(Last updated on 30.03.2020)
At Paddle, we want to give you as much control as possible over the personal information you leave on the website or through other communication channels we manage.
During your contacts with Paddle, certain data will be collected and processed from you. Since you can be identified as a person using this data, this data is personal data.
We want to inform every user about the use of the personal data obtained through our website and/or our services.
All information on what personal data Paddle processes and how we properly deal with this can be found below.
General
This privacy statement applies to all personal data that Paddle collects and processes from you.
By using the website and other products and services of Paddle, you agree that this privacy statement & policy applies to the personal data processed by Paddle.
Paddle reserves the right to modify this privacy statement & policy at any time. The applicable version can always be found on the website of Paddle.
Personal data held by Paddle
The following data can be collected and processed by Paddle in various ways. These include:
Information that you provide directly to Paddle
- Identification and contact information: surname, first name, organisation, address and residence, e-mail address, telephone or mobile phone number, ..;
- Financial information: company number, ..;
- Other personal information/data shared by you via our products/services, website, social media, ..;
- Complaints or feedback through our support and communication channels regarding your experience with Paddle CMS, comments, suggestions, testimonials and any other feedback.
Data you provide by using the website
• Visited pages, websites and searches through cookies and/or data that you enter yourself on the website.
On the Paddle website, there may be links to other websites. These websites are not always managed by Paddle and may have their own privacy statement or policy. Paddle recommends that you read these. Paddle cannot take responsibility for third party websites.
You are not obliged to provide data to Paddle but in certain cases, it will be necessary to communicate personal data so that a correct service can take place and the applicable legislation can be complied with.
Processing of personal data
Paddle processes personal data for various purposes, whereby only those data are processed that are necessary to realise the intended purpose.
We process personal data:
- In the context of the conclusion and execution of an agreement with your organisation (such as concluding subscriptions, ordering products and/or services, etc.), as well as invoicing and following up and collecting these invoices, whether or not via third parties;
- To comply with the legal or regulatory provisions to which we are subject;
- In the context of our helpdesk;
- For the continuous improvement, maintenance, and optimisation of our products, services, website and its security, as well as the optimisation of general, commercial and marketing strategies of Paddle;
- To personalise the products and/or services to be delivered to you and the associated support services, user information, service messages or other related messages;
- To send you targeted and optimised newsletters, release notes and information;
- Other specific purposes for which separate permission may be requested.
How long are personal data kept?
- The data we process to meet our accounting obligations will be kept for 7 years as required by law.
- The data that we process as part of the performance of the contract, as well as the log data of any consent you may have given, will be retained after the termination of the contract or the giving of consent for the applicable statutory period of limitation for any (extra-) contractual claims (5 to 10 years).
All other data will be deleted after termination of the contract, except for your name and e-mail address, which we will retain for two years after the end of the contract for justified reasons.
If you object to any processing of your data that is based on our legitimate interest, the data in question will be deleted immediately, unless we also need this data for another purpose, and we have obtained the data for that purpose.
Safety policy
Data security
To protect your data in the best possible way, Paddle takes all reasonable measures and best practices are applied to prevent the loss, misuse, disclosure, unauthorised access or modification of this personal data. Both on a technical and organisational level the necessary measures are taken to provide a sufficient level of security.
The number of employees of Paddle that have access to personal information is limited and carefully selected. These employees are granted access to personal information to the extent that they need this information to properly execute their tasks.
If a data leak should occur with adverse consequences for personal information, the customer will be personally notified in the circumstances provided by law.
Sharing of personal data
Paddle does not sell personal data to third parties nor are they passed on to third parties unless:
- This is necessary for the provision of services
For some aspects of our products and services, we cooperate with third parties or we use subcontractors. These third parties are always carefully selected and there is always an agreement between Paddle and this third party by applicable law. Amongst others, Paddle uses service providers of domain name registrations, providers of email services, providers of SSL certificates and providers of hosting.
- The paddle has received permission from the person involved
If Paddle would give personal data to third parties in any other way, then this happens with explicit communication. Where legally required, Paddle will obtain the explicit and unambiguous permission of the person in question. The data subject always can oppose
- There is a legal obligation
- There is a legitimate interest for Paddle or the third party involved
Your rights
You have the right to control your personal information. If you have a question or concern about how we use your information, please contact us.
If you contact us to exercise your rights we will respond to you within 1 month at the latest (by applicable law).
Right of access and transparency
You are always entitled to inspect and access the personal data that Paddle processes from you.
Right to rectification
As a data subject, you have the right to have incomplete, incorrect, inappropriate or outdated personal data corrected or supplemented.
Right to be forgotten
You also have the right to obtain, without unreasonable delay, the oblivion of your data if and to the extent that
- The personal data are no longer needed for the purposes;
- There is no longer a legal basis;
- You object to the processing, and there are no compelling legitimate grounds for the processing by Paddle;
- The personal data has been unlawfully processed;
- The personal data must be deleted to comply with a legal obligation.
Right to restriction of processing
Also, as a data subject, you have the right to obtain the restriction of the processing of your data, if and to the extent that any of the following applies:
- You dispute the accuracy of your data. In that case, the processing of your data may be restricted for the time necessary for Paddle to verify its accuracy;
- Although the processing is unlawful, you do not want your data to be deleted and instead require limited use of your data;
- Paddle no longer needs your data but you still need it yourself to establish, exercise or defend your rights before a court of law;
- You have objected to the processing. In this case, Paddle may be restricted pending the answer to the question of whether Paddle's legitimate grounds outweigh your own.
If you have then obtained a processing restriction, Paddle must notify you before lifting that restriction.
Right to data portability
In some cases, you as the data subject have the right to obtain data from Paddle in a structured, commonly used and machine-readable form, as well as to request Paddle to transfer that data directly to another party, if this is technically possible.
Right of objection
You may at any time withdraw your given consent for certain processing operations and object to the processing of your data for serious and legitimate reasons. You also have the right to object to the use for direct marketing of your data and to the transfer of your data to third parties (when this transfer is not necessary for the provision of services).
Cookie statement
Our cookie statement can be found here.
Contact details
Paddle
Galerie Ravenstein 4
1000 Brussels
Belgium
Company number: VAT BE 0428.304.785
If you have any questions about this privacy statement, please contact Paddle via dpo@paddle.be