PrivMX Privacy Policy PrivMX data subprocessors

As an Internet company that created a secure tool for project management and communications within the team, we take privacy issues very seriously and we highly value your personal information and always treat them with confidentiality. We understand that you may require highest standard of confidentiality and compliance with rules concerning personal data processing. Therefore, we would like to inform you how we process your Personal Data.

Table of contents:

  1. Who is Data Controller?

  2. What is Personal Data?

  3. How can I contact a Data Controller?

  4. How do we obtain and process your Personal Data?

  5. Privacy Policy for PrivMX Services

    • PrivMX Control Center

    • PrivMX Team Servers

  1. Privacy Policy for public web pages and standard communication means

    • Public web pages

    • Contacting us via e-mail, contact form or phone

    • Entering Personal Data on a public web page

    • Processing Personal Data on social media

  1. Do we share your personal information with anyone else?

  2. What are your rights?

  3. Other provisions

  4. Cookies

1. Who is Data Controller?

This Privacy Policy concerns various cases of processing Personal Data by us. In each of the case described in this Privacy Policy, we, PrivMX B.V. with its registered office in Amsterdam, The Netherlands, address: Beethovenstraat 170, 1077JX Amsterdam, entered into Netherlands Chamber of Commerce under KVK number 76690830, RSIN number: 860751570, VAT EU number: NL860751570B01, are the Data Controller of your Personal Data.

2. What is Personal Data?

By the term Personal Data, used in this Privacy Policy, we understand any information relating to an identified or identifiable natural person, especially in connection with using one of the identifiers such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3. How can I contact the Data Controller?

If you have any question or doubts concerning processing of your Personal Data, please do not hesitate to contact us. You may write an e-mail to us: contact@privmx.com

4. How do we obtain and process your Personal Data?

We always process your Personal Data in accordance with the provisions of the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter: GDPR).

We may process your personal data in connection with various activities concerning providing services by us. We have described them below. These activities concern six major areas:

  • using PrivMX Control Center,

  • using PrivMX Team Servers,

  • processing personal data in connection with visiting our public web pages,

  • contacting us via mail, contact form or phone,

  • leaving an e-mail address on one of our public web pages,

  • processing personal data on social media.

When we use terms Client or User in this Privacy Policy, they should be understood as a Client or User as defined in our Terms of Services.

Usually, we receive your Personal Data directly from you – especially when you visit our public web pages, contact us, leave your e-mail or become our Client. There is one important exemption though – if you are a User of our PrivMX Services and your account was created by our Client (e.g. an entity that invited you to use PrivMX Services, like your employer, co-worker or contractor), we obtain your Personal Data directly from our Client. Sometimes we also may receive your Personal Data from other sources like a social media platform, especially in connection with our marketing activities – we do it only if provisions of social media platform’s terms of service allows us to do it.

There are situations in which we are not processing personal data as the Data Controller and we act just as a Data Processor. It means that we do not determine the purposes and means of the processing of Personal Data. In such cases, it is usually done by our Client, acting as a data controller - e.g. if a Client contacts other persons within the TeamServer and manage a team via our PrivMX Services (especially within the PrivMX App), we do not act as the Data Controller, but as a Data Processor, according to a separate data processing agreement, concluded between us and a Client.

5. Privacy Policy for PrivMX Services

PrivMX - our agreement and using our services

We may process your Personal Data if you are using our services as a Client - a person who accepted our terms of service or entered in an agreement with us in any other way. We also process Personal Data of people that act on behalf of a Client - e.g. a contact person, or a person responsible for using PrivMX Services in a company. We also provide you with an ability to use PrivMX Control Center - a website for our Clients where you can manage all PrivMX Services you use. Therefore, we process Personal Data in connection with concluding and performing an agreement between you (our your company) and us or using functionalities of Control Center (a website where you can manage all your services).

In connection with using PrivMX Services by you, we may process your Personal Data in order to:

  • conclude and perform the contract for the provision of electronic services, in accordance with the provisions of Terms of Service or other agreement concluded between us and you (if you are a party of an agreement with us) - the legal basis for processing Client’s Personal Data in this regard is the necessity of processing for performance of the contract to which the data subject is a party or to take action at the request of the data subject before the conclusion of the contract, in accordance with the provisions of Article 6.1.b) of the GDPR,

  • enable you with the ability to act as a Client’s representative, employee or a contact person (if you act on behalf of your Client), e.g. if you are a manager in a company and you are responsible for using PrivMX Services in your company, we may process Personal Data in order to conclude and perform the contract for the provision of electronic services, in accordance with the provisions of Terms of Service, e.g. in order to maintain communication between you and our company, issue invoices or enable you to create Team Servers within our Control Center - the legal basis for processing your Personal Data in this regard is the necessity of processing for the purposes of the legitimate interests pursued by the Data Controller, in accordance with the provisions of article 6.1.f) of the GDPR,

  • comply with obligations imposed on the Data Controller by legal provisions, including in particular tax law or administrative law - the legal basis for Personal Data processing in this regard is the need for processing the data to fulfil the legal obligation to which data controller is subject, in accordance with the provisions of article 6.1.c) of the GDPR,

  • monitor the way in which PrivMX Services are being used, especially for statistical purposes, development of our services, purposes related to the prevention of errors and bugs within Control Center, to ensure an appropriate level of security, create updates and possible fixes as well as in order to prevent actions which are not in accordance with provisions of our Terms of Services or generally applicable law – what constitutes the legitimate interest of the Data Controller, and the legal basis for Personal Data processing in this regard is the provision of article 6.1.f) of the GDPR, which indicates the possibility of processing personal data when it is necessary to achieve the objectives of legitimate interests pursued by the data controller or by a third party,

  • respond to your queries, review potential complaints concerning provision of services by us – what also constitutes the legitimate interest of the Data Controller, and the legal basis for Personal Data processing in this regard is the provision of article 6.1.f) of the GDPR, which indicates the possibility of processing personal data when it is necessary to achieve the objectives of legitimate interests pursued by the data controller or by a third party.

Sometimes we also may process your Personal Data for the establishment, exercise or defence of legal claims – this also bases on our legitimate interest, as the Data Controller, and the legal basis for data processing in this regard is the provision of article 6.1.f) of the GDPR, which indicates the possibility of processing personal data when it is necessary to achieve the objectives of legitimate interests pursued by the data controller or by a third party.

According to purposes described above, we may process the following Personal Data:

  • Identification data (name and surname),

  • Contact data (e.g. e-mail address, phone number),

  • Data concerning contacts between us and you (e.g. content of e-mail messages),

  • Data concerning providing services for you (e.g. provisions of agreements),

  • Data concerning payments and invoices,

  • Statistical and analytical data concerning your usage of Control Center.

We process these data for the time when you are our Client (you are a party of a binding agreement between us and you) or you act on behalf of a Client as its employee, co-worker, subcontractor, manager or representative. After the end of this time, we will process your Personal Data until the expiry of the limitation period on claims relating to our agreement, concluded between us and a Client. We also store the Personal Data as long as we are obliged to do that, basing on legal requirements (e.g. tax law) – what usually takes no longer than 5 years.

However, we may always erase your data earlier, if we are assume that they are no longer needed. We keep your personal data for only as long as we need to.

PrivMX Team Servers

If you are a User of PrivMX Team Servers hosted by us, what means that you may log into Team Server and use its functionality as a User, we may also process some of your Personal Data. Please remember that, if you use our client software (PrivMX Apps), then your team’s content is encrypted on your computers before it arrives in our servers. We process them mostly, basing on our Data Processing Agreement, as a data processor. However, in certain situations we may also process some of the Personal Data as a Data Controller in order to:

  1. Enable Users the use of PrivMX Team Servers, especially in order to authenticate their credentials during logging in, communicate with Users, reply to their possible requests or complaints, send them notifications, enable them to use Team Server’s functionalities, or communicate within the team - the legal basis for processing Users’ Personal Data in this regard is the need to process them in order to execute the legitimate interest of the Data Controller, which is the obligation to provide services for a Client, in accordance with the provisions of the Terms of Service. The legal basis for processing Personal Data in this regard is the provision of Article 6.1.f) of the GDPR, which indicates the possibility of processing personal data when it is necessary to achieve the objectives of legitimate interests pursued by the data controller or by a third party. If you, are a User of Team Server and our Client (a party with an agreement with us) we process this Personal Data in connection with performance of the contract, in accordance with the provisions of Article 6.1.b) of the GDPR.

  2. Monitor the way in which Users use PrivMX Team Servers. We process data in connection with Users’ activities for statistical purposes, purposes related to the prevention of errors and bugs concerning provided services, to ensure an appropriate level of security, create updates and possible fixes as well as in order to prevent actions of Users which are not legal in accordance with provisions of the Terms of Services or generally applicable law – what constitutes the legitimate interest of the Data Controller, and the legal basis for Personal Data processing in this regard is the provision of article 6.1.f) of the GDPR, which indicates the possibility of processing personal data when it is necessary to achieve the objectives of legitimate interests pursued by the data controller or by a third party.

According to purposes described above, we may process the following Personal Data:

  • Identification data (name and surname),

  • Contact data (e.g. e-mail address, phone number),

  • Data concerning contacts between us and you (e.g. content of e-mail messages),

  • Statistical and analytical data concerning your usage of PrivMX Services.

We process these data for the time when you are a User of our services and for the time an entity that created your User’s account, uses our services (a Client is a party of a binding agreement between this entity and us). After the end of this time, we will process your Personal Data until the expiry of the limitation period on claims relating to this agreement, concluded between us and an entity that created your User’s account. We also store the data as long as we are obliged to do that, basing on legal requirements (e.g. tax law) – what usually takes no longer than 5 years.

However, we may always erase your Personal Data earlier, if we are assume that they are no longer needed. We keep your Personal Data for only as long as we need to.

6. Privacy Policy for public web pages and standard communication means

Public web pages

If you visit one of our public web pages, such as www.privmx.com (or our any other web page conected with providing PrivMX Services by us) we may process your Personal Data. In this case, processing your Personal Data is connected with:

  • our use of cookies or other, similar technologies, within public we pages,

  • storing data about visits on a public web page (logs) such as IP address and data concerning the device you are using,

  • analysing the way you use our public web pages and displaying advertisements of our services,

  • your browsing history of the content you have visited on our public websites, including information on how you were referred to our sites via another websites.

The legal basis for processing this data is the provision of article 6.1.f) of the GDPR, stating that we may process Personal Data if it is necessary for the purposes of the legitimate interests pursued by the data controller.

Our legitimate interest is related to the:

  • requirement of controlling the traffic within our public web pages,

  • preventing errors and technical defects,

  • safety of the public web pages, as well as the necessity to prevent abuse and violations of the law within the public web pages,

  • analysing users’ activities within public web pages, such as duration of visits, links clicked, your country of origin or a type of a device used by you,

  • performing marketing activities - we may process your Personal Data connected with using our public web pages in order to present you our marketing materials, including advertisements.

During your first visit on our public web page, we will inform you about our use of cookies and we will ask for your consent in this regard. Expressing consent to the use of cookies may also be made by changing the appropriate browser settings.

The Personal Data processed usually concerns information about the type of device you are using, web browser, your IP address, a country of origin, duration of a visit on our public web pages, number of visits, information about links clicked or other information stored within cookie files.

We process these data as long as you use our public web pages, and up to fourteen months after your last visit on a specific public web page. Data stored within cookies may be processed as long as you store them on your device, no longer than for fourteen months. You may delete cookies by using functionalities of your web browser.

Contacting us via e-mail, contact form or phone

If you use a contact form or chat on our public web pages, you send us a message or contact us by a phone or via an e-mail, and you use contact details published by us on one of our public web pages, we process your Personal Data in order to answer your question and maintain a contact with you. The necessity to process Personal Data in order to answer your question and to maintain contact with you is our legitimate interest, and the legal basis for data processing in this regard is the provision of article 6.1.f) of the GDPR.

In connection with processing Personal Data in order to maintain contact, we may process such data as your name and surname, contact details (especially e-mail address), and content of messages.

We process this data for the duration of the contact between us and you and up to three months after an end of this contact.

Please remember that, if you use our client software (PrivMX Apps), then your team’s content is encrypted on your computers before it arrives in our servers.

Entering Personal Data on a public web page

Sometimes we may provide you with the ability to leave your Personal Data, especially your name, surname, country, company or e-mail address, on our public web pages. That may be especially required in order to receive an invitation to start using PrivMX Services or to enter into an agreement with us. Consequently, we will process your Personal Data, basing on a necessity to process personal data in order to take steps at the request of the data subject prior to entering into a contract, according to the provision of article 6.1.b) of the GDPR.

We may also give you the opportunity to sign up for our newsletter and to leave your e-mail in order to receive marketing messages. In such a case, we will process your Personal Data basing on our legitimate interest which is performing marketing activities in order to promote our products and services. The legal basis for processing these data is the article 6.1.f) of the GDPR. Nevertheless, a specific legal obligations may require us to obtain a separate consent in order to send you marketing materials via an e-mail. Therefore, we may require you to give us such a consent before we will send any marketing e-mail to you. You will always have a possibility to withdraw a consent for receiving marketing information via e-mail, what will not have an impact on legality of sending you these e-mail before revoking this consent.

We will process these data as long as we will issue newsletter or provide marketing materials to interested people via an e-mail, no longer than to a moment of withdrawal of your consent, if a specific legal provisions require us to obtain such a consent. If you signed for a invitation to use PrivMX Services via our public web page, we will process your Personal Data for a term necessary to create an account for you. Then we may process them according to the regulation concerning processing data concerning using PrivMX Services, specified in this document.

Processing Personal Data on social media

We use social media in order to perform marketing activities concerning our products, services and our company. We note that social media platforms are managed by a separate entities and we do process Personal Data of its’ users in a very limited way. You may find detailed infomation about processing Personal Data by a social media platform on a a social media platform’s website, usually in a privacy policy section.

Processing Personal Data on social media platforms by us is similar to using our website or contacting us via an e-mail or a contact form. We use social media platforms mostly in order to promote PrivMX Services and make sure that you may contact us easily. We use our social media fanpages in order to do so. Therefore, if you write a comment below our posts or interact with our profiles, that may lead to processing your Personal Data by us. We may also use plug-ins concerning specific social media platform on our public web pages.

In connection with these activities, if you own an account within such a platform and interact with our fanpage or website, your Personal Data may be processed by us - especially a name, surname, contact details and content of comments and correspondence stored on social media platform.

Due to the specific construction of social media pages, we process your Personal Data together with an entity that is responsible for creating and maintaining social media website (owner of a specific social media website). Therefore, we are together both considered as controllers of your Personal Data.

Processing Personal Data in purposes concerning using social media platforms constitutes the legitimate interest of the Data Controller, and the legal basis for data processing in this respect is the provision of article 6.1.f) of the GDPR, which indicates the possibility of processing personal data when it is necessary to achieve the objectives of legitimate interests pursued by the data controller or by a third party. If a separate legal provisions require us to obtain your explicit consent in order to send a marketing content to you, we will ask you for a consent before sending such a marketing messages to you.

A detailed list of social media platforms that we use in connection with our business activities may be found on our public web page.

We will process them as long as you follow us on social media, post comments or like our posts. If you visit one of our public web pages, we may store your personal data up to one year after last visit.

7. Do we share your personal information with anyone else?

First of all, we inform you that we do not sell your Personal Data to any third parties. However, we may use some of the service providers that will process your Personal Data on our behalf. Therefore, we would like to emphasize that we distinguish two kinds of data:

  • your Personal Data that we process outside of the TeamServer- we share it with entities which are necessary for PrivMX B.V. to keep its operation up and running and to provide us with specialized services, explained below.

  • data created and stored by your team - it is by-design encrypted on your side and we are even not able to make it readable. We do not share it with anyone, of course.

In order to provide our services we may use services of another entities that process your Personal Data. Consequently, the Personal Data provided to us may be transferred to entities which provide us with services like orders and payment processing, hosting, accounting, legal consulting, social media presence managing, mailing or measuring traffic on public websites.

You may find a detailed list of all subprocessors we use and share Personal Data with on our public web page. You may access a page with this list by clicking a link called PrivMX data subprocessors.

Note that not all of these subprocessors may automatically receive all your Personal Data, especially if you choose specific data center’s location for hosting your Team Servers - data centers from other locations will not receive your Personal Data, accordingly.

8. What are your rights?

As we are processing your Personal Data, you are entitled to:

  1. Request from the Service Provider access to your Personal Data – you may always request this access. We will then provide you with access to this data that we may – like data stored within Control Center, e-mail messages, agreements or invoices. However, we note that we will not be able to provide you with this data that are encrypted within the TeamServer.

  2. Request rectification of your Personal Data – if you notice that your Personal Data are incorrect, just let us know and we will rectify them.

  3. Request erasing your Personal Data – in specific situations, especially if you do not use our services anymore, you may request us to erase your Personal Data. However, we sometimes may refuse to do so, according to the provisions of the GDPR – especially if we still need them in order to exercise or defence of legal claims or to be compliant with a legal obligation which requires processing your Personal Data.

  4. Request to restrict the processing of your Personal Data – you may ask us to restrict processing your Personal Data if you believe that processing is unlawful or we do not need your Personal Data anymore, ask us to rectify incorrect data, or object processing of your Personal Data if we process them basing on our legitimate interest.

  5. Request the transfer of your Personal Data to other service providers – you may always ask us to transfer your data, which comes directly from you, are processed by automated means and are processed basing on a necessity to perform a contract. However, we may only see your data in an encrypted form. We cannot decrypt nor read nor send you your team’s decrypted data.

  6. File a complaint about the unlawful processing of your Personal Data to the competent data protection authority – you can always file a complaint about incorrect processing your Personal Data to competent authority.

To the extent that the processing of your personal data takes place basing on the basis of the legitimate interest of the Data Controller, you have the right to object to the processing of your Personal Data.

9. Other provisions

Providing Personal Data may be required to conclude a contract for the provision of electronic services or to create a User’s account. It may also be needed to comply with legal provisions, especially concerning invoicing and tax law.

We do not process your Personal Data in a way that includes automated individual decision-making or profiling according to the GDPR.

10. Cookies

Due to the fact that you are visiting at least one of our public web pages the cookies we use may be stored on your device. Cookies mean small files that enable or facilitate the use of certain functions of the public web pages or Control Center. They can be saved on your device directly by us or by third parties with whom we cooperate. As part of the use of cookies, we may process your Personal Data, especially your IP address, history of your activities within Control Center or our public web pages, or information about the device or software that you use. As using Control Center may also be connected with using cookies, if we refer to cookies used by our public web pages, it also concerns using cookies within Control Center.

On our public web pages we also use other technologies similar to cookies that optimize how the page works. That also may be connected with processing personal data. If we refer to cookies in this policy, it also means technologies similar to cookies.

Cookies are used to control the traffic within our web pages, create statistics of the use of the web page by its users, to conduct marketing activities, to prevent errors and technical defects, to ensure the safety of the web page or to prevent abuse and violations of the law. We use cookies according to the provisions of this Privcy Policy concerning processing Personal Data.

We may use two types of cookies:

  • Session cookies: they are stored on your device during the time you use our web pages and they are deleted when you close your internet browser. Session cookies enable the correct use of our web pages and blocking them may result in errors or prevent the use of our web pages or application.

  • Persistent cookies: they are stored on your device until they are deleted. They are used to analyse the traffic on our web pages and to associate your visit on the web pages with the social networks you use. We do our best to use only the services of such entities that guarantee the security of your device, software and your data. This also applies to cookies used by these entities.

You may choose which cookies will be stored on your device when you visit one of our web pages for the first time. You also have the option of limiting or disabling cookies on your device. Settings regarding the use of cookies can be found in the settings of your web browser. Web browsers allow you to disable all cookies or certain types of cookies (e.g. from third parties). If you disable cookies in part, some necessary cookies may still be saved on your device by our web page, enabling the web page to work properly. In this case, however, the cookies of the third parties with whom we cooperate will not be saved.

Remember that if you limit the use of cookies, the use of specific services provided by us may be limited, and in some cases may not be possible.

Close

We use cookies on our public website to analyze how you interact with it and to improve its functionality. It's up to you to decide if you're OK with that.

Click OK to proceed, accept all cookies and go back to the site or check the Cookie settings and decide upon particular types of Cookies you want to accept.