Privacy Policy

HomePrivacy Policy

This Privacy Policy (the “Policy”) governs all the issues concerning the processing of your personal data (“data concerning you” or just “data”) when you use https://huffson.group/ (“Website”) or order Goods and Services (the “Services”) which are provided via the Website.

Information about the data controller.

Under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”) the controller is the persons/entity/body which determines the purposes and means of the processing of personal data. In a plain language, the controller is who determines the ways of the processing of your data and is responsible for this processing. In application to this Website, the controller is Huffson Group Ltd, a company incorporated and registered under the laws of the Republic of Cyprus, with its registration number HE 401751, with its registered address Spyrou Kyprianou, 79, PROTOPAPAS BLDG, 2nd floor, Flat/Office 201, 3076, Limassol, Cyprus. Huffson Group Ltd hereinafter shall be referred to as the “Company”, “We”, “Us”, “Our”. You can always contact us for all the issues related to the processing of your data by e-mail contact@huffson.group.

What data concerning you the Company collects.

A) Data which you provide us.

Contact data. When you contact us with the interface of the Website or via available e-mail address, you provide us with the following data:

  • Your name;
  • Your e-mail address;
  • Your message including all the content it contains.

You may additionally (voluntarily) provide us with additional data concerning you:

  • Your telephone;
  • Your Website;
  • The company/institution/organization you work for.

Order data. When you place an order on the Website, the Company collects the following data:

  • Your name (including first and last name);
  • Your Company name (if you choose to add this information);
  • The country of your residence;
  • Your e-mail address.

B) Data which are collected from third parties

Payment data. We do not directly process your payments but when you make payments for the Services provided via the Website (“Services”), we receive the information about your payment(s) from our payment provider which include the following:

  • Information about your transaction(s).

Automatically collected data. When you use the Website, the following data concerning you are collected automatically:

  • Your IP address, the data concerning your location, the data concerning your mobile carrier operator or internet provider;
  • The data concerning your device: its operating system, the type and version of the browser, screen resolution, installed time-zone, language setting, the type of the device: its model and manufacturer (if applicable);
  • The data concerning your browsing session and any interaction(s) with the interface of the Website (for example, the number of pages you have visited, the number of pages you have clicked on);
  • The data concerning the source from which you have visited the Website.

The source of Automatically collected data: we receive automatically collected data from the via technical facilities of the Website and via Google and Cloudflare Services.

Additionally, we collect personal data from Cookies (“Cookies data“). To find out more about the usage of cookies by the Website, please, follow Cookies Policy.

The purposes and legal bases of the processing.

To provide you with this Website. Automatically collected data and Cookies data are used by the Company in order to provide you with this Website in all its functionality and, in some cases, to provide you with the Website tailored for your preferences. Without your Cookies data and Automatically collected data the Website may simply not work or work with mistakes.

The legal basis for this type of processing: Article 6(1)(f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company. Provision of the Website to its visitors and provision of the Website tailored for the preferences of the visitor are the legitimate interests of the Company. You may technically restrict the processing of your Automatically collected data and cookies data for this purpose, but in this case some functions of the Website (or Website at all) will not available to you.

To protect and control this Website and our business. Automatically collected data and Cookies data are used by Company in order to:

  • protect the Website, the server that makes the Website available, any linked websites from any attacks (including DDoS attacks);
  • To protects the Website from spam and abuse;
  • Protect the Website from automated input. This includes, but not limited, to the use of reCAPTCHA;
  • protect and prevent any legal, reputational and financial risks;
  • protect the Website from being used for any illegal and fraudulent purpose.

The legal basis for this type of processing: Article 6(1)(f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company. Protection of the Website is the legitimate interest of the Company.

To provide you with the Company`s Services. Your Order data are used to provide you with the Services, and your Payment data are used in order to ensure that you have paid for the Services. Additionally, we may use your e-mail address from your Order data in order to communicate with you in the context of the provision of the Services to you. Without your Order data we would not be able to process your order. Additionally, we will store your Order data within 12 (twelve) months starting from the date of the delivery of your order for the purpose of solving any existent disputes between you and the Company.

The legal basis for this type of processing: Article 6(1)(b) of GDPR: the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

To contact you. The data you provide to the Company may be used in order to communicate with you.

The legal bases for these types of processing:

When we communicate with you when you send a general question about the Company, Website or our Goods and/or Services, Article 6(1)(f) of the GDPR is applied: the processing is necessary for the purposes of the legitimate interests pursued by the Company. Communication with the public is the legitimate interest of the Company.

If your message relates to the business issue: we will use your contact data to discuss your business proposal or enter into pre-contractual negotiations with you or discuss your issue. In this case, Article 6(1)(b) of the GDPR is applied: the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. Without your contact data we will not be able to consider your business proposal or enter into pre-contractual negotiations with you or discuss your issue.

If we communicate with you in the frames of provision to you our Goods or Services, Article 6(1)(b) is applied: the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. We need this communication in order to provide you our Goods and Services and without it we will not be able to do it.

To contact you. We use your Contact data in order to communicate you in the context of your message.

The legal bases:

  • If your message relates to business issue: Article6(1)(b) of the GDPR: processing is necessary for the performance of a contract to which you are party.
  • If you ask general questions about the Company and Our business: Article 6(1)(f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company. Communication with the public about The Company and/or Our Services is our legitimate interest.
  • If you want to exercise your data subject`s rights: Article 6(1)(с) of the GDPR: processing is necessary for compliance with a legal obligation to which the Company is subject.

To develop this Website. We use your Automatically collected data and Cookies data in order to develop Website. We do this in the following manner: we take these data, anonymize them (it means that we remove all personally identifiable information), and use these data in order to find out how our Website is used by its audience and subsequently develop this Website with the use of these data.

The legal basis for this processing: Article 6(1)(f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Company. Protection of the Website is the legitimate interest of the Company.

Recipients of your data.

Contractors and subcontractors of the Company, its affiliates. There are a number of entities who are engaged in the functioning of the Company and this Website. Thus, your data will be shared with them. All these transfers are secured by proper contractual arrangements which oblige these recipients to process your personal data in strict compliance with this Policy and within the terms of confidentiality and professional secrecy regime.

The hosting provider that owns the server which makes the Website available. The Website is placed on the server which is operated by the third party. From this follows that your personal data will be shared with this hosting provider. Nevertheless, this sharing will be performed in an encrypted form: which means that only authorized employees of the Company will have access to your personal data because only they possess decryption keys.

Payment providers. Your payments for the Services will be processed by third-party payment providers. Thus, we direct your Payment data to them in order to process your payments.

Google and Cloudflare. As mentioned above, the Company uses the services provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA and Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA. The transfers of personal data from the EU to the USA are secured by a Standard Contractual Clauses. Standard Contractual Clauses is a mechanism elaborated by the European Commission which obliges non-EU recipient of personal data to process these data in accordance with EU law. You can read more about Standard Contractual Clauses via the link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

The period within which your data shall be stored.

Contact data: when the purpose of our communication with you is reached, we erase these data. In case of dispute with you, we will store your Contact data for an additional time period until the subject of the dispute is no longer relevant.

Order data and Payment data: up to a period of twelve months starting from the date of the delivery of the Services to you for the purposes of consumer dispute resolution and solving any problem which may arise with your use of Services.

Cookies data: in accordance with Cookies Policy. 

Automatically collected data: up to 14 (fourteen) months starting from the date of the last use of the Website. More details are available via the link: https://support.google.com/analytics/answer/7667196?hl=en.

Your rights under this Policy.

As the data subject, you have several rights which you can implement either by contacting us via email contact@huffson.group or by sending a request to our legal address. These rights are the following:

The right to withdraw consent. If you previously consented (under Article 6(1)(a) of the GDPR) to processing of your data, you have the right to withdraw this consent at any time. It means that we will stop the processing of the personal data for the processing of which the consent was required starting from the date of the withdrawal. The withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal.

The right of access. You have the right to obtain from us the confirmation as to whether or not the data concerning you are being processed, and, if we indeed process your personal data, to receive a copy of the personal data undergoing processing.

The right to rectification. You have the right to obtain from us the rectification of inaccurate personal data concerning you.

The right to erasure (or the right “to be forgotten”). You have the right to obtain from us the erasure (removal) of your personal data. Upon your request, your personal data shall be removed. This right shall be applied if:

  • your personal data are no longer needed for the purposes for which these data were collected;
  • you have withdrawn your consent (if you have provided this consent) and there are no other legal bases for further processing;
  • we do not need to keep your personal data for the purposes of compliance with the applicable legislation;
  • the data are processed unlawfully;
  • there are no any restrictions of this right by the applicable legislation;
  • in other cases when the erasure (removal) is required or permitted by the applicable law.

The right to object to processing. You have the right to object, on grounds relating to your particular situation, to processing of your personal data, if the grounds of this processing were necessary for the purposes of the legitimate interests pursued by the Company or by the third party (Article 6(1)(f) of the GDPR) or this processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company (Article 6(1)(e) of the GDPR).  Additionally, you have the right to object to the processing of your personal data for direct marketing purposes (if applicable).

The right to restriction of the processing. You have the right to obtain from us restriction of processing, in case if one of the following applies:

  • you contested to the accuracy of the personal data, for a period enabling the Сompany to verify the accuracy of the personal data;
  • processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing on the basis of your right to object pending to verification whether your legitimate grounds override those of the Company.

The right to data portability. You have the right to receive from us the data which were collected from you, in a structured, machine-readable format and have the right to transmit those data to another controller (in a plain language, to another company). Nevertheless, this rule applies only to processing which:

  • Was carried out by automated means;
  • Is based on Articles 6(1)(a) and 9(2)(a) of the GDPR (consent) or is based on Article 6(1)(b) of the GDPR-processing which was carried out under the contract between you and us.

Please note, that these rights are applicable with some restrictions:

  • If we are not sure about the identity of the requestor, we shall verify the identity of a user/visitor who requests for the implementation of any of the rights before the implementation of this right.
  • We may restrict the rights specified above or deny in implementation of any of the rights if this restriction or denial is grounded on the legislation to which the Company is subject. In this case, we will specify you the reason for the denial in the reply to your request.

The right to lodge a complaint with the supervisory authority. You can always contact us for any issue with regard to the processing of your data, including complaints. Nevertheless, if you suppose that your rights under applicable data protection legislation have been violated, you can lodge a complaint either:

  • With the Commissioner for Personal Data Protection of the Republic of Cyprus (jurisdiction of our incorporation). The Website of the Commissioner http://www.dataprotection.gov.cy/; or
  • With the data protection authority of the country of your habitual residence. You can find the list of all EU Data Protection Authorities on the Website of the European Data Protection Board https://edpb.europa.eu/about-edpb/board/members_en.

Processing of children`s data.

The Company does not knowingly process the data of individuals younger than 18 (eighteen) years old. If you are a parent or a guardian and you are aware that your child has provided us with his/her data, please contact us so that we will be able to take the necessary actions.

Third-party Websites.

This Website may contain the links to the websites owned by third parties. For example, links/hyperlinks to third-party`s websites (“third-party`s Websites”). You follow those links/hyperlinks at your own risk. The Company bears no liability for the content of any of those Websites and bears no responsibility on anything, what can happen as a result of your visit to those third-party`s Websites. The Company recommends you to visit the “Privacy” document on any of the third-party`s Websites before submitting any information to them.

Сookies Policy.

The Website uses cookies. A cookie is a small file of letters and numbers that placed on your electronic device. We use these cookies for various purposes.

We use cookies in order to:

  • Protect this Website from the cyberattacks or any form of abuse (“security cookies”);
  • Some cookies are essential in order to provide you with the Website. If these cookies are disabled, the Website will not work (“essential cookies”and “functionality cookie”);
  • Distinguish you from other visitors and users of the Website, which helps us to provide you with a good experience when you browse the Website and allows us to improve the Website (“analytics cookies” and other applicable).

Cookies used by the Website.

Name of the cookie Type Expiration time Purpose of use
__cfduid Security cookie 1 month This cookie is a security feature deployed by us in order to protect this Website. The __cfduid cookie does not allow cross-site tracking. It also does not allow visitors to follow from website to website by merging various __cfduid identifiers into a profile. Rather, __cfduid cookie is placed on the visitor’s web browser after the visitor has met certain security requirements. The __cfduid is a one-way hash of certain values and cannot be used to personally identify the individual.
trx_addons_is_retina Functionality cookie 1 year This cookie checks whether do you have Retina display. If you have Retina Display, the Website will be compatible with your device.
_ga Analytics cookies 2 years These Google Analytics cookies are used to collect information about how visitors use the Website. We use this information in order to improve and enhance our Website.
_gid 2 hours
_gat_gtag_UA_157919768_1 1 minute
_gat 1 minute