Privacy Policy
Introduction
This Privacy Policy outlines the practices and principles adopted by Centox, registered at centox.io, in relation to the collection, processing, and management of personal data. This encompasses data obtained through our primary website, centox.io (hereinafter referred to as "our website" or "this website"), as well as third-party websites (referred to as "forums") that employ the Centox forum platform.
Scope
Our website is not designed for, nor directed towards, children. We do not intentionally gather data from or about children. We recognize that minors might access this website or engage with us and our commercial affiliates. We strongly advise all minors to seek the guidance and consent of their parents or legal guardians before submitting any content or personal information to Centox, our commercial partners, or any third-party entities.
Section 1 - Data Controller
Centox holds the position of the data controller and bears responsibility for the management and protection of your personal data. Throughout this Privacy Policy, references to "Centox", "us", "we", or "our" pertain to this role and responsibility.
Section 2 - The data we collect
In this section, we delineate the nature of the "personal data" or "personal information" that we gather. Specifically, this pertains to data that possesses the potential to identify you as an individual. Data that has been anonymized and thus cannot be used for identification purposes is excluded from this description
Section 3 - Information that we collect, and why
Username
Description: The name that you entered when creating your account. (When logging in to a public forums) Reason: The username is used to address you on our platform, this may include messages on the dashboard, e-mails, or similar situations.
Description: The e-mail address that you enter when creating your admin-account. Reason: To allow you to log in to your account, and to send notifications about payment information, or account information. We will never share this information with any third party.
Password
Description: The password that you entered when creating your account will be stored in a hashed form (we cannot "revert" it to your real password, nor can we see your real password.) Reason: To allow you to log in to your account.
IP Address
Description: We store your IP address when you first create your account, and when you sign in again. Reason: We store your IP address for security reasons, this includes our ability to verify ownership, or detecting abnormal activities on an account, done from another IP address.
Billing Information
Description: If you sign up for a `paid-for` plan, we are required by law to ask for, and store, billing information for creating the invoice. This includes; Country, VAT number, Phone number, State, Zip Code, City, Address, First legal name, Last legal name. Reason: We are required by law to store this information for tax purposes. Please note that this part is managed through Stripe, where some of the given information often cannot be made available to us at all.
Analytics
We use a self-hosted server for storing visitor counts on our website, it stores information like; Operation system, screen resolution, browser, your country, no data is given to third parties. We only enable analytics tracking when cookies are accepted, and when the browser does not give us a "Do-not-track" request. We respect "do-not-track" requests. Reason: We want to know about visit counts on our website, and where our visitors are coming from, we do not use this information for any other purpose. And we do not sell any of this information.
Section 4 - How is my data collected?
Direct Collection: We may solicit personal and non-personal information directly from you through methods such as forms. These forms encompass various interactions, including but not limited to registration, support inquiries, and billing details.
Automated Technologies: As a standard operational procedure, our servers might capture automated data, such as web pages accessed by you. Such data is stored in server logs intended primarily for diagnostic and troubleshooting purposes. We commit to not monetizing this data by selling it to third parties. Further, this data will not be utilized for tracking users' activities. The purpose of these logs is strictly technical, as necessitated by the software operating our platform.
Third-party Integrations: Our platform integrates with selected third-party tools to enhance performance and provide a more user-friendly experience. These are also for your own safety. Further details on these integrations are elucidated in Section 5.
Section 5 - Third-party integrations
We use various third-party services to provide you with our services, this section will describe the services that we use, and why we use them.
CloudFlare
CloudFlare operates as a renowned Content Delivery Network (CDN) and offers protection against Distributed Denial of Service (DDoS) attacks. It's noteworthy to mention that approximately 30-40% of online entities utilize CloudFlare's services for their web assets, and we are among them. CloudFlare may process certain user data to establish a security score relevant to its protective measures. For a comprehensive understanding of CloudFlare's data handling practices and policies, we recommend visiting their official website: https://www.cloudflare.com/.
Section 6 - Data Shared In Forms (on public forums)
While we are unwavering in our commitment to uphold the utmost standards of security across our primary platform, it is imperative to delineate our stance regarding third-party forums (Such as "demo.centox.io" and "forum.yourdomain.com") Scope of Responsibility: Centox expressly disclaims responsibility for personal data or any information voluntarily disclosed by users on these public forums. Our security protocols, while stringent for our main platform, might not extend to third-party or user-controlled forums under our domain.
User Discretion: Data shared on these forums becomes accessible to individuals granted viewing rights either by platform settings or by the forum's administrator. We implore users to judiciously consider the potential reach and implications of their shared information. This consideration should extend to any past, present, or potential future data that are shared.
Sensitive Data Advisory: It is of paramount importance that users refrain from sharing data of a sensitive or confidential nature, such as passwords, financial details, or personal intimate information. While our primary platform is fortified with encryption measures, the security dynamics of public forums differ significantly. We do have robust encryption mechanisms, which are designed to shield data on our primary platform from unauthorized access or breaches.
Third-party Interactions: It's worth noting that interactions on public forums may be monitored or recorded by third parties beyond our control. Thus, any interaction or data sharing on these platforms is at the user's own risk.
Continuous Awareness: We recommend regular visits to our terms and conditions and privacy policy, which are periodically updated to reflect changes in our data protection strategies and other pertinent practices.
Section 7 - Third-party data sharing
We are judicious in the handling of your information. While we may disclose your data to select third parties, such dissemination is carried out strictly on an as-needed basis. Our sharing may involve:
Service Providers: To offer you an optimal experience with our services, we collaborate with various service providers. This encompasses entities integral to our service delivery, such as payment processors (e.g., Stripe and PayPal), which facilitate your transactions.
Professional Advisors within the EEA: We engage with expert advisors based in the European Economic Area (EEA) for a range of services. This cadre includes, but is not limited to, legal counsel, banking professionals, auditors, and insurance agents, assisting us with consultancy, legal matters, financial services, and insurance coverage, respectively.
Legal Compliance: Should legal stipulations necessitate the disclosure of specific information, we are bound to comply. This may involve interactions with authorities situated in Denmark, or elsewhere, particularly when there are reporting mandates in place.
Section 8 - Data Security
We have implemented robust security protocols to safeguard your information against unauthorized access, misuse, or loss.
Access to your personal data is stringently restricted to our employees, agents, contractors, and specific third parties who possess a legitimate business interest. These entities are permitted to handle your data exclusively upon our directive and are bound by confidentiality obligations.
For enhanced data protection on your end, we recommend adopting measures such as ensuring that your password for our website is exclusive and doesn't contain readily available information, such as your name.
Section 9 - Data retention
We commit to retaining your personal data solely for the duration required to serve the objectives for which it was initially gathered. This includes meeting any associated legal, financial, or reporting obligations.
We are required by tax law to keep basic information, including Contact, Identity, Financial and Transaction Data. We are required to keep this data for up to 5 (ten) years. The primary legislation governing this in Denmark is the Danish Bookkeeping Act ("Bogføringsloven").
Section 10 - Your legal rights
We are committed to ensuring that you are fully informed about your rights concerning your personal data. As a user, you are entitled to the following:
Right to Access: You can request copies of the personal data we hold about you.
Right to Rectification: Should you identify any inaccuracies in your data, you possess the right to request corrections. Additionally, you can ask us to complete any data you deem incomplete.
Right to Erasure: Under specified conditions, you can request the deletion of your personal data. This includes the ability to remove data directly from your profile.
Right to Restrict Processing: Under particular circumstances, you can request a limitation on how we process your personal data.
Right to Object: You have the prerogative to challenge our processing of your personal data under certain conditions.
Right to Data Portability: If you wish to transfer your data to a different entity or directly back to you, you can request us to do so, provided certain conditions are met.
Accessing your personal data or exercising your rights will typically not incur any charges. However, in instances where your request appears to be groundless, repetitive, or excessive, we reserve the right to impose a nominal fee. We may also opt to decline such requests under these circumstances.
For the protection of personal data, we may solicit additional information to verify your identity before processing your request. This measure is imperative to prevent the inadvertent disclosure of data to unauthorized individuals. To expedite our response, we may reach out to you for further clarification or details regarding your request.
After receiving your request, we endeavor to respond within one month. However, for intricate requests, the processing time may be extended. Rest assured, we will keep you informed of any potential delays. If you wish to request removal of data, and you are a:
Forum owner (you have a Centox admin account) – You can close your account from your profile, this will remove all information if you do not log back into the account within 30 days.
User on a forum (you logged in to a forum e.g “demo.centox.io”) – You can access our "Data Removal" page to automatically remove your information, see: https://centox.io/privacy.
If you wish to exercise any of your other right listed above, please email us at [email protected].
Last Updated: 29/08/2023