Vorld is a a distributed system that provides the functionality of identification for physical and legal entities, confirmed by identifiers with their electronic signatures and intended for use by financial or other companies who obliged to identify their clients as well services intended to securely store and share files and documents within client own device (hereinafter referred to as „Services“). While using our Services or communicating with us in any other way, the controller of your personal data is Vorld OÜ (a company incorporated under the laws of the Republic of Estonia, registry code 14227304, registered address at Ahtri st 6a Tallinn (hereinafter referred to as “Vorld” or “we”).
What kind of personal data do we process?
Personal data are all data directly or indirectly related to a physical person which makes possible identification of this person. Processing of personal data is, including but not limited to, collecting, recording, storing, organising, using, amending, transmitting, disclosing as well as deleting of personal data, but also other personal data processing activities.
The GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016 on the protection of natural persons with regard to the
We collect personal data to provide you our Services
Upon processing your personal data, Vorld follows the following principles:
- Vorld processes your personal data only in accordance with this policy and applicable laws;
- Vorld collects and processes Your personal data only for the purposes stipulated in this policy;
- Vorld makes sure that the personal data which Vorld collects and processes is:
— adequate, relevant and limited to what is necessary for the purposes stipulated in this Policy;
— accurate and up to date; and
— stored only for such period as is necessary for the purposes stipulated in this Policy.
— Vorld applies appropriate technological and organizational measures to ensure the availability, authenticity, integrity and confidentiality of your personal data.
We may collect the following types of information:
- Personal information: name, age, date of birth, gender, signature, utility bills, visual images, phone number, home address, and/or email.
- Formal identification information: copy and details of your personal identification document (national identity card, passport, driver’s licence, visa information).
- Online identifiers: Geo location/tracking details, browser fingerprint, OS, browser name and version, and/or personal IP addresses.
- Usage data: Survey responses, information provided to our support team, public social networking posts, authentication data, security questions, user ID, click-stream data and other data collected via cookies and similar technologies.
We collect your personal data mainly in the following ways:
- data you provide in the registration form and uploaded by you;
- data generated by you when using our Services;
- information that we receive from third parties;
- automatically collected data (cookies, browser data etc.).
How we use your personal data?
We use the collected information to create, develop, provide, maintain, protect, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. Any processing of personal data must be justified. We may use this information in the following ways under the applicable legal basis:
We may process your personal information to better understand the way you use our Services and to provide you personalised user experience. We use such information to customise, measure, and improve our Services and the content and layout of our website and applications, and to develop new services or new methods to provide you our Services.
Our interest as a business is to ensure that we provide you with the most appropriate products and services. This may require processing your information to enable us to send you relevant surveys, marketing information, etc. Based on your communication preferences, we may send you marketing communications to inform you about our events or offerings or events or offerings of our partners; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our Services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.
Sharing your personal data with third parties
We may share your information with service providers under contract who help with parts of our business operations.
For more information about the third parties we use to provide our services, please do let us know and we will provide you the information in the extent possible.
Protection of your personal data
We strive to protect your information from unauthorized access, use, or disclosure. We use a variety of physical, technical and administrative measures designed to protect our systems and your personal data.
For example, we use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our rooms and files, and we authorise access to personal information only for those employees who require it to fulfil their job responsibilities.
You have the following rights which can be exercised by contacting our data protection officer at privacy@_.
The right to access your data
You have the right to access your personal data in our use at any time and ask us to provide you a copy of your personal data. You are also entitled to receive information regarding data processing objectives and retention periods.
The right to correct your data
You may always request us to rectify or update any of your personal data that is inaccurate. Your right to access and rectification shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated.
The right to be forgotten
You have the right to request erasure of your personal data that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing that you previously consented, but later withdraw such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to erase the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the erasure of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws.
The right to object
Where the processing of your personal information is based on consent, contract or legitimate interests you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
The right to data portability
If we process your personal data based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal data in a structured, commonly used and machine-readable format, and to have us transfer your personal data directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others. A “controller” is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your personal data.
The right to restrict processing of your personal data
You have the right to restrict processing your personal data where one of the following applies:
(a) You contest the accuracy of your personal data that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal data.
(b) The processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead.
(c) We no longer need your personal data for the purposes of the processing, but it is required by you to establish, exercise or defence of legal claims.
Restricted personal information shall only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
The right to lodge a complaint
If you feel that your personal data has been processed in a way that does not comply with the GDPR or other applicable laws, you have a specific right to lodge a complaint. If you wish to raise a complaint on how we have handled your personal information, you can contact our data protection officer who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the relevant data protection authority. In Estonia, the relevant data protection authority is the Estonian Data Protection Inspectorate.