THE THREE LTD.
Please read this agreement carefully, as it contains important information regarding your legal rights and remedies.
Last Revised: 2019-08-15
The Three Ltd., a private limited company, incorporated in the Republic of Bulgaria, UIC BG203658354, registered address 21B, Moskovska street, 3rd floor, Sofia – Bulgaria (hereinafter referred to as “The Company”), provides you web-hosting, domain name registration, and related products and service.
The Company seeks to ensure the highest level of data privacy when offering its variety of quality products and services to its customers and subscribers ("Subscribers") (collectively, “You”, or "Users"). The privacy and security of our Users is of paramount importance and we are committed to protecting the data you share with us.
All personal data are processed in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable laws and binding rules (including EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, designed by the U.S. Department of Commerce and the European Commission and Swiss Administration, if applicable).
For any questions regarding this Policy or any requests regarding the processing of personal data, please contact us at firstname.lastname@example.org.
2. GENERAL PRINCIPLES. CONFIDENTIALITY
The Company shall process all Personal Data adhering to the general data processing principles:
- lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness, and transparency);
- collect and process Personal Data only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (purpose limitation);
- ensure that Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimization);
- ensure that Personal Data is accurate and, where necessary, kept up to date (accuracy);
- ensure that Personal Data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (storage limitation);
- process Personal Data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality).
All and any information stored on the Company’s Platform is treated as strictly confidential. All information is stored securely and is accessed by qualified and authorized personnel only.
3. INFORMATION WE COLLECT
3.1. Information You provide to us.
Information that is necessary for the use of the Company’s Platform
We ask for and collect the following personal information about you when you use the Company’s Platform. This information is necessary for the adequate performance of the contractual arrangement which is in place between you and us and to allow us to comply with our legal obligations. Failing to provide any of this data or decision to delete or object to the processing of any of such data may result in de-activation of your Account.
- Account Signup Information. When you sign up, we require you to provide minimum information - email address and password. In some particular cases we ask you to provide more information - such as your first and last name, identity verification, contact details. Such information is required when you are applying for a registration of domain name and indicated as the WHOIS information.
- Login information. We collect Login scope and Email scope from Google, please see https://developers.google.com/+/web/api/rest/oauth#profile and email from Facebook.
- Identity Verification. To comply with the rules set forth by the Internet Corporation for Assigned Names and Numbers (“ICANN”) before the registration of the new domain name, the Company may collect identity verification information (such as images of your passport, national ID card, valid driving license or other documents as required or permitted by applicable laws).
- Payment Information. To order and use features of the Company’s Platform (such as web-hosting, domain name registration), we may require you to provide certain financial information in order to facilitate the processing of payments. We use 3rd party (payment processor) services, so we do not collect and store credit card information (we receive information about the payment status and store only last 4 credit card digits).
- Communications, Chats, Messaging. When you communicate with the Company (using general inquiries window), we collect information about your communication and any information you choose to provide or disclose. In order to respond to your request, we may access information provided in your Account, purchase history, etc.
- Job applicants’ information. We also collect information that you provided to us by applying to any of the open career positions published at https://the3.eu, by e-mail or otherwise. For more details see Section 5 below.
- Visitors and users of our User’s websites or services. We may also collect information pertaining to visitors and users of our User’s websites or services (“Users-of-Users”), solely for and on our Users’ behalf (as further described in Section 6 below).
You may also choose to provide us information when you fill in a form, conduct a search, update or add information to your Account, respond to surveys, post to community forums, participate in promotions, or use other features of the Company’s Platform. We advise against posting any information you don’t wish to make public on the Company’s Platform. If you upload any content to your account or post it on your Website and provide it in any other way as part of the use of any Service, you do so at your own risk.
The Company processes information you provide to us on the legal basis of:
- Your consent, expressed when voluntarily submitting and filling your Personal Data details in sign-up forms, by e-mail, request or inquiries window, etc.; and
- Conclusion and performance of contractual arrangements and obligations between the Company and the User;
- Pursuance of legitimate interests of the Company, as Data Controller and manager of the Company’s Platform;
- Compliance with a legal obligation to which the Company is subject, including, but not limited to, ICANN rules: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whois.
Please always take care and observe at least the following minimum requirements for the protection of your personal information:
- please omit using your name, address, telephone number, e-mail, personal identification number, date of birth, bank Account number, card number, other special (sensitive) data, etc. in the subject of the request or file name;
- please omit using your personal code, payment card number, and other financial information and details, health, family member details, or other specific (sensitive) data, in the texts of requests, e-mails or similar communication to us, and
- please make sure that the remaining personal data is only indicated to the extent necessary for the purposes for which the letter, request or inquiry is sent.
Right to delete your data
You may at any time access and edit, update or delete your contact details by logging into your Account.
Please note that you will only be able to delete your email during de-activation of your Account. To deactivate your Account, please send your request to email@example.com, and you will be provided with further guidance.
3.2. Information We Collect when You use the Platform
When you use the Company’s Platform or contact us directly by any communication channel, we may collect information, including personal information, about the services you use and how you use them.
This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Company’s Platform.
Automatic collection of data
- Log data and Device information. We automatically collect log data and device information when you access and use the Company’s Platform, even if you have not created an Account or logged in. That information includes, among other things: Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and/or clickstream data.
- Usage information. We use a tool called “Google Analytics” to collect information about your interactions with the Company’s Platform (what pages you visit, such as the pages or content you view, your searches for Listings, bookings you have made, and other actions on the Company’s Platform. In consequence, Google, Inc. plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this Site). For more information please visit Google.
- Geo-location data. We collect information about your approximate location as determined by data such as your IP address to offer you an improved user experience and comply with applicable legal requirements, such as taxes, pricing, etc. Such data may be collected only when you access the Company’s Platform using your device.
The Company processes this information on the legal basis of:
- Your consent;
- Conclusion and performance of contractual arrangements and obligations between the Company and the User;
- Pursuance of legitimate interests of the Company, as Data Controller and manager of the Company’s Platform (for example, to maintain and improve our Services by identifying user trends and the effectiveness of our campaigns and identifying technical issues), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights.
4. HOW WE USE YOUR DATA?
We use, store, combine and process information, including personal information, about you to provide, understand, improve, and develop the Company’s Platform, create and maintain a trusted and safer environment and comply with our legal obligations.
- To Identify. Personal identification information is collected and processed for the purposes of User identification as well use of services and domain name registration. Additionally, this information may be used to provide Users with support, letting them know about upcoming updates or improvements, providing information regarding changes of the Universal Terms of Service Agreement or any of the agreements and policies incorporated in it (including changes to this Policy) as well as other important information.
- To Create and Maintain Trusted Environment. We verify or authenticate information or identifications provided by you (such as ID number, email or phone numbers). We also use collected information to detect and prevent fraud, spam, abuse, security incidents, and other illegal and harmful activities.
- To Create Aggregated Statistical Data, to Carry out Market Research and Analysis necessary for running out our business, to improve our services we use aggregated and/or inferred non-personal information enabling us to evaluate our customers’ needs, sales and other trends of our activities.
- To Stay Connected. We use information about data usage, devices, operating systems to diagnose problems with our servers, to administer our Platform, adopt decision when to retire SDK's/OS versions, to identify characteristics of major users so that we may optimize our applications and services and make your browsing and purchasing experience more enjoyable.
- To Customize Marketing. To provide more customized offers to our Users, we may conduct data analysis based on information you provide to us, your interactions with the Company’s Platform and its Users.
- To Send Service and Billing Messages. The Company may also contact you with important information regarding our Services, or your use thereof. For example, we may send you a notice (through any of the communication channels available to us) if a certain Service is temporarily suspended for maintenance; reply to your support ticket or e-mail; send you reminders or warnings regarding upcoming or late payments for your current or upcoming subscriptions; forward abuse complaints regarding your hosting plan; or notify you of material changes in our Services. Such kind of communication is essential, for this reason, no opt-out possibilities are given to avoid receiving such Service and Billing Messages unless you are no longer a Company’s User (which can be done by deactivating your Account).
- To Register Domain. In certain jurisdictions or pursuant to the rules of the ICANN or certain registries, domain name registration information has to be made available and accessible to the public through a “WHOIS” search. The WHOIS database is a publicly accessible database that lists the domain name registration information for a particular domain name, the name server(s) to which the domain name points, and the domain name’s creation and expiration date. The domain name registration information you provide is stored by the Company and is made available to the public through WHOIS searches. The Company may deposit your domain name registration information with a third-party escrow provider to comply with ICANN requirements. At times, Users may receive solicitations that result from searches of the publicly available WHOIS database by other companies or individuals. Any such solicitations or e-mail communications do not come from the Company and the Company is not responsible for the use of WHOIS information by third parties. The Company acts only on the basis of ICANN rules and requirements. For more information see: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whois.
- To contact you. In order to notify you regarding your Account, to troubleshoot problems with your Account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes, we may contact you via email, telephone, text messages, and portal.
- To provide, operate and improve the Services.
- To enhance data security and to prevent fraud.
- To comply with applicable laws and regulations.
5. JOB APPLICATIONS
The Company welcomes all qualified Applicants to apply to any of the open positions published at https://the3.eu by sending us their contact details and CV (“Applicants Information”) via the relevant Position Application Form on our Website, or through any other means provided by us.
We understand that privacy and discreteness are crucial to our Applicants and are committed to keep Applicants Information private and use it solely for the Company’s internal and group companies’ recruitment purposes (including for identifying Applicants, evaluating their applications, making hiring and employment decisions, and contacting Applicants by phone or in writing).
The Company may retain Applicants Information submitted to it for no longer than six months after the applied position has been filled or closed. We collect this information to re-consider Applicants for other positions and opportunities at the Company; we can use their Applicants Information as reference for future applications submitted by them; and if the Applicant is hired, for additional employment and business purposes related to his/her work at the Company.
If you previously submitted your Applicants Information to the Company, but now wish to access it, update it or have it deleted from our systems, please contact us at firstname.lastname@example.org.
6. INFORMATION PERTAINING TO VISITORS AND USERS OF OUR USER’S WEBSITES OR SERVICES
We may collect, store and process certain information pertaining to visitors and users of our User’s websites or services, solely on our Users’ behalf and at their direction. Each of our Users is able to collect and manage information, including personal data, via their website. Such information and personal data are then stored with the Company. For such purposes, within the meaning of the GDPR, the Company may in certain limited cases, as specified in the Universal Terms of Service Agreement, be considered as a “data processor” of such information pertaining to visitors and users of their websites or services. The Users controlling and operating such User websites, shall be considered as the “data controllers” of such information, and shall be solely, completely and fully responsible and liable for complying with all laws and regulations that may apply to the collection and control thereof, including all privacy and data protection laws of all relevant jurisdictions.
User shall be solely, completely and fully responsible for the security, integrity and authorized usage of information related to visitors and users of their websites or services, and for obtaining consents, permissions and providing any fair processing notices required for the collection and usage of such information.
The Company has no direct relationship with the individual visitors and users of our User’s websites or services whose personal data it processes. If you are a customer of any of our Users, and would like to make any requests regarding your personal data, please contact such User(s) directly.
For more information about data processing arrangement between us and our Users, please see our Universal Terms of Service Agreement.
7. DIRECT MARKETING
When creating an Account at our Platform, you are free to opt-out from receiving various offers directly to your e-mail, phone or in your Account. We use provided contact details and your preferences for direct marketing by sending various offers or newsletters.
These direct marketing offers, depending on your preferences, may be personalized taking into account any other information which you have provided to us (e.g. location, social media profile information, purchase history etc.) or we have collected or generated from other sources as described below.
Right to object
If a User wishes to change their preferences for direct marketing, they may exercise such option at any time they wish by following the instructions to unsubscribe in the received email.
You are free to opt out of our newsletters at any time. You can do this by clicking on a link for that purpose at the bottom of our e-mail with the newsletters.
You may at any time refuse to receive information from us by sending an email to email@example.com, or by visiting and adjusting your personal account settings.
8. OTHER USES OF YOUR PERSONAL DATA
- Developing Platform. We use data, including public feedback, to conduct research and development for the further development of our platform in order to provide you and others with a better, more intuitive and personalized experience, drive membership growth.
- Customer Support. We use data to help you and fix problems. We use the data (which can include your communications) to investigate, respond to and resolve complaints and issues (e.g., bugs).
- Aggregate Insights. We use data to generate aggregate insights. We use your data to produce and share aggregated insights that do not identify you.
- Security and Investigations. We use data for security, fraud prevention and investigations. We use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our Universal Terms of Service Agreement or this Policy and/or attempts to harm our Users.
9. SOURCES OF PERSONAL DATA
We collect and receive your Personal data from yourself (including your device) as well as from the following sources:
- Social network operators (such as Facebook, Google, etc.);
- Third-party service providers, suppliers and our partners;
- Other legal sources.
10. RETENTION AND DELETION
We generally retain your personal information for as long as is necessary to provide our services and to comply with our legal obligations. Where your personal information is no longer required we will ensure it is securely deleted.
If you would like to stop us using your personal information, you shall request that we erase your personal information and close your Account.
After de-activation of Account, we will still retain the following data for the purposes of compliance with applicable legal requirements (such as tax, accounting, legal reporting, AML, other), for as long as we are legally required by virtue of such legal requirements: profile with de-personalised information (we will change your email into firstname.lastname@example.org, erase you name, surname and contact information) like purchased services, login information, payment information, etc.
Please also note that we may further retain some of your personal information in such cases (i.e., after closure of your Account):
- as long as it is necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. If the Company suspends your Account for safety reasons, we may retain certain information from that Account to prevent that User from opening a new Account in the future;
- the extent necessary to comply with our legal obligations. The Company may keep some of your information for tax, legal reporting and auditing obligations;
- forum posts or other publicly visible information may continue to be publicly available on the Company’s Platform, even after your Account is deactivated. However, attribution of such information to you will be removed. Additionally, some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers;
- to resolve disputes;
- to enforce our agreements and/or pursue or protect our legitimate interests;
- as we protect the Company’s Platform from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time;
- domain name registration data - at the moment of writing this Policy, in order to register domain, we are requested to provide personal information about the owner of domain; this information is shown in WHOIS directory and is public. For more information, please visit https://www.icann.org/registrants.
11. DATA TRANSFERS AND USE OF THIRD-PARTY SERVICES
While collecting and processing your Personal Data, we may perform data transfers to various third parties.
11.1. With your consent
We will share your Personal Data with companies, organizations or individuals outside our group of companies when we have your consent to do so.
11.2. Where do we process your personal data?
- Users' Personal Information may be maintained, processed and stored by the Company and our authorized affiliates and service providers in the United Kingdom, Netherlands, Germany or Luxemburg, and in other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law (as further explained below).
- Job Applicants Information will be maintained, processed and stored in Bulgaria, in the applied position’s location(s), and as necessary, in secured cloud storage provided by our Third-Party Services.
- The Three Ltd. is based in the Republic of Bulgaria, which is a member of EU and offers an adequate level of protection Data Subjects’ Personal Data (as defined in EU GDPR).
- The Company affiliates and service providers (such as third-party data centres, servers, website design, administration services, online traffic and website analysis, statistics, direct marketing services, mailers, messengers, etc.), that store or process your personal data as well as personal data of your users on the Company’s behalf are each contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.
- Domain name registration data and identification data is shared with third parties in accordance with ICANN rules. For more information see https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whois.
We may share non-personally identifiable information publicly as well as with our partners - publishers, advertisers. For example, we may share information publicly to show trends about the general use of our platform.
If we are involved in a merger, reorganization, acquisition or sale, we will continue to ensure the confidentiality of any Personal Data and give all affected Users appropriate notices.
Some of our servers are located outside EU or European Economic Area (EEA), such as US, therefore, depending on your choice or the Services, your personal data as well as personal data of your users might be transferred to processors, sub-processors or other data recipients established in such third countries (i.e., data centers and servers, located outside EU or EEA). We will ensure that the said personal data will be transferred only if there is a sufficient basis for this under the GDPR and other applicable legal acts.
EU-U.S. Privacy Shield. When providing hosting and other services, your personal data as well as personal data of your users might be transferred to data recipients established in third countries and participating in the EU-U.S. Privacy Shield Framework.
Standard contractual clauses for data transfers outside the EU or EEA. Your personal data as well as personal data of your users might be transferred to processors, sub-processors or other data recipients established in third countries (i.e., data centers and servers, located outside EU or EEA). For such transfers to be compatible with the requirements of GDPR, we have concluded with the data processors and/or sub-processor relevant agreements on such data transfers outside EU or EEA, which comply with the European Commission approved standard contractual clauses for data transfers from data controllers in the EU to data processors and/or controllers established outside the EU or European Economic Area (EEA). For more see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. For the said purposes and to the extent relevant we have deemed that the said agreements were concluded on your behalf and under your instructions, as the case may be, all in line with Art. 46 of GDPR.
Other grounds for data transfers outside the EU or European Economic Area (EEA). Your personal data as well as personal data of your users might be transferred to data recipients established in third countries on other legal grounds compatible with the requirements of GDPR (Art. 45-49).
Transfer, disclosure of data to competent authorities. In certain situations, the Company may be asked to disclose personal data in response to lawful requests by public authorities, other competent authorities, including when it is required to meet national security or law enforcement requirements, and will do so where permitted by local data protection laws.
11.3. Data Localisation Obligations
If you reside in a jurisdiction that imposes “data localization” or “data residency” obligations (i.e., requiring that Personal Information of its residents be kept within the territorial boundaries of such jurisdiction), and this fact comes to our attention, we may maintain your Personal Information within such territorial boundaries, if we are legally obligated to do so.
You acknowledge that while doing so, we may continue to collect, store and use your Personal Information elsewhere.
11.4. Targeting, advertising
11.5. Social Media Features
Our Services include certain Social Media features and widgets, single sign on features, such as the “Facebook Connect” or “Google Sign-in”, the “Facebook Like” button, the “Share this” button or other interactive mini-programs (“Social Media Features”). These Social Media Features may collect information such as your IP address or which page you are visiting on our Website, and may set a cookie to enable them to function properly. Social Media Features are either hosted by a third party or hosted directly on our Services. Your interactions with these third parties’ Social Media Features are governed by their respective policies.
11.6. Third Party Services
The Company has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session recording and remote access services, performance measurement, data optimization and marketing services, content providers, and our legal and financial advisors (collectively, “Third Party Service(s)”).
Such Third Party Services may receive or otherwise have access to our Visitors’ and Users’ Personal Information and/or Users-of-Users’ Personal Information, in its entirety or in part – depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes.
11.7. Our Legal Obligation to Use or Disclose Personal Data
We will reveal your Personal Data to state and public authorities without your prior permission only when we are legally required to provide information, including taking legal action to defend our rights, as well as the cases, where we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, enforce applicable Terms of Services, including investigation of potential violations, detect, prevent or otherwise address fraud, security or technical issues.
We may share your personal data in manners other than as described above, pursuant to your explicit consent, or if we are legally obligated to do so.
The Company has implemented security measures designed to protect Personal Data you share with us, including physical, electronic and procedural measures. Among other things, we offer HTTPS secure access to most areas on our Services. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and Third-Party Services for further enhancing the security of our Services and protection of our Visitors’ and Users’ privacy.
Regardless of the measures and efforts taken by the Company, we cannot and do not guarantee the absolute protection and security of your Personal Data, or any other User Content you upload, publish or otherwise share with the Company or anyone else.
We therefore encourage you to set strong passwords for your User Account and avoid providing us or anyone with any sensitive information of which you believe its disclosure could cause you substantial or irreparable harm.
If you have any questions regarding the security of our Services, you are welcome to contact us at email@example.com
13. YOUR RIGHTS
You are entitled to a range of rights regarding the protection of your Personal Data, which are subject to limitations, restrictions and conditions as laid down in GDPR and applicable law. Those rights are:
- the right to access the information we process about you;
- the right to rectify incorrect/inaccurate information about you;
- the right to transfer all or part of the information collected about you to you or another data controller, where technically feasible (the right to data portability; with limitations and restrictions as specified in the EU General Data Protection Regulation);
- the right to erase any data concerning you. Users may demand erasure of data without undue delay for legitimate reasons, e.g. where data is no longer necessary for the purposes it was collected, or where the data has been unlawfully processed;
- the right to the restriction of data processing. Users, for legitimate purposes, may obtain restriction of data processing from the controller;
- the right to object to the processing of Personal Data when processing is carried out on the basis of legitimate interest, as well as in cases of use of your personal data for direct marketing purposes, as specified above in this Policy.
Some of the rights as above are easy to exercise: i.e., you may at any time access and edit, update or amend your details, opt out of receiving communications from us and our partners by visiting and adjusting your personal account settings, or by e-mail: firstname.lastname@example.org.
When you object to processing of Personal Data when processing is carried out on the basis of legitimate interest, we will carefully consider such a request, which may result in your Account closure or de-activation.
Users have the right to lodge a complaint with the national Data Protection Agency in their country of residence in the event where their rights may have been infringed. However, we recommend attempting to reach a peaceful resolution of the possible dispute by contacting us first.
14. ACCEPTANCE OF THIS POLICY
We assume that all Users of the Company’s Platform have carefully read this document and agree to its contents. If someone does not agree with this Policy, they should refrain from using our website, application or service. We reserve the right to change our Policy at any time and inform by using the way as indicated in Section 17. Continued use of The Company’s website, application or service implies acceptance of the revised Policy.
This Policy is an integral part of the Company’s Universal Terms of Service Agreement.
We will ask for your consent before using information for a purpose other than those set out in this Policy.
16. APPLICATION OF POLICY
Our Policy applies to all of the services offered by us and our affiliates, but excludes services that have separate privacy policies that do not incorporate this Policy.
Our Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include our services or other sites linked from our services.
Our Policy may change from time to time. We will post any Policy changes on our website and, if the changes are significant, we may consider providing a more explicit notice (including, for certain services, email notification of Policy changes).
18. FURTHER INFORMATION