Privacy Policy
Last updated on: 14 Dec 2023
This Website https://roxman.com/ (“Website”) was created for Roxman Agency (“Company”, “Roxman”, “we”, “us”).
Your privacy is important to us. Therefore, we invest great efforts to be transparent about processing your personal data with the use of our Website and otherwise.
Who we are
The owner of the Website is Roxman. As a result, Roxman is the controller of personal data obtained with the use of the Website and processed under this Privacy Policy. This means that we decide what personal data should be processed, how, and why.
If you have questions, concerns, or complaints, or would like to exercise your rights, we are available at privacy@roxman.com.
You can also complain to the supervisory body in your country if you are unhappy with how we have used your personal data.
Scope of our privacy policy
Our privacy policy (“Privacy Policy”) describes the purposes for which we use your personal data (you are our “Visitor”), with whom we may share it, where your personal data is stored, and the measures we take to protect its security. It also aims to tell you about your rights with respect to your personal data, and how to contact us regarding our privacy practices.
This Privacy Policy covers the personal data we process when you interact with our Website and with us through the means indicated on the Website. Before using our Website, please read our Privacy Policy carefully as it may affect your rights.
What is Personal Data?
Personal data is any information relating to you that alone or in combination with other pieces of information allows the person who collects and processes such information to identify you as an individual. In general, these could be your name, an identification number, email address etc. Personal data could also include such technical information as MAC addresses, IMEI, IP addresses, both static and dynamic, browser, and system information.
Personal data also includes “personal information” in a way that term is defined in the CCPA, CPA, VCDPA, UCPA, and CDPA.
Personal data processing means any action with it, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means, and so on.
Other terms used in this Privacy Policy shall have the same meaning as in our Terms and the GDPR, CCPA, CPA, VCDPA, UCPA, or CDPA. If there are variations between such definitions in different laws, you will be covered by the definition that applies in your state.
Age of our Users
Our Website is not directed at individuals under the age of legal majority. We do not knowingly collect personal data from children under 18 (or under other age of majority under the law of your country). If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information.
Detailed description of how we process your data
Below you will find a detailed information about:
- What personal data we may process and when we have got it;
- Purposes of processing your personal data;
- Legal basis for the processing;
- Retention period.
Please be aware we may collect your personal data (such as IP address, the country you are visiting our Website from, or language preferences) with the use of automated technologies like cookies. For more information, see our Cookies Policy, which is the integral part of this Privacy Policy.
Other types of data we process are described below.
1) Data we use to respond to your requests
a. Category of personal data
- Unique Identifiers;
- Contact information
b. Nature and purpose(s) of processing
We process this data after you address us with your requests via our «Contact» form or E-mail to:
- Administer the Visitors’ requests;
- Offer you and discuss our partnership opportunities
c. Personal data we process
Data you provide when you fill out a contact form:
- Name;
- E-mail;
- The message (your questions, comments, feedback, or other information that you mentioned). When you send us a request, you may also provide us with personal data such as the name of your company, your position, or your phone number etc. We do not need this information to respond to your request, so you may send it to us at your own discretion.
We encourage you not to share sensitive personal data with us (such as data about your health, sexual orientation, or religious beliefs), as well as excessive data that we do not need to resolve your issue.
d. Sources from which mentioned personal data is collected
- Directly from you via our Website;
- Direct communication with you.
e. Legal basis for processing (if applicable)
Entering into and performance of a contract.
f. Data retention period
We may store your personal data mentioned above from the moment you provided data as long as we need such data to answer your requests, but in no case it will be longer than 3 years after our last communication, unless we enter into a business agreement with you or your company.
2) Data we use for providing you with personalized offers
a. Category of personal data
- Unique Identifiers;
- Contact information.
b. Nature and purpose(s) of processing
We process this data after you complete the form or address us with your requests. We may add your request details to our database of customers and prospects to stay in touch with you and offer you a personalized proposal that best suits your request and your business needs.
c. Personal data we process
- Name;
- Contact information you provide us (e.g. E-mail, phone number);
- Your company name (if applicable);
- Your project name (if applicable);
- The sense of your request or your project;
- The content of our business communication.
d. Sources from which mentioned personal data is collected
- Directly from you via our Website;
- Direct communication with you.
e. Legal basis for processing (if applicable)
- Entering into and performance of a contract.
- Legitimate interest.
f. Data retention period
We may store your personal data mentioned above for our marketing activities during your or your company’s business relationship with us, unless you object (B2B).
3) Data we use for promotion and marketing purposes
a. Category of personal data
- Unique Identifiers;
- Contact information;
- Commercial Information.
b. Nature and purpose(s) of processing
We may process and share publicly via our Website or otherwise your feedback or other information regarding our business cooperation, that you provide us personally or posted publicly via social media sources for our promotion and marketing purposes.
c. Personal data we process
- Name (if applicable);
- Your company name (if applicable);
- Your project name (if applicable);
- The sense of your request or your project;
- Records of services purchased, your feedback etc.
d. Sources from which mentioned personal data is collected
- Directly from you via our Website;
- Direct communication with you;
- Social media interaction with you.
e. Legal basis for processing (if applicable)
Legitimate interest.
We may also process your personal data to perform legal duties, responsibilities, and obligations and to comply with laws and regulations that apply to us. For example, we could store data about emails and names of subscribers to our newsletters, as well as their choices and consent - to make sure we comply with laws on e-communication.
Your rights when we process your personal data
GDPR and other countries’ privacy laws provide certain rights for data subjects. If you are a U.S. Resident, please refer to Section “Notice for U.S. Residents - U.S. Privacy Notice for CA, CO, CT, VA, UT” below.
But basically, you have the following rights with respect to your personal data:
- Right to know about the type of data processed, the sources of collection, the location of their personal data, the purpose of their processing, and the location of the owner or controller of personal data. The Privacy Policy was created to ensure this right. But you may ask us additional questions as to your data. You may receive information on the conditions for granting access to personal data, in particular information on third parties to whom your personal data is transferred. You may obtain a copy of your personal data.
- Right to make a reasoned request to change or destroy their personal data if such data are processed illegally or are inaccurate, as well as in other cases provided by law. In particular, in the event of any inaccuracies in the data processed by Roxman, the person whose personal data is processed has the right to contact us with a request to make appropriate changes to their personal data. You may also request that your data be destroyed if you believe that Roxman no longer needs it for the purposes for which it was collected, you object or withdraw your consent. However, we may retain certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to fulfil a legal obligation requiring processing under EU law or the law of a State to which we are subject.
- Right to withdraw consent to the processing of personal data. You can withdraw your consent to the processing of your personal data at any time in case the legal basis for the processing was the consent. In this case, we must stop processing, i.e., destroy or delete your personal data and notify you of the results. However, there may be exceptions to this right. For example, if the law requires Roxman to retain this data, or when it is necessary for the protection in litigation, or when Roxman has other grounds for the processing, etc.
- Right to object to data processing, if we process your data on the basis of legitimate interest, for instance when we send you marketing emails. If you object and we do not have any other legal basis for the processing of personal data, we will delete your personal data, the processing of which has been objected to.
- Right to make reservations about the restriction of the right to use your data in certain circumstances, such as when you have objected to our use of such data. But we will first verify whether we have overriding legitimate grounds to use it.
- Right to receive your personal data and send the data to another provider (data portability). In some jurisdictions such as the EU, you may ask to transfer your data to a third party in a structured, commonly used, and machine-readable format in circumstances where the data is processed with your consent or by automated means.
- Right to complain about the processing of your personal data to the supervisory authorities or to the court and apply legal remedies in case of violating the data protection laws.
- You also have a right not to be subject to automated decision making. Please be aware that we do not make decisions about you based solely on automated processing (including profiling), which produces legal effects concerning you or similarly significantly affects you.
If you want to exercise some other right with regard to your personal data in your jurisdiction, do not hesitate to contact us via contact data indicated at the top of this Privacy Policy. We will use our best efforts to keep you satisfied.
How we share and disclose your personal data
We may disclose your personal data to our employees or verified independent contractors, including contracted private entrepreneurs who are based in Ukraine. We always enter into non-disclosure and confidentiality agreements with those who have access to your data to ensure data protection.
We may share your data with service providers that help us operate, provide, support, and enhance our services. If a service provider needs to access your data, they do so under appropriate security and confidentiality measures designed to protect your data. For instance, we store your data using Google Cloud storage services such as Google Sheet (Google Workspace). We also use Pipedrive CRM and Google Gmail and Google OAuth 2 to create the forms, collect and store your responses, conduct business communication, and to send follow-ups, updates, and information about our services and other information we deem interesting to you. We utilize Google Analytics and Clicky to collect analytics and statistics from the Website. Our Website is hosted by Netlify and we use Gatsby as a framework for static Website generation.
You should always check the privacy settings and notices in these third-party services to understand how those third parties may use your data.
In exceptional circumstances, we may disclose data with law enforcement agencies, courts, fraud prevention agencies, or other third parties, where we think it is necessary to comply with applicable laws or regulations or to defend our legal rights (where possible, we will notify you of this type of disclosure).
International data transfers
When we use and share your data, it may be transferred to and processed in countries other than your country or residence.
Where we transfer your data, we put safeguards in place to ensure your data remains protected. For individuals in the UK or EEA, this means that your personal data may be transferred outside of the UK or EEA. When this is the case, it will be transferred to countries where we have compliant transfer mechanisms in place, in particular, the implemented European Commission’s Standard Contractual Clauses to agreements with entities and independent contractors the data is transferred to or other appropriate legal mechanisms to safeguard the transfer.
Security of data
We are committed to keeping our user’s personal data safe. We take appropriate security measures to protect your personal data from accidental loss or destruction, from unlawful processing, or access to it. All personnel are subject to full confidentiality, and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties. Also, any access by authorised personnel is logged.
We use verified contractors who might have access to the data as specified in this Privacy Policy and with whom relevant data processing agreements are concluded. Moreover, we guide and train our personnel to process your data securely. We also use technical measures to ensure your data is safe.
Disclaimer. While taking the necessary steps to secure your data, we have no choice but to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under the breach and if there is a high risk of violating your rights as a data subject, we would inform you and the respective data protection authorities as to the accidents without undue delay. We will also do our best to minimize any such risks.
Notice for U.S. Residents - U.S. Privacy Notice for CA, CO, CT, VA, UT
This U.S. Privacy Notice applies only to information collected about consumers residing in California, Colorado, Virginia, Utah, or Connecticut, and supplements the information contained herein.
It provides information required under the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), the Colorado Privacy Act of 2021 (the “CPA”), the Virginia Consumer Data Protection Act of 2021 (the “VCDPA”), the Utah Consumer Privacy Act of 2022 (the “UCPA”), and the Connecticut Data Privacy Act of 2022 (“CDPA”) and any and all regulations arising therefrom (hereafter “U.S. privacy laws”). Some portions of this U.S. Privacy Notice apply only to Visitors from particular states, and we have indicated where those portions are state-specific.
California, Colorado, Virginia, Utah, and Connecticut Visitors have certain rights regarding the data we collect and use. Those rights vary by state. We are committed to respecting these rights and complying with U.S. privacy laws.
You have the right to submit requests related to the personal information we have collected about you. If you would like more information, please submit a request to us at this address: privacy@roxman.com. Under certain U.S. privacy laws (e.g. in California, Colorado), you may make such a request twice in a 12-month span. Please note, there are circumstances when we may not be able to comply with your request. For example, we may not be able to verify your request or we may find that providing a full response conflicts with other legal obligations or regulatory requirements. We will notify you if this is the case.
The following information explains the rights and our practices with respect to them.
Right to Receive Information on Privacy Practices. You have the right to receive the following information at or before the point of collection:
- The categories of personal information to be collected;
- The purposes for which the categories of personal information are collected or used;
- Whether or not that personal information is sold or shared with third parties or disclosed to vendors;
- If the business collects sensitive personal information, the categories of sensitive personal information to be collected, the purposes for which it is collected or used, and whether that information is sold or shared; and
- The length of time the business intends to retain each category of personal information, or if that is not possible, the criteria used to determine that period.
We have provided such information in this Privacy Policy, and you may request further information about our privacy practices by using the contact information provided below.
Right to Know and Right to Access. You have the right to request that we disclose to you what personal information we collect, use, disclose, and sell. We will provide you with such information in a portable and, to the extent technically feasible, in a readily usable format. The list of the categories of personal information that we collect is described in Section “Detailed description of how we process your data”.
Right to Deletion. You also have the right to request deletion of personal information that is in our possession, subject to certain exceptions. Please note that your request to delete data may impact your use of the Website and related services in some cases, and we may decline to delete information for reasons set forth in this Privacy Policy or as permitted by the U.S. privacy laws.
Right to Correct. You have a right to request that we correct any inaccurate personal information we may retain about you.
Right to Opt-Out of the Sale and Sharing of Your Personal Information. You have the right to opt-out of the sale and sharing of your personal information with third parties, and the right to opt out of the processing of personal information for targeted advertising purposes, as defined in the CCPA, CPA, VCDPA, UCPA, and CDPA.
We sell or share personal information, or process personal information for targeted advertising purposes. In the past 12 months, we have sold or shared the categories of consumer personal information as listed in this U.S. Privacy Notice. As a consumer, you have the right to opt-out of the sale and/or sharing of your personal information and of the processing of personal information for the purpose of targeted advertising. To submit an opt-out request, please email us at: privacy@roxman.com.
If you opt-out of the sale of your personal information, we will wait at least 12 months before asking you if we may sell or share your personal information.
Right to Non-discrimination. You have a right to exercise the above rights, and we will not discriminate against you for exercising these rights. Please note that a legitimate denial of a request to access, delete, or opt-out is not discriminatory, nor is charging a fee for excessive or repetitive requests.
Right to Appeal. You have the right to appeal our decisions about your data subject requests. You must submit your request within 60 days of your receipt of our denial. Once we receive your request, we will acknowledge and start processing your request. Within 60 days of receiving your request, we will inform you in writing of any action taken or not taken in response to your request, including a written explanation of the reasons for our decision.
The information about your individual rights is also available in this Privacy Policy. Please read it carefully.
Updates to our Privacy Policy
We may amend or update this Privacy Policy from time to time. If we decide to do so, and the amendments will substantially affect your rights and legitimate interests, we will notify you of any changes via email and/or a notice on our Website. We will also indicate the “Last updated” date at the top of this document.