fbpx

Legal

Privacy Policy

GLOBAL PRIVACY POLICY

As Startup Law Consultancy, Inc. (hereinafter referred to as “Clemta”, the “Company“, “We”, and through similar words such as “us”, “our”, etc.), we respect your privacy and are committed to fully explain how we protect your personal data that we collect from you.

This Global Privacy Policy (the “Policy”) describes Company’s practices and policies with regards to use and process of personal information while operating the Website (“Website”), the chatbox available on the Website and providing the services thereunder (the “Services”). In this regard, this Policy describes the types of personal information we collect through Website and our Services, how we use that information, our legal basis for doing so, with whom we share it, your rights and choices in this regard, how you can contact us about our privacy practices as well as your ability to control certain uses of such personal information. This Policy does not apply to Third Party sites, products, or services, even if they link to our Services or the Website, and you should consider the privacy practices of those Third Parties carefully.

By acknowledging this Policy, you are accepting the practices described in this Policy (including new versions of this Policy when and as they go into effect), and the Terms of Sale and Service (the “Terms”), which govern this Policy and contain all disclaimers of warranties and limitation of liabilities.

By accepting this Policy, you acknowledge that you have read and understand, and agree to the terms and practices as defined in this Policy and the Terms, which govern this Policy and contain all disclaimers of warranties and limitation of liabilities. If you do not agree to this Policy, we would like you to cease your access to or use of the Website and our Services and delete your Account immediately.

1.   DEFINITIONS

Capitalized words not defined under this Policy shall be understood as described under our Terms. It is of utmost importance for you to read the Policy provided herein in tandem with the Terms to have a better grasp of the key concepts provided and explained therein.

Within the scope of this Policy, the following terms shall have the meanings ascribed to them below, regardless of whether they appear in singular or plural.

 

Account

An account on the Website, allowing the Users to access contents of the Website and use the Services following the registration process.

Business

For the purpose of the CCPA, the Company is the legal entity that does business in the United States of America (“USA”) and collects Consumers’ personal information and determines, alone or jointly with others, the purposes and means of the processing of Consumers’ personal information, or on behalf of which such information is collected.

CCPA

The California Consumer Privacy Act of 2018, enacted on June 28, 2018 by the State of California

Company

or

Clemta

Clemta, Inc., a corporation incorporated and validly operating in the United States of America and having the registered address of 2101 Shore Pointe Dr League City, TX 77573, USA.

For the purposes of the GDPR, the Company is the Data Controller.

Consumer

For the purposes of the CCPA, a natural person who is a California resident, including (i) every individual who is in the USA for other than a temporary or transitory purpose, and (ii) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose Data Controller.

For the purposes of the GDPR, the Company as the legal person which determines the purposes and means of process of Personal Data alone.

Data Subject

A natural person who can be identified or rendered identifiable through the personal data related to.

Device

Any device that is suitable to access the Website and Services such as a computer, mobile phone or a digital tablet.

Do Not Track (DNT)

A concept that has been promoted by U.S. regulatory authorities, in particular the U.S. Federal Trade Commission (“FTC”), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

GDPR

The General Data Protection Regulation, enacted on May 25, 2018, by the European Union (“EU”) and applicable within the European Economic Area (“EEA”), which consists of all member states of the EU and the countries of Iceland, Norway and Liechtenstein.

UK GDPR

The data protection law applicable within the United Kingdom (“UK”), by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018

PDPL

The Republic of Türkiye Personal Data Protection Law No. 6698, as it may be amended or superseded from time to time.

Personal Data Breach

A breach of security whether accidental or on purpose, resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Personal Information

or

 Personal Data

Any information/data that relates to an identified or identifiable individual.

For the purposes of the GDPR, any information relating to you such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity.

For the purposes of the CCPA, any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.

Platform

The Clemta platform and related platforms which services are offered on or rendered from.

Sale of Data

For the purposes of the CCPA, selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s personal information to another business or a Third Party for monetary or other valuable consideration.

Service

The services provided by Clemta as described in our Terms.

Service Provider

Any natural or legal person who processes data on behalf of the Company, including Third Party companies or individuals contracted by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

For the purposes of the GDPR, Service Providers are considered as the Data Processors. Third Party Service providers are ‘Sub-processors’.

Special Categories of Personal Data

Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and genetic and biometric information, information concerning the Data Subject’s sex life or sexual orientation.

Third Party

Any other natural or legal person that is not part of the Company.

Usage Data

Data collected automatically, either generated using the Website and Service or from the Website and Service infrastructure itself.

User

The individual accessing, or using the Website and Service, or other legal entity on behalf of which such individual is downloading from, accessing or using the Website.

For the purposes of the GDPR, the User can be referred to as the Data Subject.

Website

The website, its subdomains, and other media including all of their respective features and content which belong to Clemta, accessible from https://clemta.com.

 

2.   APPLICABILITY OF THE POLICY

Since our operations are based in different parts of the World and we have numerous Users from different countries, we intend to reflect our legal compliance with various legislation about data privacy and data protection from a global perspective. For this reason, we show considerable effort to act in accordance with the PDPL, the GDPR, the UK GDPR, and the CCPA.

3.   PERSONAL DATA COLLECTED BY CLEMTA

Clemta collects Personal Information / Personal Data about visitors and Users to our Platform. We may collect, use, store, and transfer different kinds of Personal Information about you which we collect from various sources as described below:

a)     Personal Information/Personal Data that We Collect from You

While using our Website or Service, you may provide us with certain Personal Information / Personal Data. This may include but is not limited to, when you access the Website, sign up an Account, create an invoice and establish a company, or use the Services as indicated in the Terms in general. This information can be used to enable your transactions, manage your subscription, contact or identify you. Personal Information / Personal Data may include, but is not limited to;

Identifiers and Contact Information

Which may include your first name, last name, email address, phone number, birthday, account password, national origin, citizenship status, country of residency, (if any) company name, Social Security Number, bank account number, language, time zone, the types of communications you would like to receive from us, and other contact information you provide under Account dashboard;

Commercial Information

Which may include referral links, sources of wealth or funds or income, level of activity anticipated, and contact information;

Account Information

Identifiers and contact information, commercial information, company name, company address, billing information, registry information, fixed asset value, as well as other information about your Account;

Communications and Interactions

Which may include email messages, text messages, phone calls that we exchange with you, the information you shared via our chat box, communication with team members and other Usage Data described below in detail;

Personal Documents

Such as government-issued IDs, passport, bank statements, utility bills, internet bills, income, account balances, financial transaction history, credit history, tax information, and credit scores, and other forms of identification, address verification and source of funds and wealth verification;

Corporate Information

Such as legal entity name, doing business as name, legal domicile, fiscal domicile, object;

Corporate Documents

Such as certificate of registration, constitution, memorandum & articles of association, bylaws, statues, incumbency certificate, register of directors, register of shareholders, register of authorized signatories, registry excerpts, financial statements;

Transaction Data

Which may include information related to the transactions you engage in with us, including purchase history, transaction amounts, dates, and details of services received;

Due Diligence Data

In the provision of compliance assessment services, we may collect information required for due diligence purposes. This may include identity verification documents, business licenses, regulatory compliance records, and related information;

 

b)     Personal Information Collected From Third Parties

Payment Processing Services

Clemta resorts to Third Party Service Providers in order to provide payment processing and associated services. You will be directed to Third Party payment systems’ services to enter your card and other billing details. Third Party payment systems may request various payment information from Users (credit card number, CVV, first and last name, expiry date, region, etc.).

  • If you wish, you can save your payment information in order to facilitate your next subsequent purchases. All your information is securely stored on the Stripe, Inc.

  • On completion of payment, our payment processor will provide us with limited payment details (your name, billing address, billing email, card type, expiry date, and the last four digits of your payment card number) so that we can manage payment transactions and your A Full payment details are held securely by these payment processing services that are prohibited from using Personal Information for any other purpose and are contractually required to comply with all applicable laws and requirements.

  • In processing payment transactions, the payment processing services acts as a data processor to us but in carrying out fraud monitoring, prevention, and detection services, it acts as Controller and may monitor insights and patterns of payment transactions and other online signals to reduce the risk of fraud, money laundering, and other harmful activity.

Third Party Service Providers

As we use Third Party Service Providers in order to provide certain Services on our behalf, these Third Party Service Providers may collect Personal Information about you when the information is necessary for them in order to perform their duties.

Third Party Service Providers (our Sub-processors) help us better operate our Platform and for the provision of services such as accounting management, company formation facilitation, hosting, maintenance, error monitoring, debugging performance monitoring, customer service, database storage and management, search engine optimization (“SEO”) services, email automation, heat-map and live chat tracking. In some cases, these Service Providers may process or store Personal Information while providing services. Service Providers which receive access to Personal Information undergo a security and privacy review to ensure they meet the necessary safeguards and implement the relevant best practices’ in their data processing activities. We are also committed to providing that they are contractually bound by a data protection/processing agreement that requires them to comply with applicable regulations, including having the appropriate access controls in place to protect your Personal Data.

c)     Cookies and Automatic Collection Methods

We may also collect information about your online activities on the Platform and connected Devices over time and across Third Party websites, devices, apps, as well as other online features and services. This collection includes automatically collected information and generally does not include Personal Information unless you provide it through our Platform or you choose to share it with us by other means. The types of Personal Data we collect from you described below:

Browser and Device Data

IP address, Device ID, the language version of the Platform you are visiting.

Preference Information

Marketing and communication preferences, your account settings including any default preferences, any preferences you have indicated, the areas of our Services that you have visited or ways that you interact with our Services.

Logs and Usage Data

such as time spent on the Platform, pages visited, links clicked, language preferences, views, Platform usage time communication preferences, payment amount, payment channels, frequency of login, and the different types of activity undertaken by Users such as frequently accessed areas of the Services, approaches to in-platform notifications, and the pages that led or referred you to our Platform.

General Location Information

such as the IP address and the region in which you are located when you are logging in and using the Services, in accordance with the settings on your Device.

 

d)     Interest-based Advertising

When you visit our sites, both certain Third Parties and we collect information about your online activities over time and across different websites to provide you with advertising products and services tailored to your individual interests. These Third Parties may place or recognize a unique cookie or other technology on your browser. Where required by applicable law, we will obtain your consent prior to processing your information for interest-based advertising.

Since we also participate in advertising networks, you may see our advertisements on other websites or mobile applications. Advertising networks allow us to target our messaging towards users based on a range of factors, including demographic data, Users’ inferred interests, and browsing context (for example, the time and date of your visit to our Platform, the pages that you viewed, and the links that you clicked on). This technology also helps us track the effectiveness of our marketing efforts and understand if you have seen one of our advertisements.

We use Google Analytics, Clarity, Facebook Pixels, Cloudflare Browser Insights, Google Tag Manager, and Intercom web analysis and performance marketing services on the Platform. In other words, when you visit our website, your browsing behavior can be analyzed statistically through the use of cookies and analysis software. Your browsing behavior is generally analyzed anonymously and is not used for tracking. You can object to or avoid such an analysis by not using specific tools.

To learn more about managing your privacy and storage settings and opting out from receiving other Third Parties’ cookies, please see our sections titled “Exercising Your GDPR & UK GDPR Privacy Rights” and “Exercising Your California Privacy Rights.

We do not guarantee that all of the Third Parties we work with will honor the elections you make using those options.

4.   HOW WE USE PERSONAL INFORMATION

We will process your Personal Information lawfully, fairly, and in a transparent manner. We collect and process information about you only where we have a legal basis for doing so. We use information to facilitate the business relationships we have with you, to comply with legal obligations, to pursue our legitimate business interests, and based on your prior explicit consent.

a)     Pre-Contractual, Contractual, and Post-Contractual Business Relationships

We use Personal Information to enter business relationships with prospective Users and to perform the contractual obligations under the contacts that we have with our Users. Examples of how we use information within this condition include:

  • Provide you with products and Services,

  • Process, maintain, and service your Account,

  • Provide you with information or services or process transactions that you have requested or agreed to receive,

  • Enable you to participate in a variety of the Service features explained in detail within the Terms of Sale and Service,

  • Establish your company in the USA,

  • Manage billing and invoicing processes,

  • Assess the compliance of you with applicable laws and regulations,

  • Keeping aligned record of your activities, fixed assets and providing bookkeeping services,

  • Provide you with ongoing registered agent services, including to provide you with notices about your business entity, key deadlines and required actions, including franchise tax reminders, franchise tax materials, notices of various sorts from the States of Delaware and Wyoming, invoices and payment reminders for invoices, processing services, as well as other communications related to our role as formation agent/incorporator and/or registered agent. Upon receipt, and at least quarterly thereafter, we will compare the Personal Information you have provided against the Specially Designated Nationals And Blocked Persons List maintained by the U.S. Department of the Treasury’s Office of Foreign Asset Control (“OFAC”) in order to ensure we are in compliance with restrictions to business and trade according to applicable law.

  • Process your account registration and providing Services, including verifying your information is active and valid;

  • Checking information, documents, or records you provide, such as business licenses, financial statements, compliance reports, and other related documents to be accurate, valid, and up-to-date,

  • Investigating any information related to books, financial accounts, company documentation, and other relevant materials is complete and truthful.

  • Verify, respond, or communicate with you such as when you;

  • Register for an Account,

  • Make a request or inquiry through any channel dedicated for such uses including Frequently Asked Questions (FAQs),

  • Ask for customer support through any channel dedicated for such use including e-mail communication or arranging a call with our representative,

  • Share a comment/feedback/review or concern regarding a product or the Services via communication channels,

  • To communicate with you and maintain our legal relationship arising from the contracts between our Users and the Company, and also to fulfill our obligations arising thereof,

  • To verify your identity,

  • To send you marketing information about our Services including notifying you of our marketing events, initiatives and promotions, membership and rewards schemes and other promotions.

Legal and Regulatory Compliance

We use Personal Information to verify the identity of our Users to comply with applicable laws. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to Third Parties and to submit to Third Party verification audits. We ensure the compliance with applicable Know-Your-Customer, Anti-Money Laundering, Countering the Financing of Terrorism as well as Anti-Corruption laws and regulations. Examples of how we use Personal Information within this condition include:

  • Accounting, auditing, and billing activities;

  • Responding to court orders, lawsuits, subpoenas, and government requests;

  • Providing Users with access to their personal Accounts;

  • Addressing legal and regulatory compliance.

Legitimate Business Interests

We rely on our legitimate business interests to process certain Personal Information concerning you. The following list sets out the business purposes that we have identified as legitimate. In determining the content of this list, we have balanced our interests against the legitimate interests and rights of the individuals whose Personal Information we process. Examples of how we use information within this condition include:

  • Mitigating financial loss, claims, liabilities, or other harm to our Users, the Company, our employees, property;

  • Protecting the security or integrity of our Website and business, such as by protecting against and preventing fraud, unauthorized transactions, claims and other liabilities, and managing risk exposure, including by identifying potential hackers and other unauthorized Users;

  • Responding to inquiries, sending service notices, and providing customer support;

  • Personalizing your experience with us, including to remember your interests and preferences; tracking and categorizing your activity and interests on our Website;

  • Promoting, analyzing, modifying, and improving our products, systems, and tools, and developing new Services and products;

  • Managing, operating, and improving the performance of our products, Website and Services by understanding their effectiveness and optimizing our digital assets;

  • Improving our Website, products, and Services, and User experience;

  • Analyzing and advertising our products and Services;

  • Conducting aggregate analysis and developing business intelligence that enables us to operate, protect, make informed decisions, and report on the performance of our business;

  • Sharing Personal Information with Third Party Service Providers that provide services on our behalf and business partners who help us operate and improve our business;

  • Ensuring network and information security throughout the Website and our Services.

b)     Marketing and Communications

We may send you marketing communications about Clemta and its Services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, and to customize the marketing and advertising that we provide to you (we offer choices about marketing and advertising as set forth below), provided that we do so in accordance with prior consent requirements according to  all applicable law for electronic marketing communications, including but not limited to the UK Privacy and Electronic Communications Regulations (EC Directive) 2003 (“PECR”).

In order to provide you with the full extent of the benefits of our Service, we ask for your consent to send you information about the latest news, special events, offers, promotions, and other benefits available. Upon your consent, we will use your email address to contact you with this information.

c)     Third Party Service Providers and Integrations

We offer parts of our Service through websites, platforms, and services operated or controlled by separate entities. In addition, we integrate technologies operated or controlled by separate entities into parts of our Platform and Service.

Payment Services

We use Third Party payment services for payment transactions. Third Party payment services are bound by their own use and privacy policies, and the Company cannot be held responsible for behaviors of the Third Party payment services that violate any right arising from personal data protection legislation to the extent permitted by the applicable laws. If we need to use your Personal Information in other ways, we will make a specific notice at the time of collection and we will get your consent if required by applicable law.

Links

Our Platform and Service includes hyperlinks to websites, platforms, and other services not operated or controlled by us. Our Website may feature a “Special Offers” section with links to promotions, discounts, or other offers from Third Party partners. Please be aware that clicking on these links will direct you to external websites that operate independently from Clemta. These Third Party websites may have their own privacy policies and data collection practices, which are beyond our control.

We encourage you to review the privacy policies and terms of use of any Third Party websites you visit through our links, including those related to special offers. These websites may collect Personal Information and engage in data processing practices that differ from those of Clemta. It is important to exercise caution and ensure that you are comfortable with their privacy practices before providing any Personal Information or engaging in transactions.

5.   HOW WE SHARE INFORMATION

We may share Personal Information about you in order to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Policy and our Terms, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; (v) protect our rights, property or safety, our Users, and the public; or (vi) fulfill our obligations arising of or in connection with the contracts with our Users.

a)     Employees and Authorized Contractors

Other relevant units within Clemta, including operations, technical support, software team, and authorized contractors may need to access Personal Information about you when they require this information to perform their job. For example, a customer support representative would need access to your Account to validate your identity and respond to your question or request; our email communications team would need access to your contact information to ensure this information is sent correctly and any unsubscribe requests are properly managed; and our security staff would need to review information to investigate attempted denial of service attacks, fraudulent Account activity, or other attempts to compromise the Services. All our employees and contractors are required to agree to maintain confidentiality and protect the privacy of your information.

b)     Third Party Services

We may share your Personal Information with trusted Third Party partners and service providers to facilitate various aspects of our Services. These parties are carefully selected and contractually obligated to handle your data with the utmost care and in accordance with applicable laws.

  • Payment Services Providers: To process payments, invoicing, and financial transactions related to our Services. When you make a payment, your payment information, such as credit card details or bank account information, may be shared with these providers to complete the transaction securely.

  • Accounting Professionals: To ensure accurate financial records and compliance with accounting standards, we may share relevant personal and financial information with qualified accounting professionals or firms. This may include transaction details, financial statements, and other necessary data.

  • Company Formation Authorities: In cases where you engage our company formation services, we may share Personal Information about you with governmental or regulatory authorities involved in the company formation process or facilitating entities.

c)     Business Transfers

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Information with Third Parties for the purpose of facilitating and completing the transaction. If we do, we will inform such entities of the requirement to handle your information in accordance with this Policy or inform you that you are covered by a new privacy policy. You will have the opportunity to opt-out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Policy.

d)     Law Enforcement, Government Agencies, and Professional Advisors

We may need to disclose information about you where we believe that it is reasonably necessary to comply with a law or regulation, or if we are otherwise legally required to do so, such as: (i) to comply with applicable law or payment method rules; (ii) to enforce our contractual rights including our Terms, Applicable Use Policy and this Policy; (iii) to protect the rights, privacy, safety, and property of Clemta, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence. For governmental data access requests concerning you or your organization, we would first attempt to redirect the request to you, and/or we would first attempt to notify you unless we are legally prohibited from doing so.

We also use professional advisors, including lawyers and accountants, and may be required to disclose information about you when engaging them for their services and as necessary for audits, financial and other regulatory reviews.

We may disclose information in aggregate form to Third Parties relating to User behavior in connection with the actual or prospective business relationship with those Third Parties, such as advertisers and content distributors.

6.   ACCESSING AND UPDATING INFORMATION

When you register for an Account, you may provide, access, and update certain Personal Information by logging into your Account and using the features and functionalities available therein. Once logged in, you can view or update your username, profile picture, first name, last name, email address, password, and birthday. Unless alternate procedures are noted for your jurisdiction in the sections titled “Exercising Your GDPR and UK GDPR Privacy Rights” and “Exercising Your California Privacy Rights”, you may also make a request for access to Personal Information by sending an email to [email protected] or contacting us through our support assistant to access or update any of this information.

We are not able to grant all access requests, and we may require additional information from you to verify your identity before accommodating your access request.

7.   EUROPEAN ECONOMIC AREA AND UNITED KINGDOM PRIVACY LAW

Your Rights and Choices Under the GDPR

We undertake to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights properly.

You have the following rights under this Privacy Policy, and by law if you are within the EEA:

Right of Access

You have the right to obtain confirmation from us as to whether Personal Data concerning you is processed, and, where that is the case, you have the right to request and get access to such Personal Data.

Right to Rectification

You have the right to request we correct inaccurate Personal Data and you have the right to provide additional Personal Data to complete any incomplete Personal Data as required by the Company.

Right to Erasure (“Right to be Forgotten”)

In certain cases, you have the right to request from us the erasure of your Personal Data such as when you want to delete your Account on the Website. For the avoidance of any doubt, we may not be able to grant this right to you in certain cases, due to our obligations to fulfill certain legal requirements.

Right to Restrict Processing

You have the right to request from us that we do not use or limit our use of your Personal Information for a given period and/or for certain situations.

Right to Data Portability

You have the right to receive your Personal Data from us in a structured format and you have the right to (let) transmit such Personal Data to another Data Controller.

Right to Object

In certain cases, you have the right to object to the processing of your Personal Data including with regards to profiling.

You have the right to object to the further processing of your Personal Data in so far as such data has been collected for direct marketing purposes.

Right not to be Subjected to Automated Individual Decision-Making

You have the right to not be subjected to a decision based solely on automated processing.

Right to File a Complaint

You have the right to file complaints with the applicable data protection authority on our processing of your Personal Data.

Right to Seek Compensation for Damages

In case we breach applicable legislation on processing of your Personal Data, you have the right to claim damages from us for any damages such breach may cause to you.

 

Exercising Your GDPR and UK GDPR Privacy Rights

You may exercise your rights of access, rectification, cancellation, and opposition by simply contacting us.

You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (the “EEA”), please contact the national data protection authority for your country. If you are a resident of the United Kingdom, you have the right to submit a complaint to the Information Commissioner’s Office (“ICO”) regarding your data protection rights. However, we would be pleased to deal with your concerns before you apply to a national data protection authority.

Once we receive your request, we will validate the information that you provide and send a message to the email address you provided in the request, asking you to verify that it is your email address. You will be instructed to follow the instructions in that email for us to verify your email address and subsequently begin processing your request. Please follow the instructions in that email to verify your email address. We will begin processing your request once the verification is completed.

Clemta will disclose and deliver the required information free of charge within 30 days of receiving your verifiable request.

Please note that if you do not include necessary information concerning you in your requests, we may ask you to provide additional Personal Information to verify your identity before responding to such requests.

8.   CALIFORNIA PRIVACY LAW

If you are a Consumer as defined in the California Consumer Privacy Act (CCPA) and as amended by the California Privacy Rights Act (CPRA) (collectively, “California Privacy Laws”), the following provisions apply to you.

Do Not Sell My Personal Information

We do not provide Personal Information about you to Third Parties in exchange for money. We do share Personal Information with Third Parties that we work with, including for the purpose of helping us market or advertise our products and Services to you with regard to your prior consent whenever required by applicable law. You can find more details about our practices in our Policy, set forth under the “Interest-based Advertising” section.

Even though we do not provide Personal Information to these Third Parties in exchange for monetary payment, the CCPA may characterize our provision of the following categories of information we share with Third Parties that provide services to you or to us, such as personalizing your experience with us or helping us to market or advertise our products and Services to you, as Sales of Data; (i) Device and browsing information and other internet activity information; (ii) purchase or other commercial information; and (iii) identifiers (e.g., ad ID).

The Service Providers we partner with (for example, our advertising partners) may use technology on the Service in a way that may be construed as the Sale of Data. If you wish to opt out of the use of your Personal Information for interest-based advertising purposes and these potential Sales of Data as  defined under the CCPA, you may do so by following the instructions below;

“Do Not Track” Policy as Required by California Online Privacy Protection Act (“CalOPPA”)

Some internet browsers have enabled ‘Do Not Track’ (DNT) features, which send out a signal (called the DNT signal) to the websites that you visit indicating that you do not wish to be tracked. Currently, no standard governs what websites can or should do when they receive these signals. For now, we do not take action in response to these signals. However, some Third Party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

Section 22581 of the California Business and Professions Code allows California residents under the age of 18 who are registered users of online websites, services, or applications to request and obtain the removal of content or information they have publicly posted.

We do not knowingly process the Personal Information of California residents under the age of 18 without the approval of their legal guardian. If you have reason to believe that anyone under the age of 18 has provided us with any Personal Information, without their legal guardian’s approval please contact us at [email protected].

Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Your Rights and Choices Under California Privacy Laws

Under this Policy, and by law if you are a resident of California, you have the following rights:

Right to Notice: You must be properly notified which categories of Personal Data are being collected and the purposes for which Personal Information is being used. In the 12 months prior to the last update of this Policy, we have:

  • Collected the categories of Personal Information through various sources as stated in Section 3 “PERSONAL DATA COLLECTED BY CLEMTA”,

  • used that Personal Information for the purposes as stated in Section 4 “HOW WE USE PERSONAL INFORMATION” and

  • shared that Personal Information with the potential recipients as stated in the section titled “HOW WE SHARE INFORMATION”.

The Right to Access / The Right to Request: The CCPA permits you to request and obtain from Clemta information regarding the disclosure of your Personal Information that has been collected in the past 12 months by Clemta or its subsidiaries to a Third Party for the Third Party’s direct marketing purposes. For more information about the potential recipients of your Personal Information please view the section titled “HOW WE SHARE INFORMATION”.

The Right to Say No to the Sale of Personal Data (Do not Sell, DNT): You have the right to ask Clemta not to sell your Personal Information to Third Parties. You can submit such a request by contacting through the channels, features, functions, and abilities provided on the Website and this Policy.

The Right to Know about Your Personal Data: You have the right to request and obtain from Clemta information regarding the disclosure of the following: (i) the categories of Personal Information collected, (ii) the sources from which the Personal Information was collected, (iii) the business or commercial purpose for collecting or selling personal information, (iv) categories of Third Parties with whom Clemta shares Personal Information, and (v) the specific pieces of Personal Information we collected about you. For more information on the information we collect, including the sources we receive information from, please review the sections titled: “PERSONAL DATA COLLECTED BY CLEMTA”, “HOW WE USE INFORMATION”, and “HOW WE SHARE INFORMATION”.

The Right to Delete Personal Data: You also have the right to request the deletion of your Personal Information collected within the past 12 months. You may request that we delete the Personal Information that we have collected directly from you and are maintaining. However, we may have a basis for the retention of your Personal Information under the CCPA or any other applicable legislation. We may retain your Personal Information (i) for the purposes of completing transactions and services you have requested or that are reasonably anticipated; (ii) for security purposes; and (iii) for legitimate internal business purposes, including to maintain business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. Note also that we are not required to delete your Personal Information that we did not collect directly from you.

The Right Not to be Discriminated Against: You have the right not to be discriminated against for exercising any of your rights as a Consumer, including with the following practices:

  • Denying you the provision of our products or Services;

  • Charging different prices or rates for products or Services, including the use of discounts or other benefits or imposing penalties;

  • Providing a different level or quality of products or Services to you;

  • Suggesting that you will receive a different price or rate for products or Services or a different level or quality of products or Services.

Exercising Your California Privacy Rights

In order to exercise any of your rights under the CCPA as a California resident, you can contact us through [email protected].

Once we receive your request, we will validate the information that you provided and send a message to the email address you provided in the request, asking you to verify that it is your email address. You will be instructed to follow the instructions in that email in order for us to verify your email address and subsequently begin processing your request.

Clemta will disclose and deliver the required information free of charge within 10 days of receiving your verifiable request. We will respond to your request within 45 days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Please note that if you do not include necessary information concerning you in your requests, we may ask you to provide additional Personal Information in order to verify your identity before responding to such requests.

9.   YOUR COMMUNICATIONS CHOICES

You may receive marketing and advertising communications about the Company, Website, products and Services, and our products pursuant to your prior explicit consent. To receive marketing and advertising communications from the Company, you can contact our customer service, support assistant, or give your explicit consent in the applicable areas. Due to our global privacy practices, we will provide our Users with the opportunity to “opt-in” and “opt-out” of receiving marketing and advertising communications other than those for purposes directly related to your transactions with us as well as legal and administrative communications in general regarding your Account.

If you later decide that you do not want to receive future marketing and advertising communications electronically, you may withdraw your consent. You can opt out of marketing and advertising communications at any time by following the instructions described below:

  • At all times, you have the option of “opting out” of receiving marketing and advertising emails from the sender only by clicking the “unsubscribe” link in any of the marketing and advertising emails you receive. In addition, if you have an Account, you may change your email preferences regarding email from us through your Account settings.

  • In all cases, you may email us at [email protected].

Your withdrawal of consent shall be effective within a reasonable time after we receive your withdrawal notice as described above.

10. SECURITY

We are making reasonable efforts to provide you with an appropriate level of security at the risk associated with the processing of your Personal Information. We employ organizational, technical, and administrative measures designed to appropriately protect your Personal Information against unauthorized access, destruction, accidental loss, unauthorized alteration, or abuse. We employ bank-level encryption techniques to ensure the security of the Personal Data you share with us. Your Personal Information may only be accessed by a limited number of our staff who need access to such information in order to perform their duties. Please be aware that no security measures are perfect or impenetrable, and that no data transmission or storage system can be guaranteed to be 100% secure. If You have a reason to believe that your interaction with us is no longer secure (for example, if you think your Account is compromised), please contact us immediately.

We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted and electronically stored Personal Information to you via email or conspicuous posting on our Website in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system, and any other disclosures that may be required under applicable law. We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it unless we are required by law to retain this information for a longer period. We take various criteria into account in order to determine the retention period, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

We encrypt data in transit and at rest, where appropriate, to ensure that your information is kept private. We undertake security and privacy reviews aimed at ensuring our Service Providers follow our stringent requirements to safeguard your information, and we also enter into data protection agreements with our service providers.

11.RETENTION

Your Personal Information may be retained for as long as it is reasonably necessary to perform the purposes listed under “HOW WE USE PERSONAL INFORMATION” section. For example, if you register an Account, we will store any Personal Information associated with your Account for as long as you remain a registered User or we believe we may be in a position to provide Services to you.

We retain Personal Information after we cease providing our Services to you, even if you close your Account, to the extent necessary to comply with our legal and regulatory obligations. We also retain Personal Information to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data due to our contractual commitments to our financial and business partners, and where data retention is mandated by applicable law. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

The servers and databases in which Personal Information is to be stored may be located outside the country from which you accessed our Services and within a country with different laws regarding data protection. Your Personal Information may be disclosed in response to inquiries or requests from government authorities or to respond to judicial processes within the countries in which we operate.

12.INTERNATIONAL DATA TRANSFERS

Your Personal Information will be processed by us in the European Economic Area (“EEA”), Türkiye, and the USA. Some of your Personal Data may be transferred, stored, and/or processed outside of the EEA and the USA as our Sub-processors may operate from outside of these jurisdictions. You agree to the transfer of your Personal Data data outside of your jurisdiction by agreeing with this Policy.

In some cases, in particular, when Clemta uses the Sub-processors who support Clemta in its business activities, the Personal Data may also be accessed or processed outside the EEA and the USA. When Personal Information we collect is processed outside the EEA or the USA, we have obligations to ensure that Personal Information is only processed in territories deemed to ensure an adequate level of protection (known as a ‘whitelisted’ territory) by the European Commission or, in the absence of a decision by the European Commission, territories with appropriate safeguards in place to protect your Personal Data.

For example, if your Personal Data is Accessed or processed from a territory outside the EEA that is not whitelisted, the appropriate safeguards may be provided through the use of standard data protection clauses adopted by the European Commission (“Standard Contractual Clauses”).

We will only transfer your data outside of the USA and the EEA in compliance with data protection laws and provided appropriate or suitable safeguards are in place to protect your data, such as Standard Contractual Clauses.

Personal information may be stored and processed in any country where we have operations or where we engage service providers. We may transfer Personal Information that we maintain about you to recipients in countries other than the country in which the Personal Information was originally collected. Those countries may have data protection rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Information remains protected to the standards described in this Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Information.

13.USE BY MINORS

The Services are not directed to individuals under the age of eighteen (18), and they shall not provide Personal Information through the Services. Minors who are between the ages of thirteen (13) and eighteen (18) who have their valid parent’s or guardian’s permission as stated in Terms may use the Website and their Personal Information shall be processed. In some jurisdictions the Services may include individuals under the age of eighteen (18), and they shall provide consent for the processing of his or her personal data for one or more specific purposes in accordance with Article 8 of the GDPR for EEA residents and affirmative consent in accordance with the CCPA for California residents. For any other case, if you have reason to believe that anyone under the age of 18 has provided us with any Personal Information without their legal guardian’s approval, please contact us.

14.UPDATES TO THIS POLICY AND NOTIFICATIONS

We may change this Policy from time to time in response to changing legal, technical or business-related developments. Any changes are effective from the moment the revised Policy is uploaded on the Website. When we update our Policy, we will take appropriate measures to inform you in a manner that is consistent with the significance of the changes undertaken. We will obtain your consent to any material Policy changes if and where this is required by applicable law. You can see when this Policy was last updated by checking the ‘last updated’ date displayed at the top of this Policy.

15.LINKS TO OTHER WEBSITES

The Services or our Website may provide the ability to connect to other sites and apps. These sites and applications may operate independently from us and may have their own privacy notices or policies, which we strongly suggest your review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or app, or the privacy practices of the operator of the website or applications.

As a safety measure, we recommend that you do not share any Personal Information with these Third Parties unless you have checked their privacy policies and assured yourself of their privacy practices.