Security and Privacy - HowToRecycle.xyz

Compliance

HowToRecycle.xyz is the controller of all private information collected, stored and used for the purpose of service provision.

We take the confidentiality of our clients very seriously and take responsibility for the safety of our clients' private information.

We are fully compliant with the data protection legislation of Sweden and the European Union. This document is designed to explain how your data is handled in accordance with the EU General Data Protection Regulation (GDPR).

This Policy outlines the following:

The collection and storage of your private data as a client and our website and the way it is handled;
Sources of obtaining such data;
How we use the data;
How we store the data;
Who we can disclose the data to;
How your data is protected as per current data protection legislation.

Collection, processing and use of personal data

What personal data is collected

Private data is defined by any information related to yourself, which allows to identify you as a private individual such as your name and surname, e-mail address, username.

We collect the following categories of private data:

Email, photo provided by Google OAuth for registered users.

When we use your personal data and how long we store it for

Your email used to identify the same users and provide functions based on your role linked to those users.

Your personal data is used for the following purposes:

We can disclose your personal data to government and law enforcement agencies only in order to comply with the current legislation;
We use your personal contact data to maintain the relationship with you as a Client and improve our service;

We are not storing your data longer than required by the process of providing core functions of our services. In order to determine the duration your data is stored we consider the quantity, nature and sensitivity of your personal data; purposes we need the data for and whether it can be achieved by other means. We also take into consideration the possibility of grievance procedures along with our business rights protection if requested.

Safety of your personal data

We start from the fundamental premise that our customers own their data and control how it is used.

We follow safety procedures whilst storing and disclosing your personal data. From the physical premises to the purpose-built servers, networking equipment, and custom security chips to the low-level software stack running on every machine, entire hardware infrastructure is secured and hardened.

All of the data were using is encrypted in transit and at rest.

All of the site connectivity is encrypted using TLS/SSL (Transport Layer Security) technology. TLS is standard encryption of personal data to be safely passed on via the Internet.

We store all of your data on Google Cloud infrastructure from Google Inc., and they are automatically encrypted at rest and distributed for availability and reliability. This helps guard against unauthorised access and service interruptions.

We authorise only trusted individuals to have legitimate access to systems and data repositories containing customer data. This strict authorisation extends to job duties including debugging and maintenance activities. Access to these systems is under the umbrella of strict policies that are clearly displayed for employees to read and also in the tools they use. Access to customer data is only allowed for a legitimate debugging or maintenance purpose.

Your personal data can be disclosed to third parties for the purposes listed below:

Government, law enforcement and regulatory agencies;
Legal or other professional consultants, judges or law enforcement agencies to protect our business rights as per the legal contract signed by both parties.

Your account

We keep your private data whilst you are using our services. You can refuse to provide your consent for private data processing at any time and delete your personal data by deleting your account on our website.

Cookies

Cookies are small text files, transferred to your hard drive through web-browser for the purpose of users identifying whilst browsing our website. To optimise our website functionality we use cookies. Cookies are used for website traffic analysis, navigation management and other functions. By using our web-site you agree that we can store and use cookies on your device. If you don't like the idea of cookies or certain types of cookies, you can change your browser's settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this or to learn more about cookies, visit internetcookies.org.

Google Analytics

Our website uses Google Analytics web-analysis service by Google Inc. Google Analytics uses cookies to help to identify how users browse the website. IP-anonymiser is in place and only in exceptional cases, full IP-address is sent to Google server to be shortened. Google, representing HowToRecycle.xyz, uses this information to evaluate website traffic, create activity reports and for other services, related to the usage of the website. Your IP-address, sent by your browser, can not be used in conjunction with other information obtained by Google. You can disable cookies by adjusting the settings of your browser.

You can also prevent sending and processing of your data collected by cookies in the process of our website use (including your IP-address) by downloading and installing a plug-in following the link.

External Websites

Our website might contain links to external websites. We can not be held responsible for the confidentiality policies of external websites or their actions such as collecting and processing of your personal data.

Your Users Rights

You have right to:

Request the information about whether we store any personal data and reason for that.
Request access to your personal data.
Request the correction of your personal data.
Request the deletion of your personal information unless we have good reasons to keep it for further processing.
Request the transmission of your personal data in digital and structured form to yourself or other party (data transfer right).
Consent withdrawal. On limited occasions, when you gave your consent to collect, process and disclose your personal data for a certain purpose, y ou can withdraw your consent to process such information at any time. We will stop processing your personal information upon notification receipt about consent withdrawal unless we have other legal grounds to proceed. You can withdraw your consent to use your personal data by sending a request to hi@@howtorecycle.xyz.

Access to your private data is free of charge. However, we might charge a small fee in case if your request is too complex or unreasonable. As an alternative, we might refuse to carry out the request under such circumstances.

If you have any further questions regarding our Privacy Policy or how we process your personal data, please get in touch with one of our representatives via email: hi@@howtorecycle.xyz.

Security Issues Fix Policy

This section describes how and when we resolve security issues. It does not describe the complete disclosure or advisory process that we follow.

Every security issue includes a severity level which is based on our CVSS score for each specific vulnerability. CVSS is an industry standard vulnerability metric.

Service Level Agreement

We have defined the following time frames for fixing security issues and corresponding security levels with the CVSS V3 qualitative severity rating scale:

Critical severity issues (9.0 - 10.0): within 2 days of being reported
High severity issues (7.0 - 8.9): within 1 week of being reported
Medium severity issues (4.0 - 6.9): within 3 weeks of being reported
Low severity issues (0.1 - 3.9): within 2 months of being reported

Changes To Our Policy

We reserve the right to change our data protection measures if this becomes necessary due to technical or legal developments. In such cases, we will be updating the information content of our Privacy Policy.

Security & Privacy Policy