Breathe Data
into Your Website

Privacy Policy

We believe in value that can be provided by smart and responsible use of data.

Preamble

Our goal as a company is to enable other companies and professionals to use data to create efficient and meaningful online experiences for Internet users around the world. In the pursuit of this goal, we are dealing with lots of data - including sensitive or personally identifiable information. In some cases, we act as a Controller, in others as a Processor of data.

For example, when you contact us, sign up for the product, apply for a job or become our employee, we obtain data and we act as its Controller. We define the purpose and means of the data collection and processing and it's up to us to make sure that we do that in compliance with applicable laws.

If you use our product to collect and process data, we act as a Processor. Our role is to guarantee that your data is processed in accordance with product description and industry standards, but we do not control what data is collected, how it is used and what for. It is your duty to obtain and process the data legally, otherwise, you may be held accountable for your actions.

General Rules

We follow common sense rules to reduce risks related to data processing.

The best way to avoid risks of a data breach or illegal use of data is to have no personal or sensitive information at all. This is why we anonymise or pseudonymise data whenever it is possible. If it's not possible, we make sure to delete the data once it is no longer needed.

To avoid human errors. employees and subcontractors have the minimum access to data and the permissions are extended temporarily based upon job function and need-to-know criteria. We make sure that personnel or entities that receive access are aware of potential risks, have clear guidelines on how to access the data and sign Non-Disclosure or similar agreements.

The Data We Control or Process

The list of vendors involved in any activity related to the processing of your data or our data related to you.

If you are a website user

If you are a website user, we don't know who you are and we will not attempt to identify you. Any information that we collect about you and your behaviour is fully anonymised. We may use this data for statistical purposes, or to improve our website either indirectly through analysis of such data or directly by using the data to dynamically change website's content or navigation. If you decide to share your personal information with us by contacting us or signing up for our product, we will make sure that your personal data are secure, stored only as long as it makes sense and never shared with anyone without your consent.

If you are a product user

If you sign up for our product you will need to provide your personal and contact details. We may connect this data with your activity in our product or on our website to understand how you interact with our product, improve it, or provide support to you. You will be able to delete your account at any moment and, within a reasonable timeframe, all information about you will be deleted from our systems.

As a user of our product, you will store and process your own data about your own users in our service. You will be solely responsible for this data and you will remain in control of it. You will be able to delete your data at any time. We will never share your data with anyone or resell it. As the administrators of the system, we will have access to that data and we may examine it within a scope necessary to provide service continuity. Using the GDPR nomenclature, you act as a Data Controller and we act as a Data Processor.

If you are our employee or subcontractor

We will make sure that any documents related to our professional relationship will be stored securely and only as long as it is required by law. Any information we obtain related to your personal situation will remain confidential.

We may share your performance data (inc. compensation) internally with both managers and your peers in order to improve the efficiency of our company.

As an employee or a subcontractor you will be required to sign an NDA (Non-Disclosure Agreement) and comply with our rules and policies related to data processing.

Data Location and Vendors

Unless you will be given an option to choose a location, all the data will be stored and processed in European Union, where data related regulations are more strict then anywhere else.

The vendors we select as data processors are all, just like us, complient with GDPR (The General Data Protection Regulation 2016/679) - a regulation in EU law.

We are using two world leading providers of data services, Amazon AWS and Google Cloud. The services include data storage, computing and networking.

We are using G Suite for online office tools: email, online documents and calendars.

Any automated emails - from password reset messages to notifications - will be sent to you using Sendgrid.

Temporarily, some personal data might be stored outside of the cloud on devices of our employees or vendors (i.e. legal councel). We require that such data is removed from devices once it becomes obsolete.

Cookies and Persistent Data

None of the websites or applications available under the datadrivenjs.com or its subdomains are using cookies.

We do however use Web Storage to store some data in your browser either temporarily (data is erased when you close a browser tab) or persistently (data is erased either when it expires or when you manually erase it using a standard feature in your browser). The data stored persistently are anonymous and do not allow to identify you as a person. It may include a randomly assigned ID and/or information about your past activity. We can only access data stored in Web Storage when you visit our website or applications and the data cannot be used by to target you when you visit third-party websites.

Contact Details

We are committed to help you understand how we use data and handle your data-related requests.

The appointed Data Protection Officer (DPO) is Lukasz Twardowski who is responsible for the execution of this Privacy Policy. In the matters related to this policy you can contact the DPO via email: dpo@datadrivenjs.com.

This policy may be a subject to change. Any changes to this policy will be posted on this page. Last updated: Aug 13th 2018.