Last updated: 20 August 2024
1.
GENERAL
This Privacy Policy applies to all collected and processed personal data that you have provided to us or Wiheads Aps (hereafter “We” have collected as a part of delivering our services/products. “Personal data” shall mean any information relating to an identified or identifiable natural person.
2.
IDENTITY OF THE DATA CONTROLLER
2.1
If there are any questions regarding this Privacy Policy, you may contact us using the information below.
2.2
We are processing your personal data in accordance with the General Data Protection Regulation (GDPR) and any national regulation applicable to us.
3.
PURPOSE OF PROCESSING
3.1
Non-sensitive personal data
We collect the following non-sensitive personal data about you when you sign up as a customer/user:
Anonymized user id;
Device type, model, and identifier;
Operating system;
Language;
Country, region, city;
Application version;
Application subscription information (plan, status, duration, etc.);
Events performed within the application (e.g., “user completed onboarding”);
Error codes and error messages.
3.1.1
We process non-sensitive personal data on the basis of Article 6 in the GDPR, more specifically, our legal basis for collecting and processing personal data is for each service outlined below:
The processing of your data is either based on:
Consent – processing is based on obtained consent from you.
Contract – processing is necessary to fulfill a contractual obligation with you or entering into such obligation.
Legal obligation – it is required by law that We process the personal data.
Vital interest – processing is necessary in order to protect the vital interests of you or of another natural person.
Public interest – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Legitimate interest – processing occurs to pursue a legitimate interest for us.
3.1.2
If the processing is based on your consent, you may at any time withdraw your consent by contacting us.
4.
TRANSFER OF PERSONAL DATA
4.1
We do share or transfer your personal data to sub-processors in a country or territory outside the EU/EØS.
4.2
Each of the sub-processors outside the EU/EØS ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
4.3
Separate data processing agreements have been entered into with each of the sub-processors based outside the EU/EØS to ensure compliance with the GDPR.
4.4
We will not share your personal data to any third-parties without your consent, unless it is specifically stated or required by law that We do so.
5.
PROFILING AND AUTOMATED DECISION MAKING
Our processing activities include profiling and automated decision-making in connection with description of processing activities involving profiling and automated decision-making and broad explanation of the logic behind the automated decision-making.
6.
BUSINESS TRANSFERS
6.1
In the event of an actual or contemplated transfer of our company or our assets, or if We discontinue our business or enter into bankruptcy proceedings, We will include data, including your personal information, among the assets transferred to any parties who acquire us or such assets may be the subject of review (due diligence) by such parties (or their representatives). You acknowledge that such transfers may occur, and that any parties who acquire, or contemplate to acquire, us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights We have over such information.
7.
USE OF PERSONAL DATA
7.1
We only process your personal data as stated in this privacy policy and We do not use your personal data for any other purpose than explicitly described above or communicated directly to you elsewhere.
7.2
We process your personal data in a lawful, fair, and transparent manner. The data We collect is solely used for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
7.3
All use of your personal data is relevant and limited to what is necessary in relation to the purposes for which they are processed.
8.
SECURITY
8.1
When We store and process personal data that We have received from you, We always take every step possible to store it in a secure manner. However, We cannot guarantee that your data is 100% secure as We cannot guarantee that the data will not be accessed or otherwise misused as a result of an unlawful act or similar. We do take all necessary precautions to keep your data safe. When you give us access to- or transfer personal data to us - you do so at your own risk.
8.2
The following security measures are in place to keep your data safe:
Encryption
ISO certificates
Anonymization
Firewalls & anti-virus
Internal policies & password protection
8.3
The security measures listed in Clause 8.2 are also followed by any sub-processor that We use, as specified in section 10.
8.4
To further increase the level of security, We have “deletion policies” in place. Personal data is kept for a maximum period of 12 months from after the purpose of the processing has ended.
9.
ACCESS TO YOUR INFORMATION
9.1
Right to access
GDPR Article 15: You have the right to obtain a confirmation from us as to whether or not personal data concerning you is being processed, including information on the purpose-, categories-, recipients-, and time of storage of the processing.
9.2
Right to rectification
GDPR Article 16: If you figure out, that the data that is being processed about you is inaccurate or incomplete, you have the right to get that data rectified. We will communicate any rectification or erasure of personal data to any recipient to whom the personal data has been originally disclosed, unless it proves impossible according to Article 19.
9.3
Right to erasure and restriction of processing
GDPR Article 17: You also have the right to get your personal data erased, if the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed. Please see Article 17 for the full list of reasons for your right to erasure.
9.4
GDPR Article 18: You have the right to restrict the processing of your personal data if it is (i) inaccurate; (ii) unlawful; (iii) the purpose of the processing has changed; or (iv) you have objected to the processing according to Article 21.
9.5
Right to data portability
GDPR Article 20: You have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format. You can also request that We transmit your data to another party.
9.6
Right to object
GDPR Article 21: You have the right to object to the processing of your personal data if it is being used for profiling or direct marketing purposes.
10.
SUB-PROCESSORS
10.1
We use data processors to be able to deliver our services and run our business. We have listed the suppliers below:
Digital Ocean (digitalocean.com) to run our servers and databases.
Vercel (vercel.com) to host our websites.
Cloudflare (cloudflare.com) to manage and protect our domains, and for content delivery.
Sentry (sentry.io) to monitor errors and fix them swiftly.
Mixpanel (mixpanel.com) to analyze and improve our products.
Helpscout (helpscout.com) to assist our users.
11.
CONTACT INFORMATION, REQUESTS & COMPLAINTS
11.1
If you want to exercise any of your above rights, please contact our data protection responsible:
Wiheads ApS
CVR: 44587947
Suomisvej 4
1927 Frederiksberg
Denmark
+45 31 89 42 83
Attn: Dmitry Obukhov
11.2
If you find that your personal data has been processed in a way that does not meet the requirements of the GDPR and if you want to file a complaint, you have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will guide you through the process. See contact information below: