PRIVACY POLICY
1. About this Privacy Policy
1.1 DEFINITIONS
- Account: The Customer is provided with an Account. An Account is necessary to access the Products. The Account will be accessible through a set of credentials, consisting of a username and password combination for authorization.
- Customer: The legal entity that has entered into an agreement with Pixotope Technologies to purchase Pixotope Technologies' products or services.
- Customer Portal: Online platform where customers are able to review status of licenses and download software products at https://login.pixotope.com.
- License tool: The Supplier’s application for client-side license activation, available for download as part of the Product installer on the Supplier’s Customer Portal. The License Tool can be used either as part of the products primary front-end or as separate license applications, and it allows the Customer to log in to a Customer account and access Licenses connected to this account.
- End User: A physical person connected to the Customer as an employee or by other means, and who has been given authorization to use License Tool, a Product or otherwise be in contact with Pixotope Technologies on behalf of the Customer.
- GDPR: Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (this regulation is referred to as GDPR which is an abbreviation of the General Data Protection Regulation).
- SaaS: Software-as-a-Service fuses software products and accompanying services to enable new offerings where the buyer (the Customer) or the End User may no longer own a physical thing. With SaaS the product is delivered to the Customer and the End User as a service or virtualized experience. Instead of a one-time-transaction the Customer subscribes to the Product and pays the Supplier a recurring fee.
- Personal data: Any information relating to an identified or identifiable natural persons, see GDPR article 4 (1).
- Products: The standard software products developed by Pixotope Technologies AS, which Pixotope Technologies AS supplies separately or jointly to the Customer, pursuant to the agreed upon terms in the agreement with the Customer. The Products may be standalone applications or features that may be licensed (subscribed to) separately or as packages. A detailed description of each Product may be found on Pixotope Technologies' website, see www.pixotope.com.
- Pixotope Technologies AS (also referred to as the Supplier, we or us): Pixotope Technologies AS with organization number 812 664 522 and registered business address Sommerrogata 13-15, 0255 Oslo, Norway.
- You: An End User of the Products, a contact person of a Customer or another physical person that is in contact with us regarding the Account, Customer Portal, License tool or Products that enables us to process your Personal data.
1.2 INTRODUCTION
The Products are sold as SaaS, and it is up to the Customer how the Products are used. If the Customer chooses to store or otherwise process personal data through one of the Products, this data will in no way be accessible, visible or transferred to us. The Products have no purpose or aim to process personal data, and we have no control or insight in how the Customer uses the Products.
The only exception is the License Tool, which is the interface between the End User and us. We are the supplier of License Tool, as well as all Products and services made available through, and which can be administered in License Tool. To a small degree, it is necessary for us to process personal data in and through the License tool, in order for the License tool to function as the interface it is intended for.
For all intents and purposes, the processing described in this Privacy Policy are for the processing in License Tool, not in the Products.
In the event we should offer a specific Product at a later time, which processes personal data in a way that we have insight to such personal data, a separate Privacy Policy will be created and made available for all potential End Users for such Product.
We are committed to your privacy and want your personal data to be private and secure.
1.3 OVERVIEW
In this Privacy Policy, we explain:
- What personal data we collect and how
- The purpose of collecting your personal data
- Disclosure of data to third parties
- Our security measures when processing your personal data
- Your rights as a data subject
The Supplier is a Norwegian company. We adhere to relevant Norwegian privacy law and meet the requirements of applicable laws and regulations within the EU/EEA. We will ensure that your privacy rights and our processing of your personal data are held to the highest standard. We comply with GDPR.
1.4 THE ACCOUNT AND THE LICENSE TOOL
We may process personal data related to physical persons that may be identified by using the Account. This Privacy Policy is relevant to you if you are a data subject that may be identified by the username used to log-in to the Account.
We may process personal data related to the End Users that a Customer chooses to connect to the License Tool. This Privacy Policy is relevant to you if you are an End User of License Tool with Account access.
For the purposes described in this Privacy Policy, Pixotope Technologies is the controller, which collects and processes data as described herein. It is important for us that you read this Privacy Policy thoroughly. We want you to be aware of your rights according to GDPR so you can help us improve our policies. If you do not accept this Privacy Policy, you may not be able to access or use License Tool or any other products as they rely on the use of License Tool.
1.5 CONTACT INFORMATION
If you have any requests concerning your personal data or any queries with regards to this Privacy Policy, please contact us by our Data Protection Officer (DPO) at: privacy@pixotope.com.
2. What personal data we collect and how
We collect different types of personal data about End Users. It is up to the Customer which End Users we collect personal data about, as far as Pixotope Technologies is concerned, it is freely optional to be an End User of License Tool. The personal data we collect can be divided into three groups:
- Minimum personal data needed to register an Account (these can be generic, non-personal data if the Customer chooses):
- Email address or telephone number
- Username
- Password
- Associated Customer (typically employer)
- Personal data which may be generated while you use the License Tool or a Product:
- Information about your device:
- IP-address
- Hardware Manufacturer
- Operating system
- Application usage statistics
- Personal data concerning yourself that you might choose to provide us with through the Account or by other means whilst using our Products and services, for example:
- Your first name and surname
- Telephone number or email address
- Place of work
- Nationality
- Gender
- Occupation
- Other details you actively choose to provide through License Tool or your contact with us directly, for example any personal data provided from you as an End User or a contact person on behalf of the Customer when contacting us for support.
We do not process special categories of personal data (sensitive personal data) and have no use for such data. Therefore, we ask that you do not share such data about yourself or others in the License Tool. Such data would for instance be religious beliefs, political opinions, physical or mental health, labour union membership, ethnic background, sexual history or sexual orientation.
3. Purpose
We collect personal data for these purposes:
- To communicate with our Customers and End Users, by answering service requests, and providing any necessary and agreed upon assistance for the Products and License Tool.
- To provide the application License Tool and Pixotope Technologies' Products and services to the Customer and its associates including the End Users as agreed upon with the Customer.
- To ensure the technical functionality of the License Tool and Products. We want the Products to function as well as possible. To do so we need information about how License Tool and Products functions on your device.
- To be able to control and monitor License Tool’s user base and prevent fraudulent activity or similar.
- To perform offers for marketing purpose to our customers.
- To improve the functionality of the Products.
- For analytics purposes.
4. Legal Basis for Processing
We process personal data in order to make it possible to enter into and to fulfill the agreement with the Customer. Our legal basis for processing personal data is through our agreements such as the agreements with the Customer and the End User License Agreement. It is the Customer’s choice which End Users are connected to the License Tool through authorization and access via the Account. We use agreement as legal basis for fulfilling requirements as the supplier to the Customer or an End User, see our Data Processing Agreement.
In the event the Customer decides to use a generic business email address and not a personal email address related to an identifiable natural person, then the processing of personal data in License Tool will be much limited. Using a generic email address rather than a personal one, will not limit the Customer’s user experience of License Tool or Products.
We use consent for processing cookies for other purposes than strictly necessary cookies. We use consent from an End User to get remote access for delivering support services to such End user.
We use legitimate interest as legal basis for marketing activities covered by the Norwegian Marketing Act section 15.
We use legitimate interest as legal basis for processing of personal data for security purposes. For the purpose of creating user statistics to detect if the Products are used legally or to prevent fraudulent activity in or in relation to License Tool, Pixotope Technologies' legal basis for processing is our legitimate interest. This legitimate interest is Pixotope Technologies' desire to improve the License Tool and the Account system for both End Users and Customers, so that Pixotope Technologies may provide a better product in the future. Furthermore, Pixotope Technologies has a legitimate interest in keeping License Tool secure and keeping the integrity and confidentiality of the underlying program behind License Tool, the contents in License Tool and the data related to License Tool, whether personal data or data otherwise considered commercially sensitive.
Furthermore, we may process your personal data when we are legally obliged to do so, or if it is necessary to establish, exercise or defend a legal claim.
We will also ask you as the End User to have read and accepted this Privacy Policy as well as the End User License Agreement from us. You will be presented with a link to this Privacy Policy in order to make sure each End User has been informed about how and why we process personal data.
5. Disclosure of data to third parties
Except in the instances described below, we do not disclose collected personal data to third parties.
We want to retain the right to use non-personal data to demographics and statistics. Such aggregated data does not identify any individuals and will not be linked to any personal data. We use legitimate interest as legal basis for anonymization of personal data.
We are using the following data processors:
- AWS: Storage of data (data will be stored in a country within the EU/EEA).
- Hubspot: CRM system and a Content Marketing System for marketing (data will be stored in a country within the EU/EEA).
- Zendesk: Customer support (data will be stored in a country within the EU/EEA).
- Google: Emails and work documents pertaining to customers specific projects or productions (data will be stored in a country within the EU/EEA).
6. Storage and personal data deletion
Upon your request or otherwise when the personal data we have collected is no longer necessary for the purposes described above, for instance in the event the End User’s authorization to use License Tool is removed by Customer or by another authorized End User, the personal data concerning you will be erased.
Personal data related to an Account will be erased no later than after 6 months after an Account has been deactivated or the Customer relationship has been terminated.
7. Our security measures
We have implemented an internal control system regarding processing of personal data.
We have implemented the following security measures when processing personal data on behalf of the Customer as well as any End User:
- All communication with Pixotope Cloud (WEB and API) is encrypted with SSL/TLS.
- We offer offers MFA (Multi-factor Authentication) for Customer admins and Pixotope admins accounts.
- All Pixotope Admins accounts having access to personal data, have MFA enabled.
- Passwords that we keep in the system, are hashed with bcrypt.
- We record all traffic to our API and analyze suspicious activity.
- We have restricted access to our cloud resources with multiple firewall layers and multiple VPCs.
8. Your rights
This Privacy Policy is adherent to Norwegian law and falls under Norwegian jurisdiction. As such, you are entitled to certain rights as the data subject according to GDPR which is part of Norwegian law. Please, refer to the contact details provided in the first section (see section 1.5) if you wish to make use of or need assistance regarding the rights listed below.
- Consent: To the extent our processing of your personal data relies on your consent, you may withdraw said consent at any time. If you wish to withdraw your consent, we will delete your account access and related personal data without undue delay. The withdrawal of consent does not affect the legality of our processing of your personal data based on the consent before it was withdrawn.
- Access: You can at any time request access to the personal data relating to you. You can also request information about how we collect personal data at any time.
- Erasure and rectification: You can at any time request that we erase or rectify any of the personal data relating to you that we have collected.
- Objections: You may likewise request a restriction of the processing of your personal data or object to the processing of your personal data, but this may affect your user experience in License Tool. For our processing activities that are based on our legitimate interests, you may object to such processing on ground relating to your particular situation, by contacting us by using the email stated in section 1.5.
- Data Portability: In the event our collection and processing of your personal data is based on automatic means and our legal basis is your consent or an agreement with you, you may request that the personal data concerning you and which you have provided us with, be transmitted to you or to another data controller.
- Complaints: You have the right to lodge complaints with the Norwegian Data Protection Authority (Datatilsynet).