Privacy policy
Last Updated: 10th December 2021
INTRODUCTION
Welcome to DEVICEATLAS LIMITED’s Privacy Policy.
We respect your privacy and we are committed to protecting your Personal Data. This privacy policy will inform you as to how we look after your Personal Data when:
(1) you visit our website, and
(2) when you purchase our Services,
and will tell you about your privacy rights and how the law protects you.
We handle Personal Data with due care and in accordance with applicable Data Protection Laws. We take our data protection responsibilities seriously. We understand that Personal Data must be Processed in accordance with Data Protection Laws. In this regard our employees, consultants and other individuals who handle Personal Data on our behalf, are expected to comply with this Policy and applicable Data Protection Laws.
IMPORTANT INFORMATION AND WHO WE ARE
Purpose of this privacy policy
This privacy policy aims to:
- give you information on how DeviceAtlas Limited collects and processes your Personal Data through your use of this website, including any data you may provide through this website when you register a username to access the full site, purchase a product or service or take part in a free trial. Please see Section 1 below for such information; and
- give you information on how DeviceAtlas Limited collects and processes your Personal Data when you use our Services, purchased via the website or through other means. Please see Section 2 below for such information.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy policy so that you are fully aware of how and why we are using your Personal Data.
Controller
DeviceAtlas Limited is the controller and responsible for your Personal Data (“DeviceAtlas”, "we", "us" or "our" in this privacy policy).
We have appointed a Data Privacy Manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, please contact the Data Privacy Manager using the details set out below.
Contact details
If you have any questions about this privacy policy or our privacy practices, please contact our Data Privacy Manager in the following ways:
Full name of legal entity: DeviceAtlas Limited
Email address: privacy@deviceatlas.com
Postal address:
You have the right to make a complaint at any time to the Data Protection Commissioner's Office (DPC), the Irish regulator for data protection issues (www.dataprotection.ie). We would, however, appreciate the chance to deal with your concerns before you approach the DPC so please contact us in the first instance.
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review. This version was last updated on 10th December 2021.
1. PRIVACY POLICY FOR ACCESSING & USING OUR WEBSITE
Definitions/Abbreviations
| Term | Explanation |
|---|---|
| “Data Controller” | means an entity that controls Personal Data by deciding why and how the Personal Data is Processed. |
| “Data Processor” | means an entity that processes Personal Data on behalf of the Controller. A Data Processor may include service providers (for example, a payroll service provider). |
| “Data Protection Laws” | means for the purposes of this Policy, the General Data Protection Regulation (EU2016/679), the Irish Data Protection Act (2018) and all European Union (with direct effect) laws and regulations relating to processing of Personal Data and privacy. |
| “Data Subject” | means the living individual to whom the Personal Data relates. |
| “European Economic Area” | or “EEA” means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Iceland, Liechtenstein, and Norway. |
| “GDPR” or “General Data Protection Regulation” | means the General Data Protection Regulation (EU2016/679) having direct effect within the EEA as of 25 May 2018. |
| “Personal Data” | is any information relating to a living individual which allows the identification of that individual. Personal Data can include a name, an identification number, details about an individual’s location or any other detail(s) that is specific to that individual which is capable of directly or indirectly identifying that individual. |
| “Processing” | includes collecting, using, recording, organizing, altering, disclosing, destroying or holding Personal Data in any way. Processing can be done either manually or by using automated systems such as information technology systems and “Process” and “Processing” shall be interpreted accordingly. |
| “Profiling” | is the automated Processing of Personal Data for the purpose of assessing certain aspects relating to an individual so as to analyse or predict the individual’s performance, decisions or behaviour. |
| “Special Categories of Personal Data” | Are types of Personal Data that reveal any of the following information relating to an individual: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Special Categories of Personal Data also include the Processing of data concerning sex life or sexual orientation and any Personal Data relating to a criminal offences or convictions. |
1.1. THE DATA WE COLLECT ABOUT YOU
We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.
We do not collect any Special Categories of Personal Data about you.
Third-party links
This website may include links to third-party websites, plug-ins and applications (for example external social platforms). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for third-party websites that you may access via our website, or their collection, use and disclosure of your personal information through advertisement cookies or other technologies that you may encounter in connection with your use of such websites or third-party applications. When you leave our website, we encourage you to read the privacy policy of every website you visit.
If you fail to provide Personal Data
Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
1.2 HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
- apply for our products or services or enquire about such services;
- create an account on our website;
- apply for a free trial of our services;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, [server logs] and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookies Policy for further details.
1.3 HOW WE USE YOUR PERSONAL DATA
DeviceAtlas only Processes Personal Data if one or more of the legitimate grounds set out below, which allow for compliant Processing of such Personal Data, apply:
Consent
Personal Data can be processed if the Data Subject has given his or her consent (in writing or via e-mail). The consent relates to the specific purpose for which the Personal Data is required.
We ensure that Data Subjects are adequately informed about the Processing purposes before consent is requested. If there are multiple Processing purposes, separate consents may be required for each Processing type. The consent(s) provided are held on file as evidence of the consent(s) given.
Data Subjects may withdraw their consent to these types of Processing activities at any time.
Contractual Necessity
This applies, for example, in relation to Processing of Personal Data necessary for the purposes of:
- accounts payable/accounts receivable, including any debt-collection process;
- To give access to products and trials
- relationship management;
- marketing, PR, promotional activities and
- supply of contractual deliverables to customers and other parties
Legitimate Interests
Examples of our, or a third party’s, legitimate interest for Processing include, without limitation, carrying out regular business activities including:
- the legitimate interest relates to the specific purpose for which the Personal Data is required.
- the improvement of, and communication about, our websites, services and products;
- determining business strategy;
- carrying out internal audits or investigations and the implementation of audit measures for internal management;
- preventing and investigating theft or fraud and/or breach of our codes and policies, including possible legal offences, whether actual or suspected; and/or
- guaranteeing rights, liberties, and/or the health or safety of our employees, contractors or third parties.
Legal obligation
Such Processing may include, for example, the disclosure of Personal Data if demanded by the judiciary or a tax authority. Such Processing may also include Processing of Personal Data for anti-money laundering purposes.
1.4 MARKETING
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. We have established the following Personal Data control mechanisms:
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased Services from us and you have not opted out of receiving that marketing.
Third-party marketing
We will get your express opt-in consent before we share your Personal Data with any third party for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a purchase, service experience or other transactions.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see Cookies Policy.
1.5 DISCLOSURES OF YOUR PERSONAL DATA
We may share your Personal Data with the parties set out below for the purposes set out in section 1.3 above.
- External third parties. These would include service providers (acting as Data Processors) who provide IT and system administration services, professional advisers (acting as Data Processors or joint controllers) including lawyers, bankers, auditors, regulators and other authorities (acting as Data Processors or joint controllers) based in Ireland who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the Data Protection Laws. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
1.6 INTERNATIONAL TRANSFERS
Some of our external third parties are based outside of Ireland so their processing of your Personal Data will involve a transfer of data outside of Ireland.
Whenever we transfer your Personal Data out of Ireland, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data.
- Where we use certain service providers, we may use specific contracts approved for use in Ireland which give Personal Data the same protection it has in Ireland.
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of Ireland.
1.7 DATA SECURITY
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
1.8 DATA RETENTION
How long will you use my Personal Data for?
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law, we have to keep basic information about our customers (including Contact, Identity and Transaction Data) for six (6) years after they cease being customers.
In some circumstances you can ask us to delete your data: please see Your Legal Rights below for further information.
In some circumstances we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
1.9 YOUR LEGAL RIGHTS
Data Subjects have certain rights under applicable Data Protection Laws, as explained below. The procedures below explain how Data Subjects’ rights are given effect, upon receipt by our Data Protection Manager of a written request or objection relating to the processing of their Personal Data by us when we are acting as a Data Controller:
- Request for inspection and access:Every Data Subject is entitled to apply to us requesting a summary and a copy of his/her Personal Data processed by us or on our behalf.
- Request for correction/addition/removal:If Personal Data processed by us is believed to be inaccurate or incomplete, the Data Subject is entitled to request that we take measures to have such Personal Data corrected, added to, protected or deleted.
- Objection by the Data Subject:Every Data Subject is entitled to object to the Processing of his/her Personal Data based on the legitimate interests of the Controller.
- Request for transfer of Personal Data:Every Data Subject can request that we provide his/her Personal Data in a structured and electronic form to the Data Subject or, if technically consistent with our information technology systems, to transfer the Personal Data in an electronic form directly to a third party identified (in writing) by the Data Subject.
- Restriction of Processing:The Data Subject can request that we restrict the Processing of his/her Personal Data where the accuracy of the Personal Data is contested, the Processing by us is unlawful, or we no longer need the Personal Data.
- Right to object to automated decision making:The Data Subject has a right to object to any automated decision making, including Profiling, which produces legal effects concerning him or her or similarly significantly affects him/her.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
1.10 USE OF INTERNET
The transmission of information via the Internet is not completely secure. Further, communicating via the Internet and other electronic means necessarily involves Personal Data passing through or being handled by third parties such as our Internet service provider.
Although we will do our best to protect your Personal Data, we cannot guarantee the security of your information transmitted to our website; any transmission is at your own risk. We will implement security procedures once your personal information is received.
1.11 GOVERNING LAW
This privacy statement and all issues regarding this website are governed by Irish law and are subject to the exclusive jurisdiction of the Irish courts.
2. PRIVACY POLICY FOR USING OUR SERVICES
Definitions/Abbreviations
| Term | Explanation |
|---|---|
| “Cloud Customer” | Means a customer of one of DeviceAtlas’s Cloud offerings. |
| “Cloud Solution” | With this Solution, DeviceAtlas is provided on a SaaS basis rather than a local deployment basis. |
| “Data Protection Laws” | means for the purposes of this Policy, the General Data Protection Regulation (EU2016/679), the Irish Data Protection Act (2018) and all European Union (with direct effect) laws and regulations relating to processing of Personal Data and privacy. |
| “Database” | means the continually evolving database relating to mobile devices which forms part of the Services and which contains information generated by DeviceAtlas and its partners and users on an ongoing basis. For clarification purpose, Database excludes any Personal Data as defined by applicable Data Protection Laws. |
| “Documentation” | refers to the manuals, guides, help text files or embedded software instructions which are made available as part of the Services. |
| “European Economic Area” | or “EEA” means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Iceland, Liechtenstein, and Norway. |
| “Financial Data” | means your bank account and payment card details. |
| “GDPR” or “General Data Protection Regulation” | means the General Data Protection Regulation (EU2016/679) having direct effect within the EEA as of 25 May 2018. |
| “Personal Data” | is any information relating to a living individual which allows the identification of that individual. Personal Data can include a name, an identification number, details about an individual’s location or any other detail(s) that is specific to that individual which is capable of directly or indirectly identifying that individual. |
| “Services” | means the DeviceAtlas Database, Software, Documentation, updates and any component or part thereof which are made available to you under any Agreement with us; |
| “Software” | refers to those software components of the Services which have been developed by DeviceAtlas which continue to be so developed and included in the Services on an ongoing basis. The Software includes the Application Programming Interface (“API”). |
2.1 THE DATA WE COLLECT ABOUT YOU
Save the two (2) exceptions below, the purchase of our Services excludes the collection of any Personal Data by us as defined by applicable Data Protection Laws.
Exceptions
- When a Cloud Customer implements the Cloud Solution in a way that sends end user HTTP Headers to our Cloud service as this may result in a capture of the end user IP address in our logs. In these limited circumstances, we do not process these IP addresses and we delete these IP addresses after one (1) year.
- When you enter into a contract with us for the purchase of Services, our finance department will store your Financial Data in order to process payments pursuant to the contract.
2.2 HOW IS YOUR PERSONAL DATA COLLECTED?
Save the exceptions above, we do not collect or process Personal Data when you purchase our Services. The Financial Data is collected pursuant to the contract you enter into with us.
2.3 HOW WE USE YOUR PERSONAL DATA
When you purchase our Services, DeviceAtlas only Processes your Financial Data for the legitimate ground of Contractual Necessity. This applies, for example, in relation to Processing of your Financial Data necessary for the purposes of:
- accounts payable/accounts receivable, including any debt-collection process; and
- supply of contractual deliverables to customers and other parties
2.4 DISCLOSURES OF YOUR PERSONAL DATA
We do not share your Financial Data with any other party.
2.5 INTERNATIONAL TRANSFERS
We do not transfer your Financial Data outside of Ireland.
2.6 DATA SECURITY
We have put in place appropriate security measures to prevent your Financial Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Financial Data to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected Financial Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
2.7 DATA RETENTION
How long will you use my Personal Data for?
We will only retain your Financial Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Financial Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six (6) years after they cease being customers.
In some circumstances you can ask us to delete your data: please see Your Legal Rights below for further information.
2.8 YOUR LEGAL RIGHTS
You have certain rights under applicable Data Protection Laws. These are set out in detail in Section 1.9.
2.9 GOVERNING LAW
This privacy statement and all issues regarding this website are governed by Irish law and are subject to the exclusive jurisdiction of the Irish courts.
