Privacy and Data Protection Policy

Privacy and Data Protection Policy

On May 25, 2018, the new General Data Protection Regulation (GDPR) will be implemented in the EU. The new regulations replace the Personal Data Act and increase your ability to determine how companies and organizations handle data about you and the personal data created when using its services or products. Read more about how Appernetic manages your data and what rights you have with the implementation of GDPR through the links below.

Your data and how we handle it

Your data is the data we collect and save about you and how you use our services that directly or indirectly identify you. We use this information to provide a better user experience, improve our services, and provide offers that fit your needs.

The information below is a summary of how we collect and handle your data per the General Data Protection Regulation (GDPR).

Type of personal data we collect

Contact information

When you become a Appernetic customer, we collect your contact information: Name, address, e-mail address and telephone number.

Information about your services

We also store data about which of our services you order and use, and how you use them.

Support tickets

When you contact our support, we collect the information you provide us to be able to help you with your case.

How we collect personal data

We collect and process data that:

  • you enter yourself when you become a customer with us.
  • you share with us when you contact us via chat conversations and emails.
  • is created when you use our services – for example when you visit our website or log in to the dashboard.
  • is collected through cookies that stores information from your browser.

What we use personal data for

In order for us to process your data, one of the following legal bases must be met:

  • Necessary to fulfill the contract with you.
  • The processing lies in both your and Appernetic's interest.
  • Necessary to fulfill a legal obligation for Appernetic.
  • Consent from you for that particular processing.
  • For us to provide our services to you, we need to process your data. Below you will find information about what we use your data for, and the legal basis each processing is supported.

    Provision of services

    We process personal data to identify you as a customer and to manage and deliver the services you ordered and subscribe. As well as personal data required to handle billing and payments of the services you use.

    Legal basis: Necessary to fulfill the contract.

    Communication and support

    We may use personal information from previous communication between you and us to provide better assistance.

    We use your contact information and information about which services you use as the basis for invoices, newsletters, important information about your services, offers and tips on how to use our services.

    Legal basis: Legitimate interest, consent and necessary to fulfill the contract.

    Development of our services and products

    We process personal data on how you use our services, and from your communication with us as a basis for improving your experience specifically and our services in general.

    Legal basis: Legitimate interest and consent.

    Marketing

    We process personal data about what services you use and how you use them to market relevant products and services to you according to your needs.

    Legal basis: Legitimate interest and consent.

    Security and prevention of abuse

    We process personal data to detect and prevent the following for our services and our network:

    • abuse
    • attacks such as viruses and DDOS
    • intrusion attempts
    • law violations
    • terms violations

    Legal basis: Necessary to fulfill the contract and legal obligation.

    Regulatory obligations

    We process personal data to comply with the requirements of the law.

    Legal basis: Legal obligation.

    For how long time we store personal data

    We store personal data as long as there is a documented purpose for the processing. Contact our data protection officer for details [email protected]

    To whom do we share personal data

    Partners, subcontractors and other companies within Appernetic.

    We have agreements with all partners and subcontractors in the EU, and EU standard contract clauses for all outside the EU. EU/US Privacy Shield certification is used if the processing takes place in the United States. The agreements regulate what personal data is being processed, why the processing is done, how personal data are to be protected and for how long it is being processed. The agreements also contain instructions from the data controller to the data processor on how personal data can be processed.

    We strive to never share more personal data than necessary with each partner.

    We implement appropriate safeguards to ensure that your personal data is handled by applicable laws regarding safety and privacy. We apply the same requirements to our subcontractors.

    For the following purposes, we may share certain data with the mentioned partners and subcontractors.

    Auth0, data required for authentication and authorization.

    GitHub, data required for authentication and authorization.

    Google, analysis data through third party cookies for marketing, web analytics to improve our services and data required for authentication and authorization.

    Facebook, third-party cookie analysis data for marketing purposes and data required for authentication and authorization.

    Stripe, data required to complete a card payment.

    Happy Fox Chat, data required to provide support services such as chat.

    Gitter, data required to provide support services such as chat.

    Inline Manual, data required to provide support services such as documentation.

    Zoho Help Desk, data required to provide support services such as help desk.

    Authorities

    We may be required to provide specific personal data by law and authority decisions upon request from for example the police.

    How we protect your personal data

    We use industry standards to store, process and communicate sensitive personal information such as personal data and passwords in a safe way. For example, SSL/TLS, PGP, and one-way hash algorithms.

    The protection is implemented with systematic, organizational and technical measures to ensure integrity, confidentiality, and accessibility.

    We have policies and security practices implemented regarding:

  • information security
  • incident management
  • risk analysis
  • software updates
  • secure configuration and management of devices
  • office and data centers
  • software development
  • education and training
  • Appernetic's staff are bound by confidentiality agreements and only process the data their specific tasks require.

    You control your personal data.

    You control your own personal information, meaning that you decide which data you want to give and what processing of your data you approve. You can revoke your consent at any time.

    However, we need some personal data to provide our services to you. If you choose to revoke your consent, this may mean that we can not provide all our services to you.

    How we process your data when you are no longer a customer

    When you terminate your account, we will remove all your personal data where there is no purpose for further processing. We also notify any potential partners and subcontractors who processed your data to also delete the data.

    Among the things that are removed is your:

    • website.
    • email addresses with associated emails.
    • personal data in our CRM system.
    • backups of the above are removed by our backup schedule.

    Among the things that are not removed are:

    • data required by the Accounting Act.
    Need help with your Account? Start here