Our primary goals in collecting personally identifiable information are to provide you with the products and services made available through the Site, including, but not limited to, provision of Services, communicating with you, and managing your user account, if you have one. In general, amagical.net collects Personal Data when you use amagical.net services and when you visit amagical.net pages. That information is used to fulfill your requests for products and services, to conduct research, to contact you and to improve amagical.net services generally.
Categories of Information We May Process
We may Process your personal details, demographic data and your contact details. We may also Process information about you from your use of our Services (such as the type of device you are using, the internet service provider, your IP address, etc.), including your interactions with content on the Services.
We may Process the following categories of Personal Information about you:
- Personal details, including but not limited to the following: your name; your username or login details and your password.
- Demographic information, including but not limited to the following: age; date of birth; and language preferences.
- Your contact details, including but not limited to the following: postal address; telephone and/or mobile number; email address; and your public social media handles or profile(s).
- Consent records, including but not limited to the following: records of any consents you may have given, together with the date and time, means of consent and any related information (such as the subject matter of the consent).
- Purchase and payment details, including but not limited to the following: records of purchases and prices, subscription details, invoice records, payment records, billing address, payment method, cardholder or accountholder name, payment amount, and payment date.
We may also collect other kinds of information from you or other sources, which we refer to as “Other Information” in this Policy, which may include but is not limited to:
- Information about your use of the Services, such as usage data and statistical information, which may be aggregated.
- Browsing history including the websites or other services you visited before and after interacting with the Services.
- Non-precise information about the approximate physical location (for example, at the city or zip code level) of a user’s computer or device derived from the IP address of such computer or device (“GeoIP Data”).
- Internet Protocol (“IP”) address, which is a unique string of numbers automatically assigned to your device whenever you access the Internet.
- Device type, settings and software used.
- Log files, which may include IP addresses, browser type, ISP referring/exit pages, operating system, date/time stamps and/or clickstream data, including any clicks on customized links.
- Local Shared Objects, and Local Storage, such as HTML5.
- Embedded Scripts which are programming codes designed to collect information about your interactions with the Service by temporarily downloading onto your device from our web server or a third party with whom we work. Embedded scripts are only active while you are connected to the Service and are deleted or deactivated thereafter.
- Mobile analytics to understand the functionality of our mobile applications on your phone.
Under certain circumstances and depending on applicable law, some of this Other Information may constitute Personal Information. Personal Information together with Other Information is hereinafter referred to as “User Information”.
We do not seek to collect or otherwise Process your Sensitive Personal Information.
Purposes for Which We May Process Your Information
We may Process User Information for the following purposes: providing the Services to you; communicating with you; analyzing engagement with our audience; marketing our services and offerings to current and prospective customers; managing our IT systems; financial management; conducting surveys; ensuring the security of our systems; conducting investigations where necessary; compliance with applicable law; and improving our Services.
- Offering and Improving the Services: operating and managing the Services for you; providing personalized content to you; communicating and interacting with you via the Services; identifying issues with the Services and planning improvements to or creating new Services; and notifying you of changes to any of our Services.
- Surveys: engaging with you for the purposes of obtaining your views on our Services.
- Communications: communicating with you via any means (including via email or social media) regarding information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate.
- Marketing to Customers: We may market to current and prospective customers and their employees who have indicated an interest in doing business with, or have previously conducted business with, amagical.net in order to further generate and promote our business. Such efforts include sending marketing emails to drive the use of services offered by amagical.net.
- IT Administration: administration of amagical.net information technology systems; network and device administration; network and device security; implementing data security and information systems policies; compliance audits in relation to internal policies; identification and mitigation of fraudulent activity; and compliance with legal requirements.
- Security: electronic security measures (including monitoring of login records and access details) to help mitigate the risk of and provide the ability to identify and rectify a security incident.
- Financial Management: general business and financial management purposes, including: economic, financial and administrative management; planning and reporting; personnel development; sales; accounting; finance; corporate audit; and compliance with legal requirements.
- Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.
- Legal Proceedings: establishing, exercising and defending legal rights.
- Legal Compliance: Subject to applicable law, we reserve the right to release information concerning any user of Services when we have grounds to believe that the user is in violation of our Terms and Conditions or other published guidelines or has engaged in (or we have grounds to believe is engaging in) any illegal activity, and to release information in response to court and governmental orders, other requests from government entities, civil subpoenas, discovery requests and otherwise as required by law or regulatory obligations. We also may release information about users when we believe in good faith that such release is in the interest of protecting the rights, property, safety or security of amagical.net, any of our users or the public, or to respond to an emergency.
What Information We Disclose to Third Parties
We may disclose your User Information to: legal and regulatory authorities; our external advisors; parties who Process User Information on our behalf (“Processors”); any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offences; any purchaser of our business; and any third party providers of plugins or content used on the Services.
In addition, we may disclose your User Information to:
- Legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation.
- Third party Processors (such as analytic providers, data centers, etc.), located anywhere in the world.
- Any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights.
Certain functionalities on the Service may permit interactions that you initiate between the Service and certain third party services (“Third Party Features”). Examples of Third Party Features include “liking” or “sharing” content over social media platforms through our Service.
If we engage a third-party Processor to Process your User Information, the Processor will be subject to binding contractual obligations to: only Process the User Information in accordance with our prior written instructions; and use measures to protect the confidentiality and security of the User Information; together with any additional requirements under applicable law.
Security of the Services
We implement appropriate technical and organizational security measures to protect your User Information. Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your information, we cannot guarantee the security of your data transmitted to us using the internet. Any such transmission is at your own risk and you are responsible for ensuring that any Personal Information that you send to us is sent securely.
amagical.net operates infrastructure designed to provide state-of-the-art security through the entire information processing lifecycle.
Data in Transit
To protect data in transit between your computer and servers, amagical.net uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for data transfer, creating a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption. File data in transit is always encrypted via SSL/TLS, several services also now offer more advanced cipher suites that use the Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) protocol. ECDHE allows SSL/TLS clients to provide Perfect Forward Secrecy. This helps prevent the decoding of captured data by unauthorized third parties, even if the secret long-term key itself is compromised.
Data at Rest
Data at rest are encrypted using 256-bit Advanced Encryption Standard (AES). Files are primarily stored on multiple servers in discrete file blocks. Each block is fragmented and encrypted using a strong cipher.
You can connect to Services access points via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery. For services which requires additional layers of network security, a Virtual Private Network (VPN) technology is deployed.
amagical.net utilizes a wide variety of automated monitoring systems to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.
The central infrastructure is located inside a secured data center located in Prague, Czech Republic. All servers are locked in a private rack cabinet with limited and monitored physical access. When a storage device has reached the end of its life, amagical.net procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals.
Data Backup & Archiving
Data backups are stored on amagical.net owned servers located within EU borders (as of May 2018). Backups and snapshots are done on a daily basis. All backups are also encrypted at rest.
We take every reasonable step to ensure that your User Information is only Processed for the minimum period necessary for the purposes set out in this Policy. Unless there is a specific legal requirement for us to keep the information, we plan to retain it for no longer than is necessary to fulfill a legitimate business need.
Controling User Information
You may decline to share certain information with us, in which case we may not be able to provide some of the features and functionality of the Services. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your information, and to request access to, rectification, erasure and portability of your own information. Where we process your information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Information in reliance upon any other available legal bases). If you are an EU resident and have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Supervisory Authority and lodge a complaint.