Victorious Marketing provides services only to businesses and organization and any personal information that is related to those businesses (ie. name, phone, email) is held and used in accordance with the EU General Data Protection Regulation ("GDPR").
For the purpose of GDPR we are a data controller for every our customer and for a person that made only an inquiry; and we are a data processor for customers that use advanced websites (for instance: e-commerce) that collect personal information or send emails via our servers.
Data Controller Section
What data we collect and why:
We process only personal data you provide us (via mail, email, contact form or phone) for the purpose of:
providing information about goods and services on your request,
delivery goods and services you have ordered,
communicating while work is carried on,
communicating after work was carried out (renewals, updates, maintenance, extras...)
informing you about important changes to our services,
accounting and other legal requirements.
We only retain personal data for as long as it is necessary. For instance if you are our customer we will retain personal data for the duration of the services plus 6-7 years to comply with tax requirements. In some circumstances we may retain parts of a data (ie. email address) longer for fraud detection or other legally required obligations. If you have made only an inquiry we do not hold provided data (usually name, phone and email) for longer than 2 years.
How we share data
In some situations we may share your data with third parties:
1) for purpose of accounting (your data will appear on invoices),
2) any legally requested data by state, regulatory and law enforcement agencies.
3) with trusted third parties (domain & SSL providers) that are required for providing you with certain services (domain registration, SSL registration). By requesting domain registration or SSL certificate you are agreeing to transfer neccessary data to obtain those services. Also our server maintenance contractors may have indirect access to the data, those contractors have GDPR complient agreement with us to protect data integrity and security.
Transfer outside of EEA
We may use external services of which we know that are compliant with GDPR, where data may be processed – for instance we use Microsoft Outlook email.
We use reasonable security measures to protect your data. For the most part it is stored on our computers, which use current Anti-Virus and Anti-Malware software. We also use invoice generating software installed on our server, which is not accessible to the public, with two layers of password protection and used only by us. The data is backed also on external hard drive.To protect information you transfer via contact form we use SSL (secure connection) - and we recommend that to all our customers.
Data Processor Section
Hosting, Emails and CMS
Shared Hosting: Victorious Marketing provides shared hosting services solely for websites provided by us. The hosting enables to store website files, databases and emails. Securing the data is shared between Victorious Marketing and the customer. Victorious Marketing is responsible for taking reasonable steps to secure the shared hosting software and hardware (directly or via downstream hosting space provider), providing server backups (weekly external data backup + daily server backup) when logins, passwords, and other access information is on the customer side. We take reasonable steps to operate secure and up to date system.
Email Server: A part of the server system are emails. If you are using your own or third-party external email server or external services like Google or Yahoo your emails are not our responsibility. We do not provide/guarantee virus/spam protection for email accounts (although some viruses will be filtered on a server side). Customers are responsible for downloading emails and providing their own virus, spam protection on their computers as well as backups. Customers are responsible for email setup on their mail client on a computer or other device. Customers are responsible for security of logins, passwords, and other access information. To have a SSL connection for the Web-mail, a SSL certificate must be ordered per each domain, the SSL is required.
CMS (Content Management System): our websites are build based on one of the most popular, state of the art open-source CMS. When the website is originally setup it operates on the latest stable and tested version of the software. After an initial setup we offer annual or bi-annual software updates. If customer will not agree to updates they are not our responsibility; and results of any security breaches via website rest solely on the customer. Customers are responsible for security of logins, passwords, and other access information.
Due to the nature of the always changing world wide web no business can guarantee the full protection of a server or a website (despite of measures taken), especially that technology (hardware & software) is provided by countless third parties (often as open source).
Below are some of the rights that may apply to you, for complete list of rights and they legal applications please refer to a full text of GDPR.
Right of access
you have the right to know if we have your personal data, why we have it, what category of data, and for how long we will retain,
Right to rectification
you have a right to ask us to correct any of your personal data,
Right to erasure
you have a right to ask us to remove your personal data (please note that some exclusions may apply – Art.17 of GDPR)
By using (or continuing to use) our services your confirm that you have read, understood and accepted those privacy terms.