1.WHAT DOES THIS PRIVACY NOTICE COVER?

This privacy notice (“Privacy Notice“) describes how we process the personal data of the users of our services, the visitors of www.scienlabs.com (“Website“), our social media sites, webinar participants and any other persons that interact with us directly (“you“).

In case you are a user of an online service provider that uses FraudAvoid as a fraud prevention service provider (“End-user“), please refer to Annex I to this Privacy Notice that specifies the information that applies to you.

At Scienlabs Technologies we are committed to protecting your personal data and respecting your right to privacy.

When we process your personal data on the basis of our legitimate interest (see below under Section 3), you have the right to object to that processing (for further explanation, see Section 5.5). If you wish to exercise this right, please contact us or our Data Protection Officer at the email contact details specified below.

2.DETAILS OF THE DATA CONTROLLER AND THE DATA PROTECTION OFFICER (“DPO”)

The data controller of your personal data is the SCIENLABS entity which is signatory to the agreement with the customer on whose behalf you use our services. In case you are not a user of our services, your data controller is the SCIENLABS entity interacting with you. Based on the above, your data controller is one of the following SCIENLABS group entities (the corresponding SCIENLABS group entity is referred to as “SCIENLABS”, “we”, “us” or “our” in this Privacy Notice): SCIENLABS Technologies Office # 709, Al Qusais Plaza, Damascus Street 3, Al Qusais, Dubai, UAE. PO BOX – 236438

SCIENLABS is a data processor, with regard to the processing of non-direct “End-user personal data”.

For any inquiries about this Privacy Notice, please contact any SCIENLABS entity at the following email address: legal@Scienlabs.com. SCIENLABS appointed a DPO. For any inquiries about this Privacy Notice, you may contact our DPO at dpo@Scienlabs.com

3. WHY AND HOW ARE WE PROCESSING YOUR PERSONAL DATA?

3.1 General

3.1.1 We process your personal data for the following purposes:

• Providing the services, including registration on the Website, providing demos, establishing contractual relationships, and concluding contracts;
• Processing payments from our customers.
• Enhancing our services.
• Ensuring information security of the services and preventing frauds
• Lead generation, sending newsletters and other direct marketing communications
• Providing customer support, providing information on service updates
• Organizing webinars, events.
• Analysis of business performance and managerial decision making. Please find detailed information on the purposes and other relevant circumstances of the processing categorized by the purposes below.

3.1.2 We do not carry out automated decision-making or profiling based solely on automated processing of your personal data as described by Article 22 GDPR.

3.1.3 We process your data acquired via cookies or similar technologies on our Website. Further details on how we use cookies or similar technologies and to submit your preferences, please click here.

3.2 Providing the services, including registration on the Website, providing demos, establishing contractual relationships, concluding contracts

3.2.1 Legal basis:

Our legitimate interest in creating and managing the accounts of our users (i.e. you), provide the services as requested by them, and negotiate our contracts.

3.2.2 Categories of personal data:

Personal data provided by you, for example, contact details, information necessary to create an account, information related to the usage of the services, and communication-related to the services.

3.2.3 Retention period:

2 years which is based on the applicable limitation period for enforcing legal claims and the statutory retention period in case of accounting documents.

3.3 Processing payments from customers

3.3.1 Legal basis:

Our legitimate interest in collecting the fees for the services rendered.

3.3.2 Categories of personal data:

Personal data provided by you, for example, contact details, information necessary to create an account, information necessary for billing, and information related to the usage of the services.

3.3.3 Retention period:

2 years which is based on the applicable limitation period for enforcing legal claims and the statutory retention period in case of accounting documents.

3.4 Enhancing the services

3.4.1 Legal basis:

Our legitimate interest is in improving the existing features of our services and developing new features in order to remain competitive.

3.4.2 Categories of personal data:

Personal data provided by you, for example, contact details, information necessary to create an account, information related to the usage of the services, communication related to the services, and data collected via cookies.

3.4.3 Retention period:

2 years after you canceled your account at the Website or if you do not have an account, from the last interaction with you.

3.5 Ensuring information security of the services and preventing fraud

3.5.1 Legal basis:

Our legitimate interest in providing our services securely for our customers and detecting and avoiding fraudulent use of our services.

3.5.2 Categories of personal data:

Personal data provided by you and personal data that we collect from other sources, in particular, contact details, information related to the usage of the services, data collected via cookies, and public database information.

3.5.3 Sources of the categories of personal data not provided by you

Publicly available open source information.

3.5.4 Retention period:

2 years after the fraud check query is completed.

3.6 Lead generation, sending newsletters and other direct marketing communications

3.6.1 Legal basis:

Data Subject’s Consent

3.6.2 Categories of personal data:

Personal data provided by you and personal data we collected from other sources, in particular, contact details, information necessary to create an account, data collected via cookies, public database information.

3.6.3 Sources of the categories of personal data not provided by you

Webinar organizing partners, business listing pages, social media providers, company email address databases, marketing lead contact search engines, and other business partners.

3.6.4 Retention period:

According to the applicable limitation period for enforcing legal claims or until your consent is revoked

3.7 Providing customer support, providing information on service updates

3.7.1 Legal basis:

Our legitimate interest in helping our customers fixes bugs or unintended functioning of the services in an efficient and timely way to increase our customers’ loyalty and retain our customers.

3.7.2 Categories of personal data:

Personal data provided by you, for example, contact details, information necessary to create an account, information related to the usage of the services, and communication-related to the services.

3.7.3 Retention period:

According to the applicable limitation period for enforcing legal claims.

3.8 Organizing webinars, events

3.8.1 Legal basis:

Our legitimate interest in raising awareness about our services and improving user engagement.

3.8.2 Categories of personal data:

Personal data provided by you, for example, contact details, information necessary to create an account, and communication related to the services.

3.8.3 Retention period:

According to the applicable limitation period for enforcing legal claims.

3.9 Analysis of business performance and managerial decision making

3.9.1 Legal basis:

Our legitimate interest in growing our business by making strategic decisions, and complying with contractual obligations and applicable laws.

3.9.2 Categories of personal data:

Personal data provided by you, for example, contact details, information necessary to create an account, information necessary for billing, information related to the usage of the services, communication related to the services.

3.9.3 Retention period:

According to the applicable limitation period for enforcing legal claims and the statutory retention period in case of accounting documents.

4. HOW DO WE SHARE YOUR PERSONAL DATA?

4.1 Your personal data will be primarily processed by the employees at SCIENLABS for the below listed purposes. This includes sharing your personal data between SCIENLABS group entities. Please note that we may share your personal data with SCIENLABS entities outside the Europe, in particular we may transfer your personal data with our employees working in our organization all over the globe.

4.2 We may share your personal data with the following categories of business partners for the below listed purposes: cloud providers, customer relationship management (CRM) providers, e-signature providers, integration tool providers, payment processors, invoicing tool providers, instant messaging providers, video conferencing tool providers, UI/UX tool providers, public database providers, social media providers, gift card tool providers, data cleansing providers, online form providers, reporting tool providers, online advertising platforms and agencies, analytics tools providers, webinar partners, marketing lead contact search engines, business listing pages, project management tool providers, legal consultants, financial consultants, and public authorities. Please note that we may share your personal data with some business partners outside the Europe, in particular, we may transfer your personal data to various countries all over the globe. We enter into standard contractual clauses adopted by the European Commission with these business partners to ensure the adequate protection of your personal data.

4.3 A copy of the safeguards for international data transfers can be obtained for your review on request by using the contact details specified in this Privacy Notice.

5.YOUR RIGHTS

You have the following rights regarding the processing of your personal data carried out by us:

5.1 Right to access

5.1.1 You have the right to request access to your personal data and obtain information from us regarding (among others): the purpose of processing; what categories of personal data are processed; to whom we transfer or disclose your personal data; for what period we process your personal data; your rights in connection with data processing carried out by us regarding your personal data; your right to lodge a complaint with a supervisory authority regarding the processing; in case we collect your personal data from other sources than from you, any available information as to the source; the existence of automated decision-making and related information, including the logic involved, as well as the significance and the envisaged consequences of such processing for you; whether your personal data is transferred outside the Europe and regarding the conditions of these transfers.

5.1.2 We will provide you with a copy of your personal data in case you require us to do so.

5.2 Providing the services, including registration on the Website, providing demos, establishing contractual relationships, concluding contracts

5.2.1 You have the right to request us to rectify your inaccurate personal data and to request us to complete your incomplete personal data by means of providing us with a supplementary statement.

5.3 Right to erasure

5.3.1 We erase any of your personal data if you request us to do so in the event of the following:

5.3.1.1 Your personal data is no longer necessary for the purpose concerned

5.3.1.2 You withdraw your consent and there is no other legal basis for the processing.

5.3.1.3 You object to the processing and there are no overriding legitimate grounds for the processing (or, in case of direct marketing, you simply object to the processing)

5.3.1.4 Your personal data has been processed unlawfully.

5.3.1.5 Your personal data has to be erased according to relevant laws.

5.3.2 Please note that we are entitled to not erase your personal data if it is necessary – inter alia – for exercising the right of freedom of expression and information, for compliance with legal obligations, and for the establishment, exercise or defense of legal claims.

5.4 Right to restriction of processing

5.4.1 You have the right to obtain a restriction of processing from us where one of the following applies:

5.4.1.1 you have contested the accuracy of your personal data, in which case you will obtain restriction for a period enabling us to verify the accuracy of your personal data.

5.4.1.2 the processing is unlawful, and you oppose the erasure of your personal data and request the restriction of their use instead.

5.4.1.3 we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.

5.4.1.4 you objected to the processing and the verification is pending whether our legitimate grounds override yours.

5.4.2 Please note that we are entitled to not erase your personal data if it is necessary – inter alia – for exercising the right of freedom of expression and information, for compliance with legal obligations, and for the establishment, exercise or defense of legal claims.

5.5 Right to object to processing

5.5.1 You have the right to object to the processing of personal data on grounds relating to your particular situation, where the legal basis of the processing activity is our legitimate interest (or the legitimate interest of a third party). We will no longer process the personal data unless we demonstrate compelling legitimate grounds, which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

5.5.2 You do not need to ascertain grounds relating to your particular situation if your personal data is processed for direct marketing purposes, and we will no longer process personal data if you objected to the processing.

5.6 Right to data portability

5.6.1 If certain conditions apply, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from us. You also have the right to have your personal data transmitted directly from us to another controller, where technically feasible.

5.7 Right to withdraw your consent

5.7.1 You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before its withdrawal.

6. REMEDIES

6.1 In case you do not agree with our response or action, or if you consider that your rights have been infringed, you may lodge a complaint with the data protection supervisory authority in the Europe, place of work or place of the alleged infringement, in particular

7. UPDATES

7.1 Please note that we review this Privacy Notice on occasions and amend it as necessary. When we amend this Privacy Notice, we will announce and publish it by the usual means (e.g., via e-mail or on the Website). We encourage you to review this Privacy Notice regularly.

ANNEX I – SCIENLABS information notice to END-USERS

WHY DID YOU RECEIVE THIS INFORMATION NOTICE?

You received this information notice because an online service provider (where you registered an account or with whom you interacted) uses certain functionalities of SCIENLABS’s services, and, as a result, SCIENLABS became the processor of your personal data.

WHO IS SCIENLABS?

SCIENLABS provides state-of-the-art fraud prevention to online service providers.

WHICH SCIENLABS FUNCTIONALITIES CONCERN YOUR PERSONAL DATA?

There are two functionalities we would like to inform you about in this notice. We provide your online service provider with information (i) on how many times your email address, IP address or phone number was checked in our system, and when was it checked last time, etc. (history data); and (ii) on whether your email address, phone number, IP address, or browser has been flagged as fraudulent in our system, etc. (flag data). We collect these personal data from other online service providers that use these functionalities. We maintain a database of this data. We do not carry out automated decision-making or profiling based solely on automated processing of your personal data as described by Article 22 GDPR when providing these functionalities.

WHY DO WE PROVIDE THESE FUNCTIONALITIES TO ONLINE SERVICE PROVIDERS?

We would like to enhance our fraud prevention service by identifying previously queried data points. We have legitimate interest in building a database of previously queried data points with our customers’ notes for an enhanced fraud prevention service.

HOW DO WE SHARE YOUR PERSONAL DATA?

We share your personal data with SCIENLABS group companies, and we may transfer your personal data with our employees working in our organization all over the globe. We rely on the adequacy decision adopted by the European Commission for transfers of personal data. We share your personal data with our cloud provider and other online service providers that use these functionalities. We transfer your personal data to various countries. We enter into standard contractual clauses adopted by the European Commission with these business partners to ensure the adequate protection of your personal data. You can request a copy of the safeguards for international data transfers by contacting us.

FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?

According to the applicable limitation period for enforcing legal claims.

WHAT ARE YOUR RIGHTS?

Please note that SCIENLABS acts only as a “Data Processor” of any of your personal information that may have been collected by SCIENLABS in our role as a provider of fraud detection services for our customers. Our customer(s) are considered the “Data Controller” of your personal information under the GDPR and they are the only one(s) that can respond to your request. In such cases, we notify our customer(s) of your request without undue delay. Our customer(s) (your Data Controller) must respond to your request. Again, we notify them on your behalf, and they should execute your request, however for further information about your request, you may want to contact them directly. Among other data protection rights, you have the right to object that we include your personal data in these functionalities. You can exercise your rights by contacting our customer(s) (the Data Controller) or us.

WHO CAN YOU CONTACT?

If a SCIENLABS company (either SCIENLABS Technologies Office # 709, Al Qusais Plaza, Damascus Street 3, Al Qusais, Dubai, UAE. PO BOX – 236438 provides the functionalities to the online service provider you use, you can contact any SCIENLABS entity at the following email address: legal@scienlabs.com; or our DPO at: dpo@scienlabs.com.

WHERE CAN YOU FIND INFORMATION ON OTHER SCIENLABS FUNCTIONALITIES?

With regards to other SCIENLABS functionalities not detailed above, the online service providers who you interact with will qualify as the controller of your data. These online service providers will provide you further information in their own privacy notices on how their fraud prevention practices affect your personal data.