3. TO WHOM DO WE SEND YOUR PERSONAL DATA?
3.1. We may send your personal data to third-party subcontractors we call upon to process your data for purposes described in Article 2 above, such as:
a) to host our website (as host),
b) to send you our newsletters and ads (as marketing company),
c) to process your use of our Services (as a service provider),
d) to process your payment (as payment service provider).
3.2. These third-party subcontractors may only process your personal data in accordance with our instructions. We equally guarantee that each of these third-party subcontractors were selected with the utmost care and are committed to ensure the security and integrity of your personal data.
3.3. We may be legally obliged to send your personal data to competent authorities or their representatives, to judicial authorities, to public authorities or government agencies, including to relevant data protection authorities, for us to comply with a legal obligation as stated in Article 2.
3.4. We won’t send your personal data in identifiable form to any other third party than those mentioned in Articles 3.1 and 3.2 without your express consent.
3.5 Other types of disclosure
D-PAC may share or disclose your personal data and other information as follows:
• To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
4. PERSONAL DATA PROCESSING LOCATION
4.1. Your personal data are essentially processed within the European Economic Area (EEA).
4.2. In order to process your personal data for the purposes outlined in Article 3 above, we may equally transfer your data to third parties processing them on our behalf outside the EEA. Any entity outside the EEA processing your data shall observe the suitable precautions regarding the processing of your personal data. Such precautions shall be settled by:
a) a decision of the European Commission establishing the adequacy,
b) the ‘EU-United States data protective shield’, or
c) contractual guarantees.
4.3. We may transfer anonymized and/or aggregated data to third parties outside the EEA.
Shall such a transfer occur, we shall make sure that every precaution established ensures the security and integrity of your data and of every right regarding your personal data which you may have under the current binding law.
5. PERSONAL DATA PROCESSING TIME
5.1. Your personal data will only be processed as long as necessary for the purposes stated in 2 to be fulfilled or, if applicable, until the moment you withdraw your consent. The withdrawal of your consent may imply that you won’t be able to use all or part of our website.
5.2. We will anonymise your personal data as soon as they are no longer necessary for the purposes described in Article 2 above, except in the following cases:
a) if it were in the best interest of Karin Bali, or another third party, to keep your personal data in identifiable form, or
b) a legal or regulatory obligation, or court or administrative decision preventing us from misidentifying your personal data.
6.1. Karin Bali takes security seriously. We take various steps to protect the personal data you provide to us to protect these personal data from loss, misuse, and/or unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.