Privacy Policy

1. General provisions.

1.1. This Policy covers how User data is collected and used. The Administration does not collect personal data of Users through the Service, unless otherwise is expressly stated in this Privacy Policy.

1.2. The purpose of this Policy is to ensure adequate protection of information about Users, including their personal data, from unauthorized access and disclosure.

1.3. The collection, storage, distribution and protection of information about Users are governed by this Policy, other official documents of the Administration and the effective legislation of the New Zealand.

1.4. The Administration has the right to make changes to this Policy. When making changes to the Policy, the Administration notifies the Users about this by posting a new version of the Policy at overload.run.

1.5. By using the Service, the User agrees with the terms of this Policy and the processing of personal data in the manner prescribed by this Policy, as well as with the processing of personal data by third parties acting on behalf of the Administration in its legitimate interests.

1.6. If the User disagrees with the terms of this Policy, the User must immediately stop using the Service.

1.7. In addition to the definitions and notions established by the Terms of Use, and in the same sense used in this Privacy Policy, the following are additionally established:

1.7.1 Registered User - the User who created the Account;

1.7.2 User data - technical data, as well as Account data necessary for the User to use the Services on an onerous basis and provide him with access to them, and do not contain information that allows the identification of an individual;

1.7.3 Payment data - personal data of the Registered User, necessary to provide access and use of the Service on a reimbursable basis.

2. Collection, storage and use of data.

2.1. User data collected from each User includes:

2.1.1. When authorizing on the Site:

username, email address and encrypted password (when creating an Account) or a public OpenID identifier containing only an email address and ID (when using alternative means of authorization);
Date and time of registration and last access to the Service;
Information about the transition from another resource;
Site Language;
Google Analytics data.

2.1.1.1. When authorizing in the Bot:

user ID;
Date and time of registration and last access to the Service;
Bot language;

2.1.2. When paying for the Plans and buying OLR, the following Payment Data is collected:

the email address specified by the User during registration;
First name, last name;
billing address.

2.1.3. When sending requests or contacting the Administration by e-mail:

E-mail address;
name;
other information included in the text of the request or appeal.

2.2. The above information received from the User is necessary to perform:

2.2.1. The Terms of Use between the Administration and the User, including but not limited to:

sending informational messages related to the performance of the Terms of Use and this Policy (about changes in the specified documents, the amount of payments for the Plans and buying OLR, about the events of the User's authorization in the Account, responses to the User's requests, etc.);
providing access to the Services on an onerous basis and making payments for the Plans and buying OLR to obtain such access, including using the payment systems of a third-party provider;
ensuring that the User complies with Section 5 of the Terms of Use.

2.2.2. purposes arising from the legitimate interests of the Administration:

transfer data to third parties on behalf of the Administration for processing on its behalf and providing services on our behalf or, partner organizations that provide support and help improve the operation of the Services;
respond to inquiries and requests from Users, their legal representatives and government agencies;
provide technical support to Users when they use the Services.

2.3. The Administration does not collect or process data of bank cards or accounts of Users. Information about bank cards is collected by the payment system of a third-party service provider specified in clause 4.3. of this Policy.

2.4. To confirm the payment of Plans and buying OLR, the Administration has access through the payment system of a third-party service provider to information about the payment status that does not contain bank card data.

2.5. The collected data can be changed at the request of the User if they are inaccurate or irrelevant after his identification.

2.6. The Administration protects the data provided by the User with reasonable and sufficient security measures against loss or theft, as well as against unauthorized access, disclosure, copying, use or modification.

2.7. The Administration does not store the data requested User for check on its servers, and the history of the User's some actions is in the Account for a limited time. However, these actions can be performed by the Data Source.

2.8. When the User uses the Service, the Administration does not get access to the data requested for verification, but stores statistics on the use of the Tools.

2.9. User and Payment data are stored and processed until the processing goals are achieved, that is, until the User stops using the Service and requests the deletion of User data. User and Payment data may also be erased in connection with the termination of the Account on the grounds provided for in clause 5. of the Terms of Use. Some personal data may be processed after the termination of the use of the Service, to the extent required by applicable law.

2.10. User and Payment data may be disclosed by virtue of the law or at the inquiries of law enforcement agencies or at the court orders, including to protect the rights of third parties during legal proceedings, administrative procedures, operational search or investigative measures; to protect the rights and interests of other Users; to protect the life and vital interests of other individuals; to ensure the proper level of security of the Service and User data; as well as in order to protect the intellectual property rights, as well as other rights and legitimate interests of the Administration.

2.11. The operator takes technical, organizational and legal measures in order to ensure the protection of the User's personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions.

2.12. The storage of information about Users is carried out in secure databases, access to which is limited to third parties.

2.13. The Administration does not sell, does not transfer any data about Users for a consideration and does not provide access to persons not affiliated with or not in contractual relations with the Administration.

3. Right to access, erasure and restriction of data processing.

3.1. Whereas the sources of the collection of information about Leaks and O.S.I.N.T. events available using the Service do not allow to determine, directly or indirectly, an individual (article 4 (1) General Data Protection Regulation of the European Union 2016/679), the Administration cannot provide information about the set of data in accordance with Art. 15 of the General Data Protection Regulation of the European Union.

3.2. Registered Users have the right to withdraw their consent to receive informational messages, notifications about authorization and authentication events on the Sites and about the expiration of the period paid for the Plan, sent to their e-mail address specified by them when creating an Account or via Bot messages. To withdraw consent to receive e-mail or the Bot messages, the User shall perform actions confirming the refusal to receive such messages.

3.3. For e-mail messages, such actions will be considered:

a change in the Account settings, or;
sending a relevant request to the Administration through email, or;
referring to a special link with anchor text “unsubscribe” or any similar one in any of the informational messages, or;
any other actions expressly stated in the text of informational email messages;

3.3.1. For messages from the Bot, such actions will be considered sending a corresponding request to the Bot.

3.4. Registered Users have the right to demand from the Administration rectification of his personal data, restriction of its processing or erasure in the event, including if the personal data is incomplete, outdated, inaccurate, unlawfully obtained or no longer deemed necessary for the initially stated purpose of processing, as well as take measures provided for by law to protect their rights.

3.5. Erasure (deletion) and processing restriction of all collected User data is carried out within 24 hours upon the receipt of the relevant request. A request for erasure (deletion) of User data necessary to perform the Terms of Use amounts to refusal to further use of the Service on an onerous basis and perform the Terms of Use.

3.6. Registered Users have the right to receive information regarding the processing of their personal data, including:

confirmation of the fact of processing personal data by the Administration;
legal basis and purposes of personal data processing;
the purposes and methods of processing personal data used by the Administration;
the identity, contact details of the Administration, information about individuals or entities (except for employees of the Administration) who have access to or receive personal data or to whom personal data may be disclosed on the basis of an agreement with the Administration or on the basis of the law;
the processed personal data relating to the User, the source of their receipt, unless another procedure for submitting such data is provided for by federal law;
term or condition of processing personal data, including term or condition of their storage;
the procedure for the User to exercise the rights provided for by applicable law;
information about the carried out or intended cross-border data transfer;
designation or first name, surname, patronymic or middle name (if any) and address of the person who processes personal data on behalf of the Administration, if the processing is entrusted or will be entrusted to such a person;
other information provided by applicable law.

3.7. The User is entitled to address any personal data protection issues to the Data Protection Authority of his residence.

4. Third party service providers.

4.1. The Administration transfers User data to some of the third-party service providers in accordance with the terms of agreements restricting the use and the processing of the User data. In some cases, these service providers may need access to User data in order to provide services related to the Administration's performance of its obligations under the Terms of Use and this Policy. Such service providers are allowed to use User data only to process data or provide services on behalf of the Administration within the framework of contractual obligations to protect the security and confidentiality of the processed User data. In some cases, these service providers may disclose User Data to governmental authorities due to the requirements of applicable law.

4.2. The results of information output are obtained by the User through the Service from the Data Source, which can store and process information at its own discretion, in accordance with its current rules and regulations.

4.3. For processing of payments for the Plans buying OLR, a third-party provider’s payment system is used - Enot.io. The third-party provider, acting in the interests of the Administration, collects and processes Payment data, as well as bank card data and other financial data necessary to execute and process license fees for the right to use the Service. When paying for Plans using cards of Mastercard or Visa payment systems, the Administration transfers to Enot.io email address and the User transfers Payment Data to Enot.io and Administration. The Administration does not receive and does not have access to card or bank data, as well as to the data that Enot.io uses to execute and process payments, except for the data specified in clause 2.3 of this Policy. You can read Enot.io Privacy Policy on their website.

4.4. The Sites use hCaptcha from Intuition Machines, Inc. (350 Alabama St, San Francisco, CA 94110 USA) to prevent automatic requests to the Sites. hCaptcha is a service that protects web pages from spam and request abuse. The Administration uses hCaptcha to protect input forms. When using hCaptcha, Intuition Machines, Inc. uses data to determine if the User is human. What data Intuition Machines, Inc. collects and for what they are used, you can read here and its Terms of Use here.

5. Link to web resources and services of third parties.

The Services may contain or provide the ability to follow links to unrelated third-party web resources and services. These web resources and services may operate independently of the Administration and / or may have their own terms of use, policies and privacy notices, which the Administration strongly recommends to review. After referring to such web resources or services, the Administration no longer has any control on the processing of any data that is transferred to the unrelated third party, since the behavior of such parties is beyond its control. Therefore, the Administration does not assume any responsibility for the processing of any such data by unrelated third parties. In addition, the Administration is not responsible for the information posted and / or damage caused as a result of actions on any web resources and services that can be accessed by referring to the link available through the Services or using information obtained during the use of the Services and that are not owned or controlled by the Administration or are not bound by this Policy.