Legal

Privacy Policy

Effective date: March 21st, 2021

For any questions about our privacy policy or your personal data, please contact us via email at info@komacut.com

SECT. 1 – GENERAL INFORMATION

Guangzhou Komaspec Mechanical and Electrical Products Manufacturing Co. Ltd., with registered office at Clifford (Huashan) Industrial City, No. 288, A1 Ju Huashi Boulevard, Huashan Town, Huadu District, Guangzhou, China 510880 (hereinafter, “Komacut”, “Us”, “We” or “Our”) knows how important privacy is to its customers (hereinafter, “You” or “Your”), and strives to be clear about how personal data is collected, used and disclosed.
This privacy policy (hereinafter, the “Privacy Policy”) provides an overview of Our privacy practices and tells You about the information that We collect when You access or use Our services via the website www.komacut.com (hereinafter this site will be referred to as the “Site”, while any software, service or SaaS provided via the same Site will be hereinafter collectively and indistinctly referred to as the “Services”), as well as how We may use or disclose such collected information.
We act as “Data Controller” of your Personal Data.
“Data Controller” means the entity (in most cases, an organisation, but sometimes a person) that directs the reason why Personal Data is processed in the first place and it is the entity that first receives Personal Data and is responsible for it.
“Process”, “Processing” or “Processed” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the entity (again a person or organisation, etc.) that actually does the Processing or analysis of Personal Data on behalf of the Data Controller.
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We invite You to read this Privacy Policy carefully to understand Our considerations and practices regarding the processing of Your Personal Data. If You do not agree to the practices described in this Privacy Policy, You should not access the Site and/or use Our Services.

SECT. 2 – PRINCIPLES OF THE PROCESSING

We are committed to fully complying with data processing requirements worldwide. This includes the European Regulation no. 2016/679 (General Data Protection Regulation; hereinafter, the “GDPR”), in case our processing activities involve data subjects that are either physically located in, or citizens of, the European Economic Area (EEA), as well as any other data protection laws and regulations applicable to Our Processing of Your Personal Data (hereinafter any of such laws, including the GDPR, shall be collectively and indistinctly referred to as the “Data Protection Laws”).
Therefore, We have configured Our Site and Services so that the Processing of Personal Data is kept to the minimum necessary.
We have also adopted safeguards and technical and organizational measures in order to protect the rights of data subjects, and to ensure that, by default, only Personal Data which is necessary for each specific purpose of the data is being Processed.

SECT. 3 – PERSONAL DATA WE PROCESS

3.1) Personal Data Processed. When You access the Site and Our Services, We may collect the following Personal Data:

Categories

Details

Origin

Contact Data

Personal Data that You provide Us when You contact Us by e-mail or any other available means (such as, the “Contact Us” form in the Site).

Personal Data voluntarily provided by You through various means (e.g., e-mail, website contact form, etc.).

Account Data

Personal Data provided by You when You register Your user account for the use of the Services, such as: email address, first name, last name, billing information, payment information.

Personal Data voluntarily provided by You through various means (e.g., e-mail, registration form, sign-in / sign-on via the Site, etc.).

Content Data

Personal Data contained in texts, messages, pictures and in any data, content or material transmitted or conveyed through the Services.

Personal Data either: (i) voluntarily provided by You through the access to the Services or (ii) automatically Processed (e.g., created, adapted, structured, stored, etc.) by Us in order to provide You with the Services.

Technical Data

Personal Data contained in log information regarding Your visits and use of Our Services, such as: Your interaction with the Site/Services, Your user status (active/inactive), Your last session, Your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, number of sessions, language and location.

Personal Data collected by Us during the provision of the Services.

Cookies

Personal Data collected using cookies and other similar technologies.

Please, visit Our Cookie Policy at _link_ for further information .

3.2) Your responsibility. We will process the above Personal Data in accordance with the applicable Data Protection Laws (including the GDPR, if applicable) and on the assumption that they refer to You or to third parties who have authorized You to provide them pursuant to an appropriate legal basis which legitimizes the Processing at stake. In this case, unless You accepted a specific data processing agreement with Us, You act as an independent Data Controller, taking on all relevant obligations and responsibilities according to the applicable Data Protection Laws (including the GDPR, if applicable). In this regard, You shall indemnify and hold Us harmless from and against all damages, losses, and expenses of any kind (including reasonable legal fees and costs) arose by any claim made by any third party whose Personal Data have been Processed in breach of the applicable Data Protection Laws (including the GDPR, if applicable) as regards to Your obligations as independent Data Controller of the same Personal Data.

SECT. 4 – PURPOSES AND LEGAL BASIS OF THE PROCESSING

4.1) Purposes. Personal Data above will be processed by Us for the purposes and legal basis specified below:

Personal Data involved

Purposes

Legal basis

Contact Data

Account Data

Content Data

To carry out Our obligations arising from any contracts entered into between You and Us and to provide You with the Services that You requested from Us (e.g., create and manage Your account, provide Our Services, provide custom, personalized content and information, etc.)

This Processing is necessary for the performance of our mutual contractual obligations and/or carried out with Your consent.

Contact Data

Account Data

Technical Data

To communicate with You to verify Your account and for informational and operational purposes (e.g., account verification, account management, customer service, system maintenance), including by periodically emailing you Services-related announcements.

This Processing is necessary for the performance of our mutual contractual obligations and/or based on a legitimate interest pursued by Us.

Contact Data

Account Data

Content Data

Technical Data

To give You access to Our support and customer care services and to enable You to communicate with Our team.

This Processing is necessary for the performance of our mutual contractual obligations, carried out with Your consent and/or necessary for the establishment, exercise or defense of legal claims.

Content Data

Technical Data

Cookies

To carry on statistical research / analysis, as well as to report, measure and evaluate the Services’ operation, usability, effectiveness, features and performance (e.g., monitor aggregate metrics such as total number of visitors, traffic, usage, diagnose or fix technology problems, etc.).

This Processing is based on a legitimate interest pursued by Us and/or does not involve Personal Data, as the relevant data may be anonymized.

Contact Data

To provide You with information and/or services that You requested from Us (e.g., process the subscription to Our newsletter, etc.).

This Processing is based on Your consent.

Contact Data

Account Data

Technical Data

Cookies

To ensure compliance with any applicable law (including the GDPR), Our terms and conditions, and our Privacy Policy.

This Processing is necessary for the performance of our mutual contractual obligations and/or for the establishment, exercise or defense of legal claims.

4.2) Voluntary nature of the processing. Providing Personal Data for the above-mentioned purposes is voluntary and not mandatory. However, any refusal to provide any of such data may not allow Us to establish and/or continue a contractual relationship with You, or to fulfill Your requests, or to comply with legal obligations to which We are subject.
4.3) Automated processing. Automated decision-making does not take place on Our Services nor involves Personal Data.

SECT. 5 – DATA RETENTION PERIOD

Personal Data collected by Us will be processed for the time strictly necessary to achieve the purposes referred to in above. In particular: (i) Personal Data needed for the provision of Our newsletter service will be processed until You decide to unsubscribe; (ii) Personal Data needed for the provision of our Services will be processed until the lapse of ten (10) days from Your account termination; (iii) Personal Data whose retention is mandatory under the applicable laws (e.g., tax laws, bookkeeping, etc.) will be retained for a period necessary or permitted to comply with such laws.

SECT. 6 – SECURITY MEASURES TAKEN FOR YOUR SAFEGUARD

6.1) General. We warrant to maintain (and continue to maintain) appropriate and sufficient technical and organisational security measures to protect Your Personal Data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, as well as against all other unlawful forms of processing. Please be aware that no security measures are perfect or impenetrable, so We cannot guarantee that unauthorised access, hacking, data loss or a data breach will never occur.
6.2) Measures and safeguards. Notwithstanding the preceding, we operate with the aim of mitigating the risks associated with processing Your Personal Data through several measures, including without limitation: (i) process only Personal Data that is essential to carry out Our services and legal obligations (data minimisation); (ii) use encryption for securing the Personal Data that We process (e.g., Secure Sockets Layer – SSL); (iii) use company-wide restriction methods for restricting access into the foundation of Our processes, systems and structure, in order to ensure that only those with authorisation and/or a relevant purpose have access to Personal Data and always with their private keys; (iv) make sure that our third-party services provider to whom we may transfer your Personal Data put in place an adequate level of protection thereof when carry on their Processing activities.

SECT. 7 – RECIPIENTS OF YOUR PERSONAL DATA

We share Your Personal Data with the following third parties, to the extent necessary to provide You with the Services and, in any case, in consistency with the purposes and legal basis of proceeding mentioned in this Privacy Policy:
7.1) Our affiliates, partners and employees. We may share Personal Data with any subsidiary, holding company, associated company, affiliate of, or companies controlled by, or under common control with, Komacut (including their employees and partners), to whom it is reasonably necessary or desirable for Us to Process Your Personal Data for the purposes described in this Privacy Policy.
7.2) Third-party service providers or consultants. We engage certain trusted third parties to perform functions and provide services to Us, including hosting and maintenance, e-mail, web analytics, database storage and management, operations, customer relationship, and advertising operations. We also require these third parties to maintain the confidentiality and security of Your Personal Data they Process on our behalf. Here is a list of Our service providers involved in the Processing operations:
Entity Name Role Privacy Policy URL
Google, Inc. Processor https://policies.google.com/privacy
AWS Cloud Storage https://aws.amazon.com/privacy/
7.3) Third parties required by laws or authorities. We may disclose Your Personal Data to a third party if: (i) We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request (including to meet national security or law enforcement requirements), or (ii) to protect ourselves, Our customers, or the public from harm or illegal activities. If We are required by law to disclose any of Your Personal Data, then We will use reasonable efforts to provide You with notice of that disclosure requirement, unless We are prohibited from doing so by statute, subpoena or court or administrative order. Further, We object to requests that We do not believe were issued properly.
7.4) Third Parties recipients of anonymised, de-identified and aggregated data. We may transform Your Personal Data in such a manner (i.e., through anonymisation, de-identification and aggregation) that these data can no longer be attributed to You. Such anonymised, de-identified or aggregated data will be shared to third parties for various purposes, including for business or marketing purposes or to assist third parties in understanding Our users’ interest, habits and usage patterns for certain programs, content, services and functionalities of our Site and/or Services.

SECT. 8 – WHERE YOUR PERSONAL DATA MAY BE TRANSFERRED

We are based in People’s Republic of China and Your Personal Data may be further transferred to, and stored at, any of our affiliates, partners or service providers mentioned in previous Sect. 7. We will ensure that the jurisdiction in which the recipient third party is located ensures an adequate level of protection of Your Personal Data; if it is not the case (i.e., if a recipient is located in a jurisdiction other than a jurisdiction in the European Commission-approved countries providing “adequate” data protection), Our service providers shall be signatories of a data transfer agreement which shall include the “Standard Contractual Clauses for data transfers between EU and non-EU countries” adopted by the European Commission and/or any other substantially similar provision.

SECT. 9 – YOUR RIGHTS

9.1) Right of access. You are always entitled to receive confirmation as to whether Your Personal Data is being processed or not and, where that is the case, access and receive a copy of such Personal Data in an intelligible form. Furthermore, You are also entitled to receive information concerning: (i) the purposes of the processing; (ii) the categories of Personal Data concerned; (iii) the recipients (or categories thereof) to whom the Personal Data have been or will be disclosed; (iv) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; (v) the existence of the right to request from Us the rectification or the erasure of Personal Data or the restriction of the Processing of Your Personal Data or to object to such processing; (vi) the right to lodge a complaint with a Supervisory Authority; (vii) the source of the Personal Data; (viii) the existence of automated decision-making; (ix) where Personal Data is transferred to a third country or to an international organization, the appropriate safeguards relating to the transfer.
9.2) Right to withdraw consent. You are always entitled to withdraw, at any time, Your consent to the Processing of Your Personal Data, both on legitimate grounds (even though they are relevant to the purpose of the collection) and if the Processing is carried out for direct marketing purpose. The preceding will not affect the lawfulness of Your Personal Data Processing based on consent before the withdrawal.
9.3) Right to rectification, erasure and restriction. You are always entitled to obtain from Us, without undue delay: the rectification or integration of Your Personal Data that are inaccurate or incomplete; the erasure of Your Personal Data that have been processed unlawfully or whose retention is unnecessary for the Purposes; the restriction of Processing, in case You challenge either the accuracy of Your Personal data or the lawfulness of the Processing, or in case We no longer need the Personal Data for the Purposes, but they are required by you for the establishment, exercise or defense of a legal claim.
9.4) Specific rights for Data Subjects in the European Economic Area (EEA). If You are citizen of any Country in the European Economic Area (EEA), You will be afforded also the following rights:
9.4.a) Right to data portability. You have the right to receive Your Personal Data in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another Data Controller without hindrance from Us, where technically feasible.
9.4.b) Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects. We may use automated decision-making only if it is authorized by legislation and if You have provided Us with an explicit consent or if it is necessary for the performance of a contract. You can always request a manual decision-making process instead, express Your opinion or contest decision based solely on automated processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect You.
9.4.c) Right to lodge a complaint. You have the right to lodge a complaint with the Supervisory Authority located in your place of residence.
9.5) Contacts. Requests to exercise the rights above must be sent by e-mail to info@komacut.com or by post to Guangzhou Komaspec Mechanical and Electrical Products Manufacturing Co. Ltd., Clifford (Huashan) Industrial City, No. 288, A1 Ju Huashi Boulevard, Huashan Town, Huadu District, Guangzhou, China 510880. Any access request is always completed within one (1) month; however, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two (2) further months. If this is the case, We will write You within one (1) month and keep You informed of the delay and the reasons thereof.

SECT. 10 – AMENDMENTS TO THIS POLICY

This Privacy Policy came into force on the “Effective Date” specified above.
We reserve the right to amend or to update its content, whether in whole or in part, also following changes in the legal and regulatory obligations regarding data protection. We will inform You on such amendments and updates through their publication on our website at https://www.komacut.com/privacy-policy/ as soon as they are adopted, and they will be binding from the moment of their publication. Therefore, We invite You to visit this page of Our website regularly, in order to be aware of the most recent and updated version thereof, so that You are always updated on the Processing activities that We carry out.