 days since the event of a visit|
|Anonymized visitor data||Website traffic improvement||2 years since the last visit. Cookies will be extended for 2 years since the last visit|
|Job application data||Recruitment||The application data shall be stored for one year after the decision not to hire is made.|
|Service call recordings||Quality assurance||6 months|
7. Your rights and preferences
Under data protection law, you have rights including:
- Right to be informed and to access. You may get information regarding your personal data processed by us.
- Right to data portability. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party.
- Right to erasure. You have the right to have personal data we process about you erased from our systems if the personal data are no longer necessary for related purposes.
- Right to object and restrict. You have the right to object to the processing of your personal data and restrict it in certain cases.
- Right to rectification. You have the right to make corrections to your personal data.
- Right to withdraw consent. When you have given us consent to process your personal data, you may withdraw said consent at any time.
To exercise any of the abovementioned rights, please contact email@example.com . We will respond to your requests within 30 days.
8. Other important information
Newsletter and direct marketing campaigns
With your explicit consent, we may send you our newsletter. You may opt-out of these messages. Please note that email marketing messages include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you). Clicking on the link in an email will opt you out of further messages. You may also opt-out of your account settings in case this option is available. We may also use social media tools to market our products and services. As social media and web analytics providers act as joint processors, there might be consent or opt-out requirements also on their side.
If you have questions or concerns about our use of your personal information, please feel free to contact us at firstname.lastname@example.org.
Depending on your location, you may lodge a complaint to the supervisory authority, the Estonian Data Protection Inspectorate email@example.com or the UK’s Information Commissioners Office, https://ico.org.uk/make-a-complaint/.
This Privacy Notice was updated in July 2021.