Introduction & Scope
State the responsible entity (CodesMarket) and what the policy covers.
Data Controller & Contact Information
Identify CodesMarket as the data controller; include contact details and DPO (if applicable).
Types of Personal Data Collected
Specify data collected (e.g. name, email, IP, payment info, cookies).
Legal Basis for Processing
Cite the lawful grounds (e.g. consent, contract, legitimate interest) (GDPR).
Purpose(s) of Processing
Clarify why data is used (e.g. user accounts, payments, marketing).
Data Sharing & Third-Party Processors
Describe who may access data and under what terms.
International Transfers
Detail data transfer safeguards if data goes beyond EU/EEA (e.g. adequacy, standard contracts).
Data Retention
Explain how long personal data is retained and why.
Data Subject Rights
Inform users of their rights: access, rectification, erasure, portability, objection, consent withdrawal.
Automated Processing / Profiling
Disclose if such processes exist and explain their logic, significance, and consequences.
Security Measures
Outline your data protection, encryption, and breach pre-vention policies.
Data Breach Notification
Explain how you will handle and notify users and authorities of breaches (within 72 hours) (The HIPAA Guide).
Cookies & Tracking
Reference your cookie policy and state how users can manage consents (GDPR.eu, iubenda).
Updates to this Policy
State how users will be informed of changes, including effective date.
Effective Date: [Insert Date]
Introduction
CodesMarket (“we”, “us”, “our”) is committed to protecting your privacy and ensuring your personal data is processed lawfully and transparently in compliance with the EU General Data Protection Regulation (GDPR).
1. Data Controller & Contact
CodesMarket, registered at [Address], is the Data Controller.
For privacy inquiries or exercising your GDPR rights, contact us at: [email address] or [mailing address].
If applicable, our Data Protection Officer (DPO) can be contacted at: [DPO’s name & email].
2. Data We Collect
Account & Transaction Data: Name, email, payment details, billing address.
Technical Data: IP address, browser type, device identifiers, cookies.
Usage Data: Activity logs, preferences, download history.
3. Lawful Basis for Processing
Consent: For newsletters, marketing communications, and non-essential cookies.
Contract: To process orders and provide services.
Legitimate Interests: To improve our services, protect against fraud, and maintain site performance.
4. Purpose of Processing
We process your data to:
Manage user accounts and transactions.
Provide, maintain, and personalize our services.
Communicate updates, offers, and news (with your consent).
Comply with legal or internal audit requirements.
Detect and prevent fraud or abuse.
5. Data Sharing & Processors
We may share your data with:
Payment processors for transaction handling.
Analytics providers for site performance and usage tracking.
Legal and regulatory authorities if required by law.
We require all third parties to adhere to GDPR standards.
6. International Transfers
Where we transfer data outside the EU/EEA, we ensure adequate protection via mechanisms like Standard Contractual Clauses or adequacy decisions.
7. Retention Period
We retain personal data only as long as necessary to fulfill the purposes above, or as mandated by law (e.g., financial records).
8. Your Rights
Under GDPR, you have the right to:
Access your data.
Rectify inaccuracies.
Erase or restrict processing.
Request data portability.
Object to processing based on legitimate interests.
Withdraw consent at any time (without affecting past processing).
To exercise these rights, contact us at [email].
9. Automated Processing & Profiling
We do not engage in automated decision-making or profiling that produces legal effects or significantly affects individuals.
10. Security
We implement robust technical and organizational measures (e.g., encryption, access controls) to protect your data.
11. Data Breach Protocol
In case of a personal data breach, we will notify the relevant supervisory authority within 72 hours as required under GDPR (The HIPAA Guide), and inform affected individuals if there's a high risk to their rights or freedoms.
12. Cookies & Tracking
Our Cookie Policy explains how we use cookies and how you can manage your preferences. Non-essential cookies are deployed only after your consent (GDPR.eu).
13. Changes to This Policy
This policy may be updated periodically. We will notify users of significant changes via the website or email. The effective date will be updated accordingly.