Crabnebula Ltd. (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
Crabnebula Ltd.’s registered office is at 27, Triq it-Tramuntana, Birgu, BRG 1160, we are a company registered in Malta under company number C 103590 . Our designated Appointed Person for the organisation is Elizabeth Duck , who can be contacted in writing at the company’s registered address or via email at privacy@crabnebula.dev
Crabnebula Ltd. processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we may collect from you can include:
We collect information in the below ways:
Third-party services that we use that also have access to your personal information:
Fathom Analytics
We want to process as little personal information as possible when you use our website. That’s why we’ve chosen Fathom Analytics for our website analytics, which doesn’t use cookies and complies with the GDPR, ePrivacy (including PECR), COPPA and CCPA. Using this privacy-friendly website analytics software, your IP address is only briefly processed, and we (running this website) have no way of identifying you. As per the CCPA, your personal information is de-identified.
You can read more about this on Fathom Analytics’ website. The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is “Article 6(1)(f); where our legitimate interests are to improve our website and business continually.” As per the explanation, no personal data is stored over time.
Netlify
The site https://crabnebula.dev and https://devtools.crabnebula.dev is hosted on the Netlify platform, which collects some data for each request in their access logs (including the IP addresses of visitors). This means if you visit any page of these sites for any number of times, each page visit results in your IP address being stored in Netlify’s access logs. This information is stored for less than 30 days. See Netlify’s privacy policy for more details.
Processing of Customer and Contract Data
We collect, process, and use personal customer and contract data for the establishment, content arrangement and modification of our contractual relationships. Data with personal references to the use of this website (usage data) will be collected, processed, and used only if this is necessary to enable the user to use our services or required for billing purposes. The legal basis for these processes is Art. 6(1)(b) GDPR.
The collected customer data shall be deleted upon completion of the order or termination of the business relationship and upon expiration of any existing statutory archiving periods. This shall be without prejudice to any statutory archiving periods.
Chargebee Inc.
Chargebee is based in the USA, but operates a completely separate data center in the EU for European customers, which means that no data leaves the EU. In addition, Chargebee uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard contractual clauses are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there.
The following data is transmitted to Chargebee in order to complete the purchase process:
After checkout with Chargebee, the user automatically has a customer profile in our Chargebee instance. This exists for as long as the user account with CrabNebula exists. The Chargebee customer profile can be deleted at the user’s request.
The legal basis is the performance of the contract, Art. 6 para. 1 lit. b GDPR.
Payment Services
We integrate payment services of third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account details, credit card number) are processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6(1)(b) GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment transaction (Art. 6(1)(f) GDPR). Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consent may be revoked at any time for the future.
We use the following payment services / payment service providers within the scope of this website.
Stripe
The provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter ‘Stripe’).
The use of Stripe is likely to involve a data transfer to Stripe, Inc, 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. Stripe is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. This is an adequacy decision within the meaning of Art. 45 GDPR. Further information on the DPF can be obtained here.
Details can be found in Stripe’s Privacy Policy at the following URL: https://stripe.com/privacy.
PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter ‘PayPal’).
It cannot be ruled out that PayPal may also process your data within third countries, in particular the USA. As a suitable guarantee for any third country transfers, PayPal uses binding corporate rules approved by the competent supervisory authorities (for transfers to other companies in the PayPal Group) and (otherwise) standard contractual clauses approved by the EU. You can find more information on this and on data processing in general in the PayPal-Privacy Policy.
Apple Pay
The payment service provider is Apple Inc, Infinite Loop, Cupertino, CA 95014, USA.
The use of Apple Pay is likely to involve a data transfer to Apple Inc, One Apple Park Way, Cupertino, 95014 California, USA. As suitable guarantees for this data transfer to the USA, so-called standard contractual clauses of the EU Commission pursuant to Art. 46 GDPR have been concluded.
You can find more information here:
Crabnebula Ltd. takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes and reasons for processing your personal data are detailed below: -
You have the right to access any personal information that Crabnebula Ltd. processes about you and to request information about: -
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing, (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us; to exercise your data portability rights, and to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Crabnebula Ltd. uses Personio GmbH to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
Crabnebula Ltd. takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
Our services use state of the art SSL and TLS for secure communications. We operate under the principle of least privilege needed, which restricts access to our internal services to only those who need it, and apply security best practices - one of which prevents us from even disclosing all of the measures we take to protect your data.
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. CrabNebula Ltd. does not transfer or store any personal data outside the EU.
Sentry.io
We use Sentry, a failure analysis service for https://web.crabnebula.cloud, https://devtools.crabnebula.dev and the devtools application. This service is provided by Functional Software Inc, 132 Hawthorne Street, San Francisco 94107, California, USA (“Sentry”). ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded. To ensure the technical stability of our services, Sentry is used to log system errors.
The information generated by Sentry is generally transferred to and stored on a Sentry server in the USA. Sentry has submitted to the EU’s standard contractual clauses for this purpose. The data is stored for a maximum of 90 days and then deleted without residue. The data is processed on the basis of our legitimate interest in accordance with GDPR “Article 6(1)(f)”. In order to carry out the error analysis, we have concluded a processing agreement with Sentry in accordance with Art 28 GDPR. Sentry’s terms of use and privacy policy can be found at: https://sentry.io/privacy/.
We enabled server-side data scrubbing on Sentry. Please refer also to https://sentry.io/trust/privacy.
You are not obligated to provide your personal information to Crabnebula Ltd. , however, as this information is required for us to provide you with our services, we will not be able to offer some/all our services without it.
Crabnebula Ltd. only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under Maltese tax law to keep your basic personal data (name, address, contact details) for a minimum of 10 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Occasionally, Crabnebula Ltd would like to contact you (likely via email) with company updates, interesting articles and other content we think might be useful for you. If you consent to us using your contact details for these purposes, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting Crabnebula Ltd directly.
Crabnebula Ltd only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
Crabnebula Ltd
Elizabeth Duck
27, Triq it-Tramuntana, Vittoriosa BRG 1160
privacy@crabnebula.dev
Office of the Information and Data Protection Commissioner (IDPC)
Floor 2, Airways House, Triq il-Kbira, Sliema SLM 1549. MALTA
+356 2328 7100, idpc.info@idpc.org.mt
Last modified: 29.10.2024