Privacy Policy

The Policy below has been effective since December 13, 2023.      

Contents

Introduction

Definitions

Data Collection

Grounds for Processing

Use of Your Personal Data

Data Security, Integrity and Retention

Data Sharing and Disclosure

Data Transfer Outside the European Economic Area

Links to Third-Party Websites

Data Subject Age

Data Subject Age under the COPPA

Rights That You Have Under the GDPR

Data Protection Authority under the GDPR

California Residents’ Privacy Rights under the CCPA and CPRA

Assignment

Changes And Updates to This Privacy Policy

How to Contact Us

Introduction

This Privacy Policy (“Policy”) applies between you and BuyTopLikes LTD LTD ( BuyTopLikes LTD”, “BuyTopLikes” “Company”, “we”, “us”, “our”), the owner and provider of this website https://buytoplikes.com/ (“Website”). For more information about us, see the “How to Contact Us” section of this Policy.

This Policy is incorporated into and subject to our Terms of Service. Capitalized words used but not defined in this Policy have the meaning given to them in the Terms of Service. This Policy applies only to information gathered online through the Website and describes how we handle the data you provide with us. 

Such treatment may include, but is not limited to, the following: 

  • collection; 
  • recording; 
  • organization; 
  • storage; 
  • structuring; 
  • adaptation; 
  • alteration; 
  • retrieval; 
  • consultation; 
  • use; 
  • disclosure by transmission; 
  • dissemination or otherwise making available; 
  • alignment or combination; 
  • restriction; and 
  • erasure or destruction.

When processing your personal data, we can act as a data controller under the GDPR and a business under the CCPA respectively.

You can be our visitor, customer or user:

  • You are a visitor when you merely browse this Website and provide us with your data via cookies and other tracking technologies, or contact us via email, online chat, our social media accounts;
  • You are a customer when you submit your personal data through a payment form on this Website and/or contact us via available options for assistance, leave us feedback regarding the provision of services, or share your or third-party personal data with us when you use our services;
  • You are a user when you post for publication on our Website or through our services.

Your privacy is our priority. Therefore, we kindly ask you to read this Policy carefully to fully understand our practices in relation to your personal data. 

Definitions 

We use the following definitions in this Policy:

  • “controller” means the natural or legal person, who (either alone or jointly with others), determines the purposes and means of the processing of personal data.
  • “processor” means a natural or legal person, who processes personal data on behalf of the controller.
  • “data subject” is an identified or identifiable natural person about whom we hold personal data.
  • “personal data” means any information relating to you and helping identify you (directly or indirectly), such as a name, an identification number, location data, etc.
  • “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “GDPR”: European Union’s General Data Protection Regulation.
  • “CCPA”: The California Consumer Privacy Act.
  • “CPRA”: The California Privacy Rights Act.

The definitions of terms used within this Policy are taken from the GDPR, considering the definitions established in the CCPA and CPRA. The group of definitions “personal data” and “personal information”; “controller” and “business”; “processor” and “service provider”; “data subject” and “consumer” may be used interchangeably unless another meaning is mentioned.

Data Collection

We collect your information through our Website, social media accounts, and email and process it as a data controller. 

We collect three basic types of information about you in connection with our Website and services: visitor data, customer data, and user data.

We collect your personal data when you:

  • provide us with your or third-party personal data to receive services from us;
  • visit our Website, participate in communities, chat rooms and comment threads, other fora, and other interactive services on the Website; 
  • submit user content on any part of the Website that permits it, any other place in the Website where you knowingly volunteer to give personal data. 
  • registrate for a subscription; 
  • sign up to receive email newsletters or email alerts; 
  • sign up to receive email offers from us or our partners; 
  • request for service or other assistance;
  • voluntarily provide your data, including any other instances on the website where you knowingly choose to share your personal data.

In particular, we collect the following:

Visitor data: 

(a) Contact Information. When you submit your personal data via our social media or email address to contact us (including applying for a job on the Website), we may collect some information about you. Such data may include your full name, email address, mailing address, digital photograph, and any other details you provide to us via available options.

(b) Cookies information. On our Website, we may use cookies and other tracking technologies to function correctly, for analytics, marketing activities, remembering your preferences, and other purposes. Such use may involve the transmission of information from us to you and from you to a third-party website or us. For example, we can collect demographic information (e.g., age, gender, and five-digit zip code) and usage information (pages you have viewed on our Website, search terms and search results, and other information regarding your use of the Website) for analytics purposes.To learn more regarding our use of cookies, please, read our Cookies Policy.

(c) Automatically Collected Information. When you access the Website, we collect certain information about you and your device automatically. This information may include IP address, geolocation information, unique device identifiers, browser type, browser language, and other transactional information.

In some cases, the Website can deliver content based on your current location if you choose to enable that feature. If you enable that feature, your current location will be stored locally on your device, which will be used by the Website to serve you certain content tied to your location. If you elect to have your location-based searches saved to your history, we will store such information on our servers.

Customer data: 

(d) Customer Information. We may process customer contact information relating to our customer relationships and other information a customer provides us with, including third-party information, e.g. link to the social media page. It may include your name, contact details, and information contained in communications between you and us. We may process this information for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications, and promoting our services. 

(e) Interaction Information. When you interact with the Website or your account through a social media platform, such as Facebook, Twitter, Tumblr, LinkedIn, YouTube, or Pinterest, we may collect the data that you make available to us on that page. It may include your account ID or handle.

(f) Transactions and Payment Information. If you order our services and make a purchase via our Website, you will need to provide certain personal details, including your contact details, your card details, the transaction details, and/or your Fondy authentication details, so that the order can be fulfilled. 

To obtain payment from you, we will use or direct you to a third-party payment processor who will collect this information from you and process your payment. 

Please note that a third-party payment processor is responsible for all collection, processing, and storage of your financial information, and we do not have direct access to or possession of your payment card information or banking information. 

We use your personal data we collected and the personal data you provided us with only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.

User data:

(g) User Content Data. We may process information that you post for publication on our Website or through our services. The User Content Data may be processed for the purposes of enabling such publication and administering our Website and services.

Non-Personal Data:

We collect traffic information for the purpose of analyzing website usage and performance. It includes the time of your access, date of access, software crash reports, application errors, session identification number, access times, and referring site addresses.

We may also collect and store information about you that we receive from other sources to, among other things, enable us to update and correct the information contained in our database and to better customize your experience on the Website.

When we act as a data controller: 

  • we DO NOT sell your data; 
  • we DO NOT use automated decision-making and profiling; 
  • we DO NOT intentionally collect and process any sensitive personal data.

Grounds for Processing

We collect and process your personal data in accordance with the provisions of the GDPR. 

The GDPR provides an exclusive list of lawful bases allowing us to process your personal data. During personal data processing, we rely only on four of them, namely:

Article 6.1(a): consent 

We collect the information you choose to give us, and we process it under your consent. You may withdraw your consent to the processing of your personal data at any time. 

Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw the consent to the processing of your personal data by sending us an email at support@buytoplikes.com or by contacting us in any other way convenient for you. 

Article 6.1(f): legitimate interest 

We process your personal data to protect our legitimate interests, such as: 

  • preventing fraud, 
  • ensuring the security of our Website, and 
  • providing you with a seamless user experience. 

We only collect and use the strictly necessary data to achieve these purposes and do not override your fundamental rights and freedoms.

Article 6.1(b): performance of a contract 

When you provide us with personal data to purchase the services on our Website, this can be considered as a request to form a contract or to perform a contract between you and us. However, we may ask you for clear consent in case of doubt.

Article 6.1(c): legal obligation 

We process your personal data to fulfill our legal obligations, such as complying with tax or regulatory requirements. In case you send us a request to exercise your rights under the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.

Use of Your Personal Data

When acting as a data controller, we use your personal data for the purposes listed in the table below, where we also detail the type of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data and information as to source of such data:

Purpose of processingType of personal dataLegal groundsRetention period
Provision of services(d) Customer Information (e) Interaction Information (f) Transactions and Payment InformationPerformance of a contract (Article 6(1)(b))3 years after the termination of the Terms of Service
Communication with Customers and Visitors (including responding to the queries and requests, investigating complaints)(a) Contact Information(d) Customer Information Your consent (Article 6(1)(a)) 
Performance of a contract (Article 6(1)(b))
3 years after the termination of the Terms of Service or until you withdraw your consent for the data collected on the ground of consent
Analytics and developing of the Website(a) Contact Information(b) Cookies information (c) Automatically Collected Information (d) Customer InformationYour consent (Article 6(1)(a)) 
Our legitimate interest (Article 6(1)(f))
3 years after the termination of the Terms of Service or until you withdraw your consent for the data collected on the ground of consent
Marketing activities(a) Contact Information(b) Cookies information (d) Customer InformationYour consent (Article 6(1)(a))Until you withdraw your consent
Blog maintenance(g) User Content DataYour consent (Article 6(1)(a))Until you withdraw your consent
Processing of Payments(f) Transactions and Payment InformationPerformance of a contract (Article 6(1)(b))3 years after the termination of the Terms of Service
Fraud and abuse prevention(b) Cookies information (c) Automatically Collected Information (d) Customer InformationOur legitimate interest (Article 6(1)(f))3 years after the termination of the Terms of Service
Job applications management(a) Contact InformationYour consent (Article 6(1)(a))Until you withdraw your consent
Complying with the law or legal process(a) Contact Information(b) Cookies information (c) Automatically Collected Information (d) Customer Information(e) Interaction Information (f) Transactions and Payment Information(g) User Content DataLegal obligation (Article 6(1)(c))6 years after the termination of the Terms of Service

We may also use Non-Personal Data, as listed in the “Data Collection” section. This information is used to analyze website usage, improve functionality, and optimize our services.

Please, note that upon processing of payments using services of a payment processor, such payment provider may collect certain personal data it considers as necessary for provision of services. Such collection of personal data is regulated under the rules and policies of payment processors. 

We advise you to access the payment processors’ websites carefully and always check their Privacy Policies and rules regarding the collection of your personal data. You can read Fondy’s Privacy Policy, which outlines its commitment to protecting your personal information here.

Data Security, Integrity and Retention

As a data controller, we store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.

Notwithstanding any of the periods of data storage, you may request to delete your personal data by sending us an email at support@buytoplikes.com

We have implemented appropriate organizational, technical, administrative, and physical security measures designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

This includes, for example, firewalls, password protection, and other access and authentication controls.

In particular, we use HTTPS to protect your personal data. 

HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between your computer and the Website. The use of HTTPS makes sure your communication with us is:

  • Encrypted — The data you exchange with us is secure from eavesdroppers. That means that when you are browsing the Website, nobody can track your activities across multiple pages, or steal the data exchange between your computer and the Website.
  • Integral — The use of HTTPS preserves the integrity of data. Your data cannot be modified or corrupted during transfer.
  • Authenticated — HTTPS protocol authenticates your communication with us. This ensures that you are always communicating with our servers.

However, the security of information also depends on the security of your device, network, and passwords you use, therefore, please make sure you take appropriate measures to protect your data.

If you believe your personal data has been compromised, please contact us at support@buytoplikes.com.

If we become aware of a personal data breach, which is likely to result in a high risk to the rights and freedoms of natural persons, then we will communicate it to you and other data subjects according to the Article 34 of the GDPR.

Data Sharing and Disclosure

There are many features necessary to provide you with our services that we cannot complete ourselves; thus, we seek help from third parties. We may grant some service providers access to your personal data, in whole or part, to provide the necessary services. 

Therefore, we may share and disclose your personal data to other data processors (“service providers”):

  • Google Analytics (Google LLC, USA): for analytics purposes. You may read its Privacy Policy here;
  • Fondy (FONDY LTD, United Kingdom): to process user payments and enable users to purchase subscriptions for the Company’s services.
  • We may also use other payment systems that are integrated into our Website to process user payments. Please, read the privacy policies on their websites before sharing your personal data.

As part of our business operations, we may engage various specialists who may receive your personal data, including technical, sales, analytics, legal, and marketing professionals, to provide you with better client service and ensure the accuracy and transparency of our business. Collectively, these specialists and partner websites are referred to as Contractors.

Data Transfer Outside the European Economic Area

We may transfer your personal data to countries outside the European Union (EU) and the European Economic Area (EEA) that are not deemed to provide an adequate level of data protection under Article 45 of GDPR (adequacy decision). 

To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient. 

If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.

In such cases, we will ensure that appropriate safeguards are implemented in accordance with the GDPR to protect your personal data. When we transfer your personal data to third parties, we always comply with the requirements of the GDPR. 

Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with these third parties to ensure that your personal data is adequately protected.

Links to Third-Party Websites

This Policy is applicable only to this Website, but not any other sites, therefore, we strongly recommend reviewing the privacy policies of any websites that you may reach by following hyperlinks presented in this Website. We have no control over the content and practices of other websites, and therefore we are not responsible for any actions or policies of third-party websites.

Data Subject Age

We undertake the best possible efforts to secure the processing of personal data belonging to the underage. 

Data Subject Age under the GDPR

We do not knowingly collect personal data from persons under 16. By submitting your personal data to us, you acknowledge that you have reached the age of 16, and under the laws of your country of residence, you have all rights to provide us with your personal data for processing. If you have any reason to believe that a child under 16 has provided his/her personal data to us, please contact us at support@buytoplikes.com

Data Subject Age under the COPPA

Our Website and services are intended for general audiences and are not directed to children under the age of 13. We do not knowingly collect any personal information from children under the age of 13 without seeking any required parental approval in accordance with applicable legal and regulatory obligations, such as the U.S. Children’s Online Privacy Protection Act (“COPPA”). 

If you know that a child has provided us with personal information without parental consent, please contact us at support@buytoplikes.com.

Rights That You Have Under the GDPR

You may exercise the following rights by submitting your request at support@buytoplikes.com.

Right and article of the GDPRDescription How to use it on our Website 
Right to be informed (Art.13, 14)You as a data subject have the right to be informed about thecollection and use of your personal data.All information about our collection and use of your personal data is available in this Policy, the Cookies Policy and the Terms of Service.
Right of Access(Art. 15)You have the right to confirm whether your personal data is being processed by us and access such data, along withspecific information. To exercise this right, you can submit a data subject access request (DSAR).
Right to rectification(Art.16)You have the right to correct inaccurate personal data about you. Also, you have the right to have incomplete personal data completed.To exercise this right, you can submit a request.
Right to erasure (‘right to be forgotten’)(Art.17)You have the right to have yourpersonal data deleted without undue delay where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law;the personal data have to be erased for compliance with a legal obligation in Union or Member State law;the personal data have been collected in relation to the offer of information society services referred to in Article 8(1);the personal data have been unlawfully processed.
To exercise this right, you can submit a request. 
Right to restriction of processing(Art.18)You can limit the way in which we use your data where one of the following applies:
you contest the accuracy of the personal data;processing is unlawful but you oppose erasure;we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims;you have objected to processing, pending the verification of that objection.
To exercise this right, you can submit a request. 
Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent;for the establishment, exercise or defense of legal claims;for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Right to data portability(Art.20)You have the right to receive your personal data in a structured, commonly accepted and machine-readable format, and have the right to requestthat we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means.To exercise this right, you can submit a request.
Right to object(Art.21)You have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
Also, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling).
To exercise this right, you can submit a request. 
Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22)This right restricts us from making solely automated decisions, including those based on profiling, which produce legal or other significant effects for data subjects.We DO NOT use automated decision-making and profiling.
Right to withdraw consent(Art.7)You can withdraw your consent at any time.To exercise this right, you can submit a request.
Right to lodge a complaint (Art.77)You have the right to lodge acomplaint with the supervisory authority, if you believe that the processing of your personal data violates the requirements of the GDPR.You may submit the complaint in the EU member state of your place of habitual residence, or to the data protection authority stated in this Policy. 
Right to compensation (Art.82)Any person who has suffered material or moral damage as a result of a violation of GDPR requirements has the right to receive compensation from the controller or processor for the caused damage.You may submit the complaint in the courts competent under the law of the EU Member State of your place of habitual residence. 

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint to the Federal Trade Commission.

Data Protection Authority under the GDPR

We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may use the following channel to address your inquiries: support@buytoplikes.com

In some cases, you have the right to lodge a complaint about our use of your personal data with a data protection authority. For more information, please contact your national data protection authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find a full list of EU supervisory authorities through this link.

California Residents’ Privacy Rights under the CCPA and CPRA

Under the California Consumer Privacy Act (the “CCPA”) and the California Privacy Rights Act (the “CPRA”, “CCPA, as amended”), California residents have certain rights regarding the collection, use, and sharing of their personal information. We may collect various categories of personal information when you use and/or access our Website, including information you provide when you want to receive our services, provide us with any additional information, and automatically collect data (regarding your interactions with our Website).

In particular, depending on actual circumstances, we may collect the following categories of personal information under the California Consumer Privacy Act (the “CCPA”), when you use or visit our Website:

  • Category A – Identifiers;
  • Category B – Any personal information described in the Cal. Civ. Code subdivision (e) of Section 1798.80;
  • Category C – Characteristics of protected classifications under California or federal law;
  • Category D – Commercial information;
  • Category F – Internet or other similar electronic network activity information;
  • Category G – Geolocation data;
  • Category I – Professional or employment-related information;
  • Category J – Education information;
  • Category K – Inferences drawn from any of the information identified above to give you a more personalized web experience (i.e., this may involve the use of cookies in accordance with our Cookies Policy);
  • Category L – Sensitive personal information.

You can find a detailed description of the personal information that we may collect about you above in the “Data Collection” section of this Policy.

Note that in the “Data Sharing and Disclosure” section of this Policy you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the CCPA as amended.

If you are a California resident, to the extent provided for by the CCPA and subject to applicable exception, you have the following rights in relation to the personal information we have about you:

  • Right to know what personal information is being collected and right to access personal information (1798.110.)
  • Right to delete personal information (1798.105.). 
  • Right to know what personal information is sold or shared and to whom. (1798.115.) 
  • Right to opt out of sale or sharing of personal information.(1798.120.)
  • Right to correct inaccurate personal information. (1798.106.)
  • Right to limit the use and disclosure of sensitive personal information. (1798.121.)
  • Right of no retaliation following opt-out or exercise of other rights (to be free from discrimination) (1798.125.)

We do not sell your personal information to third parties for monetary or other valuable consideration. Additionally, we do not offer any financial incentives associated with our collection, sharing, or retention of your personal information. 

We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the CCPA, as amended. 

You can exercise your rights under the CCPA, as amended, by sending us an email or other means of communication convenient for you, including those listed in the ‘How to Contact Us’ section of this Policy.

California Do Not Track Disclosure: We do not track the personally identifying information of our customers, users, and visitors over time and across third-party websites to provide targeted advertising. We respond to Do Not Track (DNT) signals. However, other third-party websites can keep track of your browsing activities so that they can tailor the information or advertising they present to you. If you wish to opt out of this tracking, you can enable privacy settings in your browser.

Assignment

We may change our ownership or corporate organization while providing the Website and services. We may also sell certain assets associated with the Website. As a result, please be aware that in such an event, we may transfer some or all of your information to a company acquiring all or part of our assets or to another company with which we have merged. Under such circumstances, we would, to the extent possible, require the acquiring party to follow the practices described in this Privacy Policy, as it may be amended from time to time. Nevertheless, we cannot promise that an acquiring company or the merged company will have the same privacy practices or treat your information the same as described in this Privacy Policy.

Changes And Updates to This Privacy Policy

We may update this Privacy Policy from time to time due to the implementation of new updates, technologies, laws’ requirements, or for other purposes. If we modify the Privacy Policy, we will make it available through the Website and indicate the date of the latest revision. We encourage you to review this Policy to check for any changes regularly. Any material changes will be posted on this Website and will come into effect 30 Days after their posting.

In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Website for the first time after such material changes are made. If you do not refuse the changes in writing before they become effective, this shall mean that you have consented to the Privacy Policy as changed. Your continued use of the Website after the revised Privacy Policy has become effective indicates that you have read, understood, and agreed to the current version of the Privacy Policy.

How to Contact Us

If you have questions or concerns regarding this Policy, our processing activities, or your data subject rights under GDPR, CCPA, as amended, and other applicable laws.  

To contact BuyTopLikes LTD LTD, you may use the following details: