PRIVACY POLICY

FLAMINGO NEW HOMES ("we," "us," "our", "platform") is deeply committed to safeguarding your privacy and ensuring that your personal data is handled securely and in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, as well as other applicable data protection laws. This Privacy Policy explains how we collect, use, and process your personal data when you access our platform at https://flamingonewhomes.com (the "Platform" or "FLAMINGO NEW HOMES") and when you use our services and products. It also outlines your rights concerning your data and how you can exercise them.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING OUR PLATFORM OR SERVICES. BY ACCESSING OR USING OUR PLATFORM, YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY.

1.1 Who We Are

This Privacy Policy applies to FLAMINGO NEW HOMES, a platform operated by legal entities registered in Ukraine and Estonia. Both entities are considered data controllers under GDPR for the purposes outlined in this policy.

1.2 Who This Policy Applies To

This policy applies to all users of our Platform, including registered users, clients, vendors, partners, and any other individuals who interact with our services.

1.3 Applicable Laws

This Privacy Policy has been designed to comply with the GDPR as well as relevant national legislation, including the Ukrainian Law "On the Protection of Personal Data" and the Estonian Personal Data Protection Act.

2.1 Primary Controllers

The primary controllers of your personal data are:

• LLC "Flamingo NG Group": Registered in Ukraine, responsible for the processing of personal data of users located outside the European Economic Area (EEA).
• «FLAMINGO NG GROUP» OÜ: A separate legal entity registered in Estonia, responsible for the processing of personal data of users located within the EEA.

2.2 Joint Controllers

In certain circumstances, LLC "Flamingo NG Group" and «FLAMINGO NG GROUP» OÜ may act as joint controllers, particularly in cases where processing activities require coordinated efforts across both entities.

2.3 Third-Party Processors

We engage third-party service providers, including cloud storage providers, payment processors, and IT service providers, to process your data on our behalf. These processors are carefully selected and are contractually obligated to implement robust data protection measures to safeguard your personal data in line with GDPR and other applicable regulations.

Security and Authentication

We use AWS Cognito for user authentication, enabling login through email, Google, and Apple.

3.1 Information You Provide Directly

When you register on our Platform or use our services, you may be asked to provide personal data, including but not limited to your full name, email address, phone number, and residential address.

3.2 Sensitive Personal Data

We do not intentionally collect or process sensitive personal data (e.g., data concerning health, political opinions, religious beliefs) unless explicitly required by law. Should we need to process such data, we will obtain your explicit consent.

3.3 Data Collected Automatically

We automatically collect certain information when you interact with our Platform, including your IP address, browser type, operating system, device information, and activity logs (e.g., pages visited, time spent on the Platform).

3.4 Cookies and Tracking Technologies

• Mandatory Cookies for Authorization and Registration:
  • Purpose: We use mandatory cookies to maintain user sessions, allowing you to stay logged in for a certain period after accessing our site.
  • Data Collected:
    • Session ID: A unique session identifier that links your requests to your session on our server.
    • JWT Token: A token that authenticates your requests to our services.
    • User ID: A user identifier in our database that allows us to recognize you as a user.
• Google Analytics Cookies:
  • Purpose: We use Google Analytics to collect analytical data on how you interact with our Platform. This data helps us improve the user experience and optimize content.
  • Data Collected:
    • Audience Demographics: We may collect data about your age, gender, country, and city.
    • Session Duration: We collect information about the duration of your visit to our Platform.
    • Page Views: We track the number of page views.
    • Clicks: We collect information on your clicks on certain page elements, such as buttons or links.
    • Traffic Source: We track the traffic source that brought you to our site (e.g., search engine, social networks, etc.).
    • User Behavior: We collect data on your behavior on the site, such as which pages you visit and in what order.
• Your Rights and Options:
  • Cookie Consent: We will use analytical cookies only after obtaining your consent. You can accept or decline the use of these cookies in the cookie settings on our site.
  • Opting Out of Analytics: You have the option to opt out of Google Analytics tracking by using special privacy settings or opt-out tools available in your browser.

To opt out of being tracked by Google Analytics across all Platforms, use Google Analytics Blocker.

3.5 Data from Third Parties

We may also receive personal data about you from third parties, such as social media platforms, public databases, and marketing partners. This data is treated with the same level of care as data we collect directly.

We process your personal data for various purposes, including but not limited to:

• Service Delivery: To create and manage your account, provide you with the services you have requested, and process payments.
• Customer Support: To respond to your inquiries, resolve issues, and provide customer support.
• Personalization: To personalize your experience on our platform, including recommending services and content that match your interests.
• Marketing Communications: To send you marketing materials, newsletters, and updates about our services, provided you have given consent.
• Legal Compliance: To comply with legal obligations, such as anti-money laundering (AML) laws, and to respond to legal requests from law enforcement or regulatory authorities.
• Risk Management: To prevent, detect, and investigate fraudulent activities, security breaches, and other harmful activities.
• Business Operations: To conduct internal audits, data analysis, and research to improve our services and ensure the security of our operations.

We rely on the following legal bases for processing your personal data:

• Consent: Where you have provided consent for specific processing activities, such as receiving marketing communications.
• Contractual Necessity: Where processing is necessary to fulfill a contract with you or to take steps prior to entering into a contract.
• Legal Obligation: Where processing is required to comply with a legal obligation.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights and interests.

6.1 Third-Party Service Providers

We may share your personal data with third-party service providers who perform functions on our behalf, such as hosting, payment processing, Administrators, and data analytics. These providers are contractually bound to protect your data and are prohibited from using it for any purpose other than providing their services.

6.2 Affiliated Entities

Your data may be shared with our affiliated entities, to ensure seamless service delivery across different jurisdictions. Any such transfer will comply with GDPR and other applicable data protection laws.

6.3 Legal and Regulatory Disclosures

We may disclose your personal data if required by law, regulation, or legal process, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred to the acquiring entity. We will ensure that the acquiring entity is bound by the same privacy commitments we have made to you.

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA), including but not limited to Ukraine. When transferring data outside the EEA, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) approved by the European Commission.

8.1 Technical and Organizational Measures

We implement a wide range of security measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to, encryption, firewalls, secure socket layer (SSL) technology, and access controls.

8.2 Security Audits and Compliance

We conduct regular security audits and assessments to ensure the ongoing effectiveness of our data protection practices. Our compliance team is responsible for monitoring and addressing potential vulnerabilities in our systems.

8.3 User Responsibilities

While we take significant measures to secure your data, you are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The retention period may vary depending on the type of data and the specific legal or regulatory requirements.

• Transactional Data: Retained for 7 years to comply with tax and accounting obligations.
• Marketing Data: Retained until you opt out of receiving marketing communications.
• Legal Compliance Data: Retained as necessary to comply with legal obligations, including data related to AML and KYC requirements.

10.1 As a data subject under GDPR, you have the following rights:

• Right of Access: You can request access to the personal data we hold about you.
• Right to Rectification: You have the right to request the correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request the deletion of your data under certain conditions.
• Right to Restrict Processing: You can request that we limit the processing of your data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and to transfer it to another controller.
• Right to Object: You can object to the processing of your personal data on grounds relating to your particular situation, including objections to direct marketing.
• Right to Withdraw Consent: You can withdraw your consent to data processing at any time, where processing is based on consent.

10.2 How to Delete Your Personal Data

If you wish to delete your personal data, you have the right to request its deletion by contacting us at info@flamingonewhomes.com. Upon receiving your request, its review and verification we will take the necessary steps to delete your personal data, provided there are no overriding legal grounds for retaining it, such as compliance with legal obligations, resolving disputes, or enforcing our agreements. Please note that we may retain certain information as required by law or for legitimate business purposes, such as preventing fraud or enforcing our legal rights.

If your data is deleted, it will be removed from our active database, but it may remain in our archives where it is not accessible to our users. Archived data will not be used for any purpose other than fulfilling legal obligations.

10.3 Exercising Your Rights

To exercise any of your rights mentioned above, please contact us at info@flamingonewhomes.com. We may need to verify your identity before processing your request to ensure that your data is protected and that your request is legitimate.

Our services are not intended for individuals under the age of 18, those who have not attained full legal capacity and competence, or the higher age of majority applicable in their respective jurisdictions. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information.

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Any changes will be posted on our Platform, and we encourage you to review this policy periodically. Your continued use of our Platform following the posting of changes constitutes your acceptance of such changes. To ensure transparency in the process of changes, all previous versions of the Privacy Policy are retained and archived by the platform owners and are available for review by any user upon request sent to the platform’s email: info@flamingonewhomes.com.

• Stripe:
  • Purpose: We use Stripe to process your payments. During the payment process, we store only the key identifiers necessary to track your transactions and subscriptions.
  • Data Collected:
    • Customer ID (customerId): A unique identifier associated with your account in Stripe.
    • Payment Method ID (paymentMethodId): An identifier for your payment method.
    • Transaction Identifiers: Unique transaction identifiers that allow us to track your payment history.
    • Transaction Statuses: Information about the status of each transaction, including successful and failed payments.
    • Subscription Identifiers: Identifiers for your subscriptions that allow us to manage your subscriptions.
• Liqpay:
  • Purpose: We use Liqpay to process certain payments and store payment data.
  • Data Collected:
    • Payment Token: A token representing your payment method, used for future payments and secure storage of payment information.
    • Transaction Data: We store transaction identifiers and their statuses to ensure proper accounting and reporting.
    • User Data: Information about you related to your payment methods and transactions.
• Storing information about direct payments:
  • Purpose: We store information about direct payments received into our account for the purpose of tracking users' fulfillment of obligations and managing our services.
  • Data Collected:
    • Date and time of payment: We record the date and time when the payment was received.
    • Amount received: The amount of the payment received.
    • Transaction reference: A unique identifier of the transaction that allows us to identify the payment.
    • Payer information (if available): Information about the person who made the payment, if such information is available and necessary for accounting.
• Data Security: We use modern encryption and data protection methods to ensure the security of your information. We only store the minimum necessary data for processing payments and managing subscriptions, and we do not store full credit card details or other sensitive payment information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Address: Ukraine, Lviv region, Lviv city, 13/14 Shota Rustaveli Street.

Email: info@flamingonewhomes.com.

Phone: +380 (97) 880-80-01.

Address: Harju maakond, Tallinn, Lasnamae linnaosa, Sepapaja tn 6, 15551, Estonia.

Email: info@flamingonewhomes.com.

Phone: +380 (97) 880-80-01.

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. We encourage you to contact us first to resolve any concerns.