Data Privacy Principles
Last update: 23rd of May 2018
We provide companies services and no direct access to end-users in our platforms. This does not mean that we do not handle sensitive and personal data. In our operations and in order to provide services we need to use data as a "data processor".
We do handle personal and sensitive data from people using our clients' services, and we call these: "end-users". So, if you are using a service from one of our clients and got to this page from a link or reference of the client it is very likely you are what we call an "end-user".
Depending on the client, if you used their support system and depending on the problem it is possible someone here has seen some of your personal identifiable data - only if it was needed.
So here you are, and you want to know how your data is handled. Simplest answer is - very carefully! But let us show you a bit of our unbreakable principles...
It is our belief that privacy is a fundamental principle. And everyone is entitled to know what data is collect on them and how it is share.
Having this in mind, we build our systems with a goal of protecting everyones data, not just end-users, but also operators and clients.
The way we process data is to know how we can improve services to everyone, not to understand what product we can sell to a specific person.
We comply with GDPR, and local regulations both as a data controller and as a data processor.
Data we are keeping
All cases: We use a cookie to track when accessing a non-public page or site.
For session validations and for security reasons once the cookie is set it will be maintained for the duration of the session.
Site visitors: We anonymize all data before processing.
End-users: We do not collect or maintain any PII from this group.
Operators: We store username, firstname, lastname, contact details (email, phone, address), date of birth, access IP address, access sessions (including cookies).
Clients: We store for contact persons we only store, if applicable, username, firstname, lastname, contact details (email, phone, address), date of birth, access IP address, access sessions (including cookies).
We only access the data needed for the scope of the task. Less personal data is better data and safer, we are focused on the data quality and hygiene.
We deploy use of several complex algorithms with the data in order to provide humanly readable information so that the operator can make a decision. - The machine never makes a decision that can impact the end-user.
We encrypt sensitive data with Advanced Encryption Methods (AES-256, SHA-256) and our platforms require a Two Factor authentication (2FA).
In respect to access to our platforms, these are only available over TLS.
All data that is stored is either anonymized or depersonalized. When the data is anonymized, it is only possible to know that non PII information belongs to a group.
We continually invest in making sure that less data is needed, and less data is available to our staff.
We only store data related to the actions executed by our operators and clients within our tools.
All data that we store is done in machines physically located within Europe.
We know that the data is never ours! We don't sell, trade, give, rent or even lend data.
- When situation known to us can be a danger to life and/or limb (such suicide, violence, child endangerment or terror) we will, voluntarily, alert the respective local authorities.
- For contractual obligations, we may have do disclose Data Protection Agreements that contain Personal Identifiable Information of the operators on valid requests from legal entities.
We constantly monitor our systems and clients for weak links, acting on these quickly and transparently.
Cookies & tracking
But we do not use any type of third party tracking and to the exception of authenticated users we have no means to identify the tracked subject by ourselves.