Data Privacy Manager Product Privacy Policy

DPM application privacy policy
(for SaaS deployment model)

Introduction

We are committed to protecting privacy and security of your personal data and any data that you enter into our software application (Data Privacy Manager, DPM application, or simply Application). As earning and maintaining trust is core to what we do we are truly committed to transparency in our privacy practices and we want you to use our products with confidence.

The remainder of this policy document can help you find the information you need about how we handle personal data that you enter into our software products, whether it is your own personal data (i.e. the data that belong to Application users) or your customers’ personal data. We invite you to read this policy document in its entirety.

If you have any further questions, please contact us directly. Our contact information can be found in the “Contact” section at the end of this policy document.

This policy was last changed on 09/01/2020.

This policy is effective starting 09/01/2020.

Definitions

Application

This is Data Privacy Manager, referred to as DPM application, or simply Application.

Personal data

Any information relating to an identified or identifiable living natural person (typically your customers) that can be used to distinguish or trace the individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and any other information that is linkable to an individual, such as medical, educational, financial, and employment information. Commonly used synonyms are: personal information, personally identifying information, personally identifiable information.

Special categories of personal data

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Commonly used synonyms are: sensitive personal data, sensitive personal information.

Data subject

An identified or identifiable natural person. These are your customers, as well as Application users.

Data controller

The entity which determines the purposes and means of the processing of your personal data.

For the purpose of this privacy policy, your organization is either a data controller, data processor or both.

Data processor

The entity which processes personal data on behalf of the data controller.

For the purpose of this privacy policy, your organization is either a data controller, data processor or both.

It should be noted that in the case of the cloud deployment model, we may be classified as a data processor because of the fact that we, along with the cloud provider of our choice, are responsible for the maintenance of the environment where the Application and your data are hosted. Please see below the section about the collection and usage of your data for further clarification.

Data recipient

The entity to which personal data is disclosed, typically a public authority. For the purpose of this privacy policy, you are in a position to decide about any potential disclosure of your data to any data recipients.

Data protection officer (DPO)

A representative within your organization who is responsible for all privacy-related issues.

Cookies

Also known as browser cookies or tracking cookies, these are small, often encrypted text files, located in your web browser. They are used by our developers to help you efficiently use the Application and to perform certain functions. Due to cookies’ core role of enhancing/enabling usability or web application processes, disabling cookies may prevent you from using some of the Application’s functionalities.

We only use strictly necessary categories of cookies in our Application and as such, they should be left enabled in your web browser.

For more information about cookies, in general, please visit the site All About Cookies.

Personal data in Data Privacy Manager

Information you explicitly provide to us

DPM application uses strong authentication in order to differentiate among the Application’s users, as well as to grant the users access to authorized resources. As such, it needs to collect and store email addresses (user names) of all users of the Application. In addition, the full name of each user is captured and stored during the user onboarding process. These are the only three pieces of personal data (email address, name, and surname) that we have on the users of the Application.

We can use the above information in a sole case when there is a need for troubleshooting the Application. Any such request will be made by authorized requestor/contact.

Information you collect during the use of the Application

During the normal operation of the DPM application, you provide information about data subjects. The majority of this information will be personal data belonging to these data subjects.

As mentioned above in this policy document, we may be classified as a processor in the case of a cloud deployment model. Having said that, we would also like to clarify that we never have any need to access your data, hence we never access it. Any data about your data subjects are stored securely in our databases. These databases only store data pertinent to your organization and are not shared with other parties.

Information that is automatically collected/logged

In addition to the above types of information, we also acquire the following pieces of technical information, which however can be considered personal data, either on its own or when combined with other data:

  • IP addresses and / or domain names of computers your users use when they access the Application;
  • The time of the access;
  • The method used by your user’s web browser to submit the request to the DPM server;
  • The size of the file obtained in the response;
  • The numerical code indicating the status of the response from the server (successful, error, etc.); and
  • Other parameters related to the operating system you use.

We can use the above information in a sole case when there is a need for troubleshooting the Application. Any such request will be made by authorized requestor/contact.

The above information can only be shared with law enforcement authorities or a competent court in the case of a criminal investigation or a valid legal claim.

Security and international transfers of data

Any and all data that you provide during your use of the Application, including your users’ and data subjects’ personal data, are stored securely with a cloud provider within the EEA.

All data, both in transit and at rest, are encrypted using industry-standard best practices of information security.

Retention and deletion of your personal data

You as the user of the Application are responsible for all applicable data retention of your data subjects.

Retention of the personal data that belongs to the users of the Application will be governed by the contract between you and us.

Your choices and rights

The right of access

You have the right to obtain confirmation from us as to what personal data concerning you (the user of the Application) are being processed. This will typically only be the data about you which you provided during the user creation process, and will contain the following:

  • Your work email address;
  • Your name;
  • Your surname;
  • Your phone number.

The right to rectification

You have the right to request that we rectify any inaccurate personal data of yours, as well as the right to provide additional personal data to complete any potentially incomplete personal data.

Please note that any such rectification can be done by yourself within the Application, which is the method that we encourage.

The right to erasure („right to be forgotten“)

You have the right to request that we erase any and all of your personal data.

Please note that in the case when you exercise your right to erasure it is implicitly understood that you have given up any user rights within the application. You are strongly encouraged to go through this process with the appointed administrator in your organization as the deletion of a user may lead to unexpected consequences (e.g. inability to access certain Application functionalities).

 

Further to the above, you have the right to lodge a complaint with a supervisory authority. Contact details of Croatian supervisory authority can be found in the “Contact” section at the end of this policy document.

Your use of Data Privacy Manager

By using the DPM application, you agree to the terms and conditions contained in this privacy policy, associated conditions of use, the contract that you have signed with us when you purchased the license and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should cease with the use of the Application. You agree that any dispute over privacy or the terms contained in this policy, associated conditions of use or any other agreement we might have with you, will be governed by the applicable laws of the Republic of Croatia and those of the European Union.

Hyperlinks within the Data Privacy Manager

As Data Privacy Manager is a web-based application, it relies on the use of hyperlinks for its operation. These links will always take the user to the Application’s resources, i.e. they will never link to any external web sites, thus completely eliminating the risk of exposing the user’s web browser to external content or third party cookies. You may even completely block access to any IP addresses other than the one associated with the DPM URL dataprivacymanager.app.

The use of the DPM application is absolutely safe as if you were using a desktop application or an internally hosted web application.

Changes and updates to this policy

As the Application occasionally gets updated, this privacy policy might get updated as well. Such updates will, however, only be in your favor and will always be in accordance with the contract that you have signed with us when you purchased the license to use the Application.

Contact

In case you have any further questions, requests, concerns or complaints regarding your personal data, we encourage you to forward your inquiry to our data protection officer at the following email address: dpo@inteligencija.com.

Croatian supervisory authority website: www.azop.hr