Privacy statement (EU)

This privacy statement was last updated on October 20, 2019 and applies to citizens of the European Economic Area.

In this privacy statement, we explain what we do with the data we obtain about you via https://www.aquaillumination.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1 Purpose, data and retention period

1.1 We use your data for the following purpose:
Contact - Through phone, mail, email and/or webforms
For this purpose we use the following data:
  • Name, Address and City
  • Email address
  • Birth date
  • Username, passwords and other account specific data
  • IP Address
  • Location
  • Visitor behavior
  • Photos
  • Social media accounts
  • Telephone number
  • Other:
Product and/or services ownership, data, usage and patterns
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until the product and/or services are no longer supported by the company
1.2 We use your data for the following purpose:
Payments
For this purpose we use the following data:
  • Name, Address and City
  • Email address
  • Birth date
  • Username, passwords and other account specific data
  • IP Address
  • Location
  • Visitor behavior
  • Telephone number
  • Other:
Product and/or services usage and ownership information
The basis on which we may process these data is:
Performance of an agreement
Retention period
We retain this data until the service is terminated.
1.3 We use your data for the following purpose:
Registering an account
For this purpose we use the following data:
  • Name, Address and City
  • Email address
  • Birth date
  • Username, passwords and other account specific data
  • IP Address
  • Location
  • Visitor behavior
  • Photos
  • Social media accounts
  • Telephone number
  • Other:
Product and/or services usage and ownership information
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until the product and/or services are no longer supported by the company
1.4 We use your data for the following purpose:
Newsletters
For this purpose we use the following data:
  • Name, Address and City
  • Email address
  • Birth date
  • Username, passwords and other account specific data
  • IP Address
  • Location
  • Photos
  • Social media accounts
  • Telephone number
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until requested by the data subject
1.5 We use your data for the following purpose:
To support services or products that your customer wants to buy or have purchased
For this purpose we use the following data:
  • Name, Address and City
  • Email address
  • Birth date
  • Username, passwords and other account specific data
  • IP Address
  • Location
  • Visitor behavior
  • Photos
  • Social media accounts
  • Telephone number
  • Other:
Product and/or services ownership and usage information
The basis on which we may process these data is:
Performance of an agreement
Retention period
We determine the retention period according to fixed objective criteria: Until the product and/or services are no longer supported by the company
1.6 We use your data for the following purpose:
To be able to comply with legal obligations
For this purpose we use the following data:
  • Name, Address and City
  • Email address
  • Birth date
  • Username, passwords and other account specific data
  • IP Address
  • Location
  • Visitor behavior
  • Photos
  • Social media accounts
  • Telephone number
The basis on which we may process these data is:
Legal obligation
Retention period
We retain this data until the service is terminated.
1.7 We use your data for the following purpose:
Compiling and analyzing statistics for website improvement.
For this purpose we use the following data:
  • Name, Address and City
  • Email address
  • Birth date
  • Username, passwords and other account specific data
  • IP Address
  • Location
  • Visitor behavior
  • Photos
  • Social media accounts
  • Telephone number
  • Other:
Product and/or services usage and ownership information
The basis on which we may process these data is:
Consent obtained
Retention period
We retain this data until the service is terminated.
1.8 We use your data for the following purpose:
To be able to offer personalized products and services.
For this purpose we use the following data:
  • Name, Address and City
  • Email address
  • Birth date
  • Username, passwords and other account specific data
  • IP Address
  • Location
  • Visitor behavior
  • Photos
  • Social media accounts
  • Telephone number
  • Other:
Product and/or services ownership and usage information
The basis on which we may process these data is:
Consent obtained
Retention period
We determine the retention period according to fixed objective criteria: Until the product and/or services are no longer provided by the company

2 Sharing with other parties

We only share this data with processors and with other third parties for which the data subjects consent must be obtained. It concerns the following party or parties:

Processors

Name: Mail Chimp
Country: USA
Purpose: Marketing and Communications

Name: YouTube
Country: USA
Purpose: Markting and Communications

Name: Facebook
Country: USA
Purpose: Marketing and Communications

Name: Twitter
Country: USA
Purpose: Marketing and Coummunications

Name: Instagram
Country: USA
Purpose: Marketing and Communications

Name: Influitivie
Country: USA
Purpose: Marketing and Communications

Name: Zendesk
Country: USA
Purpose: Customer Support

Name: Shopify
Country: USA
Purpose: Customer Support and Goods Purchases

Name: Epicor
Country: USA
Purpose: Operations and Payment Processing

Name: Amazon
Country: USA
Purpose: Web hosting

Name: Gravity Forms
Country: USA
Purpose: Web information transfer, forms transfer

Name: Google
Country: USA
Purpose: Web hosting, email, marketing, communications

Name: Microsoft
Country: USA
Purpose: Web hosting, email, communications, marketing

Name: Dropbox
Country: USA
Purpose: Storage

Third parties

3 Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Statement
We have concluded a data processing agreement with Google.
Google may not use the data for any other Google services.
The inclusion of full IP addresses is blocked by us.

4 Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

5 Third party websites

This privacy statement does not apply to third party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

6 Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

7 Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

8 Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.

9 Data Protection Officer

Our Data Protection Officer has been registered with the data protection authority in an EU Member State. If you have any questions or requests with respect to this privacy statement or for the Data Protection Officer, you may contact Kate Lyon, via [email protected] or by telephone on (484) 895-1237.

10 Contact details

C2 Development, Inc.
127 S. Bell Ave.
Ames, IA 50010
United States
Website: https://www.aquaillumination.com
Email: klyon@c2development.com
Phone number: (484) 895-1237

Annex

iThemes Security

What personal data we collect and why we collect it

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy. When using the Remember Device for Two-Factor, a cookie (itsec_remember_2fa) will be set with a secure token that expires in 30 days. Suggested text: This site is scanned for potential malware and vulnerabilities by Sucuri's SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri's privacy policy.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

How long we retain your data

Suggested text: Security logs are retained for 60 days.

Where we send your data

Suggested text: This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

iThemes Security

What personal data we collect and why we collect it

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy. When using the Remember Device for Two-Factor, a cookie (itsec_remember_2fa) will be set with a secure token that expires in 30 days. Suggested text: This site is scanned for potential malware and vulnerabilities by Sucuri's SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri's privacy policy.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

How long we retain your data

Suggested text: Security logs are retained for 60 days.

Where we send your data

Suggested text: This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

iThemes Security

What personal data we collect and why we collect it

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy. When using the Remember Device for Two-Factor, a cookie (itsec_remember_2fa) will be set with a secure token that expires in 30 days. Suggested text: This site is scanned for potential malware and vulnerabilities by Sucuri's SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri's privacy policy.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

How long we retain your data

Suggested text: Security logs are retained for 60 days.

Where we send your data

Suggested text: This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

iThemes Security

What personal data we collect and why we collect it

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy. When using the Remember Device for Two-Factor, a cookie (itsec_remember_2fa) will be set with a secure token that expires in 30 days. Suggested text: This site is scanned for potential malware and vulnerabilities by Sucuri's SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri's privacy policy.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

How long we retain your data

Suggested text: Security logs are retained for 60 days.

Where we send your data

Suggested text: This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

iThemes Security

What personal data we collect and why we collect it

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy. When using the Remember Device for Two-Factor, a cookie (itsec_remember_2fa) will be set with a secure token that expires in 30 days. Suggested text: This site is scanned for potential malware and vulnerabilities by Sucuri's SiteCheck. We do not send personal information to Sucuri; however, Sucuri could find personal information posted publicly (such as in comments) during their scan. For more details, please see Sucuri's privacy policy.

In order to ensure file integrity, iThemes Security pulls data from wordpress.org, ithemes.com, and amazonaws.com. No personal data is sent to these sites. Requests to wordpress.org include the WordPress version, the site's locale, a list of installed plugins, and a list of each plugin's version. Requests to ithemes.com and amazonaws.com include the installed iThemes products and their versions. For wordpress.org privacy policy details, please see the WordPress Privacy Policy. For ithemes.com privacy policy details, please see the iThemes Privacy Policy. Requests to amazonaws.com are to content added and managed by iThemes which is covered by the Amazon Web Services Data Privacy policy.

When running Security Check, ithemes.com will be contacted as part of a process to determine if the site supports TLS/SSL requests. No personal data is sent to ithemes.com as part of this process. Requests to ithemes.com include the site's URL. For ithemes.com privacy policy details, please see the iThemes Privacy Policy.

How long we retain your data

Suggested text: Security logs are retained for 60 days.

Where we send your data

Suggested text: This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.