Proximi.io Privacy Policy

Privacy is a crucial aspect to us. This is not only in respect to your information, but also the information that is collected about your end users through the use of the Proximi.io Platform. We will try to keep the text short and clear.

Revised May 25th, 2018.

 

This Privacy Policy describes how we collect, use, and disclose information that we obtain about you as the user of Proximi.io website, product and Services, and your end users. It also includes important information about how you need to inform your end users about the use of Proximi.io Services. Note that a you may belong in multiple categories depending on your relationship with Proximi.io, and if you yourself use a software with Proximi.io integration.

This Privacy Policy forms an appendix to the Proximi.io Terms and Conditions, http://proximi.io/terms/. Capitalized terms bear the same meaning in both documents. By accessing and using our Services you agree to the Proximi.io Privacy Policy.

Contents:

1. Customer register
2. End User Register (Visitor IDs)
3. Marketing register
4. Website visitors / Cookie policy
5. General notes on security and sharing information
6. Links to Third-Party Websites and Services
7. Children’s Privacy
8. Changes to this Privacy Policy
9. Contact Us

 1. Customer Register

  • Customer is a person that is or at some point has been a paying user of the Proximi.io platform. Proximi.io trial users are also considered as customers during their trial period, or as long as their account is triggering API calls to the Proximi.io platform. In the case of a trial user, after the trial has ended or they are no longer triggering API calls to the Proximi.io platform, a trial user is counted as a lead (see below under Marketing register).
  • This information is used for communicating important notices that are directly related to the customer’s use of our Services, such as account verification, billing confirmation, information about changes or updates in our Services, and technical or security notices. It is also used for giving support for the customer, as is listed in the SLA applicable to their account. In some cases, the register may also include payment information that is used for payment purposes.
  • This information is collected on information systems and equipment that are in use by the company and which are in compliance with the GDPR requirements and are adequately protected. These include, but are not restricted to: CRM, chat software, email software, invoicing and credit card processing software, internal company documentation, company database, computers and mobile devices used by the company’s staff.
  • The information is collected from information provided by the customer themselves.
  • The information that we collect:
    • Name
    • Email
    • Phone number
    • Job title
    • User category (Marketer, salesperson, developer etc)
    • Skype ID
    • Twitter ID or other social media username
    • Notes on the interaction with the customer
    • IP-address and approximate location
    • Information on the device used to contact us (browser, platform, device, user agent)
    • Information on payment card (if the service is paid through a personal payment card)
  • A customer may modify this information collected about them by contacting our support at support@proximi.io.
  • As this information is needed for providing our Services to the customer, a customer may only be deleted from our register after a request, if they are no longer a paying customer, and more than 12 months have passed since the contract between Proximi.io and the customer has terminated. This excludes any information written in invoices, receipts, contracts and other legally binding documents, which are preserved for legal purposes in perpetuity.

2. End User Register (Visitor IDs)

  • End user is someone who has downloaded a mobile application with Proximi.io SDK integrated and activated in it.
  • Following the GDPR terminology, the controller of the end user data collected through the use of Proximi.io services is the customer. By using the Proximi.io Services, a customer is not sharing end user data with Proximi.io, but Proximi.io is acting as an external processor of the data. Proximi.io does not utilize end user information for any other purpose than providing and maintaining the Service as agreed and does not share end user information with any third party.
  • Information about the end user is collected to us through a mobile application installed by the end user.
  • The end user accepts the permission to using their location in the application by giving the application a permission to use their location and Bluetooth information.
  • It is the responsibility of a Proximi.io. customer to inform their end users about what information is collected about their end users, and that the information is used in the customer’s solutions in a GDPR-compliant manner.
  • End user data is collected under a pseudonymized Visitor ID. Visitor ID is UUID-formatted id that is generated based on timestamp.
  • Visitor ID remains the same, when the application is updated, but it is regenerated, if the application in deleted and re-installed. In the operating system level, due to operating system limitations, the old Visitor ID may be stored up to 36 hours. Proximi.io leaves no permanent tracking mechanism to the mobile device after the application has been deleted.
  • io SDK also includes a method that allows generating new Visitor IDs when requested. A Proximi.io customer may enable this functionality to their end users in their application.
  • The data that we collect under the Visitor ID consists of their device’s device build information object, and the location data detailed below. The content of the device build information object varies by device manufacturer and operating system version.
  • This information is collected in order for our customers to be able to provide location-specific Services to their application’s end users in the extent that they have designed. Device build information is collected in order to be able to analyse potential device-specific differences in error situations.
  • The location data collected for each Visitor ID includes information about the device’s current and historical location. The location information from the device is collected electronically using multiple methods, including but not limited to GPS, Bluetooth BLE beacons, WiFi networks, cellular networks, gyroscope (IndoorAtlas), LiFi or any other technology defined by the customer. Based on significant location change, latitude, longitude, timestamp, and potential contextual information about the location is stored under the Visitor ID.
  • The precision of the location information depends on a variety of factors, such as deployed technologies, mobile device make and model, mobile device settings and the physical surroundings. This information may be in some instances collected even when the application is not in active use or when the user has manually disabled location and Bluetooth from the mobile device, depending on the phone model and customer settings.
  • A customer may control if and where this location information is collected by disabling the Proximi.io library in their application or using geofence-only positioning. Geofence-only positioning limits the collection of end user location data to the area defined with geofences by the user.
  • io does not collect information about any other activity taking place on the mobile device, such as phone calls, text messages or email.
  • io collects no personally identifiable information about the end users, such as names, email addresses, MAC addresses or Advertising IDs. A customer is not allowed to use the Proximi.io platform for storing any personal sensitive information under the Visitor ID. Note that in some legislations the totality of information collected under the Visitor ID is considered as personal information.
  • In order to be able to comply with the GDPR requirements, Proximi.io customer needs to have a method of identifying the Visitor ID of each end user, in case an end user requests to receive their data. This could be for example implemented in the mobile application, or by storing the Visitor IDs in the customer’s end user database. Proximi.io will comply all such requests within 30 days, when we are given the specific Visitor ID, and it belongs under the Organization that the customer represents.
  • Similarly, we will delete all data collected under a specific Visitor ID within 30 days from the request.
  • Because Proximi.io has no method for identifying individual Visitor IDs, we cannot directly comply with end user requests coming to us.
  • From the collected end user location data, a completely anonymized (stripped of all Visitor IDs and customer organization IDs) duplicate is stored in Proximi.io archives for generating and analysing overall trends. This data is no longer considered as personal data. Proximi.io also reserves the right to use this anonymized agglomerated data for other purposes. For highly sensitive use cases it is possible to agree on exception to this policy, based on a separate agreement and separate pricing policy.
  • In order to keep the end user information current and relevant, the end user information is deleted at frequent intervals. By default, these intervals will range from 3 months to one year, depending on the pricing plan the customer has subscribed to. Thereafter the data is stored in anonymized format in Proximi.io archives in perpetuity.
  • All data is stored within EU on GDPR-compliant service provider servers, behind firewalls.
  • The company has also HR policies and technical barriers limiting which team members have access to end user data. Access is only enabled for those technical team members, who need it for maintaining the operation of the Proximi.io Services, only to the extent required for that purpose. A customer may also grant temporary access to their account to other team members for them to support solving potential technical issues.
  • Please note that utilizing location in a mobile application means that you also enable positioning through Google and Apple APIs. See their respective privacy policies: https://policies.google.com/privacy, https://www.apple.com/legal/privacy/en-ww/.

3. Marketing Register

  • The marketing register consists of persons, who has expressed interest in the Proximi.io Services by registering for a trial, sending us an email, SMS, WhatsApp message or similar, called us, approached us in social media, filling in a contact from on our website, downloaded a case study or other content on our website, signed up for our newsletter, has given their contact details to us at a trade fair or other event, booked a meeting with us, has discussed with us on the chat on our website or web portal or commented on our blog. Or a person we have identified as a potential customer, and reached out to by phone call, email, social media or similar means.
  • For the sake of clarity, all such persons will be titled as leads.
  • This information is mainly used for the purpose of responding to their questions, give pre-sales support, inform them about Proximi.io features and functionality, and handling other Proximi.io usage -related issues.
  • We may, also use lead information to send them information about our new updates, products and Services, which may be of interest to them through newsletters.
  • Before adding any leads to the newsletter recipient list, we will ask for an explicit permission for that either on our website or through other means of communication.
  • All newsletters will include an unsubscribe-button that allows leads to opt out from them.
  • This information is collected on information systems and equipment that are in use by the company and which are in compliance with the GDPR requirements and are adequately protected. These include, but are not restricted to: CRM, chat software, email software, invoicing and credit card processing software, internal company documentation, company database, computers and mobile devices used by the company’s staff.
  • The information is collected from information provided by the customer themselves.
  • The information that we collect:
    • Name
    • Email
    • Phone number
    • Job title
    • User category (Marketer, salesperson, developer etc)
    • Skype ID
    • Twitter ID or other social media username
    • Notes on the interaction with the customer
    • IP-address and approximate location
    • Information on the device used to contact us (browser, platform, device, user agent)
  • A customer may modify this information collected about you by contacting our support at support@proximi.io.
  • As this information is needed for providing our Services to you, a customer may only be deleted from our register after a request, if they are no longer a paying customer, and more than 12 months have passed since the contract between Proximi.io and the customer has terminated. This excludes any information written in invoices, receipts, contracts and other legally binding documents, which are preserved for legal purposes in perpetuity.

4. Website visitors / Cookie policy

Summary of cookie types used:

Operational cookies Essential for providing access to the Proximi.io Services Yes
Functionality cookies Enhancing the performance of the website and Services Yes
Analytics and customization cookies Statistics that help us understand how you use our website or other Services and communication, customizing experience for users. Yes
Marketing cookies Used to make advertising messages more relevant to you. No
  • A website visitor is a person that accesses and uses Proximi.io website or Services. This category also includes people, who have signed up to our newsletters.
  • We automatically collect certain types of usage information of our website visitors through cookies, web beacons or similar technologies. Cookies are alphanumeric identifiers that we may transfer to a website visitor’s computer to give the web browser a unique identifier. Web beacons, are small transparent images that we may use to record a website visitor’s use of our Services. We may also use web beacons in HTML-formatted newsletters we send.
  • The cookies used by Proximi.io can be categorized into three types: operational cookies, functionality cookies, analytics and customization cookies. Proximi.io does not utilize marketing cookies.
  • Operational cookies: Required for being able to provide our Services to you. This category includes e.g. session storage that is required for enabling login to our portal. It is not possible to access Proximi.io Services without enabling this category of cookies.
  • Functional cookies: Used for enhancing the performance of the website and Services. This category includes for example content cache used for optimizing website performance, and cookies used for improving the performance of our chat service. Disabling this category of cookies may limit your ability to access Proximi.io Services and support.
  • Analytics and customization cookies: Statistics that help us understand how you use our website or other Services and communication and aids us in improving our Services. This category also includes third-party cookies, such as cookies for embedded Youtube videos and cookies set by Twitter like buttons. These cookies are used by the third-party providers for customizing their websites performance for you. The information collected by them includes how you land on our site (referring URL), how often you visit the site, which pages you visit, which links you click and how long you use our Services.
  • You may opt out of the collection of any information through tracking technologies by actively managing the settings on your browser or mobile device. Please refer to your browser’s or mobile device’s instructions on how to delete and disable cookies, and other tracking/recording tools. (To learn more about cookies, clear gifs/web beacons and related technologies, you may wish to visit http://www.allaboutcookies.organd/or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org).

5. General notes on security and sharing information

  • We have implemented commercially reasonable precautions, including, where appropriate, password protection, encryption, firewalls, and internal restrictions on who may access data to protect the information we collect. However, no data security measures can be 100% reliable. In the event that the security of the personal information we have collected has been compromised, we will take reasonable steps to investigate the situation and to notify our Customers. Please make sure to protect your account from unauthorized use by keeping your password safe and signing off your account after using the Services on a shared computer. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
  • By default, we will not share any customer, end user or lead information with any third party. For some parts of our Services we use third-party service providers. We only utilize contractors, who comply with the GDPR requirements. We only disclose personal information that is necessary for performing such functions (such as payment processing, email posting, chat provider, accounting) to the third-party vendors, service providers, contractors or agents who perform these functions on our behalf. Third party providers are not allowed to utilize or share this information in any other way.
  • We may share your personal information only in the following instances:
  1. Business Transfers:If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer all of the personal information gathered by us to the other company. If such situation would happen, we would make our best effort to ensure personal information will be handled as carefully in the future as stated in this Privacy Policy.
  2. Legal and Regulatory Requirements:We also may disclose personal information collected if we determine, in our sole discretion, that we are required to do so under applicable law or regulatory requirements.
  3. To Protect Us and Others:We also may disclose the information if we reasonably believe disclosure is necessary to prevent harm or financial loss, or in connection with investigating or preventing fraud or illegal activity, situations involving potential threats to the safety of any person, and/or to enforce our Terms of Use.
  4. Aggregate and De-Identified Information:We may aggregate or remove information of personally identifying characteristics, and then share that aggregated or anonymized information about users with third parties for marketing, advertising, research or similar purposes.
  5. Case studies and references: We may publicize case studies and reference on our website and other communication that includes customer personal information. We will never do that without an explicit permission from the customer in question.

6. Links to Third-Party Websites and Services

Our Services may contain links to third-party websites and services. This Privacy Policy does not cover such third-party websites or services, but they are governed by their own privacy policies. We are not responsible for their information protection practices but encourage you to familiarise yourself with their privacy policies.

7. Children’s Privacy

Our Services are not designed for children under 13. If we discover that personal information has been collected from a child under 13, we will delete the information as soon as possible.

8. Changes to this Privacy Policy

We reserve the right to change this Privacy Policy from time to time. Any changes will be updated to this page and indicated in the “revised” date on top of the document. Significant changes to the Privacy Policy, as determined by us in our sole discretion, will be also announced on the Proximi.io website, http://proximi.io or through an email notification. Please check back to this document regularly for possible updates. Your continued use of our Services after possible changes indicates your acceptance of the updated Privacy Policy.

9. Contact Us

If you have any questions about this Privacy Policy or any other aspect of our Services, please contact us at support@proximi.io or at:

Mika Koskiola
Lapinlahdenkatu 16,
00180 Helsinki
FINLAND