Privacy Policy & DPA
RabbitLoader belongs to Yogi Network, hereinafter referred to as the "Company" or "we". The Company respects your privacy rights and recognizes the importance of protecting the Personal Data (as defined below) provided by you.
This Privacy Policy describes how the Company processes the Personal Data you provide to us through the Company's website and it also describes your rights pursuant to the data protection regulations, including the choices available regarding the Company's use of Personal Data or the actions you can take to access this information and request the correction or deletion of such personal information.
The data controller for the processing of personal data through the website RabbitLoader.com (the "Website") is Yogi Network and can be contacted at:
Address: 418 Jawpur Road, Dum Dum, Kolkata, West Bengal, INDIA 700074
E-mail: [email protected]
1. GENERAL INFORMATION
ACKNOWLEDGMENT: By using the Website, you acknowledge that you have read this Privacy Policy and that you understand the practices described herein with respect to the Company's processing of your Personal Data. Also, when creating an account on the Website, you expressly declare that you acknowledged the provisions of this Privacy Policy. This is the Company's entire and exclusive Privacy Policy of RabbitLoader and it supersedes any earlier version.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - the GDPR - is the European law that regulates the data protection processing operations performed through the Website.
Terms used in this document:
"User/you" - the individual or entity who registered on the Website and thus owns a RabbitLoader account.
"Visitor" - the individual or entity who visits the Website without creating an account.
"Customers" - Users that purchased paid plans or installed the product.
"Third Parties" - are other companies and the services they provide us.
"Data Subject" - any identified or identifiable, directly or indirectly, natural person. The Users and Visitors defined above may act as data subjects should they be an identified or identifiable natural person.
"Processor" - the entity acting under the authority and instructions of the controller. For example, the Company acts as a processor for our Customers defined supra.
"Personal Data" - all information which relates to an identified or identifiable natural person. This includes, e.g., items like the name, postal address, e-mail address or telephone number, but also usage data like your IP address.
"Processing" - every process carried out with or without automated assistance or every sequence of such processes in connection with personal data, e.g. obtaining, capturing, organizing, ordering, saving, adjusting or modifying, sorting, accessing, using, disclosing by transmission, distributing or any other form of making available, comparing or connecting, limiting, deleting or destroying.
We Process all personal data in accordance with GDPR principles, as follows:
"Lawfulness, fairness and transparency": the personal data is Processed fairly in relation to the data subject, based on a legal basis provided by GDPR at art. 6, and the data subject is informed on the Processing as requested by art. 13 and art. 14 GDPR.
"Purpose limitation": the purpose for which we Process the personal data is specific, explicit, and legitimate. We do not collect and use data for other purposes than the ones we informed the data subject about.
"Data minimization": we Process the minimum amount of personal data we need; the personal data we collect are adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed.
"Accuracy": the personal data Processed is accurate and where necessary kept up to date. We do not retain old and outdated data in our system.
"Storage limitation": we established and documented the necessary retention period for the personal data we collect and Process for specific objectives. After the retention period is met, the personal data shall be deleted, destroyed, or anonymized.
"Integrity and confidentiality": we handle personal data in a manner ensuring appropriate security, which include protection against unlawful Processing or accidental loss, destruction or damage.
"Accountability": as data controller, we are responsible for proving compliance with the principles of the GDPR mentioned above.
CALIFORNIA-RESIDENT SPECIFIC RIGHTS
If you are located in California, and/or (as applicable) to the extent you are a "consumer" as defined under the California Consumer Privacy Act as amended (CCPA) and RabbitLoader is a "business" as defined under CCPA, following would be applicable for you. Subject to the provisions of the CCPA, you have the right to request in the manner provided herein:
Right to request for information about the:
Categories of Personal Data RabbitLoader has collected about you.
Specific pieces of Personal Data RabbitLoader has collected about you.
Categories of sources from which the Personal Data is collected.
Business or commercial purpose for collecting Personal Data.
Categories of third parties with whom the business shares Personal Data.
Right to request for deletion of any Personal Data collected about you by us:
Data added by you, such as domains you have added under your account can be deleted whenever you like.
If you wish to remove your personally identifiable information stored with us, you can do it yourself either by visiting the profile page under My Account or by sending an email to us at [email protected].
A details instructions is available here to follow if you wish to delete your data stored with us - https://rabbitloader.com/kb/deleting-profile-and-data/
Right to correct inaccurate personal information that we have about you: To access your account login to the portal. If you would like to update your Personal Data which constitutes "personal information" as defined in CCPA, please go to Dashboard => Profile and update your information and save it.
For any other questions please email to [email protected]
We respond to all such requests within a reasonable timeframe in accordance with applicable data protection laws. Also by writing to us, you agree to receive communication from us, which may include, seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Data and any other information as reasonably required to enable us to honor your request.
The type of data and information we collect and use about you are explained in the following sections.
2. WHAT PERSONAL DATA WE COLLECT, HOW WE COLLECT IT AND WHAT WE DO WITH THE COLLECTED PERSONAL DATA
2.1. Creating your account
When the Visitors of our Website sign-up for a RabbitLoader account, we collect their email, their IP address.
The legal ground for this Processing is the performance of a contract, in accordance with Art. 6 (1) b GDPR.
2.2. Running the Services
We Process the Personal Data for taking the necessary actions to offer our Customers the Company's products (e.g. for the proper running of our Web services and of our performance optimization service, to connect our servers to our users/customers servers, where the users website needing optimization are hosted, for maintenance and for building appropriate tools for our clients, etc.), pursuant to Art. 6 (1) b GDPR, for the performance of a contract and Art. 6 (1) f GDPR, on the basis of our legitimate interest.
From the Users of our WordPress plugins and from those who use our API tools, we process the following Personal Data: name and surname, identification data, email, processed images and CDN traffic data, CSS, JS, HTML codes, plugins, themes & tools being used by the website.
From the Customers of web-optimization service, we process the following Personal Data: name and surname, identification data, email, domain name.
We also process data regarding the browser, IP address, timestamp, IP location and also operating system when you access RabbitLoader or any web site that is owned by RabbitLoader.
All the information that is so collected is used for secure logging & website data analytics and preventing fraud.
2.3. Customer Support
The Personal Data is also processed for offering support to Customers, at their request, pursuant to Art. 6 (1) (b) GDPR for the performance of a contract and to Art. 6 (1) (f) GDPR, on the basis of our legitimate interest. In order to help our Customers, we need to use their Personal Data for user identification, for debugging reasons and in order to communicate with the Customers that need assistance. For this purpose, we use a helpdesk & live chat software for helping the Users of our RabbitLoader services. This feature is made by a Third Party service provider we use for customer support. Through this feature we gather the following Personal Data: name, e-mail address, other information provided by clients during the support operations.
The Personal Data Processed for the above scopes consists of: name, e-mail address, domain name and other information provided by the Customer.
2.4. Marketing information
We send emails to inform our Users about new features, service changes, and interruptions of our service, possible errors or bugs. These messages are an important part of our communication with our Users.
The Company may, but is not obliged, to send you strictly service-related announcements on rare occasions, when it is necessary to do so. For example, if our service is temporarily suspended for maintenance, we might send you an e-mail.
The legal basis for this Processing is the performance of the contract (consisting of the Website and Services Terms & Conditions) according to Art. 6 (1) (b) GDPR and our legitimate interest to organize the requests (Art. 6 (1) (f) GDPR).
Generally, you may not opt-out of these communications since they are not promotional in nature. If you do not wish to receive them, you may have the option to deactivate your account.
2.6. Blog management
We also Process Personal Data when we communicate with our blog readers and give them the opportunity to express certain points of view/ questions. In this regard, we are using the services of Third-party for hosting our blog.
For this scope, the following data may be Processed: name and surname (if available), profile picture (if available), comment content. The legal basis for this Processing lays in the performance of our Website's Terms and Conditions (Art. 6 (1) letter (b) GDPR), and in our legitimate interest to communicate, interact and receive feedback from you (Art. 6 (1) letter (f) GDPR).
2.7. Cookies
At the same time, we use both session ID cookies and persistent cookies as part of our Website's interaction with your browser. For more information on the use of cookies and when your prior consent is required, please refer to our Cookie Policy available here.
2.8. Accounting records
For keeping our accounting records and complying with accountability and fiscal legislation, we collect your name, address, purchased services and payment data. The legal basis for this Processing is the performance of the contract (consisting of the Website and Services Terms & Conditions) according to Art. 6 (1) (b) GDPR and our legitimate interest to organize our accounting records (Art. 6 (1) (f) GDPR).
2.9. No sell or share
We will never sell your data and share your data for marketing purposes or for any purpose.
2.10. Location
The data that we collect from you is stored in Singapore and USA and will be processed by staff operating inside India who work for us or for one of our suppliers. Our staff may be engaged in, among other things, the fulfillment of your order and the provision of support services. Your website data will be kept until it is no longer required for the purpose of its collection.
2.11. Data retention & deletion
We will keep your website data saved during using of RabbitLoader services for maximum 90 days after you have cancelled your account as a backup measure in case you want to come back. There are cases when we remove this data much faster if we do usual maintenance work to save disk space. Your account is created once you sign up for our services and add your domain on the Console page afterwards. However, we keep the name & email of the user on our email list until the user is unsubscribed from the list.
Data added by you, such as domains you have added under your account can be deleted whenever you like. If you wish to remove your personally identifiable information stored with us, you can do it yourself either by visiting the profile page under My Account or by sending an email to us at [email protected]. A details instructions is available here to follow if you wish to delete your data stored with us - https://rabbitloader.com/kb/deleting-profile-and-data/
Please note that when we receive such request either upon your action, or via other channels such as support email, your personally identifiable information is either deleted or anonymized. If not deleted, data is anonymized when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping.
3. DATA RECIPIENTS AND DATA TRANSFERS
3.1. Data recipients
Services providers: We may employ third party companies and individuals to perform service-related activities. These Third Parties may access your Personal Data only to perform these tasks on our behalf and are compelled not to disclose or use it for any other purpose.
Also, where these recipients qualify as data processors, they will be contractually bound to respect the same obligations in what regards the protection of Personal Data as that incumbent to us and shall implement adequate technical and organizational measures for the protection of Personal Data, at least at the same level as those implemented by the data controller.
Third parties: Your Personal Data may be provided to governmental and regulatory agencies (e.g. tax authorities), courts or other governmental authorities, in accordance with the provisions of the applicable legislation and in line with art. 6 (1) (c) GDPR, as well as to external consultants acting as data controllers (e.g. lawyers, accountants, auditors, etc.), based on art. 6 (1) (f) GDPR.
3.2. Data transfers
We may transfer your Personal Data abroad, both to countries located within the EU/EEA and to countries outside EU/EEA.
For some of these countries located outside EU/EEA, the transfer of data is recognized by the European Commission as ensuring an adequate level of protection for the Personal Data, in accordance with art. 45 GDPR.
In what regards the recipients located in other countries, by executing Data Transfer Agreements based on Model Contractual Clauses (Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries), in accordance with art. 46 (5) GDPR or by using other adequate means for the transfer of Personal Data, we ensured that all such recipients offer an adequate level of protection for the Personal Data and that adequate technical and organizational measures have been implemented for the protection of Personal Data against unlawful destruction, loss, alteration or unauthorized disclosure.
4. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The Personal Data provided by you to us is only stored for as long as it is required to perform the respective purpose for which you have transmitted your data, or inasmuch as it is required for conformity with statutory or official requirements.
Your Personal Data for taking the necessary actions to offer Customers the Company's products are kept by us for additional 3 years as of the termination of our contractual relation.
As regards your website data saved during using of RabbitLoader services, we will keep this data for maximum 90 days after you have cancelled your account as a backup measure in case you want to come back. There are cases when we remove this data much faster if we do usual maintenance work to save disk space.
We also keep your Personal Data for the duration of our contractual relation for providing you support services and for the purpose of offering you the possibility to formulate your requests to the Company or regarding the Company's products.
For commercial communications transmitted by electronic means, we keep your Personal Data until the moment of transmission of the communication or until you withdraw your consent, in case the request for transmission of commercial communications concerned recurrent communications.
We keep your Personal Data in relation to blogging activities during the existence of the blog or until the deletion of the comment by you.
For the use of cookies for which your prior consent is required, please refer to the Cookie Policy mentioned above in the document.
5. LINKS TO OTHER WEBSITES
The Company's website uses interfaces with social media websites such as Facebook, LinkedIn, Twitter and others. If you choose to "like" or share information from the Website through these services, you should review the privacy policy of that service. If you are a member of a social media website, the interfaces may allow the social media website to connect your site visit to your Personal Data.
We are not responsible for the collection, usage and disclosure policies and practices of other organizations, such as Facebook, Twitter, Google, or any other developer, provider, social media platform, operating system provider, wireless service provider, including any personal information you disclose to other organizations through or in connection with our social media functionalities, therefore we recommend you examine the privacy statements for all Third Party websites, to understand their procedures for collecting, using, and disclosing your Personal Data.
6. DATA SECURITY
We have taken appropriate technical and organizational measures to guarantee data security, in particular to protect your Personal Data against access by Third parties, as well as accidental or intentional modification, loss or destruction.
The Personal Data are kept in safe conditions in accessible electronic format, using the authentication systems of the internal domain, access rights for each User for the allocated resources and in printed format.
The Company protects the privacy and integrity of the information it collects by employing appropriate administrative protocols, technical safeguards, and physical security controls, designed to limit access, detect and prevent the unauthorized access, improper disclosure, alteration, or destruction of the information under its control. The Company transmits the information used by its external service providers for the specific outsourced operations listed above, across public and private networks via recognized encryption technologies, such as by using Secure Sockets Layer (SSL) software, which encrypts the information you input.
7. RIGHTS OF OUR USERS REGARDING THE PERSONAL DATA
Pursuant to the legal requirements established by GDPR, Data Subjects have specific legal rights relating to the personal data we collect from them, as follows:
Right to withdraw consent: Where you have given consent for the Processing of your Personal Data, you may withdraw your consent at any moment.
Right to rectification: You may obtain from us rectification of Personal Data concerning you. We make reasonable efforts to keep Personal Data in our possession or control which are used on an ongoing basis, accurate, complete, current, and relevant, based on the most recent information available to us.
Right to restriction: You may obtain from us restriction of Processing of your Personal Data, if you contest the accuracy of your Personal Data and the legal requirements for the exercising of this right are met.
Right to erasure: You have the right to request that we delete the Personal Data we Process about you. Please note that the deletion of Personal Data can lead to the termination of the service we provide due to technical reasons.
8. TERMINATION
This Agreement shall automatically terminate upon the termination of the Services. The Company shall continue to process the Personal Data for an additional period of 90 days after termination. During this period, the Company shall keep a copy of the Customer's data for security purposes as back up.
Processing of these data by the Company is considered to be compliant to Customer's instructions.
The Company shall erase all Personal Data processed on behalf of the Customer for providing RabbitLoader not later than 90 days following expiry or termination, subject however to any regulatory obligations concerning the retention of the Personal Data applicable to the Company. In such a case the Company shall inform the Customer about such obligations.
BY ADHERING TO THE PROVISIONS OF THE AGREEMENT, the terms of this DPA are also deemed accepted by the Controller and will regulate the data processing activities performed for the scope of the Agreement.
APPENDIX 2
Personal Data Processing activities
Purpose(s) of Processing
Provision of hosting/CDN for the benefit of the Customer.
Category/ies of Personal Data:
- Name and surname, e-mail address, domain name, IP, chat logs, support requests, server logs: connections, authentications, access, errors, timestamp, IP location and also operating system when you access RabbitLoader services or any web site that is owned by RabbitLoader, address, purchased services and payment data. - Data stored and processed by the Customer as: source code, WordPress database, site backups, and folders and files in server directories, CDN etc.
Category/ies of Data Subjects:
- Customers and users of the Customer services.
Provision of Performance optimization services for the benefit of the Customer.
Category/ies of Personal Data:
- Name and surname, e-mail address, images to be processed, IP, timestamp, IP location and also operating system when you access RabbitLoader Image Optimizer or any web site that is owned by RabbitLoader, address, purchased services and payment data.
Category/ies of Data Subjects:
- Customers
Duration of Processing operations of RabbitLoader Services.
Data stored and processed by the Customer during using RabbitLoader are kept by us during the term of the Agreement but not later than 90 days following expiry or termination, subject however to any regulatory obligations concerning the retention of the Personal Data applicable to the Company. In such a case the Company shall inform the Customer about such obligations.
Personal Data processed for the scope of keeping accounting records are kept by us for 10 years as of the end of the financial year in which the invoices have been issued.
Personal Data for taking the necessary actions to offer Customers the Company's products are kept by us for additional 3 years as of the termination of our contractual relation.
Personal Data for providing you support services and for the purpose of offering you the possibility to formulate your requests to the Company or regarding the Company's products are kept by us for the duration of our contractual relation.
Personal Data for commercial communications transmitted by electronic means, are kept by us until the moment of transmission of the communication or until you withdraw your consent, in case the request for transmission of commercial communications concerned recurrent communications.
Personal Data in relation to blogging activities are kept during the existence of the blog or until the deletion of the comment by you.
Personal Data for the use of cookies for which your prior consent is required, please refer to the Cookie Policy mentioned above in the document.
APPENDIX 3
Summary of the Technical and Organizational Security Measures in order to ensure protection of Personal Data
Information Security Program. The Company will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) help Customer secure data against accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to the RabbitLoader Network, and (c) minimize security risks.
Designated Information Security Person: The Company will designate a designated person to coordinate and be accountable for the information security program.
Main points of the information security measures:
Customer access management: Access to Personal Data is only provided to those employees and contractors who have a legitimate business need for such access privileges.
Network Security: RabbitLoader network will be electronically accessible to employees, contractors, and any other person as necessary to provide the services under the Agreement.
Physical security: Access control procedures implemented to prevent unauthorized entrance to Processor's facilities.
Continued Evaluation: The Company will conduct periodic reviews of the security of its network and adequacy of its information security program as measured against industry security standards and its policies and procedures.
Other measures described within the content of the DPA.
Last Updated: This document was last updated on Fri Dec 01 2023.