Your privacy is important to us. This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

1. What information do we collect?

You may visit our site anonymously. If you choose to register on our website, four categories of data to and on behalf of you will be processed:

“Account data”

When you register for an account on our site, place an order, subscribe to our newsletter, or respond to our inquiries, basic contact details are collected such as the e-mail address and name of your contact person, company name, address, phone number, VAT number, preferred language and currency, any purchase order number, any e-mail address of invoice receivers and a masked credit card or bank account details.

“End User Data”

Data generated by End Users browsing your website(s) using the Service. When an End User submits a consent from your website(s), the following data are automatically logged at the website:

IP number in anonymized form

The date and time of the consent.

The URL from which the consent was submitted.

The End User’s consent state, serving as proof of consent.

The website can automatically read and respect the End User’s consent on all subsequent page requests and future End User sessions for up to 12 months. The key is used for proof of consent and an option to verify that the consent state stored in the End User’s browser is unaltered compared to the original consent.

The End User accepts all or at least “preferences” types of cookies when consenting.

“System Generated Data”

The Service automatically creates and stores metadata on basis of the other types of data, e.g.: Subscription data, like start date, latest invoice date, and the result of a mandatory VAT number validation. Issued invoices are stored so that you may access any issued invoices from within the Account.

Definitions of the cookies found when the Service has scanned your website(s), including reports on the result of each scan. 

2. What do we use your information for?

Any of the information we collect from you may be used for one or more of the following purposes:

2.1. To personalize your experience (the information will help us better respond to your individual needs);

2.2. To enable you to control the user experience towards End Users and enable us to automatically apply the End User’s consent to other websites of yours;

2.3. To improve our website based on the information and feedback we receive from our customers);

2.4. To identify you as a contracting party;

2.5. To enable secure login for you;

2.6. To establish a primary channel of communication with you;

2.7. To enable us to issue valid VAT invoices and to process transactions (your information will not be sold, exchanged, transferred, or given to any other company for any reason, other than for the express purpose of delivering orders or Tax Inspection declarations);

2.8. To enable automated handling of the subscriptions;

2.9. To send e-mails (The e-mail address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news (if accepted), updates, related product or service information, etc.)

If at any time you would like to unsubscribe from receiving future e-mails, you can cancel your account after login by and choosing the appropriate button.

3. Legal basis

3.1. EU General Data Protection Regulation (GDPR)

The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b). If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information.

In order to enter into a contract regarding the purchase of our items, you must provide us with the required personal data. If you do not provide us with all the required information, it will not be possible to fulfill your expectations regarding processing orders.

3.3. Children’s Online Privacy Protection Act Compliance

We are in compliance with the requirements of the Children’s Online Privacy Protection Act. We will not intentionally collect any information from anyone under 16 years of age. Our website, products directed at people who are at least 16 years old or older.

4 How do we protect your information?

We implement the following technical, physical, and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access, and against all other unlawful forms of processing.

4.1. Availability

Our hosting partners ensure high availability, like full redundancy, load balancing, automatic capacity scaling, continuous data backup, and geo-replication along with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated.

The physical security is thereby maintained by our subcontractors, see clause 7. Hosting data centers comply with industry standards such as ISO 27001 for physical security and availability, e.g. by using security staff around the clock, two-factor access control using biometric and card readers, barriers, fencing, security cameras, and other measures.

4.2. Integrity

To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. E.g. all supplied credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.

For data in transit, the Service uses industry-standard transport protocols between devices and Microsoft datacenters and within datacenters themselves.

4.3. Confidentiality

All personnel is subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties. Whenever personal data is accessed by authorized personnel the access is only possible over an encrypted connection. When accessing the data in a database, the IP number of the person accessing the data must also be pre-authorized to obtain access.

On-premise devices storing personal data temporarily is at all times, except when not being actively used or relocated under uninterrupted supervision, locked in a safe. Personal data are never stored on mobile media like USB sticks and DVDs.

4.4. Transparency

We will keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured, and used. 

4.5. Isolation

All access to personal data is blocked by default, using a zero privileges policy. Access to personal data is restricted to individually authorized personnel. 

4.6. The ability to intervene

We enable your rights of access, rectification, erasure, blocking, and objection in the Account by informing you about the possibility of objection when we are planning to implement changes to relevant practices and policies. The overall responsibility for data security lies with 

4.7. Monitoring

Our host service provider uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made. System performance and availability are monitored from both internal and external monitoring services.

4.8. Personal Data breach notification

In the event that your data is compromised, we will notify you and the competent Supervisory Authority(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, and action plan to limit any possible detrimental effect on the data subjects. 

"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed in connection with the provision of the website.

5. Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties any personally identifiable information.

This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

5.1. Legally required disclosure

We will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from us, we strive to limit the disclosure. We will only release specific data mandated by the relevant legal demand. If compelled to disclose your data, we will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.

6. Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.

7. Where do we store the information?

No stored data will be transferred, backed up, and/or recovered by us outside of the European Union.

7.1. Personal data location

All data are stored in databases and file repositories hosted in Internet Vizija data centers All data are automatically replicated in real-time to secondary hot failover databases and file repositories.

Databases are continuously backed up to enable restore to any point in time within a retention period of 7 days. Backups are stored on file storage at the same geographical location as the database.

7.2. Installation of software on cloud customer’s system

No installation of software is required to use our website. The login-protected Account is accessible through a standard web browser, automatically using an encrypted HTTPS-connection for all communications between your browser and our server to protect any data from being intercepted during network transfers.

8. Access, data portability, migration, and transfer back assistance

You may at any time obtain confirmation from us as to whether or not personal data concerning you are being processed. 

9. Request for rectification, restriction, or erasure of the personal data

9.1. Rectification

You may at any time obtain without undue delay rectification of inaccurate personal data concerning you

9.2. Restriction of processing personal data

You may at any time request us to restrict the processing of personal data when one of the following applies:

a. if you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;

b. if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or

c. if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims.

9.3. Erasure

You may without undue delay request the erasure of personal data concerning you, and we shall erase the personal data without undue delay when one of the following applies:

if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b. if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;

c. if you object to the processing in case the processing is for direct marketing purposes;

d. if the personal data have been unlawfully processed; or

e. if the personal data have to be erased for compliance with a legal obligation in EU or national law.

10. Data retention

10.1. Data retention policy

Account Data will due to tax regulations be retained for up to 10 (ten) full fiscal years from your cancellation of your Service account. 

Configuration Data and System Generated Data will be erased immediately when you cancel the Service account.

End-User Data will be erased on an ongoing basis after 12 months from registration, and immediately when you cancel the Service account.

10.2. Data retention for compliance with legal requirements

You cannot require us to change any of the default retention periods but may suggest changes for compliance with specific sector laws and regulations.

10.3. Data restitution and/or deletion

No data except Account Data will be retained after the termination of the contract. 

11. Accountability

You may request a data protection audit performed by an independent third party who is also accepted by us. You will pay €6,000 plus applicable taxes for an audit request along with €200 per hour we are spending in connection with the audit as well as any other costs related to the audit, including the auditor.

12. Cooperation

We will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of a security breach.

13. Terms of Service

Please also visit our Terms of Service

14. Your consent

By using our site, you consent to this Privacy Policy.

15. Changes to our Privacy Policy

If we decide to change our Privacy Policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This Privacy Policy was last modified on February 02, 2021.