Privacy Policy

1. Data Subject is a natural person about whom Mooncascade has got information or data enabling to identify the natural person. Data Subjects are, for example, the Clients (in case of legal person Clients – their natural person representatives), Visitors, and cooperation partners (in case of legal person cooperation partners – their natural person representatives), as well as the (potential) employees who are natural persons and whose personal data are held by Mooncascade.

2. Privacy Policy is this text which sets out the principles for Personal Data Processing by Mooncascade.

3. Personal Data is any information concerning an identified or identifiable natural person.

4. Personal Data Processing is any operation or set of operations which is performed on the Personal Data of a Data Subject, such as collection, recording, organisation, structuring, storage, alteration, and disclosure, enabling access to, retrieval, consultation, use, transmission, cross-checks, alignment or combination, restriction, erasure or destruction of Personal Data, irrespective of the manner of performing these operations or the means exploited.

5. Client is any natural or legal person that uses or has expressed a desire to use the Services of Mooncascade.

6. Agreement is the Service Agreement or any other agreement entered into between Mooncascade and the Client.

7. General Terms and Conditions set forth the general terms and conditions applied to the entry into an Agreement with Mooncascade.

8. Website means the websites of Mooncascade, the list whereof is available here:

• www.mooncascade.com
• www.mooncascade.ai
• www.mooncascade.de

9. Visitor is any person using the Website of Mooncascade.

10. Child is a person who is under 13 years of age in the context of Personal Data Processing upon provision of information society services in the Republic of Estonia.

11. Services are any services and products offered by Mooncascade.

12. Cookies are the datafiles sometimes recorded in the device of a Visitor of the Website.

13. Person responsible for data protection is the person who monitors the implementation of the Personal Data Processing principles at Mooncascade and who can be contacted by the Data Subject in case of a complaint.

14. Sales Channels are the means used by Mooncascade for communicating with a Data Subject, devices created for selling the goods and providing the services, including e-mail, telephone, public and social media, various chat lines, individualised and interactive advertisements, and other tools on the Websites and elsewhere. 

The above words and expressions are used in the meanings set out above in the Privacy Policy in the communication between the parties.

1. Mooncascade is either the legal person Mooncascade OÜ, registry code 11409711, registered address Narva mnt 9 Tartu, Tartumaa 51009, Republic of Estonia; or Mooncascade GmbH, registry code HRB 240873, registered address Skalitzer Straße 104, 10997 Berlin, Germany – depending on who is the entity the Data Subject is contracting with or is in negotiations to contract with or who contacts the Data Subject (or the legal person the Data Subject is representing). The controller of the Websites is Mooncascade OÜ.

2. Mooncascade may process Personal Data as:

1. a controller, while determining the purposes and means of processing;
2. a processor in accordance with the instructions from the controller; and
3. a recipient to the extent to whom the Personal Data are transferred.

3. This Privacy Policy of Mooncascade constitutes an inseparable part of the Agreement and General Terms and Conditions entered into between Mooncascade and the Client.

4. The Privacy Policy shall apply to the Data Subjects, and the rights and obligations set out in the Privacy Policy shall be followed by all the employees and cooperation partners of Mooncascade who come into contact with the Personal Data that are in the possession of Mooncascade.

5. The Privacy Policy may supplement the privacy statements published on the Website or on the devices, and the Privacy Policy may also be amended and supplemented by the same.

6. The objective of Mooncascade is to Process Personal Data responsibly, based on the best practice, with the aim of always being prepared to demonstrate the conformity of Personal Data Processing to the established purposes, and Mooncascade shall always take into account the interests, rights, and freedoms of Data Subjects.

7. All the processes, guidelines, operations, and activities of Mooncascade that are related to Personal Data Processing are based on the following principles:

1. Lawfulness. There is always a legal basis for the processing of Personal Data, e.g. consent, the need to perform a contract, legal obligation, legitimate interest, etc.;
2. Fairness. Personal Data Processing shall be fair while providing a Data Subject with sufficient information and communication on how the Personal Data is processed;
3. Transparency. Personal Data Processing shall be transparent for the Data Subject. Data Subjects get information from the Privacy Policy and additional information can be acquired from the Person responsible for data protection (see section Contact Information).
4. Purposefulness. Personal Data shall be collected for legitimate purposes that have been established precisely and clearly, and shall not later be processed in any manner which is in conflict with these purposes;
5. Minimisation. Personal Data shall be adequate, relevant, and limited to what is necessary for the purpose of Processing the given Personal Data. Mooncascade shall be guided by the principle of minimum Processing in Personal Data Processing, and as soon as the Personal Data are no longer necessary or are no longer needed for the purposes for which they were collected, the Personal Data shall be deleted;
6. Accuracy. Personal Data shall be correct and shall be updated as necessary, and all reasonable measures shall be taken to ensure that Personal Data which are incorrect in the light of the purpose of Personal Data Processing shall be deleted or corrected without delay;
7. Limit of storage. Personal Data shall be stored in the format enabling the identification of Data Subjects only as long as it is necessary to achieve the purpose for which the Personal Data is processed. It means that in case Mooncascade wishes to store the Personal Data for a longer period of time than necessary for the purpose of collecting the data, Mooncascade shall anonymise the data in such manner that the Data Subject shall no longer be identifiable. Mooncascade shall store the data that have been received by Mooncascade via a client relationship or any other similar relationship, in accordance with the best practice, and the data processed on the basis of consent generally for as long as the consent is withdrawn;
8. Reliability and confidentiality. Personal Data Processing shall be carried out in the manner ensuring the adequate security of Personal Data, including their protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage, by taking reasonable technical or organisational measures;
9. Data protection by design and by default. Mooncascade shall ensure that all the systems used shall meet the required technical criteria. The suitable data protection measures have been planned upon the renewal or design of every information or data system (e.g. the information systems and business processes are constructed using pseudonymisation and encryption).

8. Additional information regarding the conformity to these principles can be requested from the Person responsible for data protection.

9. Mooncascade collects or may collect, inter alia, the following types of Personal Data:

1. the Personal Data disclosed to Mooncascade by the Data Subject;
2. the Personal Data generated as a result of the day-to-day communication between the Data Subject and Mooncascade;
3. the Personal Data manifestly made public by the Data Subject (e.g. in social media);
4. the Personal Data generated upon consumption of Services;
5. the Personal Data generated as a result of visiting and using the Website (e.g. the time spent on the Website);
6. the Personal Data received from third persons;
7. the Personal Data created and combined by Mooncascade (in the context of a client relationship).

10. Mooncascade shall Process Personal Data only if there is a legal basis for it. Legal bases for Processing of Personal Data include but are not limited to consent, legitimate interests or an Agreement between the Data Subject and Mooncascade.

11. Mooncascade shall Process Personal Data on the basis of consent precisely within the limits, to the extent, and for the purposes determined by the Data Subject. As for consents, Mooncascade shall follow the principle that every consent shall be clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language. Consent may be given in writing or by clear action (e.g. filling the contact form) or by other electronic means or as an oral statement. A Data Subject shall give the consent freely, specifically, informedly, and unambiguously, for example by ticking a box on the Website. For example, unless an exception applies, Mooncascade shall undertake electronic direct marketing based on the Data Subject’s consent.

12. Upon entry into and performance of an Agreement, Personal Data Processing may be additionally provided for in the specific Agreement, but Mooncascade may Process Personal Data for the following purposes:

1. in order to take steps at the request of the Data Subject prior to entering into the Agreement;
2. to identify the Client to the extent required by due diligence;
3. to perform the obligations to the Client regarding the provision of its Services;
4. to communicate with the Client;
5. to ensure the performance of the payment obligation of the Client;
6. to submit, realise and defend claims.

13. For the entry into an employment agreement, the Processing of the Personal Data of a job applicant by Mooncascade based on the entry into the agreement and legitimate interest shall include:

1. Processing of the data submitted by the job applicant to Mooncascade for the purpose of entering into an employment agreement;
2. Processing of the Personal Data received from the person indicated as the referee by the job applicant;
3. Processing of the Personal Data collected from state databases and registers and public (social) media.

In case a job applicant is not selected, Mooncascade shall store the Personal Data collected for entry into an employment contract for two years in order to make a job offer to the job applicant in case a suitable position becomes vacant. When two years have passed after the submission of a job application, the Personal Data of the job applicant who was not selected shall be deleted.

14. Legitimate interest means the interest of Mooncascade in the management and direction of its business in order to be able to offer the best possible Services on the market. Mooncascade shall Process Personal Data on a legal basis only after careful consideration in order to ascertain the legitimate interest of Mooncascade, based on which the Personal Data Processing is necessary and is in compliance with the interests and rights of a Data Subject (after carrying out the so-called three-step test). In particular, Personal Data Processing may take place on the basis of a legitimate interest for the following purposes:

1. to start Client relations for example if Data Subject has given Mooncascade information via contact forms on the Website or by e-mail or other electronic forms, Mooncascade process the information given for the reason the info was collected and Mooncascade may contact the Data Subject for giving related information;
2. for ensuring a trust-based relationship with a Client, for example, Personal Data Processing that is strictly necessary to determine the ultimate beneficiaries or to prevent fraud;
3. for the administration and analysing the client base to improve the availability, selection, and quality of Services and products, and to make the best and more personalised offers to the Client upon the Client’s consent;
4. for the identifiers and Personal Data collected upon the use of Websites, mobile applications, and other Services. Mooncascade shall use the collected data for web analysis or for the analysis of mobile and information society services, for ensuring and improving the functioning, for statistical purposes and for analysing the behavior and using the experience of Visitors, and for providing better and more personalised Services;
5. if and as allowed under the applicable law, for marketing, for the organisation of campaigns, including organisation of personalised and targeted campaigns, carrying out Client and Visitor satisfaction surveys, and measuring the effectiveness of the performed marketing activities. For example, Mooncascade may, under certain circumstances, use the electronic contact details of existing Clients for marketing similar products and services if the Client has been given upon the initial collection of electronic contact details a clear and distinct opportunity to refuse such use of its contact details. In Estonia, the electronic contact details of legal persons (including, under certain circumstances, their natural person representatives) can also be used for electronic direct marketing under legitimate interest; for analysing the behavior of the Clients and Visitors in different Sales Channels and on Websites;
6. for analysing the behavior of the Clients and Visitors in different Sales Channels and on Websites;
7. for monitoring of the service. Mooncascade may record the messages and instructions given in its premises as well as by means of communication (e-mail, telephone, etc.), as well as information and other operations carried out by Mooncascade, and shall use those recordings as needed to evidence instructions or other operations;
8. for network, information, and cyber security considerations, for example for fighting against piracy and for ensuring the security of the Websites, as well as for the measures taken for making and storing backup copies;
9. for corporate purposes, in particular for the financial management;
10. for the establishment, exercise, or defense of legal claims.

15. For performing a legal obligation, Mooncascade shall Process Personal Data to perform the obligations set forth by law or to exercise the uses permitted by law. Legal obligations derive, for example, from adhering to the rules of payment processing and prevention of money laundering.

16. In case Personal Data Processing is carried out for a new purpose, different from those for which the Personal Data was originally collected, or is not based on the consent given by the Data Subject, Mooncascade shall carefully assess the permissibility of such new Processing. In order to determine whether the Processing for the new purpose is in compliance with the purpose for which the Personal Data was originally collected, Mooncascade shall take into consideration, inter alia, the following:

1. any link between the purposes for which the Personal Data were collected and the intended further purposes Processing;
2. the context of collecting the Personal Data, in particular regarding the relationship between the Data Subject and Mooncascade;
3. the nature of the Personal Data, in particular, whether any special categories of Personal Data;
4. possible consequences of the intended further processing for the Data Subjects;
5. the existence of appropriate protection measures which may consist in, for example, encryption and pseudonymisation.

17. Mooncascade cooperates with persons, to whom Mooncascade may transfer data regarding the Data Subjects, including their Personal Data, in the context and for the purposes of co-operation.

18. Such third persons may be the persons within the same group with Mooncascade, its advertising and marketing partners, companies carrying out client satisfaction surveys, debt collection agencies, credit registers, IT partners, persons, authorities, and organisations intermediating or providing (electronic) mail services, provided that:

1. the respective purpose and the Processing are lawful;
2. the Personal Data Processing is carried out in accordance with the guidelines of Mooncascade and on the basis of a valid agreement;
3. the data regarding the respective processors are disclosed to the Data Subjects (for information contact Person responsible for data protection).

19. Mooncascade shall transfer Personal Data to outside the European Union only if there is sufficient protection in the respective country; if protection measures have been agreed upon (e.g. binding internal rules of the group or standard data protection clauses); the Data Subject has given clear and informed consent for such transfer; the transfer is clearly required by an agreement entered into with the Data Subject; the transfer is not repeated, it concerns only a limited number of Data Subjects; it is necessary for protecting the legitimate interests of Mooncascade which are not overridden by the interests, rights or freedoms of the Data Subject, and if all the circumstances related to the transfer have been assessed and suitable protection measures have been established to protect the Personal Data, or if there is some other legal basis therefor. Mooncascade shall inform the Data Protection Inspectorate of the transfer based on legitimate interest.

20. Mooncascade shall store Personal Data strictly only for the minimum period required. The Personal Data with an expired storage period shall be destructed or anonymized by Mooncascade or the IT partner.

21. Mooncascade has established guidelines and procedural rules for ensuring the security of Personal Data by both organisational and technical measures. Further information on the security measures taken by Mooncascade can be obtained also from the Person responsible for data protection at Mooncascade.

22. In case of an incident related to Personal Data, Mooncascade shall take all necessary measures to mitigate the consequences and hedge any relevant risks in the future. Inter alia, Mooncascade shall register all the incidents and shall inform the Data Protection Inspectorate and the Data Subject directly (e.g. by email) or in public (e.g. via the news) in prescribed cases.

23. The Services of Mooncascade are not targeting Children.

24. Mooncascade does not knowingly collect any information on persons under 13 years of age, i.e. Children, and in case of any respective informed activity we shall act on the basis of the requests of a parent or guardian (including consent to send products to the name of a Child).

25. In case Mooncascade finds out that it has still collected Personal Data from a Child or regarding a Child, Mooncascade shall use its best efforts to discontinue the Processing of the respective Personal Data.

26. Rights related to consent:

1. A Data Subject will always be entitled to inform Mooncascade about his or her wish to withdraw the consent for the Personal Data Processing.
2. You will be able to view, change and withdraw your consents given to Mooncascade by contacting Mooncascade. The contact details are set out in the section Contact Information of this Privacy Policy.

27. A Data Subject has also the following rights upon Personal Data Processing:

1. Right to receive information i.e. the right of a Data Subject to receive information regarding the Personal Data collected about him or her. A Data Subject will be able to receive information from this Privacy Policy and by contacting the Person responsible for data protection at Mooncascade.
2. Right of access to data which, inter alia, includes the right of a Data Subject to a copy of the Processed Personal Data.
3. Right to rectification of inaccurate Personal Data. A Data Subject has the right to demand that the data would be updated and/or corrected by contacting the Person responsible for data protection at Mooncascade.
4. Right to erasure of data i.e. in certain cases a Data Subject will be entitled to demand the deletion of Personal Data, for example, if the Processing is carried out only on the basis of consent.
5. Right to demand restriction of Personal Data Processing. This right is created, inter alia, in case the Personal Data Processing is not permitted under law or if the Data Subject challenges the accuracy of the Personal Data. A Data Subject will be entitled to demand the restriction of the Personal Data Processing for a period enabling the processor to check the accuracy of the Personal Data or if the Personal Data Processing is unlawful but the Data Subject does not request the deletion of the Personal Data.
6. Right to data portability i.e. a Data Subject shall have, in certain cases, the right to receive the Personal Data in a machine-readable format and to take these data along or transfer them to another controller.
7. Rights related to automated Processing mean, inter alia, that a Data Subject will have the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal Data concerning him or her, based on automated decision-making. For the avoidance of doubt – Mooncascade may Process Personal Data for automated decision-making promoting its business (i.e. for segmentation of Visitors in the marketing context, and for sending them personalised messages, in the context of commencement of an employment relationship, and in order to ensure that our employees shall adhere to our internal security regulations). Automated Processing may include also data collected from public sources. You have the right to avoid any decisions based on automated Personal Data Processing if they can be classified as profiling;
8. Right to the assessment of a supervisory authority on whether the Processing of the Personal Data of the Data Subject is lawful;
9. Compensation for damage.

28. Exercising of rights. A Data Subject will be entitled to address Mooncascade or the Person responsible for data protection at Mooncascade using the contact details set out in section Contact Information in case of any question, request, or complaint related to Personal Data Processing.

29. Filing of complaints. A Data Subject will be entitled to address a complaint to Mooncascade and the Person responsible for data protection at Mooncascade, to the Estonian Data Protection Inspectorate, to Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI) (in case Mooncascade GmbH is the controller), to the supervisory authority in the Member State of the Data Subject’s habitual residence, place of work or place of the alleged infringement, or to a court if the Data Subject is of the opinion that his or her rights have been infringed in Personal Data Processing. The contact details of the supervisory authorities can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

30. Mooncascade may collect data regarding the Visitors of the Websites and other information society services by using Cookies for this purpose (i.e. small pieces of information stored by the Visitor’s browser on the hard disk of the computer of any other device of the Visitor) or other similar technologies (e.g. IP address, equipment information, location information) and process these data.

31. Mooncascade uses the collected data to enable the provision of the Service in accordance with the habits of a Visitor or Client; to ensure the best service quality; to inform the Visitor and Client about the contents and give recommendations; to update advertisements and make marketing efforts more efficient, and to facilitate logging in and protection of data. The collected data shall also be used for counting the Visitors and recording their using habits.

32. Mooncascade uses session Cookies, persistent Cookies, and advertising Cookies. A session cookie is deleted automatically after every visit; persistent Cookies shall remain upon repeated use of the Website, and advertising Cookies and third-party cookies are used by the Websites of the partners of Mooncascade which are connected with the Website of Mooncascade. Mooncascade does not control the generation of those Cookies, therefore information on these Cookies can be obtained from third persons.

33. As to the Cookies, Visitors agree with the use of Cookies on the Website, in information society service devices, or the web browser.

34. Most web browsers allow Cookies. Without fully allowing Cookies, the functions of the Website are not available to a Visitor. The allowing or prohibiting Cookies and other similar technologies shall be under the control of a Visitor via the settings of the Visitor’s own web browser, settings of the information society service, and platforms for making such privacy more efficient

35. The Privacy Policy of Mooncascade shall be implemented on the basis of the following documents, guidelines, and procedures:

1. Register of processing operations which sets out the purposes and manners of Personal Data Processing, types and categories of the Personal Data being Processed, and the respective bases for Processing;
2. Policy of the organisational and technical measures taken by Mooncascade which sets out various measures taken by Mooncascade to always maintain the confidentiality and security of Personal Data;
3. All About Cookies: Descriptions of cookies and other web technologies used by Mooncascade;
4. Your Online Choices; About Ads; Network Advertising: the platform of controlling and monitoring of cookies and other web technologies, where Data Subjects themselves can change and control how their Personal Data is used and collected.

36. The contact details of Mooncascade that are important for a Data Subject:

1. Regarding Personal Data issues, Mooncascade can be contacted by e-mail at marketing@mooncascade.com
2. The Person responsible for data protection at Mooncascade is Anu Einberg who can be contacted by e-mail at marketing@mooncascade.com

37. Mooncascade will be entitled to unilaterally amend this Privacy Policy. Mooncascade shall inform Data Subjects about amendments on the Website, or by e-mail or by other means.

38. The latest amendments and entry into force of the Privacy Policy:

• Publication: 27.09.2022
• In force for current Visitors and Clients: 27.09.2022
• In force for new Visitors and Clients: 27.09.2022
• Main Modifications:
  • Added information about Mooncascade GmbH.
  • Specified certain clauses regarding data subjects and legal bases, especially regarding marketing.
  • Specified the clause regarding filing of complaints.
  • Changed the contact details.