Privacy Policy
1. DEFINITIONS
1.1 Controller – shall mean the THEBIRBNEST OÜ, a company established under the laws of
Estonia with its registered office in Tallinn, address: Harju maakond, Tallinn, Nõmme
linnaosa, Rännaku pst 12, 10917, entered in the register of enterprises kept by the
Registration Department of Tartu County Court, under the No.: 16457724, tax ID number (VAT):
EE102487893.
1.2 Personal Data – shall mean information about a natural person
identified or identifiable by one or more factors specific to physical, physiological,
genetic, mental, economic, cultural or social identity, including device IP, Internet
identifier and information collected through cookies and other similar technology.
1.3
Policy – this Privacy Policy.
1.4 GDPR – Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such data and
repealing Directive 95/46/EC.
1.5 Website – the website operated by the Controller at:
https://www.thebirbnest.com/.
1.6 User – any natural person visiting the Website or
using one or more services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
2.1 In connection with the use of the Website by the User, the Controller collects data to the extent necessary to provide the services offered on the Website, as well as information on the User’s activity on the Website. The detailed principles and purposes of processing of the Personal data collected during the use of the Website by the User are described in the subsequent provisions of the Policy.
3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE WEBSITE[USE OF THE WEBSITE]
3.1 Personal Data of all persons using the Website (including IP address or other
identifiers and information collected through cookies or other similar technologies), are
processed by the Controller:
3.1.1 for the purpose of rendering electronic services within the scope of providing
Users with access to the contents collected on the Website – the legal basis for such
processing is the necessity of processing for performance of a contract (Article 6(1)(b)
GDPR);
3.1.2 for analytical and statistical purposes – the legal basis for such processing is the
Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses
of User activity, as well as of User preferences in order to improve functionalities and
services provided;
3.1.3 if necessary, in order to establish and assert claims or to defend against claims –
the legal basis for such processing is the Controller’s legitimate interest (Article 6(1)(f)
GDPR), consisting of the protection of the Controller’s rights;
3.1.4 for the marketing purposes of the Controller and other entities, specifically related
to the presentation of behavioral advertising – the rules of processing Personal data for
marketing purposes have been described in the “MARKETING” section;
3.2 User activity on the Website, including their Personal data, are recorded in system logs (special computer program used for storing a chronological record containing information about events and actions related to the IT system used for rendering services by the Controller). The information collected in the system logs is processed mainly for the purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, to ensure the security of the IT system and to manage the system, as well as for analytical and statistical purposes – in this regard the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
[SUBSCRIPTION SERVICE AND USER ACCOUNT]
3.3 Personal data of all persons provided by filling in subscription order forms on the
Website are processed by the Controller:
3.3.1. for the purpose of provision of subscription services and creating user account –
the legal basis for such processing is the necessity of processing for performance of a
contract (Article 6(1)(b) GDPR); with regard to data provided optionally, the legal
basis for processing is consent (Article 6(1)(a) of the GDPR);
3.3.2. for the purpose of fulfilling legal obligation, in particular arising from tax and
accounting regulations – the legal basis for processing is a legal obligation to which Controller
is subject (Article 6(1)(c) GDPR);
3.3.3. for analytical and statistical purposes in connection with the use of the user account
and subscription services – the legal basis for processing is the Controller’s legitimate
interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity on the
Website and use of subscription services, as well as User preferences in order to improve
the functionalities used;
3.3.4. for detection of potential abuse – the legal basis for such processing is the Controller’s
legitimate interest (Article 6(1)(f) GDPR), consisting of taking actions to prevent misuse
of the subscription service or user account;
3.3.5. if necessary, in order to establish and assert claims or to defend against claims
– the legal basis for such processing is the Controller’s legitimate interest (Article 6(1)(f)
GDPR), consisting of the protection of the Controller’s rights.
[CONTACT FORM]
3.4 The Controller provides the User with the possibility to contact the Controller using an
electronic contact form. To use the contact form, the User is required to provide Personal
data necessary to send a message. The User may also provide other data to facilitate contact
or handling of the inquiry. Provision of data marked as mandatory is required to send a
message, and lack of such data will result in the unavailability of service. Provision of
additional data is voluntary.
3.5 Personal data of all persons provided by filling in an electronic contact form on
the Website are processed by the Controller:
3.5 Personal data of all persons provided by filling in an electronic contact form on the Website
are processed by the Controller:
3.5.2. for analytical and statistical purposes – the legal basis for such processing is the
Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses
of User activity in order to improve functionalities and services provided.
4. MARKETING
4.1. The Controller processes the Personal data of Users for the purposes of conducting
marketing activities, which may involve:
4.1.1. presenting the User with marketing content which is adjusted to such User’s
preferences (contextual advertising);
4.7.1 for the purpose of providing the newsletter service – the legal basis for such
processing is the necessity of processing for performance of a contract (Article
6(1)(b) GDPR);
4.1.2. presenting the User with marketing content corresponding to such User’s interests
(behavioural advertising);
4.1.3. sending e-mail notifications about interesting offers or content, which in some
cases contain commercial information (newsletter service);
4.2. In order to carry out marketing activities, the Controller in some cases uses profiling.
This means that thanks to automatic data processing the Controller evaluates selected factors
concerning the Users in order to analyse their behaviour or to create a forecast for the future.
This allows for better adjustment of the displayed content to the individual preferences and
interests of the Users.
[CONTEXTUAL ADVERTISING]
4.3. The Controller processes the Personal data of users for marketing purposes in connection
with presenting Users with contextual advertising (i.e. advertising which is not adjusted to
User’s preferences). In such case, Personal data is processed for the purposes of the legitimate
interests of the Controller (Article 6(1)(f) of the GDPR).
[BEHAVIORAL ADVERTISING]
4.4. The Controller and its trusted partners process the User’s Personal data, including
the Personal data collected through cookies and other similar technologies, for marketing
purposes in connection with presenting Users with behavioral advertising (i.e. advertising
adjusted to User preferences).
4.5. For a list of trusted partners of the Controller, please see
the following.
[NEWSLETTER]
4.6 Subscribing to a newsletter by the Users involves the processing of their Personal Data,
such as the Users’ e-mail addresses. Providing the e-mail address is required in order to provide
the newsletter service, and its failure results in the inability to send the newsletter. This
form of communication with the User may include profiling.
4.7 Personal data shall be processed:
4.7.2 in case of sending marketing content to the User within the newsletter – the legal
basis for such processing, including the use of profiling, is the Controller’s legitimate
interest (Article 6(1)(f) GDPR) in connection with the expressed consent to receive the
newsletter;
4.7.3 for analytical and statistical purposes – the legal basis for such processing is
the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses
of User activity, as well as of User preferences in order to improve functionalities and
services provided;
4.7.4 if necessary, in order to establish and assert claims or to defend against claims
– the legal basis for such processing is the Controller’s legitimate interest (Article
6(1)(f) GDPR), consisting of the protection of the Controller’s rights.
5. SOCIAL MEDIA
5.1. The Controller processes Personal data of Users who visit the Controller’s profiles
held in social media (YouTube, Medium, Twitter). The data is processed solely in
connection with running the profile, including for the purpose of informing the Users
about the Controller’s activity and promoting various events, services and products. The
legal basis for the processing the Personal data by the Controller for this purpose is the
Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in promoting its own
brand.
5.2.1. YouTube: Here
5.2. The information indicated in Point 5.1 above does not apply to the processing of Personal
data by respective Controllers of the above-mentioned social media platforms (YouTube, Medium,
Twitter). For detailed information on the purpose and scope of collecting data by social media
platforms, please see the following:
5.2.2. Medium:
Here
5.2.3. Facebook:Here
5.2.4. Discord:
Here
5.2.5. Instagram:
Here
5.2.6. LinkedIn:
Here
5.2.7. Twitter:
Here
6. COOKIES AND SIMILAR TECHNOLOGY
6.1. Cookies are small text files installed on the User’s device. Cookies collect
information facilitating the use of a website, e.g. by remembering User information such
as logins or language preferences. The Controller of the data processed in connection with
the use of cookies is THEBIRBNEST OÜ. On the Website, the Controller uses its own files,
which are installed directly by the Website. Third party cookies, which are cookies from a
domain other than the domain of the site the User is visiting are also used, primarily for
analytics and advertising activities.
6.6. If the User wishes to obtain more information on the specific cookies in this
category, i.e. the names of specific cookies, an overview of the functioning thereof,
or the validity or origin thereof, the User should click on the button available in
the footer of each subpage of the Website. After the cookie’s banner is displayed, the
User should click on “Manage cookies” and then display the “Required cookies” list and
the “Details” button below. 6.11. If the User wishes to obtain more information about the specific files of those
categories, i.e. the names of the specific cookies, an overview of the functioning, or
the validity or origin thereof, please click on the button available in the footer of
each subpage of the Website. After the cookie’s banner is displayed, please click on
“Manage cookies” and then display the “Analytical cookies” or “Functional cookies”
list, and then on the “Details” button under each of the lists. 6.15. If the User wishes to obtain more information about the specific files of this
category, i.e. the names of the specific cookies, the overview of the functioning, or
the validity or origin thereof, he should click on the button available in the footer
of each subpage of the Website. After the cookie’s banner is displayed, he should
click on “Manage cookies” and then display the “Advertising cookies” list, and then on
the “Details” button below.
6.2. The Website uses cookies predominantly to ensure efficient operation of the website, remember
the choices made by the User on the website, and, if the User grants the relevant consents,
also analyse and track movement on the Website and adjust advertising content to User interests.
6.3. Below please find detailed information concerning the cookies used by the Controller on
the Website. The Controller uses the following files: required, functional, analytical and
advertising.
[NECESSARY COOKIES]
6.4. The Controller’s use of the required cookies is necessary for the proper functioning
of the Website. Such files are installed specifically for the purpose of recalling login
sessions, as well as for the purposes of setting privacy options.
6.5. The legal basis for data processing in connection with the application of the required
cookies is the necessity of processing for the purposes of performance of a contract (Article
6(1)(b) of the GDPR).
[FUNCTIONAL AND ANALYTICAL COOKIES]
6.7. Functional cookies are used in order to remember and adjust the Website to the User’s
choices e.g. in terms of language preferences.
6.8. Analytical cookies make it possible to obtain information such as number of visits and
traffic sources of the Website. They are used to determine which pages are more popular, and
to understand how Users navigate the Website by storing statistics about the traffic on the
Website. The processing is done to improve the performance of the Website. The information
collected by these cookies is aggregated and is therefore not intended to establish the identity
of the User.
6.9. The legal basis for the processing of Personal Data in connection with the use of functional
and analytical cookies by the Controller are its legitimate interest (Article 6(1)(f) of the
GDPR), consisting in ensuring the highest standard of services rendered in the Website in connection
with the User’s consent for the registration of such cookies (separately for analytical files
and separately for functional files).
6.10. The processing of Personal data in connection with the use of functional and analytical
cookies is subject to securing the User’s consent for the use of (separately) functional and
analytical cookies through the platform for managing consents for cookies. The consent may
be withdrawn at any time through that platform.
[ADVERTISING COOKIES]
6.12. Advertising cookies enable the adjustment of the presented advertising content to
Users’ interests within the scope of the Website as well as outside the Website. A User’s
interest profile is developed based on the information collected in such cookies and the
User’s activity in other services. Advertising cookies may be installed by the Controller
and its partners through the Website.
6.13. The legal basis for the processing of Personal data in connection with the use of the
advertising cookies by the Controller is its legitimate interests, (Article 6(1)(f) of the
GDPR), involving the promotion of the Controller’s brand and providing information about the
Controller’s current offering, including by presenting Website Users with marketing information
corresponding to their interests based on such Users’ consent for the registration of advertising
cookies.
6.14. The Personal data related to the use of advertising cookies may be processed after obtaining
the User’s consent for applying the consent through the consent management platform. The consent
may be withdrawn at any time through such platform.
7. ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS
7.1. The Controller and its partners use various solutions and tools used for analytical
and marketing purposes. Below you will find basic information about these tools. Detailed
information in this regard can be found in the privacy policy of the respective partner.
[GOOGLE ANALYTICS]
7.2. Google Analytics cookies are cookies used by Google to analyse the use of the Website
by the Users, as well as to compile statistics and reports on the functioning of the Website.
Google does not use the collected data to identify the User nor does it combine this information
to enable identification. Detailed information on the scope and principles of data collection
in connection with this service can be found under the following link:
Here
.
[GOOGLE TAG MANAGER]
7.3. Google Tag Manager is a tag management system created by Google to manage JavaScript and
HTML tags used for tracking and analytics on websites. For more information, please visit the
following page:
Here
.
[BING]
7.4. Bing, Microsoft’s search and advertising network, is used by the Sites for advertising,
display ads and retargeting. For more information on Microsoft’s cookie practices, please visit:
Here
.
[TWITTER]
7.5. Twitter is used by the Website for advertising, display ads and retargeting. For more
information on Twitter’s cookie practices, please visit:
Here.
[GOOGLE ADS AND GOOGLE DISPLAY NETWORK]
7.6. Google is used by the Website for advertising, display ads, retargeting, and organic search.
To opt out of Google’s use of cookies, please visit:
Here
.
[SEMrush]
7.7. The Birb Nest and its portfolio of companies use SEMrush to analyse website traffic data
and SEO efforts. For SEMrush’s cookie policy, and information on how to control or delete cookies,
please visit:
Here
.
[SURVEYMONKEY]
7.8. SurveyMonkey is an online survey platform that The Controller uses occasionally to collect
participants’ opinions and feedback. For more information on SurveyMonkey’s privacy policies,
please visit:
Here
.
[YOUTUBE]
7.9. YouTube is a video-sharing website that enables users to upload, view and share videos.
The Website contains embedded videos and/or directs users to the YouTube site. The videos shown
on The Birb Nest channel include those that include events, testimonials, and employees of
The Birb Nest and its related companies. Whenever a YouTube video is played or a still frame
of a video is shown on our web site, a communication connection will be established with the
corresponding YouTube server to exchange various data. These include the IP address of your
computer, as well as previously stored cookies and information stored during previous contacts
with YouTube. If no data has been stored before, the service will set an initial cookie on
your computer. Whenever you contact a YouTube service, that service will also receive information
about your YouTube account, in case you have one. When you interact with the video (e. g.,
by clicking the start, pause or stop button), details about these interactions will also be
transmitted to the provider. You can terminate the data processing session by visiting a page
that has no video content and deleting all cookies from your computer. Further information
about YouTube’s data processing and data protection policies is available at
Here
.[A13] [A14]
[GODADDY]
7.10. The Godaddy is a secure web hosting platform, complete with cPanel, used by the Controller
for a DNS hosting. For more information on Godaddy’s Privacy Policy, please visit the following
page:
Here
.
[KNOWHOST]
7.11. Knowhost is a globally VPS hosting provider, used by the Controller for website files
hosting. For more information on Knowhost’s Privacy Policy, please visit the following page:
Here
.
[WORD PRESS]
7.12. Word Press is a free and open-source content management system (CMS) written in PHP and
paired with a MySQL or MariaDB database with supported HTTPS, used by the Controller to manage
and design website template and features. For more information on WordPress’ Privacy Policy,
please visit the following page:
Here
.
[WOO-COMMERCE]
7.13. Woo-commerce is a customizable, open-source eCommerce platform built on WordPress, used
by the Controller to manage customers, customer orders, and customers memberships. For more
information on Woo-commerce’s Privacy Policy, please visit the following page:
Here
.
[STRIPE]
7.14. Stripe is a suite of APIs powering online payment processing and commerce solutions for
internet businesses, used by the Controller to receive credit card payments. For more information
on Stripe’s Privacy Policy, please visit the following page:
Here
.
[COINBASE COMMERCE]
7.15. Coinbase commerce is an enterprise digital payment service offered by cryptocurrency
exchange and wallet service Coinbase, used by the Controller to receive Cryptocurrency payments.
For more information on Coinbase commerce’s Privacy Policy, please visit the following page:
Here
.
[HOTJAR]
7.16. HotJar is a tool that allows the Controller to analyze user activity on the website,
such as through satisfaction surveys, and by anonymously gathering click information on each
website. The tool does not identify you. Details of the data collected through HotJar and how
to deactivate user monitoring are available at
Here
.
[METORIK]
7.17. Metorik is an all-in-one analytics solution for WooCommerce stores, used by the Controller
to reports. For more information on Meteorik’s Privacy Policy, please visit the following page:
Here .
8. MANAGING COOKIE SETTINGS [A15]
8.1. Any use of cookies for the purpose of collecting data via such cookies, including
obtaining access to data recorded on the User’s device, requires the User’s prior consent.
The Controller secures the User’s consent in the Service through the cookies consent
management platform. Such consent may be withdrawn at any time.
8.2. Consent is not required only in the case of cookies which must be applied to render any
telecommunication services (data transmission for the purposes of displaying content) – the
User does not have the option of disabling such cookies if he/she wishes to continue use of
the Website.
8.3. Consent for the collection of cookies at the Website may be withdrawn through the
cookies consent management platform. The User may go back to the banner by clicking on
the button available in the footnote of each subpage of the Website.
8.4. After clicking on the banner, the User may withdraw consent by clicking on the “Manage
cookies” button. Then it is necessary to move the scrollbar/uncheck a checkbox in the relevant
category of cookies and click on “Save preferences and close”.
9. DURATION OF PERSONAL DATA PROCESSING
9.1. The duration of data processing by the Controller depends on the type of service
provided and the purpose of processing. As a rule, the data is processed for the duration
of the service provision or order processing, until the withdrawal of the expressed
consent or filing an effective objection to data processing in cases where the legal basis
of data processing is the legitimate interest of the Controller.
9.2. The duration of data processing may be extended if the processing is necessary to establish
and assert possible claims or to defend against claims, and thereafter only in the case and
to the extent required by law. After the end of the processing time-span, the data is irreversibly
deleted or anonymized.
10. RIGHTS OF THE USER
10.1. The User shall have the right to access the content of the data and to request
rectification, erasure, restriction of processing, the right to data portability and the
right to object to the processing of the data, as well as the right to lodge a complaint
with the supervisory authority dealing with the protection of Personal Data.
10.2. To the extent that the User’s data are processed on the basis of consent, this consent
may be withdrawn at any time by contacting the Controller by email at support@thebirbnest.com.
10.3. The User has the right to object to the processing of data for marketing purposes if
the processing is carried out in connection with the legitimate interest of the Controller,
as well as – for reasons connected with the User’s special situation – in other cases where
the legal basis of the data processing is the legitimate interest of the Controller (e.g. in
connection with the analytical and statistical activities).
11. DATA RECIPIENTS
11.1. In connection with the provision of services, Personal Data will be disclosed to
external entities, including in particular providers responsible for the operation of IT
systems and entities such as marketing agencies (within the scope of marketing services).
11.2. The Controller reserves the right to disclose selected information concerning the User
to competent authorities or third parties, who will submit a request for such information on
the basis of an appropriate legal basis and in accordance with the provisions of the law in
force.
12. TRANSFER OF DATA OUTSIDE THE EEA
12.1. The level of protection for Personal data outside the European Economic Area (EEA)
differs from that provided by the EU law. For this reason, the Controller transfers
Personal data outside the EEA only when necessary and with an adequate level of
protection, primarily by:
12.1.1. cooperating with processors of Personal data in countries for which there has
been a relevant European Commission decision finding an adequate level of protection
for Personal Data;
12.1.2. use of standard contractual clauses issued by the European Commission;
12.1.3. application of binding corporate rules approved by the relevant supervisory authority.
12.2. The Controller shall always give notice of its intention to transfer Personal data outside
the EEA at the stage of its collection.
13. CONTACT DETAILS
13.1. Contact with the Controller is possible through the e-mail address
contact@thebirbnest.com or the correspondence address: Harju maakond, Tallinn, Nõmme
linnaosa, Rännaku pst 12, 10917.
13.2. Contact with the Estonian Data Protection Authority is possible through the e-mail address
info@aki.ee or at the contact details
indicated at
www.aki.ee.
14. CHANGES TO THE PRIVACY POLICY
14.1. The Policy shall be reviewed on an ongoing basis and updated as necessary.
14.2. The current version of the Policy has been adopted and is effective as of.
Always feel free to contact support @thebirbnest.com or contact @SisterBirb Admin#1801 through direct message on our Discord.