Privacy policy

Last updated 2024-04-11

Nectarly, a project under the jurisdiction of the Freedom and Respect for Every Earthling (F.R.E.E.) Association, a Romanian legal entity based in Timișoara, Preot Alexandru Bălaș Street, no. 6-8, 2nd floor, apartment 12, registered in the Register of Associations and Foundations under no. 24277/A/2017, fiscal registration code 38020161, has updated its policy on the processing of personal data in order to comply with the new rules introduced by the General Data Protection Regulation, no. 679 of April 27, 2016, applicable in the European Union (GDPR) for the protection of individuals with regard to the processing of personal data and the free movement of such data. The F.R.E.E. Association processes your personal data within the territory of Romania. 

Through this policy, we inform you about: 

• Relevant concepts regarding personal data

• What personal data we process

• The purposes for which we use this data

• To whom we may disclose the data 

• Your rights regarding the data

What does “personal data” mean? 

Personal data refers to any information or data that directly or indirectly identifies you. This includes information such as: name, surname, identification number, email address, address, mobile phone number, username, profile photos, location data, etc.  

What does the “processing” of personal data mean? 

Processing means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.

What personal data do we collect and process?

• Identification and contact information (name/username)

• Profile and cover pictures

• Data regarding the collaboration history with you as the data subjects

• Internet protocol (IP) address used to connect your computer to the Internet

• Login, e-mail address, password, computer and connection information and purchase history 

We also may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

*Your payment information is not processed by us, so we do not have access to debit/credit card numbers or other payment details. When purchasing a subscription plan, you provide those to by Stripe Inc., our payment processor. Read their privacy policy here: https://stripe.com/en-gb-ro/privacy  

How do we use your email address?

By providing your email address on this app, you consent to receiving emails from us. You may unsubscribe from these mailing lists at any time by using the "unsubscribe" link or other options provided in the emails. We only send emails to individuals who have permitted us to contact them. We do not send unsolicited marketing emails, as we also dislike spam. By providing your email address, you also permit us to use it for targeted advertising through platforms like Facebook, specifically for individuals who have opted in to receive communications from us. Any email addresses provided during order processing will only be used to send relevant information and updates about the animal you virtually adopted. However, if you give us the same email address through other methods, we may use it for other purposes outlined in this policy. If you ever wish to stop receiving future emails, we include clear unsubscribe instructions in every email.

What purposes is your personal data processed for?

• Meeting your payment obligations as donors or sponsors

• Communicating certain activities carried out by Nectarly, which may be of interest to you 

• To supply audio-visual data in accordance with your selected payment plan.

• To provide you with ongoing customer assistance and technical support

• To comply with any applicable laws and regulations

The processing of this personal data is based on donation and sponsorship contracts, through the acceptance of this policy. In other situations, the processing of data is carried out in accordance with the current legislation in civil, fiscal, administrative, etc., matters. 

For how long do we hold the personal data necessary for processing?

The data necessary for processing will be retained depending on the category of processed personal data. They can be deleted upon request during this period, if applicable, unless this conflicts with other national laws in force. If you want to permanently delete your account, you can contact us and we will delete your email address and provided password from our database. Please see a clear data retention policy below. 

Data retention policy

We retain your data only for as long as it is needed to provide our services to you and to fulfill the purposes outlined in this policy. This retention policy also applies to any third parties with whom we share your data for service-related purposes. Below are the specifics for different situations:

• Subscription Plans: If you choose a subscription plan, your first name and initial will appear on the honeycomb page accessible from the dropdown menu. This data will remain even if you delete your account. If you would like to remove your name from the digital honeycomb, please email us at thisisnectarly@gmail.com or reach out via Instagram. The digital honeycomb is an additional page on our website that features is a visual honeycomb of the people who purchased a monthly subscription or gave a one-time donation. 

• Monthly Subscriptions: For monthly subscriptions, we will retain your data even if you cancel your subscription. Your data will be deleted if you choose to delete your entire account, which you can do through your account in the dropdown menu.

• One-Time Donations: For one-time donations, we do not store your data for longer than 1 year.

• Newsletter Subscribers: If you subscribe to our newsletter without creating an account, you must manually unsubscribe for us to delete your email from our records. Once unsubscribed, your email will be deleted within 30 days.

Once your information is no longer necessary for these purposes and there are no legal or regulatory requirements for retention, we will either delete it from our systems or anonymize it to prevent any identification.

We are committed to handling your data responsibly and in compliance with applicable laws.

Do we share the information we collect with third parties?​

We may share both personal and non-personal data that we collect with third parties, such as advertisers, sponsors, and partners in marketing and promotions, as well as with those who provide our content or whose services we think may be relevant to you. 

Additionally, we might share this data with our affiliated companies and business partners now and in the future. In cases of business transitions like mergers or sales, we may also transfer your data, both personal and non-personal, to new owners or entities. We collaborate with trusted third-party service providers to perform various services for us, such as hosting, maintaining our servers, managing our database and emails, and processing credit card payments (WIX, Stripe Inc). These service providers might also handle customer service tasks or fulfill orders made through our platform. It’s likely that we will share your personal information, and in some cases, non-personal data, with these third parties to facilitate these services on our behalf. We might also share segments of our log file data, including IP addresses, for analytics purposes with partners like web analytics providers, app developers, and ad networks. Your IP address could be used to determine general location, network speed, or device type. This data may be aggregated to enhance our services, and help both us and our advertisers with auditing, research, and reporting. Furthermore, we may disclose your personal and non-personal information to government authorities, law enforcement, or private parties if we believe it is necessary to protect our rights or the rights of others, for public safety, or to comply with legal obligations, such as responding to subpoenas or court orders. This could also be done to prevent illegal or unethical activities and to ensure compliance with relevant laws and regulations.

Transfer of personal data 

After collecting your personal information, the F.R.E.E Association will not transmit the data to other entities. The project itself, Nectarly, is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.  All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Could my information be transferred to other countries?

We are based in Romania. The information we collect through our website, your direct interactions with us, or through our help services, may be transferred periodically to our offices, staff, or third-party partners around the world. This information may be stored or accessed in various locations globally, including in countries that may not have comprehensive laws regulating data usage and transfer. To the maximum extent permitted by law, by using our services, you agree to the cross-border transfer and storage of your information. 

How do we communicate with our site visitors?

We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, or to send updates about our company. For these purposes we may contact you via email, telephone or text messages, depending on the type of contact information you provided. 

Is the information collected through our service secure? 

We take steps to ensure the security of your information by implementing physical, electronic, and administrative measures designed to protect it, prevent unauthorized access, maintain data integrity, and ensure its appropriate use. However, no security system, including encryption, is entirely foolproof. Individuals can make errors, commit intentional violations, or fail to adhere to policies. Therefore, while we make reasonable efforts to safeguard your personal information, we cannot guarantee its absolute security. If applicable law requires us to protect your personal information, you agree that our compliance with that duty will be measured based on standards of intentional misconduct.

Sale of Project

We reserve the right to transfer information to a third party if there is a sale, merger, or other transfer of all or most of our assets or those of any of our Corporate Affiliates (as defined below), or of the part of our business or our Corporate Affiliates that relates to the Service. This also applies if we cease operations or file for bankruptcy, reorganization, or a similar proceeding, provided that the third party agrees to comply with the terms of this Privacy Policy.

Affiliates

We may disclose information (including personal information) about you to our Corporate Affiliates. For purposes of this Privacy Policy, "Corporate Affiliate" means any person or entity which directly or indirectly controls, is controlled by or is under common control with us, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

How Do We Safeguard Your Information?

The following paragraph is taken from WIX’s privacy policy:

“Wix has implemented security measures designed to protect the Personal Information you share with us, including physical, electronic and procedural measures. Among other things, we offer HTTPS secure access to most areas on our Services; the transmission of sensitive payment information (such as a credit card number) through our designated purchase forms is protected by an industry standard SSL/TLS encrypted connection; and we regularly maintain a PCI DSS (Payment Card Industry Data Security Standards) certification. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and Third Party Services for further enhancing the security of our Services and protection of our Visitors’ and Users’ privacy.​

Regardless of the measures and efforts taken by Wix, we cannot and do not guarantee the absolute protection and security of your Personal Information, your Users-of-Users’ Personal Information or any other information you upload, publish or otherwise share with Wix or anyone else. We encourage you to set strong passwords for your User Account and User Website, and avoid providing us or anyone with any sensitive Personal Information of which you believe its disclosure could cause you substantial or irreparable harm.

Furthermore, because certain areas on our Services are less secure than others (for example, if you set your Support forum ticket to be “Public” instead of “Private”, or if you browse to a non-SSL page), and since e-mail and instant messaging are not recognized as secure forms of communications, we request and encourage you not to share any Personal Information on any of these areas or via any of these methods.”

However, your payment information is stored by Stripe Inc., our payment processor. Here is what they say about the privacy of your credit card details:

“Stripe encrypts sensitive data both in transit and at rest. Stripe’s infrastructure for storing, decrypting, and transmitting primary account numbers (PANs), such as credit card numbers, runs in a separate hosting infrastructure, and doesn’t share any credentials with the rest of our services. A dedicated team manages our CDV in an isolated Amazon Web Services (AWS) environment that’s separate from the rest of Stripe’s infrastructure. Access to this separate environment is restricted to a small number of specially trained engineers and access is reviewed quarterly.

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. We tokenize PANs internally, isolating raw numbers from the rest of our infrastructure. None of Stripe’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services including our API and website. It’s not just PANs that are tokenized this way; we treat other sensitive data, like bank account information, in a similar way.”

Governing Law

This Agreement and your use of our services are governed by the laws of Romania, excluding its conflict of law rules. Additionally, your use of our services may be subject to other local, state, national, or international laws.

Your Consent

By using our service, registering an account, or making a purchase, you consent to this Privacy Policy.

Links to Other Websites

This Privacy Policy applies only to the Services. The Services may contain links to other websites not operated or controlled by Nectarly. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Services to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our platform, is subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

What are your rights as data subjects? 

Based on the GDPR and related data protection legislation, you have the following rights:

• The right to access: you have the right to obtain confirmation from us as to whether or not we process your personal data, and if so, you have the right to access that data, as well as information about how it is processed. 

• The right to data portability: you have the right to receive your data in a structured, commonly used, and machine-readable format.

• The right to object: you can always object to the processing of your personal data.

• The right to rectification: you can request the correction of inaccurate personal data without undue delay. The notification will be communicated to each recipient to whom the data has been disclosed, unless this proves impossible or involves disproportionate effort. 

• The right to erasure: you have the right to request the erasure of your personal data without undue delay if it is no longer necessary for the purposes for which it was collected or processed by us. This means if you no longer want to support shelters to our program, you can request data erasure (this can be done by deleting your account). In this scenario, your data is no longer necessary for supporting the shelter(s) as no more support is continuing. You can also, at any time, object to the processing if there are no legitimate grounds that override your rights or if your personal data has been unlawfully processed or needs to be erased to comply with a legal obligation.

• The right to restriction of processing in any of the following cases: 

  • The accuracy of the data we process is contested by you

  • The processing of the data is unlawful, and you request the restriction of its use by us

  •  If you need the data for the establishment, exercise or defense of legal crimes. The restriction of processing  applies for the period during which we verify whether our legitimate rights override your rights.  

• Right to Withdraw Consent: When data processing is based on your consent, you have the right to withdraw your consent at any time. To do so, please reach out to us via email at thisisnectarly@gmail.com

• Right to be Informed: You have the right to be informed about the collection and use of your personal data, including the purposes for processing, retention periods, and who it will be shared with. This information is provided in this privacy policy and any updates or clarifications will be communicated to you.

• Right to Lodge a Complaint: If you believe that we have not handled your personal data in compliance with applicable data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.

• Right to Prevent Automated Decision-Making and Profiling: Where decisions about you are based solely on automated processing (including profiling) and have significant effects, you have the right to request human intervention or to express your point of view and contest the decision, unless such processing is necessary for entering into or performing a contract.

Kids' Privacy

We do not collect information from kids under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data without your permission, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

Breach notification 

In the event of a data breach, we are committed to notifying you promptly in accordance with applicable laws. We will take the following steps to address and communicate any such incidents:

1. Assessment and Containment: Upon discovering a breach, we will promptly assess the nature and extent of the breach, contain it to prevent further unauthorized access, and take immediate steps to mitigate any potential harm.

2. Notification of Affected Individuals: If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly and without undue delay. Our notification will include:

• A description of the breach and the data affected;

• Steps we have taken or plan to take to address and mitigate the breach;

• Any recommendations for actions you can take to protect your information; and

• Contact information for our data protection officer or designated contact for further inquiries.

1. Notification of Relevant Authorities: We will report the breach to relevant supervisory authorities, as required by law, within 72 hours of becoming aware of the breach unless it is unlikely to pose a risk to your rights and freedoms.

2. Ongoing Protection and Review: After a breach, we will review our data protection measures, assess any vulnerabilities, and strengthen our security practices to prevent future incidents.

Changes To Our Privacy Policy

 If we decide to change our privacy policy, we will post those changes on this page, and/or update the Privacy Policy modification date at the top of this page.

Third-Party Services 

We may display, include, or make available content, data, information, applications, and other products or services from third parties, or provide links to third-party websites or services ("Third-Party Services"). You acknowledge and agree that we are not responsible for these Third-Party Services, including their accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality, or any other aspect. We do not assume, and will not have, any liability or responsibility to you or anyone else for any Third-Party Services. These services and links are provided solely for your convenience, and you access and use them at your own risk, subject to the terms and conditions of the respective third parties.

Limitation of Liability for Payment Processing

As mentioned, Nectarly uses Stripe Inc. as a payment processing service. In the event that Stripe restricts, suspends, or terminates our account for any reason, subsequently blocking the funds before transferring them to our account, Nectarly or F.R.E.E Animals shall not be held liable for any refunds, chargebacks, or losses incurred as a result of such actions. You acknowledge that payment processing through Stripe is subject to their terms and conditions, and any disputes regarding transactions processed through Stripe must be addressed directly with Stripe. We will not be responsible for any disruptions in service, including the inability to process refunds due to Stripe's account actions. Given that users are purchasing a subscription plan, if the funds are blocked by Stripe or fail to be transferred to our account in 30 calendar days, your subscription plan will be immediately terminated until the issue is solved.

Information about General Data Protection Regulation (GDPR)

We may be collecting and using information from you if you are from the European Economic Area (EEA), and in this section of our Privacy Policy we are going to explain exactly how and why is this data collected, and how we maintain this data under protection from being replicated or used in the wrong way. 

What is GDPR? 

GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have, over their personal data.

Why is GDPR important? 

The General Data Protection Regulation (GDPR) introduces new obligations for companies regarding the protection of individuals' personal data that they collect and manage. It significantly enhances the importance of compliance by increasing enforcement measures and imposing heavier fines for violations. Beyond the legal aspects, prioritizing data privacy is fundamentally the right approach. At Nectarly, we firmly believe in the importance of your data privacy, and we have implemented robust security and privacy practices that exceed the requirements set forth by this regulation.

What tracking technologies do we use? 

• Our website only uses cookies to track and store information. Cookies are small text files stored on your device when you visit a website, enabling it to recognize your device on subsequent visits. They help improve your browsing experience by remembering your preferences and enabling certain website functionalities.

• According to their website, WIX only uses essential cookies. These cookies are necessary for the website to function properly. Without these, certain services or features may not be available, such as logging in or saving your preferences. 

You can manage or delete cookies through your browser settings. Please note that disabling certain types of cookies may impact your experience on the website.

For more information on how to manage cookies, please refer to the following resources:

• Cookie settings in Firefox (http://support.mozilla.com/en-US/kb/Enabling%20and%20disabling%20cookies)

• Cookie settings in Internet Explorer (https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies)

• Cookie settings in Google Chrome (http://www.google.com/support/chrome/bin/answer.py?answer=95647http://www.google.com/support/chrome/bin/answer.py?answer=95647)

• Cookie settings in Safari (OS X) (http://support.apple.com/kb/PH17191?viewlocale=en_US&locale=en_US)

• Cookie settings in Safari (iOS) (https://support.apple.com/en-us/HT201265)

• Cookie settings in Android

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

 

For any clarifications, suggestions, and interventions regarding our use of personal data, you can contact us at the email address thisisnectarly@gmail.com.