It is inevitable that internet privacy will change and evolve over time. Keeping your personal data secure is DiRiRo’s top priority.
On this page, you will find information about how DiRiRo may use the data you provide when visiting our website.
- A Short Introduction
- Personal Data Processing Principles
- A Person’s Right
- Designed For Privacy
- Data Transfer
Why This Website Collects Personal Information
- Tracking site visits
- Data logs, cookies, and advertising partners
- Forms for contacting us
Among the data DiRiRo uses in its everyday business operations are:
- Employees, past and present
- The customer
- Website visitors
Various laws govern how this data may be collected and used by the organization and what safeguards must be in place to protect it.
This policy describes DiRiRo’s compliance with relevant legislation, both in the US and abroad, and how we ensure we follow this legislation.
In addition to Board members, directors, employees, suppliers, and other third parties who have access to DiRiRo systems, this control applies to all systems, people, and processes that make up the organisation’s information systems.
It is pertinent to this document to follow the following policies and procedures:
- Process for assessing the impact of data protection
- Procedure for responding to information security incidents
- Responsibilities, powers, and responsibilities under the GDPR
- A policy for retaining and protecting records
Regulation On The Protection Of Personal Data
DiRiRo’s information processing activities are impacted by the General Data Protection Regulation (GDPR). An EU citizen’s personal data is protected by the GDPR, which imposes significant fines if a breach occurs. In compliance with GDPR and other relevant legislation, DiRiRo is committed to making sure our compliance is clear and demonstrable at all times.
This article will not attempt to reproduce all 26 definitions listed in the GDPR. As a matter of fact, this policy can be described as follows:
Data that identifies an individual is defined as:
Individual information (‘data subject’) about an identified or identifiable person; an identifiable individual is one who can be identified by an identifying factor, including a name, an identifier number, location data, or an online identifier, or based on one or more factors defining that natural person’s physical, physiological, genetic, mental, economic, cultural or social identity;
The term ‘processing’ means:
Using the automated method, any operation or set of operations is performed on personal data or on sets of personal data, whether or not those operations are collected, recorded, organized, structured, stored, adapted or altered, retrieved, consulted, used, disclosed by transmission, disseminated, or otherwise made available, aligned or combined, restricted, erased, or destroyed;
The term ‘controller’ refers to:
Natural or legal persons, public authorities, agencies, or other bodies are responsible for determining the purpose and means of the processing of personal data, alone or in collaboration with others. If Union or Member State law determines the purposes and means of such processing, the controller may be specified by that law, as well as the criteria for its nomination;
Privacy Principles Regarding Personal Data Processing
The GDPR is based on several fundamental principles. The following are listed:
It is necessary to collect:
- A data subject’s data is processed in a legal, fair and transparent manner (‘lawfulness, fairness, and transparency’).
- The information must be collected for a specific, explicit, and legitimate purpose and not further processed in a way that conflicts with those goals; further processing for the purpose of archiving, scientific or historical research, or statistical purposes shall not be considered incompatible with the original purposes (‘purpose limitation’).
- In connection with the purposes for which they are processed, they must be adequate, relevant, and limited (‘data minimisation’).
- Data must be accurate and, where necessary, kept up-to-date; inaccurate data must be erased or rectified as soon as possible, with regard to the purposes for which they are processed (‘accuracy’);
GDPR also provides rights to data subjects. Among them are:
- Information rights
- Access to information
- Redress rights
- Erase your data
- Restrictions on processing
- Data portability is a fundamental right
- Objection rights
- Profiling and automated decision-making rights.
DiRiRo must implement appropriate procedures that allow for the required actions to be taken within the GDPR timeframes for each of these rights.
These timescales are:
- Data subjects are entitled to be informed when their data is collected (if they provide it) or within one month of the data being collected (if they do not provide it).
- One month is the right of access
- One month for rectification
- Erase data as soon as possible – Without undue delay
- Processing can be restricted without undue delay –
- One month to exercise the right to data portability
- In the event of an objection, the right to object is invoked
- Automation of decisions and profiling of individuals – Not specified
The consent of
To collect and process a data subject’s data, explicit consent must be obtained from them unless otherwise allowed by the GDPR. It is necessary to obtain parental consent for children under 16 years of age. When consent is obtained, data subjects should be given transparent information about how their personal data will be used and their rights with regard to their data should be explained. Providing this information free of charge, in a clear language, and in an accessible format is essential.
Data subjects must be notified within one month of obtaining the personal data, if it was not obtained directly from them.
Designed For Privacy
By adopting the privacy by design principle, Knives Thetic ensures that all new or significantly altered systems that collect or process personal data will be defined and planned with due consideration of privacy issues, including a data protection impact assessment for any new or significantly changed systems.
In the data protection impact assessment, the following items will be considered:
- The processing of personal data and the purposes for which it will be used are considered
- The proposed processing of personal data should be assessed for its necessity and proportionality
- Processing personal data poses risks to individuals
- Controls required to demonstrate compliance with legislation and address identified risks
A number of techniques should be considered when applicable and appropriate, including data minimization and pseudonymization.
Personal Data Transfer
In order to ensure that transfers of personal data outside the EU comply with GDPR, they need to be carefully reviewed prior to the transfer taking place. Data protection safeguards in the receiving country may change over time depending on the EU Commission’s judgement regarding the adequacy of those safeguards.
Binding Corporate Rules (BCR) must be used to control intragroup international data transfers that provide enforceable rights to data subjects.
Why This Website Collects Personal Information
Personal information is collected and used by this website for the following purposes:
1. Tracking site visits
Several websites track user interaction with Google Analytics (GA) and Clicky. This data allows us to understand how people find and use our web pages and their journey through our site. This data is used to determine the number of visitors to our site.
We collect data regarding the location of your device, your internet browser, and your operating system, but none of this personal information identifies you. The IP address of your computer is also recorded, but neither GA nor Clicky gives us access to this information. As third parties, we consider these services to be data processors.
When you disable cookies on your web browser, GA and Clicky will no longer be able to track any aspect of your visit to these pages.
2. Cookies, log files, and advertising partners
We may receive cookies and web beacons from some of our advertising partners.
The diriro.com website uses log files, just like many other websites. For the purposes of analyzing trends, administering the site, tracking the movement of users around the site, and gathering demographic information, log files contain information like IP addresses, type of browser, Internet Service Providers ( ISP), dates/time stamps, referring/exit pages, and number of clicks. No personally identifiable information is associated with IP addresses or other such information.
On diriro.com, Google serves ads via DoubleClick DART cookies. Users visit diriro.com and other sites on the Internet based on ads served by Google using DART cookies.
Using technology, these ad servers and ad networks send ads and links directly to the browsers of users who visit diriro.com.
knifesthetic.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.
Through your browser settings, you may disable cookies if you wish. There are detailed instructions for managing cookies with specific web browsers on their respective websites.
In order to place advertisements on the Site, CMI Marketing, Inc., d/b/a CafeMedia (“CafeMedia”) collects and uses certain information.
3. Contact Forms
The data that you provide on the Contact us page will be stored by this website and compiled into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). TLS (sometimes known as SSL) protects our SMTP servers, so you can send and receive emails over an encrypted connection utilizing SHA-2, 256-bit cryptography.
By joining our email newsletter, you are providing us with your email address, which will be forwarded to MailChimp, which allows us to send emails. Third-party data processors, such as MailChimp, are considered by us to be third parties. We do not store any of your email addresses on this website or within our internal computer systems.
If we continue to use MailChimp’s services for email marketing, your email address will remain in the MailChimp database until you specifically request it to be removed. If you wish to unsubscribe from our newsletters, you can do so by clicking on the unsubscribe link in the newsletter or by sending us an email requesting removal. Whenever you email us to request removal, please use the email address that you are subscribed to.
We require parental consent before registering for our email newsletter if you are under 16 years old.
MailChimp will retain your email address, but we will send you newsletter-style emails periodically (approximately every quarter).
Your Personal Information and How We Store It
You will be required to provide some personal information if you fill out a contact form on this website. Currently, this website stores only one instance of personal data. Due to the content management system used for this website (WordPress), the data is currently stored in an identifiable manner. This data will be stored in a pseudonymous fashion in the near future, which means that it will need to be processed further using a separate ‘key’ before it can be used to identify an individual.
Developers are currently working on implementing pseudonymisation, a requirement of the GDPR. It will be implemented as soon as possible on this website because it is a high priority.
The server that hosts this website
A US data center hosts this website for SiteGround.
There are a number of security features at the data center, including:
In addition to our 24/7/365 DDoS & Intrusion Protection services, we offer:
- Scanning for malware
- Several layers of protection against brute force attacks on passwords
- Firewalls for web applications
- DDoS mitigation with multiple layers
- Methodology for securing passwords and configuring them
The third parties who process our data
Personal data is processed by third parties on our behalf. All of these third parties comply with the law and have been carefully selected. They are all compliant with the EU-US Privacy Shield and all operate in the USA.
Google’s privacy policies
Protection Of Data Officer
As part of the GDPR, organisations that conduct large-scale monitoring or process sensitive data on a large scale are required to have a designated Data Protection Officer (DPO). Depending on the level of knowledge required for the position, the DPO can either be an in-house employee or outsourced.
The criteria above do not require DiRiRo to hire a Data Protection Officer.
Notification of Breach
When considering how to notify affected parties about breaches of personal data, DiRiRo strives to be fair and proportionate. GDPR requires the relevant Data Protection Authority (DPA) to be notified within 72 hours of any breach suspected to pose a risk to individuals’ rights and freedoms.
In order to handle information security incidents, we follow the Information Security Incident Response Procedure.
GDPR allows the relevant DPA to fine companies up to four percent of their annual worldwide turnover or 20 million Euros, whichever is higher.
In order to comply with the GDPR’s accountability principle, DiRiRo takes the following steps:
- It is clear and unambiguous what the legal basis is for processing personal data
- A good data protection practice should be followed by all staff handling personal data
- All employees have been trained in data protection
- Compliance with consent rules is ensured
- The right to exercise personal data rights is accessible to data subjects, and such inquiries are handled efficiently
- Personal data procedures are reviewed on a regular basis
- Whenever a new system or process is introduced or changed, privacy by design is adopted
In order to document processing activities, the following documentation is kept:
- Name and details of the organization
- Processing of personal data for the following purposes
- Processed individuals and categories of personal data
- Data recipients by category
- Details of controls in place for the transfer of personal data to countries outside the EU, along with the agreements and mechanisms for doing so
- Data retention schedules for personal information
- Implementation of relevant technical and organizational controls
In order to ensure a great user experience, we track our website visitors using Google Analytics (GA) and Clicky. No personal information is passed to us by these services.
Through display advertising and/or affiliate links, we may earn revenue from advertisers.
MailChimp: We use MailChimp as an email marketing provider. We may email our visitors that sign up through a double optin process to ensure compliance with GDPR policies. These emails may include affiliate offers and/or content that our readers enjoy.