Privacy policy

Last updated: 15 January 2022

Introduction

This Policy is intended to help you understand:

  • why we collect your personal data;
  • how we collect, use, and store your personal data;
  • which rights relating to your personal data you have;
  • how you can exercise the rights relating to your personal data;
  • how we use cookies and other tracking technologies;
  • how we share and disclose your personal data.

FormDesigner is located in Kharkiv, Ukraine.

We act as a data controller and a data processor in relation to the personal data you provide depending on the factual circumstances of the processing.

Individual entrepreneur Shamshur Ivan Olegovich, acting under the laws of Ukraine, taxpayer identification number (TIN) 3127802812, representing web-service FormDesigner ("we", "us", "our", "Company", "FormDesigner") cares about your privacy and therefore provides you with the information hereunder. On this page, you can learn what information about you we collect while you interact with FormDesigner, what for and how we use, store, disclose your personal data, etc., as well as how we process personal data you provide us with.

This Privacy Policy ("Policy") describes how we handle the data you provide us with through website https://formdesigner.pro ("Site"), and social media such as Facebook, Yandex, Vkontakte, Google, Twitter ("social media"). Such treatment may include without limitation, the following:

  • collection;
  • recording;
  • organization;
  • storage;
  • structuring;
  • adaptation;
  • alteration;
  • retrieval;
  • consultation;
  • use;
  • disclosure by transmission;
  • dissemination or otherwise making available;
  • alignment or combination;
  • restriction; and
  • erasure or destruction.

FormDesigner acts as a data controller and a data processor in relation to the personal data you provide depending on the factual circumstances of the processing.

You can be our visitor or customer (collectively "users"):

  • You are a visitor when you visit the Site without creating an Account;
  • You are a customer or customer’s representative ("customer") when you use the Site through your Account in order to receive our Services;
  • You are a client when you submit your personal data to the customer through the web forms created during our provision of Services.

When you submit your personal data through our Site, you may be asked to consent to our processing of the personal data you provide as explained in this Policy to enable us to provide you with the information or service requested, if no other legal ground can be used.

You may contact us using the following details:

  • Our address: Ukraine, Kharkiv, 162V Akademika Pavlova Street, bldg. 45
  • Our email: [email protected]
  • Telegram: @FormDesignerChatBot

Definitions

To facilitate your understanding of this Policy, we explain the usage of some of the definitions listed here in accordance with the GDPR.

We use the following definitions in this Policy:

"data controller" means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.

"joint controllers" means two or more controllers jointly determining the purposes and means of processing.

"data processor" means the natural or legal person who processes personal data on behalf of the data controller.

"data subject" is any living individual who is using our Site.

"personal data" means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.

"processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Account" means a personal account of the customer on the Site using which the customer can access and use our Services.

"Services" means providing access to the functionality of the Site as described in the FormDesigner’s Terms of Service.

"Contractors" means our outsource technical specialists, sales and marketing specialists, and outsource legal professionals.

"Service providers" mean third parties which provide their services to FormDesigner, including without limitation cloud storages (CDN Cloudflare, Amazon S3, CDN CloudFront), statistical and analytical services (Google Analytics, Facebook pixel), payment operators (Fondy, Interkassa, Webmoney), widgets (Jivo, AnyComment), marketing service providers (SendPulse).

Data Collection

We collect and process the information you provide us with in accordance with this Policy.

We act as a controller in relation to the different categories of personal data, such as visitors’ and customers’ data and we act as a processor in relation to clients’ data as specified in the "Personal Data We Collect" section.

We collect the information through the registration form, the feedback form, online chat on the Site, feedback requests, social media, email, and process it as a data controller. We collect the information provided by the clients through web forms as a data processor.

We use your personal data we collected only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.

We may use information collected from Google APIs for your benefit and it will comply with the Google API Services User Data Policy, including restricted use requirements.

We do not sell your data.

We DO NOT use automated decision-making and profiling.

Personal Data We Collect

We may process the following personal data of our visitors:

Purposes Type of personal data Legal grounds Third Parties recipients Source
    To:
  • answer the visitors’ requests submitted through the chat on the Site, email, feedback form, and via feedback request;
  • communicate with visitors in the context of the performance of services.

Contact Information: full name, email address, or other information you may provide to us.

Message information: any information if it contains personal data.

Performance of a contract (Article 6(1)(b)) Service providers, Contractors Site, email, social media
  • suggest and notify visitors about the services of the Company and conduct other sales and marketing activities, including by outreaching third parties sending you customized advertisements or conducting marketing campaigns.

Contact Information: full name, login, email address.

Our legitimate interest (Article 6(1)(f)) Service providers, Contractors Site, email, social media
  • enhance user experience.

Identifiers: IP address, data obtained from the cookies.

Usage data: language settings, access time, address of the requested page, information about the user's browser (or another program through which the Site is accessed).

Your consent (Article 6(1)(a)) Service providers, Contractors Site
  • prevent any fraudulent actions or intervention of the malware and improve our technical and information security measures.

Identifiers: IP address, data obtained from the cookies.

Usage data: language settings, access time, address of the requested page, information about the user's browser (or another program through which the Site is accessed).

Our legitimate interest (Article 6(1)(f)) Service providers, Contractors Site
  • record the processing activities under art. 30 of the GDPR and comply with other applicable laws.

Contact Information: full name, email address, or other information you may provide to us.

Message information if it contains personal data.

Identifiers: IP address, data obtained from the cookies.

Usage data: language settings, access time, address of the requested page, information about the user's browser (or another program through which the Site is accessed).

Legal obligation (Article 6(1)(c)) Service providers, Contractors Site, email, social media

You can find more information regarding how we use cookies in our Cookies Policy.

We may process the following personal data of our customers:

Purposes Type of personal data Legal grounds Third Parties recipients Source
    To:
  • answer the customers’ requests submitted through the chat on the Site, email, feedback form, and via feedback request;
  • communicate with customers in the context of the performance of services.

Contact Information: full name, email address, or other information you may provide to us.

Message information: any information if it contains personal data.

Performance of a contract (Article 6(1)(b)) Service providers, Contractors Site, email, social media
  • register and maintain Account.

Contact Information: full name, email address.

Performance of a contract (Article 6(1)(b)) Service providers, Contractors Site, social media
  • suggest and notify customers about the services of the Company and conduct other sales and marketing activities, including by outreaching third parties sending you customized advertisements or conducting marketing campaigns.

Contact Information: full name, email address.

Our legitimate interest (Article 6(1)(f)) Service providers, Contractors Site, email, social media
  • to identify the customer to conclude an agreement with him/her regarding our Services.

Contact Information: full name, email address.

Our legitimate interest (Article 6(1)(f)) Service providers, Contractors Site, email, social media
  • provide chargeable services to customers and get appropriate remuneration.

Payment Information: customers’ identifier, email address, full name, country code, address (city, state, zip code), company name, name of a payment processor, bank details, payment status.

Performance of a contract (Article 6(1)(b)) Service providers, Contractors Site
  • analyze customers’ behavior and statistics in order to provide them with personalized content and offers.

Personalization information: history of Site’s visits, orders, search results.

Your consent (Article 6(1) (a)) Service providers, Contractors Site
  • prevent any fraudulent actions or intervention of the malware and improve our technical and information security measures.

Identifiers: IP address, data obtained from the cookies.

Usage data: language settings, access time, address of the requested page, information about the user's browser (or another program through which the Site is accessed).

Our legitimate interest (Article 6(1)(f)) Service providers, Contractors Site
  • record the processing activities under art. 30 of the GDPR and comply with other applicable laws.

Contact Information: full name, email address, or other information you may provide to us.

Message information if it contains personal data.

Identifiers: IP address, data obtained from the cookies.

Usage data: language settings, access time, address of the requested page, information about the user's browser (or another program through which the Site is accessed).

Personalization information: history of Site’s visits, orders, search results.

Payment Information: customers’ identifier, email address, full name, country code, address (city, state, zip code), company name, name of a payment processor, bank details, payment status.

Legal obligation (Article 6(1)(c)) Service providers, Contractors Site, email, social media, web-forms

We may process the following personal data of our clients:

Purposes Type of personal data Legal grounds Third Parties recipients Source
    To:
  • enable customers to restore data provided by the clients through web-forms created during the provision of Services;
  • enable customers to access data provided to them by clients through web forms created during the provision of Services.

Web forms data: any personal data which may be provided by customers’ clients through web forms created during the provision of Services.

Performance of a contract (Article 6(1)(b)) Customers, Contractors Web forms
  • record the processing activities under art. 30 of the GDPR and comply with other applicable laws.

Web forms data: any personal data which may be provided by customers’ clients through web forms created during the provision of Services.

Legal obligation (Article 6(1)(c)) Service providers, Contractors Site, email, social media

IMPORTANT: upon processing of payments using services of a payment processor, such payment provider may collect your e-mail address, phone number, billing address, credit card details and expiry date and other personal data it considers as necessary for the provision of services. Such collection of personal data is regulated under the rules and policies of payment processors. We are not responsible and hold no liability regarding your personal data collected by third-party websites. We advise you to access the payment processors’ websites carefully and always check their policies and rules regarding the collection of your personal data.

Cookies

Cookies are small text files that websites send to your browser. They are stored on your device, which might be a personal computer, a mobile phone, a tablet or any other device.

We use them to enhance your user experience and provide a significant level of protection to your personal data.

You may withdraw your consent to be tracked by the cookies unless they are necessary or preferential to provide you with our services.

When collecting and processing cookies, we act as a data controller.

We use cookies to enhance your user experience and provide a significant level of protection to your personal data, namely to:

  • recognize your device and save the actions you have previously made;
  • define you as a unique user;
  • analyze your usage of the Site to improve our services;
  • ensure the functionality of the Site;
  • conduct our marketing campaigns;
  • prevent fraudulent activity.

We use four types of cookies:

  • Necessary;
  • Functional;
  • Analytical;
  • Marketing.

You may advise yourself with detailed information on the categories of cookies here.

Grounds for processing

Our grounds for processing your personal data are:

  • your consent;
  • legitimate interests;
  • performance of a contract;
  • legal obligation.

We do not collect sensitive personal data and ask you to refrain from sharing such data.

PLEASE NOTE! Customers act as data controllers with regard to clients’ personal data collected through web forms created during our provision of Services. Therefore, customers shall be liable for obtaining personal data lawfully, including sensitive personal data, e.g. based on the explicit consent of the client under Article 9(2)(a) GDPR. If you are submitting your sensitive personal data via the abovementioned web forms, take into account with whom you share your personal data, whether the data controller provides necessary organizational and technical measures to keep your data safe. The best way to do so is to read the data controller’s Privacy Policy.

We collect and process your personal data in accordance with the provisions of the GDPR.

GDPR provides an exclusive list of lawful bases allowing us to process the personal data. During the personal data processing we rely only on four of them, namely:

Article 6.1(a): consent

We collect the information you choose to give us, and we process it under your consent. We require the minimum amount of your personal data that is necessary to provide you with personalized content and offers.

You may withdraw your consent to the processing of your personal data at any time. Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may NOT withdraw your consent to the processing of your personal data on a basis of the performance of a contract between you and the Company or on a basis of the Company’s legitimate interests.

You may withdraw the consent to the processing of your personal data by sending us an email at [email protected], a message via the Site’s online chat form, or by contacting us in any other way convenient for you.

Article 6.1(b): performance of a contract

When you provide us with the personal data during the registration of the Account on the Site, this can be deemed as your request to form a contract or to perform a contract between you and us. However, we may ask you to give us clear consent in case of doubt.

Article 6.1(c): legal obligation

We process your personal data to fulfil the applicable legal obligations arising mainly under the GDPR. If you send us the request to fulfil the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.

Article 6.1(f): legitimate interests

We process your personal data to prevent any fraudulent actions and to provide you and other users with the desired services. Also, we need some data to enable our Site to run smoothly and give you and other users a pleasant user experience. We use only strictly necessary data under this legal ground.

Data Security, Integrity and Retention

We will store and process your personal data for as long as needed to provide you or other users with the services.

Also, you may request erasing of your personal data by contacting us.

We store the data you have provided us with for the entire period when you use our Services.

We may delete clients’ personal data you collected via web forms within 3 (three) months from the day you have terminated your subscription to the Services in accordance with the FormDesginer’s Terms of Service unless you request us to delete your data earlier. We will keep your data which you have provided through the Account for 3 (three) years from the day you have terminated your subscription to the Services in order to be able to provide you with Services when you re-subscribe to our Services once again.

We store identifiers and usage data for the period specified in our Cookie Policy.

We may not delete or anonymize your data if we are compelled to keep it under article 30 of the GDPR and other applicable laws.

You may request us to delete your personal data using the relevant functionality of the Site, by sending us an email at [email protected], through online chat, or by contacting us in any other way convenient for you.

We have implemented appropriate organisational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

Data Sharing and Disclosure

We only transfer your personal data to third parties according to the requirements of GDPR. Where possible, we always enter into data processing agreements (DPAs) and Non-Disclosure Agreements (NDAs) with our third parties.

We may disclose the personal data to third parties, including those located outside the EU and EEA, provided that proper safeguards are put in place and the applicable local laws do not put your rights at risk.

We may receive clients’ personal data from customers. If you as a customer provide us with clients’ data, such transfer shall be based on the DPA conducted between customer and FormDesigner based on the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council. DPA defines the respective rights and obligations of customer and FormDesigner, also ensuring the confidentiality, integrity and security of such transfer.

We may share customer’s personal data as a data controller to joint controllers and data processors in accordance with provisions specified hereafter.

Sharing personal data with joint controllers

We act as a joint controller while cooperating with Facebook. In respect to this case of personal data processing, we are the party to the Facebook Joint Controllership Addendum that has the status of the joint controllers’ agreement in the meaning of Article 26 of the GDPR. Namely, we and Facebook act as joint controllers with regard to marketing and statistical data collected by Facebook and shared with us via Facebook pixel.

When we act as a joint controller to particular processing of personal data, a data subject may exercise his/her rights under the GDPR in respect of and against both Facebook/our users and us.

Sharing personal data with data processors

There are many features necessary to provide you with our services that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.

Therefore, we may share and disclose your personal data to the following data processors (Service Providers):

  • CDN Cloudflare (Cloudflare, Inc., USA): to store clients’ and customers’ personal data securely. You may read its Privacy Policy here.
  • Amazon S3 (Amazon.com, Inc., USA): to provide secure transfer and storage of personal data on the servers. You may read its Privacy Notice here.
  • Google Analytics (Google LLC, USA): to analyse statistical data on how the visitors and customers use the Site in order to improve its functionality. You may read its Privacy Policy here.
  • Jivo (JivoSite LLC, Russia): to enable users to communicate with the Company via online chat on the Site. You may read its Privacy Policy here.
  • Fondy (FONDY LTD, UK): to make online payments available on the Site for accepting Company’s remuneration for the provided Services. You may read its Privacy Policy here.
  • Interkassa (Interkassa LLC, Georgia): to make online payments available on the Site for accepting Company’s remuneration for the provided Services. You may read its Privacy Policy here.
  • Webmoney (WM Transfer Ltd.): to make online payments available on the Site for accepting Company’s remuneration for the provided Services. You may read its Privacy Policy here.
  • AnyComment (Russia): to enable customers to add their commentaries on the Site. You may read its Privacy Policy here.
  • CDN Amazon CloudFront (Amazon.com, Inc., USA): to distribute downloaded files to users to provide them with fast and uninterrupted access to such files. You may read its Privacy Notice here.
  • SendPulse (SendPulse Inc., USA): to perform our marketing campaigns. You may read its Privacy Policy here.

We may disclose some of your personal data to our Contractors in order to:

  • improve our Site and your experience;
  • deliver the functionality of the Site;
  • provide you with better service;
  • communicate with you at your request;
  • send you newsletters and increase sales;
  • keep our business activities compliant with the relevant laws and regulations.

We may transfer your personal data to countries outside the EU and EEA that are not determined to offer an adequate level of data protection on the basis of Article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.

We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously.

Transferring your personal data outside of the European Economic Area

We may transfer your personal data to third countries outside the EU and the EEA under Article 46 of the GDPR on the appropriate safeguards, including the standard contractual clauses (SCC).

For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the standard contractual clauses (SCC).

We disclose your personal data to the countries outside the EU and the EEA, in compliance with the standard contractual clauses (SCC) approved by the European Commission in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons. We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA. e.g., prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity, and availability of the personal data, etc.

Data Subject Age

We undertake best possible efforts to secure the processing of personal data belonging to the underage.

We do not collect and process personal data of children under 16 (unless the specific country sets the lower limit) in the EU without prior parental consent.

By registering on the Site and entering into the contract with the Company, you acknowledge that you have reached the age of 16 (unless the specific country sets the lower limit) and under the laws of your country of residence you have all rights to provide us with your personal data for processing. When you submit your personal data to us, you may be asked to expressly consent to the collection and processing of your personal data.

If you are under 16, please ask your parent or any other legal guardian to submit a parental consent at the email [email protected].

If you have any reason to believe that a child under the age of 16 (unless the specific country sets the lower limit) has provided his/her personal data to us, please contact us at [email protected].

Your Rights

You may exercise the following rights under the General Data Protection Regulation (GDPR):

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object to processing;
  • right to data portability;
  • right to lodge a complaint;
  • right to withdraw consent.

You may exercise the following rights by submitting your request at [email protected].

If we receive any complaint, claim or request from the data subject which shall be completed by our joint controller, we immediately notify it of such request and inform the data subject on the applied measures and further performance steps regarding serving such complaint/claim/request.

Rights under the GDPR:

  • right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing, and disclosure of that personal data;
  • right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data;
  • right to erasure (right to be "forgotten") means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws;
  • right to restriction of processing means that you may ask us to restrict processing where:
    1. your personal data is not correct or outdated;
    2. the processing is unlawful.
  • right to object to the processing means that you may raise objections on grounds relating to your particular situation;
  • right to data portability means that you may ask us to transfer a copy of your personal data to another organisation or to you;
  • right to lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data;
  • right to withdraw the consent when your personal data are processed on a basis of your consent (see section Grounds for processing).

You may submit the complaint to the supervisory authority of your place of residence within the EU or to the data protection authority stated in this Policy.

Data Protection Authority

We kindly ask you to contact us directly so that we can quickly answer your question.

We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may use our email to address your inquiries: [email protected].

In some cases, you have the right to lodge a complaint about our use of your personal data with a data protection authority. For more information, please contact the data protection authority of your country of residence. The list of EU data protection authorities you may find here.

Changes to the Privacy Policy

We may change this policy from time to time due to the different purposes. We will notify you of such material changes through means available to us.

This Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements, or for other purposes. We will send notice to you if these changes are dramatic and where required by applicable laws, we will obtain your consent. Also, we encourage you to regularly review this Policy to check for any changes.

Such notification may be provided via your email address, post in our social media accounts, or announcement on the Site and/or by other means, consistent with applicable law.

Contact us

Please contact us if you have any questions about your personal data or problems with our Site.

If you have any issues concerning the usage of our Site, please do not hesitate to contact us through:
Email address: [email protected]