Welcome to thankitback.com (“website”), where You can create, send Thank
You Cards, publish them on Website, save drafts and sent Thank You Cards,
view received Thank You Cards and save them on the Website. You are the
natural person, whose personal data we process (“You”). Controller of the
processing of personal data is RetrospAct OÜ, registry code 16309685,
we collect, store and process Your personal data. Personal data means any
information relating to an identified or identifiable natural person
(You), directly or indirectly, by reference to an identifier such as a
name, an identification number, location data, an online identifier or to
one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person
(“Personal data”). Also, what are Your rights concerning your personal
carefully. If You disagree with the way we process personal data, do not
use our services. Kindly note that we may modify the Policy from time to
time. We will notify of any amendments on our website.
1. Our main privacy principles
We respect each person's right to the protection of their personal
data and we shall do our best to ensure that personal data collected
by us is well protected. We evaluate regularly the risks associated
with the processing of personal data and shall apply appropriate
mitigation strategies to hedge risks.
activities, services and processes, and our development efforts.
We process personal data lawfully. We set clear goals for the
processing of personal data and process personal data for these
purposes only. We don't collect or process the data that we do not
We may transfer personal data to our authorized processor if this is
necessary to achieve the purpose of processing personal data.
Processor is a person who processes personal data on behalf of the
controller and with whom the controller has entered into a written
agreement regarding the processing of personal data (“processor").
Due to regulatory requirements, we may be obligated to disclose or
provide personal data to the authorities.
We require and we expect our contractual partners to be careful on
processing of personal data, to prevent the unauthorized disclosure
or inappropriate use of personal data, and to process personal data
in an honest and lawful manner.
We shall store personal data only for as long as the maintenance
is required by law or contract or necessary for our business. When
we stop storing, we shall permanently delete the personal data.
2. The content of personal data we process
We offer You the possibility to create, sent Thank You Cards,
publish them on Website and save drafts and sent Thank You Cards,
view received Thank You Cards and save them on the Website
(“Service”). We start provision of the Service when You are signing up
in our website and creating an account. Signing up on our website means
that we have entered into a service agreement (“Agreement”).
For signing up, We collect and process the following personal data:
Your first name, last name, email address and country of
For using our Service, We collect and process the additional
Email address of a recipient.
We may obtain personal data directly from You, as well as from the
Please note that we cannot provide services to an anonymous customer
and therefore You must disclose personal information to us in order
to use our services and agree to their processing.
if you choose to use our website.
A cookie is a small text file that may be stored on
your device's hard drive when you access our website.
this information for the following purposes:
to personalize Your experience and provide You with customized
to monitor the site and account usage for better understanding of how you interact with Our Services,
to remember You when You return to the website,
and to conduct research to improve website content and Services.
You may refuse to accept cookies, but by doing so You may not be
able to use certain features on the website, or take full advantage
of all of Our offerings. All web browsers offer You some form of
ability to manage Your cookie preferences.
We may also use a third-party analysis partner, who may employ some
form of software technology to help us better manage content on our
website by informing Us about what content is effective. This
knowledge is used by Us in order to optimize our website and to give
You the best possible experience. We use systems from Google
Analytics and Google User Content.
Our website also may include social media features, such as the
Instagram, Twitter and Facebook like button. These features may
collect Your IP address and page visits and may set a cookie to
enable their feature to function properly. Social media features are
either hosted by a third party or hosted directly on our website.
Your interactions with these features are governed by the privacy
policy of the company providing it.
If you prefer that your personal data will not be processed on our
website, you can activate the private browsing feature of Your web
browser. This is Your choice.
4. The purpose and legal ground of processing Your personal data
We process Your personal data during Service provision for the
for preparation and conclusion of the Agreement, for performance
of the Agreement (including for the provision of the Service),
for realization of rights arising from the Agreement and for
performance of the obligations arising from the Agreement;
for the purpose of realization of rights and fulfilment of
obligations deriving from legal acts;
for processing your inquiries and requests;
for analyzing the use of our Service, and using research and
analysis results, among other, for developing our products and
for the transmission of information about our Service.
for sending our newsletters, for marketing and developing and
promoting our products and services. Please note that for this
purpose we only process Your contact details.
We mainly process Your personal data as a controller in order to
fulfil the Agreement (clause 4 (1)), we also process your personal
data if processing is necessary for compliance with our legal
obligation (clause 4 (2) and (3)) and if processing is necessary for
the purposes of the legitimate interests (clause 4 (4), (5) and (6).
5. Your rights in relation to personal data
You have the following rights in relation to your personal data:
Right of access to personal data - You have the right to know
which of Your personal data we store and how we process it,
including the right to know the purpose of the processing, the
persons to whom we will disclose your personal data, information
about automated decision-making and the right to receive copies
of personal data.
Right to rectification of personal data - You have the right to
request the rectification of inadequate, incomplete and
misleading personal data.
Right to withdraw the consent given for the processing of
personal data - You have the right at any time to withdraw the
consent given to us for the processing of personal data. Please
note that withdrawal of Your consent shall not affect the
legality of the processing that was made based on consent before
Right to erasure of personal data („right to be forgotten“) -
You have the right to request that we erase Your personal data
(for example, if you take back the consent for the processing of
personal data, or if personal data is no longer needed for the
purpose for which it was collected). We have the right to refuse
the erasure of personal data if the processing of personal data
is necessary for the fulfilment of our legal obligation, to
exercise the right to freedom of expression and information, for
the preparation, presentation and protection of legal claims, or
in the public interest.
Right to restriction of processing - In certain cases, you have
the right to prohibit or restrict your processing of personal
data for a certain period (e.g., if You have filed an objection
to personal data processing).
Right to object - You have the right to file an objection to
processing of Your personal data if Your personal data
processing takes place on the basis of our legitimate interest
or public interest. You shall have the right to object at any
time to processing of personal data for direct marketing
purposes, and we shall respond immediately.
Right to data portability - In case Your personal data
processing is based on Your consent and personal data is
processed automatically, You shall be entitled to receive
personal data about You that You submitted to us as the
controller, in a structured, commonly used and machine-readable
format, and you shall have the right to transmit this personal
data to another controller. You also have the right to request
that we transfer personal data directly to another controller,
where technically feasible.
Automated decision-making (including profiling) - if we have
informed You that we perform automated decision-making
(including profiling) that will bring about legal consequences
for You or have a significant effect on You, then You may
require that an automated decision cannot be made only on the
basis of automated processing.
Submission of complaint. You shall have the right to file a
complaint against us regarding the processing of personal data
to the competent data protection authority, which depends on
Your country of residence (list of data protection authorities
in EU you can find here:
Data Protection Authorities - European Commission
Please read more about your rights from chapter 3 of the GDPR (EU
General Data Protection Regulation 2016/679).
If You wish to use any right regarding personal data or ask
request to us firstname.lastname@example.org. We will respond to Your request by email as a rule no later
than within one month. Please note that before we can provide You
with the requested information regarding Your personal data, we
need to verify Your identity first.
6. Security of personal data
We apply various measures (physical, technical, organizational) to
protect Your personal data from unauthorized or arbitrary
rectification, disclosure, acquisition, destruction, loss or
unauthorized access to them.
If You have any information about the actual or suspected breach of
the processing of personal data, please inform us about it immediately
email@example.com. We will deal with the issue immediately.
7. Disclosure of personal data
Please note that due to legal requirements, we may be obliged to
disclose Your personal data or to grant access to Your personal data
to the authorities and the supervisory authority.
We shall disclose Your personal data to our authorized processors,
as well as to persons who are legally entitled to receive Your
When we conclude an agreement with a processor for the processing of
Your personal data, we shall ensure the existence of appropriate
contractual safeguards to protect Your personal data.
8. Geographical area of the Processing
We are using the following service providers, with whom we share
personal information what is directly needed for the services. Here is the list
of service providers, purpose of their involvement and personal data
to be shared:
Stripe.com for payments, bank card data;
OneSignal.com for sending emails, storing email address.
The above-mentioned service providers are located in the United States of
America. The transfer of personal data to them takes place in
accordance with the GDPR.
9. Storing of personal data
We shall store your personal data for as long as required by law or
in accordance with the law, or for the purposes stated in this
We store the data of You during the period set forth in the
After the expiration of the personal data storage period, we shall
permanently delete Your personal data.
any time. We shall notify You of the changes via the website.