PERSONAL DATA PROTECTION POLICY
Apatris inc. and its affiliates (hereinafter, “Apatris“, “we“, “us” or “our“) are committed to protecting and respecting your privacy.
- Apatris affiliates: subsidiaries, parent companies, and companies under common control.
- Personal Information (personal data): any information which identifies you personally or which may help us to identify you (e.g. your name, address, e-mail address, etc.).
- Data subject: an identified or identifiable person (or User).
- Data controller: a company that determines purposes and means of personal data processing.
- Data processor: a company which processes personal data on behalf and upon instructions of the Data controller.
- Our Platform: websites with the following domains such as https://apatris.io – our Platform used for providing our services to you that is used for the purposes of informing our Users/Site visitors on our promotional, marketing campaigns and special offers.
- Personal data processing: any operation or set of operations performed on personal data (e.g., collection, storage, use, disclosure erasure).
Other capitalized terms, not defined above, have the meanings as defined in the Terms of Service and the applicable data protection legislation (namely, the General Data Protection Regulation 2016/679 as of April 27, 2016).
- What information do we collect;
- Purposes for which we collect your Personal Information;
- Legal bases on which we process your Personal Information;
- Security and confidentiality;
- Customer’s rights;
- Other Services and protecting your Personal Information;
- Contact us.
- WHAT INFORMATION DO WE COLLECT?
1.1. Information you give us. This is information about you that you give us by:
- registering for a Apatris account;
- using the Support on the Site or in Mobile App; or
- corresponding with us by phone, e-mail or otherwise.
The Personal Information most often collected and maintained in a customer file includes customer identification and Transaction history.
1.2. Information we collect about you. Each time you use the Services, we may automatically collect the following information, which may be considered to be Personal Information when combined with other information about you:
- technical information, including the Internet protocol (IP) address used to connect your computer or another device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the dates and times you use the Site length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number or email address used to contact the Support.
Special categories of data.
We do not collect any special categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
PURPOSES FOR WHICH WE COLLECT YOUR PERSONAL INFORMATION.
If you wish to transact on and use the Site or Mobile Application, Apatris will collect information about you for the purposes set out below. The information you provide to us may be used to:
2.1. establish and maintain a responsible commercial relationship with you;
2.2. understand your needs and your eligibility for products and services;
2.3. inform you about the exchange and financing features;
2.4. provide information to you about developments and new products, including changes and enhancements to the Site;
2.5. develop, enhance, and market products and services, and provide products and services to you;
2.6. process billing and collection of any fees;
2.7. conduct surveys and get feedback from you;
2.8. deliver products and services to you;
2.9. provide you with news and other matters of general interest to you as an Apatris customer; and,
2.10. meet Apatris’s legal and regulatory requirements. It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
Information we collect about you.
Apatris may use IP addresses to analyze trends, administer the Service, track customer movements, and gather broad demographic information for aggregate use. For systems administration and detecting usage patterns and troubleshooting purposes, Apatris’s web servers also automatically log standard access information including browser type, access times/open mail, URL requested, referral URL and email address used to sign in. This information is not shared with third parties and is used only within Apatris on a need-to-know basis.
- LEGAL BASES ON WHICH WE PROCESS YOUR PERSONAL INFORMATION.
3.1. We will process your Personal Information on the following grounds:
where it is necessary for us to perform pursuant to our contract with you or in your interests; and/or
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate interests mean the interests of our organization to conduct and manage our business to enable us to better serve you and provide you with a secure experience within our Services.
(We ensure that we balance any potential impact on you and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.)
- SECURITY AND CONFIDENTIALITY.
4.1. Apatris is committed to protecting your privacy. Internally, only people with a business need to know Personal Information, or whose duties reasonably require access to it, are granted access to customers’ Personal Information. Such individuals will only process your Personal Information on our instructions and are subject to a duty of confidentiality.
4.2. The Platform’s systems and data are reviewed periodically to ensure that you are getting quality service and that leading security features are in place. We have put in place procedures to deal with any actual or suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5.1. You agree that we have the right to share your Personal Information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries including their respective contractors, affiliates, employees or representatives.
- Our service providers, to the extent necessary to supply the Services to you.
- Selected third parties, including analytics and search engine providers that assist us in the improvement and optimization of the Services.
- Authorities and law enforcement agencies worldwide when ordered to do so.
5.2. We will also disclose your Personal Information to third parties:
- If Apatris or substantially all of its assets are acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or in order to enforce or apply our Terms of Service and other agreements; or to protect the rights, property, or safety of us, our clients, or others.
6.1. Your Personal Information will be stored in Germany and may be transferred worldwide.
6.2. Personal Information and other data may, therefore, be exported outside of the jurisdiction in which you reside. Your Personal Information may be processed and stored in a foreign country or countries. Under those circumstances, the governments, courts, law enforcement, or regulatory agencies of that country or those countries may be able to obtain access to your Personal Information through foreign laws. You need to be aware that the privacy standards of those countries may be lower than those of the jurisdiction in which you reside.
6.3. Unfortunately, the transmission of information via the Internet is not completely secure. While we do our utmost to protect your Personal Information, we cannot guarantee the security of your data transmitted to us over the email or through the Website; any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorized access.
EEA customers only
- YOUR RIGHTS.
7.1. You have the right to access your Personal Information and to require the correction, updating and blocking of inaccurate and/or incorrect data by sending an email to us at firstname.lastname@example.org.
You may also request the deletion or destruction of both the Account and Personal Information by sending an email to us at email@example.com. Apatris will action your request immediately, except, where this is not consistent with its legal and regulatory obligations.
7.2. You have a number of rights in relation to how we process your Personal Information. These include the right to:
- have your Personal Information erased in certain circumstances, for example, where it is no longer necessary for us to process your Personal Information to fulfill our processing purposes; or where you have exercised your right to object to the processing;
- restrict the processing of your Personal Information where, for example, the information is inaccurate or it is no longer necessary for us to process such information or where you have exercised your right to object to our processing;
- object to the processing of your Personal Information which may be exercised in certain circumstances, for example, where we are processing your Personal Information for direct marketing purposes, or where your own legitimate interests outweigh ours; and
- have your data ported to a new service provider if you no longer wish to use the Services.
You may exercise these rights by contacting us (via e-mail firstname.lastname@example.org).
No fee usually required.
You will not have to pay a fee to access your Personal Information or to exercise any of your other rights. We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- OTHER SERVICES AND PROTECTING YOUR PERSONAL INFORMATION.
8.2. Apatris takes all reasonable endeavors to protect and safeguard Personal Information, but there are protective measures you should take, as well. Do not share your Personal Information with others unless you clearly understand the purpose of their request for it and you know with whom you are dealing. Do not keep sensitive Personal Information in your e-mail inbox or on Webmail. If you are asked to assign passwords to connect you to your Personal Information, you should use a secure password and always use two-factor authentication (2FA), where available. You should change your password regularly.
- CONTACT US.
EEA customers only
10.2. Should you have any concerns about how we handle your Personal Information, please contact us in the first instance. We will do our best to resolve your concern. Alternatively, you may prefer to submit a complaint directly to the national supervisory authority within your jurisdiction, details of which can be found online.