lock Sign Up

Privacy Policy

Here at Caasy we take your privacy and the processing of your personal data very seriously. Therefore, we have prepared this Privacy Notice where we describe our contact details, information regarding what personal data we process and what rights you have towards us and how you may defend them. Always feel free to contact our customer support if you have any questions about our processing of personal data or this Privacy Notice.

Contact Details to the Controller

Name of the company:

Caasy, a Mosaic trademark

Company registration number:

FR33000143858

Country of operation:

Monaco

E-mail address:

info@mosaic.mc

Phone number:

+33 6 40 62 77 22

Postal address:

Mosaic, 9 Rue des Géraniums, 98000 Monaco, Monaco

What is personal data?

“Personal data” is any information relating to an identifiable or identified person (you as a user). An identifiable person is someone who can be identified, directly or indirectly, for example by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

Personal data which we handle

Your personal data may only be processed by us with your given consent, when it is necessary for the performance of a contract to which you are a party, or when it is necessary for our compliance with a legal obligation. The processing of the personal data, the specific purposes for the processing, the legal basis for the processing, and for how long we store your personal data, is described below.

When you create an account and open a subscription with us, we may store and process the personal data listed below:

  • Name
  • Email address
  • Home/mailing address
  • VAT number
  • Employment details (for example your employer, title and work address)
  • Profile picture

These are personal data that you provide when you sign up to use our service, or when you send us a request via the contact form on our website. When you sign up for our paid service, your account will also be designated a subscription ID, which is used to verify your subscription.

We process the described personal data to be able to provide you our offered service, for billing purposes, and to manage your subscription. Our processing is based on your consent by providing your personal data when you sign up and your data will be kept safely with us for as long as you have an active subscription and for up to an additional month after you have deleted your account. This deletion period does not apply to personal data included in the content that you have contributed to a site to which you are not the owner (for example your name as the author of articles, etc.).

For the avoidance of doubt, Caasy does not control nor have any responsibility for the handling of personal data which is submitted by you or another user to a site for which you are not the primary site owner. In such case, it is the site owner who is controlling and processing the personal data of other data subjects on the site owner’s website, and it is the site owner who has sole responsibility over all such personal data, even though such content is stored on Caasy’s servers. This includes the deletion of your data when the site owner deletes a site to which you as a user are a contributor and where your personal data is stored and processed. If you have any questions regarding the processing of your personal data by such user or site owner, please refer to the site owner’s privacy policy or contact that user directly for more information on his/her processing of your data.

Sharing with third parties

Your data will be shared with certain named third parties, as this is necessary for us to provide our service. The data shared with them are stored on servers located within the EU. These third parties are:

Mailgun – We have employed Mailgun as our email service provider. We may share your name, email address and subscription ID to enable functions such as password reset and sending you notifications related to our service. We also use Mailgun to forward us requests that you may have submitted via the contact form made available on our website. For more information on how Mailgun process personal data, please visit https://www.mailgun.com/gdpr/.

EmailOctopus - For mailing lists, such as our newsletter, we are using the services provided by EmailOctopus. If you subscribe to one of our mailing lists, your email address, as well as your IP address, will be shared with EmailOctopus. This is necessary to send the respective emails to your inbox. The IP address is used by EmailOctopus for fraud and abuse detection. You can unsubscribe from a mailing list at any time by clicking the unsubscribe button at the bottom of the email. For more information on how EmailOctopus process personal data, please visit https://emailoctopus.com/legal/privacy.

Google Cloud Platform – All our services, for example related to storing of data on servers, are hosted by Google Cloud Platform. Your personal data will therefore be stored on Google Cloud Platform’s servers. For more information on how Google Cloud Platform process personal data, please visit https://cloud.google.com/security/gdpr.

MongoDB Atlas – For managing our database, in which your personal data may be kept, we employ MongoDB Atlas, who are using Google Cloud Platform. For more information on how MongoDB Atlas process personal data, please visit https://www.mongodb.com/cloud/atlas.

Braintree – For managing payments related to your subscription, we are using Braintree. None of your payment details reach our servers but are sent directly to Braintree. We will share your name and email address with Braintree for them to be able to send you your payment receipt. Braintree will designate you a Subscription ID, which they share with us, together with information about your payment, and which we will use to track that you have paid for your monthly subscription. For more information on how Braintree process personal data, please visit https://www.braintreepayments.com/se/legal/braintree-privacy-policy.

Third-party websites

When using our site, you may be directed to third-party websites beyond our sphere of influence. We are not responsible for the content or the privacy policies on such other sites.

Cookies

A cookie is a small piece of data that may be stored on your computer or mobile device, used to allow the website to “remember” you and your preferences over time. These session cookies are stored for only a brief amount of time (up to 7 hours after your visit) and are necessary for authentication purposes.

You can manage the cookies and whether you accept cookies or not on your computer or mobile device by accessing the browser settings. For most browsers, you are able to categorically accept, refuse or delete cookies at all times.

Security

We are committed to securing personal information and any data we collect from clients. We use physical, technical and organisational security safeguards to help protect your personal data that we have collected from unauthorised access and other third parties than described in this privacy policy.

Termination of Service

Caasy may at any time limit or cancel the offering of the service, with or without prior notice. In such case

Summary of your rights towards us:

You as a user have the possibility to claim several rights towards us. Such rights are listed here and thereafter described in detail below. You find our contact details at the top of this Privacy Notice.

  • Right to be forgotten
  • Right to withdraw consent
  • Right to access
  • Right to rectification
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to file a complaint with a supervisory authority
Right to be forgotten

You have the right to request that we delete any personal data that we process about you. We will delete the data as soon as possible, but at least within one month’s time. If the personal data is needed for fulfillment of our contractual duties towards you or to preserve it with legal ground, we will however not delete the information until the data is no longer needed. We will also, without your explicit demand, delete such personal data that we have collected but do not longer have a lawful right to process. We will inform you about this, if it would occur.

Please note that for any personal data of you as a user included in relation to the content posted on a site for which you are not the primary owner, it is the site owner, not Caasy, that is the data controller. Please contact such site owner regarding any exercise of your rights under the GDPR.

Right to withdraw consent

You have the right to withdraw your given consent at any time. If you do so, we will erase such personal data which is not subject to any other legal ground than your given consent. The erasure will be done as soon as possible. Please note that your withdrawal of consent does not oblige us to erase personal data which is processed based on a contractual relationship or any other legal ground.

Right of access

You have, at any time, the right to receive confirmation from us as to whether personal data concerning you are being processed. You have also the right to access that personal data and to receive the following information:

  • a) The purposes of the processing
  • b) The categories of personal data concerned
  • c) The recipients or categories of recipients to whom personal data have been or will be disclosed
  • d) The envisaged period for which the personal data will be stored or the criteria used to determine that period
  • e) The existence of automated decision-making and profiling
Right to rectification

You have, at any time, the right to demand us to correct any inaccurate personal data within a month’s time. You have also the right to complete incomplete personal data, taking into account our purposes of the processing, by the means of providing an additional statement.

Right to restriction of processing

You have, instead of demanding us to delete any data, the right to demand us to restrict our processing of your personal data. This may be achieved if

  • a) You have reason to believe that the accuracy of the personal data is not correct, and the restriction shall be in place during a period that allows us to verify the accuracy of the personal data
  • b) The processing is unlawful but you don’t want us to delete the personal data
  • c) We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims
  • d) You have objected to processing concerning profiling or automated decision-making, whereby a restriction shall be obtained during the period when we assess whether our legitimate ground for the processing override your legitimate ground.
Data portability

You have the right to retrieve the personal data which we process about you and that you have provided to us. You have also the right to demand that we transmit such personal data to another data controller if the personal data is collected based on your consent or if the processing of the personal data is carried out by automated means by us, if we deem it technically feasible.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. This can be done when the personal data is processed as part of automated decision-making, including profiling, and direct marketing, if such processing would be carried out (see “Personal data that we process” above).

Right to file a complaint with a supervisory authority

You have, at any time, the right to lodge a complaint with a supervisory authority regarding our processing of your personal data. Regardless of where we carry out our business, even if it would not be in the member state which is your country of residence, you have the right to lodge your complaint to your national supervisory authority. Please follow to the link below to find the contact details to your national supervisory authority: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

About this Privacy Notice

With regard to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), we must disclose what personal data we collect and process about you, and for what purposes. In this Privacy Notice, you find all such information that we are obliged to inform you.

The Regulation in its entirety in your language, may be accessed by following this link: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC

Would you like to defend your rights, which are listed in this Privacy Notice, you may contact us using the contact information listed above.