Product Privacy policy
Introduction
This Privacy Policy regulates how WebUs manages the personal data it processes. This Privacy Policy is an integral part of WebUs’ Terms of Use. Any definitions used in this Privacy Policy have the same meaning as in the Terms of Use, unless explicitly stated otherwise herein.
For clarity, the terms “personal data”, “processing”, “controller”, “processor”, “data subject” and “personal data breach” shall have the same meaning as in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
By accessing and using the Services you consent to this Privacy Policy. If you do not agree with this Privacy Policy, you may not access or use the Services and you must close your Account if you have one.
WebUs’ role
With regard to processing of personal data, WebUs has two roles – as a controller and as a processor. WebUs is controller with regard to the personal data it processes when you access and use the Services.
WebUs is a processor with regard to the personal data used by an Organizer to authorize Admins, the personal data used by an Organizer or an Admin to designate User Accounts to Users and to invite them to Networks, as well as to any personal data which is part of the Content the Customers post, cf. also section “WebUs as a processor” below.
For clarity, since pursuant to GDPR personal data is information relating to an identified or identifiable natural person, this Privacy Policy shall not apply to any company’s, organization’s or other entity’s or legal person’s data which are not considered to be personal data under the GDPR and are publicly available.
WebUs as a controller
What personal data does WebUs process?
We may collect certain personal data about you which is necessary for your access to and use of the Services such as name, email, password, credit card data and billing address (if you purchase a Network).
We may also collect some additional personal data, which you decide to provide us with, such as job position, organization, phone number, photo, and any other information related to you as a data subject which you voluntarily decide to include in your profile via your Account.
Further, we may automatically collect some personal data about you related to your access to and use of the Services such as IP address, log data, unique device identifier such as push tokens, location data, actions performed, cookie data. WebUs does not store IP addresses, location data, action logs, or cookie data beyond authentication.
What purposes does WebUs process the personal data for?
We use the personal data described above for the following purposes:
-
to deliver you access to and use of the Services;
-
to maintain and improve the Services and to keep the Services secure;
-
to calculate anonymous and aggregate statistics to create analysis of how the Services are used;
-
to identify you as a contracting party;
-
for authentication and to identify you when using the Services;
-
to invoice you in case that you are an Organizer and you have purchased Networks(s);
-
to communicate with you;
-
to send you information about updates and new features by email after obtaining your consent.
On behalf of the Organizer of a Network, we may use the personal data to generate a report containing statistic analysis of the activity of said Network. We will make sure that the data in the report is anonymized in a manner that makes it hard or impossible for the Customers participating in the Network in question to be identified. Such report, if made, will only be shared with the Organizer of the Network and no third parties.
WebUs may from time to time publish general reports containing analysis of how the Services are used. Such analysis will be strictly based on anonymous and aggregate statistics, and any personal data used for such statistic will before that be rendered anonymous in such a manner that the data subject may not be identified.
What legal grounds does WebUs have for processing of personal data?
WebUs collects, stores and processes your personal data on one or more of the following legal grounds:
-
your consent;
-
it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
-
it is necessary for compliance with a legal obligation to which we are subject;
-
it is necessary for the purposes of our legitimate interests or those of another person, unless such interests are overridden by your rights. We consider as our legitimate interests the protection of the rights we have under this Privacy Policy, the Terms of Use and the applicable law, ensuring the security of the Services, fraud prevention, measuring performance of, developing and improving the Services.
If your personal data are collected, stored and processed based solely on your consent, you may at any time withdraw your consent by contacting us. For contact details please see section “Contact” below. With regard to any personal data, you have decided to include in your profile via your Account, you may alter or delete said personal data at any time by using the relevant features in the Services. If you decide to delete such personal data, they will no longer be processed.
For how long is the personal data being processed?
WebUs will process your personal data as long as it has a legal base for such processing, including for purposes like invoicing, complying with legal obligations and protecting its legitimate interests.
For more information about how we store cookie data please see section “Cookies” below.
Where is the personal data being processed?
WebUs uses the servers of Firebase by Google, LLC (“Firebase”) for processing and storage of personal data. Their servers are located in Denmark, Finland, the Netherlands, Belgium, Ireland, United States, Chile, Taiwan and Singapore. Firebase has received certification for compliance with major international security and privacy standards and is a trusted partner of WebUs. We currently rely on standard contractual clauses as an appropriate safeguard under GDPR for transfers of personal data outside of the European Union, if any. You can find more details on Firebase’s privacy terms here.
To whom the personal data is being disclosed?
WebUs does not disclose, transfer or share your personal data with third parties except in the following cases:
-
it has a legal obligation to do so;
-
the personal data are provided to trusted partners and subcontractors who are in contractual relations with WebUs and have a duty of confidentiality. These trusted partners include Google, LLC with its platform Firebase, cf. above, and ZoomCharts. WebUs undertakes to get into agreements only with partners and subcontractors who comply with the legal requirements about personal data protection, security and processing, including the GDPR. We hereby notify you that some of WebUs’ partners might transfer the personal data outside the EU. For further information, please read the privacy policies of WebUs’ partners.
With regard to your name as well as to any other personal data which you voluntarily add to your profile via your Account you are hereby made aware, understand, agree and acknowledge that they would be visible to the other Customers in the Network(s) that you have purchased, you administrate, you are invited to or you participate in, as well as to any other Customer part of a Team you participate in or you interact with by using the private messaging feature of the Services. If you don’t want such personal data to be visible, you should not add it to your profile.
With regard to any personal data related to you that you voluntarily post in an area or a feature of the Services which is accessible for other Customers of the Network you have posted it on to, you are hereby made aware, understand and acknowledge that it would be visible to these other Customers. If you don’t want such personal data to be visible to said Customers, don’t post it.
With regard to the report on the activity of a Network (cf. section “What purposes does WebUs process the personal data for?” above), you are hereby made aware, understand, agree and acknowledge that it may be shared with the Organizer of said Network. The report shall not be shared with any third party. We will make sure to render the data in the report in such a way that makes it hard or impossible for the Customers participating in the Network in question to be identified.
With regard to the general reports containing analysis of how the Services are used which WebUs may publish from time to time, you are hereby made aware that such reports will contain only general, aggregate and anonymous information which will not allow for any data subject to be identified.
How does WebUs ensure the security of the personal data?
WebUs values your privacy and takes appropriate physical, technical and organizational measures for personal data security and protection such as access control and authentication, encryption of passwords. WebUs ensures that all persons authorized by it to process personal data, whether WebUs’ employees or not, have committed themselves to confidentiality.
Cookies
In order to provide access to and use of the Services to you, WebUs uses cookies. A cookie is a small text file sent by WebUs and stored on your device.
WebUs uses cookies to provide you the Services and to keep statistic about the traffic. WebUs considers the use of those cookies its legitimate interest, so that it can keep the proper functioning of the Services.
You are hereby notified that WebUs uses some trusted third party’s cookies as a part of the Services. These cookies are governed by the respective trusted third party and are not under WebUs’ control. Such trusted third parties include Google, LLC and its platform Firebase. For more information about their cookies, please visit their relevant websites.
WebUs stores two cookies:
-
An authentication cookie to keep you logged in to the Network even if the browser is closed.
These cookies are used purely for authentication purposes. No data is sent back or collected from either cookie. We do not combine the information we collect via cookies with other personal data that could make you identifiable and tell us your name or email address.
Apart from strictly necessary cookies, WebUs stores cookies on your device only with your consent. You can withdraw or change your consent at any time. You can do it here. Please be aware that if you don’t allow the use of cookies, you may not be able to use some features of WebUs’ Services.
Please be aware that you can also disable cookies in the settings of your browser. The settings might differ based on the browser that you use. For more information, please check the guidelines of the browser you use.
Please be aware that if you disable cookies, the Services might not function properly and you might not be able to use some or all features of the Services.
What rights do the data subjects have?
Pursuant to GDPR as a data subject you have the following rights:
-
Right to access to your personal data: You have the right to receive confirmation from WebUs whether any personal data related to you are processed and, if this is the case, you have the right to access the personal data and receive information on how they are being processed, as well as one copy of them.
-
Right to rectification: You have the right to obtain from WebUs without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
-
Right to erasure: In certain circumstances, such as when your personal data are no longer needed in relation to the purposes they were processed for or the case that your personal data have been processed unlawfully or you have withdrawn your consent (if the processing of personal data is based on consent), you may request the erasure of your personal data.
-
Right to restriction of processing of the personal data: In certain circumstances, such as if you have doubts about the accuracy of your personal data or have objected to WebUs’ legitimate purpose for processing your personal data, you may request that WebUs restrict the processing of your personal data.
-
Right to object to processing of personal data: In certain circumstances, such as if you have doubts about WebUs’ legitimate interest in processing of your personal data, you have the right to object to such processing.
-
Right to personal data portability: In case that the processing is based on your consent and that the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract and that the processing is carried out by automated means, you may request to receive a complete and machine-readable copy of your personal data and transfer it to another controller.
-
Right to complain: You are entitled to file a complaint regarding WebUs’ processing of your personal data at the relevant supervisory authority.
WebUs as a processor
General
This section regulates how WebUs processes the personal data used by an Organizer to authorize Admins, the personal data used by an Organizer or an Admin to designate User Accounts to Users and to invite them to Networks, as well as any personal data part of the Content the Customers post (hereinafter collectively referred to as “Customer’s Data”).
We respect our Customers’ privacy. We expect that our Customers respect other people’s privacy too. You hereby agree and acknowledge that you will not use the Services to post or use personal data of other people, be they Organizers, Admins, Users or third parties, unless you have their consent or you are otherwise authorized to post and use their personal data.
You hereby agree and acknowledge that in case you are an Organizer, you will use the personal data of the person you want to authorize to administrate your Network(s) as an Admin, for said authorization, only provided that you have his/her consent or that you are otherwise authorized to use his/her personal data for the authorization.
You hereby agree and acknowledge that in case you are an Organizer or an Admin, you will use the personal data of the person to whom you want to designate a User Account and who you want to invite as a User to a Network, for said designation and invitation only provided that you have his/her consent or that you are otherwise authorized to use his/her personal data for the designation and invitation.
Data processing agreement
The purpose of this section is to serve as a data processing agreement (“DPA”) between WebUs and the Customer, with regard to the Customer’s Data. The Customer enters into this DPA by accessing and using the Services.
With regard to the Customer’s Data, the Customer is to be considered controller and WebUs is to be considered processor. This DPA shall govern the obligations which the Customer has as a controller and WebUs has as a processor. If any other provision in this Privacy Policy or the Terms of Use contradicts to this section, it is this section which shall have precedence.
The Customer hereby warrants that the Customer is the owner or the authorized holder of all Customer’s Data and that the Customer is authorized to appoint WebUs to process them as processor. Further, the Customer warrants that it has obtained Customer’s Data legally and in accordance with any legal act or requirement which might be applicable, including GDPR. The Customer hereby agrees and acknowledges that WebUs is processing Customer’s Data on Customer’s behalf and that said processing does not extend beyond the duration of the Agreement between the Customer and WebUs, as defined in the Terms of Use, unless required by any applicable law to which WebUs is subject. The Customer warrants that, as a controller, it meets all legal data protection requirements, including those set forth in GDPR. The Customer warrants that it has provided the data subject with all information concerning personal data processing which is required by the applicable law, including the information required by GDPR.
WebUs processes the Customer’s Data only for the purpose of and to the extent necessary for making the access to and use of the Services available to the Customer.
The types of personal data which WebUs processes on behalf of the Customer under this DPA includes name and email, but may also include all kind of personal data and may be related to all kind of categories of data subjects. Taking into account the above, it is solely the Customer’s decision what kind of personal data and of what categories of data subjects are to be processed by WebUs. As a controller, the Customer shall maintain a record of all processing activities under its responsibility as required by the applicable law.
The Customer warrants that all Customer’s Data which are to be processed by WebUs on the Customer’s behalf under this DPA, will be made available to WebUs via the use of the Services or via email with all the necessary security measures. WebUs shall not be liable for any personal data which has been made available, transferred or otherwise disclosed to it by the Customer in a way and by means which do not meet the requirements of the applicable law, including GDPR.
WebUs shall process the Customer’s Data as long as they are necessary for providing the Services to the Customer and in accordance with the applicable law.
WebUs shall process the Customer’s Data only on Customer’s instructions, unless WebUs is required to process the personal data by the applicable law to which the WebUs is subject.
The Customer hereby authorizes WebUs to engage other processors for processing the Customer’s Data under this DPA and in connection with providing the Services to the Customer and approves the processors which WebUs has already engaged prior to the Customer’s consenting to this Privacy Policy. Upon Customer’s consenting to this Privacy Policy, WebUs uses the platform Firebase by Google, LLC (“Firebase”) and ZoomCharts’ software and developers as processors for processing of personal data. Firebase has received certification for compliance with major international security and privacy standards. You can find more details on Firebase’s privacy terms here and on ZoomCharts’ privacy terms here. WebUs shall inform the Customer on this page or via email about any changes to the already engaged processors or about every other processor that WebUs plans to engage, and give the Customer the opportunity to object to such changes. If the Customer does not approve the changes to the already engaged processors or the engagement of other processor(s), it shall cease using the Services and close its Account.
When engaging other processor, WebUs shall ensure that said processor will take upon itself the same obligations which WebUs has pursuant to this DPA, and that said processor provides sufficient guarantees and appropriate technical and organizational measures for personal data processing so that it meets the requirements of the applicable law, including GDPR.
WebUs ensures that all persons authorized by it to process personal data under this DPA, whether WebUs’ employees or not, have committed themselves to confidentiality. WebUs ensures that any natural person acting under the authority of WebUs who has access to the personal data does not process the data except on the Customer’s instructions.
WebUs ensures that it has taken appropriate technical and organizational measures for security of the personal data processing under this DPA and to prevent the personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
Irrespective of the above, WebUs does not warrant against personal data breach. In the event of a personal data breach, WebUs undertakes to notify the Customer without undue delay after becoming aware of the personal data breach. Said notification shall describe: i) the nature of the personal data breach and, if possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; ii) the likely consequences of the personal data breach; iii) the measures taken or suggested to be taken to remedy the personal data breach and, if possible, the measures to mitigate its possible adverse effects.
Said notification shall also include the name and the contact details of the data protection officer or, if such has not been appointed by WebUs, another contact point where more information can be obtained. Irrespective of the above, the Customer acknowledges that a personal data breach is not a violation of this section, the Privacy Policy or the Terms of Use on the part of WebUs and that WebUs disclaims any liability for damages or any other losses which might be related to the personal data breach, cf. also section “Disclaimers” in the Terms of Use which shall apply in such case. As a controller the Customer is responsible for notifying the competent supervisory authority and for communicating the data breach to the data subjects when it is so required by the applicable law.
WebUs shall to a reasonable extent assist the Customer in ensuring compliance with the Customer’s obligations as a controller, taking into account the nature of personal data processing carried out by WebUs and as far as this follows from WebUs’ obligations under this DPA. WebUs shall assist the Customer with handling requests and inquiries from data subjects, unless the Customer can handle them itself using the different features incorporated in the Services. All data subjects to whom the Customer is a controller are encouraged to search communication with the respective controller in connection with exercising their rights as data subjects.
The Customer hereby states and acknowledges that WebUs has provided it with all information necessary to demonstrate that WebUs complies with the obligations of processor under GDPR. If requested by the Customer and on the Customer’s expense, WebUs agrees to allow for and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer in relation with the personal data processing as far as the Customer’s Data of that particular Customer is concerned.
In case that the Agreement, as defined in the Terms of Use, between WebUs and the Customer is terminated based on whatever of the grounds stated in the Terms of Use, WebUs shall, at the choice of the Customer, delete or return or return all the Customer’s Data WebUs processes under this DPA, as well as delete any existing copies unless required to store the Customer’s Data by the law.
The Customer hereby agrees that it will apply all instructions and security measures concerning the access to and the use of the Services which WebUs decides are necessary.
The Customer remains solely liable and shall indemnify WebUs for all claims, damages, losses, costs and expenses which may result from the Customer’s failure to fulfill its obligations as a controller or to apply the instructions and security measures mentioned above.
Contact
You may contact us at:
WebUs IVS
(Danish Business Reg. No. 40389970)
Updates
WebUs reserves the right to make changes to this Privacy Policy. Any changes to the Privacy Policy will be posted on this page and will enter into force on the date stated in the change. If you do not agree with the changes, you must cease using the Services and delete your Account if you have one.