The privacy of our existing or potential customers if paramount.
Torotoro is fully compliant with the European Union’s GDPR legislation.
See it at GDPR Archives – GDPR.eu
Effective as of 1st January 2023.
Preambulum
Dear EU citizen,
Thank for your visit to the website is Torotoro Ltd.
Data privacy and data security are our reasons of existence.
In the following document we provide you about what data and how are used in our website, www.torotoro.co.nz (hereinafter: the “website”), for what purposes and under what conditions.
All data processing complies with legal requirements in force.
Data processor (hereinafter: “Torotoro”): Torotoro Ltd.
Location: 18K Charlemont Street, Hamilton, Waikato, 3200, New Zealand.
NZBN number: 94-29050907267
Tax number: 137-176-203
Email: contacttorotoro@gmail.com
Data privacy contact: contacttorotoro@gmail.com
Legal basis for data processing
In processing personal data, the primary legal source we use is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016. on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – known as GDPR)
Data processor used for processing in connection with the website: social media, as authorized data processors.
Personal data:
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Principles according to European Union’s GDPR:
- Lawfulness, fairness, and transparency
- Limitation of purpose
- Minimisation of data
- Accuracy of data
- Limitation of storage of data
- Integrity and Confidentiality of data
- Accountability
Legal basis for data processing:
| Given consent to the processing of the personal data for one or more specific purposes.Processing is necessary for a performance.Processing is necessary for compliance with a legal obligation.Processing is necessary for the performance of a task carried out in the public interest.Processing is necessary for the purposes of the legitimate interests. |
We use the following legal sources for data processing in this context:
- GDPR of the European Union
Data processing on website:
Social media:
Torotoro may use social media to popularize its business, e.g LinkedIn, etc.
Roles, responsibilities, and limitations are as stated on each social media platform.
Contact via e-mail:
Data subjects: Anyone using the customer service via e-mail.
Types of personal data processed:
- e-mail address,
- Name,
- Any personal data mentioned in the textbox.
Purpose of the processing: Answering requests for contact, improving the customer experience.
Duration of the processing: If the consent is not withdrawn, Torotoro Ltd. shall process personal data for a 5-year term (in accordance Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016). This duration ensures that Torotoro can pursue and enforce its civil law claims and can defend against any civil law claims of the subjects.
Legal basis of processing: GDPR Article 6 (1) a): consent of the Data subject.
Contact via phone:
Data subjects: Anyone who contacts Torotoro via telephone.
Types of processed personal data:
- Telephone number,
- Name,
- Any personal data which is important for another administration.
Purpose of the processing: Answering the questions, solving and follow up on tasks and problems, traceability. Improving the customer experience.
Duration of the processing: If the consent is not withdrawn, Torotoro shall process personal data for a 5-year term (in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016). This duration ensures that Torotoro can pursue and enforce its civil law claims and can defend against any civil law claims of the subjects.
Legal basis of processing: GDPR Article 6 (1) a): consent of the Data subject.
Personal data processing of person under the age of 16:
Our website is primarily designed for business visitors over 18 years of age.
Therefore, we do not collect personal data under the age of 18. In case of any concern, we refuse processing such data and delete them immediately from our systems.
Your personal data is NOT forwarded to any third party.
Your personal data is NOT subject to automated decision-making including profiling process.
Your rights, as Data Subject
The rights entitled by GDPR are applicable for you during the whole process, and after the process either.
- Right to be informed: you have the right to be informed about the collection and use of your personal data.
- Right of access: you have the right to access and receive a copy of your personal data, and other supplementary information, free of charge.
- Right to rectification: you have the right to have inaccurate personal data rectified or completed if it is incomplete.
- Right to erasure: you have the right for erase your personal data we process – „right to be forgotten”.
- Right to restrict processing: you have the right to request the restriction or suppression of your personal data.
Contact for data privacy issues: contacttorotoro@gmail.com
Supervisory authority for EU citizens:
The European Data Protection Supervisor (EDPS) is the European Union’s (EU) independent data protection authority.
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
Telephone: +32 2 283 19 00
Email: edps@edps.europa.eu
Website: edps.europa.eu
COOKIE DATA PROCESSING POLICY
I. INTRODUCTION OF DATA CONTROLLER
In order to ensure the lawfulness of the internal data processes of Torotoro Ltd. and the rights of the data subjects, the following data protection information is provided.
Name of data controller:
Data processor: Torotoro Ltd.
Location: 18K Charlemont Street, Hamilton, Waikato, 3200, New Zealand.
NZBN number: 94-29050907267
Tax number: 137-176-203
Email: contacttorotoro@gmail.com
Data privacy contact: contacttorotoro@gmail.com
The Data Controller handles personal data in accordance with the provisions of all applicable laws, but primarily in accordance with the laws as follows:
• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Data Protection Regulation) (hereinafter: “Regulation” or “GDPR”).
The Data Controller treats the personal data confidentially, in order to preserve the data, it takes all technical and organisational measures related to the storage and data processing of IT and other secure data processing.
Definitions
The conceptual system of this Data Management Information is the same as the interpretative explanations defined in Section 4 of the Regulation.
When this information decides on information or data processing, it is to be understood as personal data and their processing.
II. DATA PROCESSING PURPOSE: THE MANAGEMENT OF COOKIES ON THE WEBSITE
In order to maintain and develop the services of the website and to enhance the user experience, the Data Controller uses so-called cookies on its website.
What is a cookie?
Cookies are small text identification and information collection files placed on a user’s device by a browser. A cookie is a series of unique numbers that is used primarily to distinguish between computers and other devices that download a website. Cookies have several functions, including collecting information, memorising user settings, and giving the website owner the opportunity to learn about users’ habits in order to enhance user experience.
For what purposes are cookies used?
- To inform visitors about the website.
- To ensure the proper and high-quality operation of the website.
- To measure attendance.
- To create web analytics and analyse how visitors use the website.
- To control and improve the quality of the services provided by the website.
- To enhance user experience.
- To facilitate the management of our webpages.
- To identify malicious visitors attacking our website.
What cookies does the website use?
Detailed information about the cookies used by the website is provided through the website’s cookie manager.
The information collected by cookies is not sold by the website, it is not rented to third parties, except to the extent necessary to provide the services for which the data subject has provided such information in advance and voluntarily.
What is the legal basis for data processing by cookies?
We use cookies that are essential for the use of the website in our legitimate interest in accordance with Section 6(1)(f) of the GDPR, the legal basis for the use of additional cookies is ensured by the consent of the data subject, which can be given through the cookie manager.
How can you check and disable cookies?
In addition to the website’s cookie manager, all modern browsers allow you to change the setting of cookies. Most browsers automatically accept cookies by default, but these can usually be changed to prevent automatic acceptance and offer you the choice of whether or not you allow cookies each time.
As cookies are intended to facilitate or enable the use and processes of the website, by preventing or deleting the use of cookies, users may not be able to use the full functionality of the website, or the website will function differently in your browser.
You can find information about the cookie settings of the most popular browsers at the following links:
Google Chrome: https://policies.google.com/technologies/cookies
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Microsoft Edge: https://support.microsoft.com/hu-hu/help/4468242/microsoft-edge-browsing-data-and-privacy
Microsoft Internet Explorer: https://support.microsoft.com/en-us/topic/description-of-cookies-ad01aa7e-66c9-8ab2-7898-6652c100999d
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
III. THE RIGHTS OF THE DATA SUBJECT WITH REGARD TO DATA PROCESSING
The right to information
The data subject has the right to the information related to data processing, which the Data Controller provides by making this information available.
Consent-based data processing
If the legal basis of a data processing is ensured by the consent of the data subject, he or she has the right to withdraw his or her consent to data processing at any time. However, it is important to know that the withdrawal of consent can only apply to data for which there is no other legal basis for processing. Unless there is another legal basis for the processing of the personal data concerned, the Data Controller shall permanently and irrevocably delete the personal data after the withdrawal of the consent. Withdrawal of consent pursuant to the Regulation does not affect the lawfulness of data processing carried out based on consent prior to withdrawal.
Access rights
At the request of the data subject, the Data Controller shall at any time provide information on whether the processing of the data subject’s personal data is in progress and, if so, provide access to the personal data and the following information:
a) the purposes of data processing,
b) the categories of the personal data of the data subjects,
c) the recipients or categories of recipients to whom or with whom the controller communicated or will communicate the personal data, including in particular third country recipients or international organisations,
d) the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period,
e) the data subject is also informed of his or her right to request the controller to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data,
f) the right to lodge a complaint with a supervisory authority or to institute legal proceedings,
g) if the data were not collected directly from the data subject by the Data Controller, to all available information on the source of the data,
h) where automated decision-making takes place, the fact of that decision, including profiling, and at least the logic used in those cases, i.e. the significance of such processing and the likely consequences for the data subject.
Right to rectification of personal data
The data subject has the right at any time to have inaccurate personal data concerning him/her rectified by the Data Controller without undue delay upon request. Taking into account the purpose of the data processing, the data subject is also entitled to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary declaration.
If a request is made to correct (modify) the data, the data subject must substantiate that the data requested to be modified is true and real, and the data subject must also prove that the person actually entitled to do so requests the data to be modified. This is the only way for the Data Controller to judge whether the modified data is real and, if so, whether to modify the previous data.
Furthermore, the Data Controller draws attention to the fact that the data subject must report the change in his/her personal data as soon as possible, thus facilitating lawful data processing and the enforcement of his/her rights.
Right of cancellation
At the request of the data subject, the Data Controller shall, without undue delay, delete the personal data concerning the data subject if one of the following reasons exists:
a) the data controller no longer needs the personal data for the purpose for which they were collected or otherwise processed,
b) in the case of consent-based processing, the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing,
c) the data subject objects to data processing, and there is no overriding legitimate reason for data processing or objects to data processing for the purpose of direct marketing,
d) personal data is unlawfully processed by the Data Controller,
e) personal data must be deleted in order to fulfil a legal obligation to which the controller is subject under European Union or Member State law,
f) personal data have been collected in connection with the provision of information society services.
Right to restrict data processing
The data subject has the right to restrict data processing by the Data Controller at the request of the data subject if any of the following is met, he/she:
a) disputes the accuracy of personal data; in this case, the restriction applies to the period of time that allows the Data Controller to verify the accuracy of personal data,
b) the processing is unlawful and opposes the erasure of the data and, instead, request a restriction on their use,
c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims, or
d) the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.
Right to object
If the processing of personal data is based on a legitimate interest of the or the processing is necessary for the performance of a task carried out in the exercise of public authority conferred on the data controller, the data subject shall have the right to object at any time to the processing of his or her personal data, including profiling based on those provisions, for reasons related to his or her situation.
If the Data Controller processes the personal data of the data subject for the purpose of direct marketing (i.e. sending information letters), he/she has the right to object at any time to the processing of personal data concerning him/her for this purpose, including profiling, in so far as it relates to direct marketing. If the data subject objects to the processing of his/her personal data for the purpose of direct marketing, the personal data may no longer be processed for this purpose.
Balance of interest test
If the legal basis for the processing of personal data is a legitimate interest of the Data Controller or a third party, the Data Controller shall prepare a written “interest test”, which can be requested by the data subject by sending a letter to the e-mail address of contacttorotoro@gmail.com
Right to data portability
The data subject is entitled to receive the personal data concerning him/her made available to the Data Controller in a structured, widely used, machine-readable format. Furthermore, the data subject is also entitled to transfer such data to another data controller by the Data Controller if:
a) data processing is based on the data subject’s consent or on a contract conclude and;
b) the processing is carried out in an automated manner.
IV. PROCEDURE FOR ENFORCING THE RIGHTS OF THE DATA SUBJECTS
The data subject may exercise the above rights in person by sending an e-mail to contacttorotoro@gmail.com , by post to the Data Controller’s registered office. The Data Controller shall start the examination and execution of the data subject’s request without undue delay upon receipt thereof. The Data Controller shall inform the data subject of actions taken on the basis of the request within 30 days of its receipt. If the Data Controller is unable to comply with the request, it shall inform the data subject of the reasons for the refusal and the right of appeal within 30 days.
Within five years after the death of the data subject, the authorised person is entitled to enforce the rights of the deceased in his/her lifetime set out in this information by an administrative order or a statement in an authentic instrument or a private document of full probative value made to the Data Controller – if the data subject has made more than one, by virtue of a statement made at a later date. If the data subject has not made a corresponding legal declaration, his or her close relative under the Civil Code is still entitled to do so, and – if the data processing has been illegal or the purpose of the processing has ceased with the death of the data subject – to enforce the rights of the deceased during his or her lifetime within five years after the death of the data subject. A close relative who is the first to exercise that right of the data subject shall be entitled to exercise such rights under this Section.
V. RIGHT OF APPEAL IN CONNECTION WITH DATA PROCESSING
In order to enforce the right to judicial remedy, the data subject may apply to a court against the Data Controller if, in his/her opinion, the Data Controller or a data processor or joint data controller acting on our behalf or at our disposal is processes his/her personal data in breach of the provisions laid down in the legislation on the processing of personal data or in a binding act of the European Union. The court shall act out of turn in the case. The trial falls within the jurisdiction of the Regional Court of Law. The lawsuit may also be initiated before the court of the data subject’s place of residence or stay or the data controller’s registered office.
Hamilton, Waikato, New Zealand, 1st January 2023.