Privacy notice
Patchstack OÜ (Company Registration Number 14331217) located with registered office in Aida 7 Pärnu 80011, Estonia, is the controller of personal data.
This Privacy Notice describes how we collect, use, process, and disclose your information, including personal information, related to your access to and use of the Patchstack services.
We provide services for B2B clients and therefore privacy regulations do not apply for such data, however, we might provide services also for individuals and therefore we are informing you about personal data processes herein.
The Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties.
Definitions
- Site – website available at patchstack.com
- Services – the services available from and related to the domain and subdomains of the Site
- Patchstack (also referred to as “we”, “our” or “us”) – Patchstack OÜ, company incorporated and registered under the laws of the Republic of Estonia with registration code 14331217
- User (also referred to as “you” or “your”) – an individual who creates a user account
- General Terms – terms and conditions of services.
Collecting data
Information we collect from you
Patchstack receives specific data about its Site visitors when such information is provided voluntarily, such as when our visitors request information, purchase or enrol for Services, submit a customer support inquiry, provide information for employment opportunities, or send us an email with personal information. Some of these activities require that you give us information, such as when you make a purchase, submit your resume, or request certain types of information.
Information we collect automatically
When you use the Site, we automatically collect the following information:
- device and log information: we collect information about the computer device you use to access the website, including device identifiers, mobile network information, type of operating system, and the type of browser used;
- log information about your use of the Site, including access times, pages viewed, IP address, other standard web log data, and the page visited before and after navigating to our websites.
With your express consent, we may access and track location data from your mobile device in order to personalize results or other content. We do not tie any personally identifiable information about you to any of the location tracking technologies that we use.
Our Services include website security firewall to prevent attacks and to protect your websites. By using Patchstack Threat Intelligence or any other Services we do not collect any personal data about users of your website. In the event, we detect website hacking incidents we are not allocating any personal data because hackers are hiding identity and do not reveal identifiable IP addresses, names, e-mail addresses or any personal data. Therefore, we are in a position where we are not processing any personal data of the hackers.
Lawful basis
The lawful basis for the processing of the personal data is the fulfillment of the contract („General Terms). The personal data that is strictly necessary is collected in order to provide you the Patchstack services.
We process some personal data to pursue our legitimate interests to avoid the creation and usage of fake accounts.
Furthermore, we may process personal data to comply with our obligations deriving from the law.
Personal data that you upload to your profile voluntarily is deemed to be given on your free consent. The personal data that has been voluntarily given may be amended or deleted under the profile settings of your account.
Purpose
We use your personal information collected for the following purposes:
- your user account data, contact information, submitted content and the data we collect automatically in the course of your usage of the Site are used to provide you the services, including managing your user account, providing customer support, sending updates etc. The personal data we collect automatically is also used to prevent potentially prohibited or illegal activities carried out via the Site and enforce the General Terms;
- to suggest you services related to Patchstack that you might be interested in;
- if you give a consent, we will use your name and e-mail address to deliver you profiled direct marketing messages on behalf of the Patchstack and its cooperation partners;
- measure and improve the services that are available on the Site;
- we may also use the information about you for any other purpose for which the information was collected, provided that such purpose was disclosed to you at the time of collection or you provided a separate consent for processing your data for such purpose.
Recipients
We may retain other companies and individuals to perform services for us, and we may collaborate with other companies and individuals with respect to particular products or services (collectively, “Providers”). In doing so, we may share information with these Providers and these Providers may collect and process your information. Examples of Providers include data analysis firms (e.g. Google Analytics), customer service and support providers, payment processors, data centers and software as a service company.
Patchstack may disclose your information to our subsidiaries and other affiliates and their agents and employees. In connection with the potential sale or transfer of Patchstack (in whole or in part), Patchstack reserves the right to transfer your information (including, but not limited to name, address information, and other information you provided to Patchstack) to a third party.
We do not sell or trade your personal data to any third-parties. We provide your data to third parties pursuant to the Privacy Notice if such transfer is required by the contract or law.
We may disclose your information, including personal information, to courts, law enforcement or governmental authorities or authorized third parties if it is required by the law or if such disclosure is requested by the court.
Data subject’s rights
- Right to access – User may get information regarding his/her personal data. If you are not able to access your data on your User account, please contact Patchstack support.
- Right to withdraw consent – in case our processing is based on a consent granted by the User, the User may withdraw the consent at any time by contacting us or by using the functionalities of the Site. Withdrawing a consent may lead to the situation you are not able to use some functionalities of the Site.
- Right to rectification – User has the right to correct inaccurate or incomplete personal data we store on the Site. The User may correct his/her personal data in the User account. If you are not able to correct your data, please contact Patchstack support.
- Right to data portability. User has the right to receive User’s personal data from us in a structured, commonly used and machine-readable format and independently transmit the data to a third party, in case our processing is based on User’s consent or fulfilling the contract and carried out by automated means. If you are interested in to transfer your data, please contact Patchstack support.
- Right to erasure. User has the right to erase personal data we process if the personal data is no longer necessary for the related purposes or if the User objects to processing for profiled direct marketing unless. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible.
- To exercise any of the abovementioned rights, User should contact Patchstack support. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded or we have a legitimate interest not to erase the data.
Data retention
- We store personal data as long it is necessary for the related processing purposes. The storage period depends on the type of personal data and purposes.
- Typically, we store User’s personal data as long as the User is using the Services. We keep personal data as long as it is required by law or necessary for internal reporting and reconciliation purposes. For example, we keep all payment transactions data for 7 years due to the accountancy rules.
- In the event that there are suspicions of a criminal offense, fraud or false information having been provided, the data will be stored for 10 years.
- In case the User decides to delete the account, the personal data will be held for another 12 months in order to prevent and investigate possible violations (fraud, fake accounts, identity thefts etc).
Security
- Our intent is to provide privacy, integrity, as well as authentication with regards to our online communication. The security measures we have taken are intended to secure and encrypt your data, such that a third party cannot capture, access or read the information while it is in transit between your computer and our system.
- We use some third-party service providers to help us provide services related to the Site such as the cloud platform providers. We have concluded contracts with the processors of personal data which provide protection at the same level as set out in this Privacy Notice.
- We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction.
- We further protect personal information by restricting its access to those employees, contractors, advisers and service providers that we determine to require access to such information for any of the purposes stated in this Privacy Notice.
- Any personal data collected by Patchstack is stored in the data centers located on territories and hosted by service providers that present sufficient guarantees in terms of technical and organizational measures that are required pursuant to the GDPR.
- Only authorized employees have access to the personal data and they may access the data only for the purpose of resolving issues associated with the use of the Site
Links to External Sites
The Site may provide you access to websites or services owned and operated by third parties. These third-party websites or services may have their own privacy policies and are not governed by this Privacy Notice. We are not responsible for the privacy practices or the content of any third-party websites or services.
Direct Marketing
We may send you e-mails for direct marketing purposes. We only use your e-mail address for sharing Patchstack related direct marketing messages. In case you wish to stop receiving e-mails for direct marketing purposes please click “unsubscribe” at the end of such e-mail.
Changes
This Privacy Notice is dated 19.04.2019. We may update this Privacy Notice at any time if required in order to reflect changes in our data processing practices, in personal data protection laws or otherwise. For substantial changes to this Privacy Notice, we will use reasonable endeavours to provide notice thereof. The current version can be found on our website.
Dispute resolution
Disputes relating to the processing of personal data are resolved by Patchstack support via the Intercom chat.
The supervisory authority is the Estonian Data Protection Inspectorate (www.aki.ee) which can be contacted via email info@aki.ee.