We, Caphyon S.R.L., Str. Ana Ipatescu Nr. 51, Dolj, Craiova, 200340, European Union, Romania take Privacy very seriously and are committed to comply with the high standards of Data Protection established by the legislation in force.
The Private Data that we collect is used within the technical scope of our business.
What information we collect
The information that we collect depends on your usage level of the Website and Service.
For Website Users:
The following information is gathered automatically via analytics tools, from your browser:
- Browser/User Agent, type of device and OS
- Referrer URL
- Anonymised IP address
- Website navigation information
The data collected is processed anonymously, without matching it to a specific individual or merging it with data from other tools.
For Service Users:
- Information that you provide directly, within the scope of using the Service:
- Your Registration email address
- Your encrypted account password
- *Personal Information for payment, or trial activation purpose
- **Personal Information within your User Data, for the scope of processing in the course of providing the Service
*Personal Information includes: name, email address, delivery address, payment details. This information is provided directly by you, via industry standard SSL encryption. It is further collected and used only for the specific scope of processing your payment, or trial activation, directly by Caphyon S.R.L., or by our authorized processor 2Checkout (formerly Avangate), in compliance with the legislation in force, including GDPR.
**Personal information includes: email address, name and / or encrypted account password that you provide as User Data.
- Time and location of accessing the Service
- Service navigation information
- User Data, that you submit in the Account manually or by making the connection with an external data supplier of your choice (such as Google Analytics, Google Search Console, Facebook, Twitter). Your credentials for the external data supplier are not shared with the Service during the authorization.
This information is processed internally by Caphyon, for the purpose of providing the Service effectively and for internal statistics on Service usage, that help us make it more user-friendly.
What we do with the information we collect
Our focus is to help Users work effectively, by processing Personal Data and User Data in a secure and efficient manner. As part of our commitment to comply with Data Protection legislation in force, including the EU General Data Protection Regulation, the following description offers an overview on how we use the data that we collect or receive directly from you.
Distribution of Scope
- Information and Records
- Research Scope
- Marketing Scope
We use the information in order to process your User Data in the course of providing you with the Service.
We use the Personal Information that you provide us directly for billing purposes, internal accounting records, and notifications on billing and Service updates.
We may collect and process occasionally User Data for research purposes. The information is collected and processed anonymously. We do not match a specific individual with specific User Data.
We may send you periodically promotional materials and special offers, only with your specific consent, which is given separately from the consent for accessing and / or using the Website and Service. You can always opt out or opt back in at any time.
Who can access your Personal Data
Caphyon has taken reasonable steps to ensure the reliability of its employees and external suppliers engaged in processing your Personal Data.
Your Personal Data is accessible only to Caphyon employees engaged directly in processing it, who have received the appropriate training and are subject to contractual obligations of information privacy, security and confidentiality.
Besides Caphyon employees, your Personal Data may be accessed occasionally by Caphyon external suppliers of billing, IT and support and communication services, under strict information access and process policies according to the Data Protection legislation in force.
External suppliers currently engaged by Caphyon, without limitation, are listed herein:
As defined under the GDPR Article 9, Sensitive Information, or special categories of personal data refers to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
We do not collect or process any information which may be classified as Sensitive Information as described under GDPR.
Right to Information
Your trust is very important to us. You may always enquire about your Personal Data that we collect, and request information about the source from which we received it, and reasons for storing and processing it. This information will be provided on request by contacting our privacy officer at firstname.lastname@example.org.
Right to Rectification
As defined under GDPR Article 16, you can rectify the Personal Data, or complete eventually incomplete Personal Data that we have on file for you. You can send the request for rectification to our privacy officer at email@example.com.
Right to Portability
For the purpose of data portability, you can receive your Personal Data that we have on file for you in a structured, commonly used and machine readable format. You can send the request for the file to our privacy officer at firstname.lastname@example.org.
Right to Object
As defined under GDPR Article 21, you can object at any time to Caphyon or any external suppliers processing your Personal Data. The objection can be submitted in writing to our privacy officer. In the event you object to Caphyon or any external supplier processing your Personal Data, we will make reasonable efforts to make available a change in your configuration of use of the Service. If we are not able to make the change available within a reasonable period of time, without exceeding 30 business days, you may Terminate the Service under the Terms of Service.
Right to Erasure
Under GDPR Article 17 (right to be forgotten), you may request the erasure of your Personal Data based on the following grounds:
- Your Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed
- You withdraw consent on which the processing is based, and where there is no other legal ground for the processing
- You object to the Personal Data processing pursuant to GDPR Article 21
- Your Personal Data has been unlawfully processed
- Your Personal Data has to be erased for compliance with a legal obligation in Union or Member State law
- Your Personal Data has been collected in relation to the offer of information society services.
The request for your Private Data erasure can be submitted in writing to our privacy officer at email@example.com.
Caphyon is committed to ensuring that your information is secure. For this purpose, we are maintaining and enhancing a security program with appropriate technical and organizational measures, to protect your information against unauthorized access, processing, distribution or erasure.
Personal Data that you provide us for billing purposes is processed securely by Caphyon (our internal infrastructure is located in Romania, EU), or by our authorized payments processor 2Checkout (formerly Avangate), who is PCI DSS Level 1 certified (Payment Card Industry Data Security Standard), and complies with the following security standards: ISAE 3402 and SSAE 16, Safe Harbor US-EU/EEA and Switzerland, 3-D Secure vendor/client protection, VeriSign certificate for secure SSL (Secure Socket Layer) orders, BBB Accreditation, EU-US and Swiss-US Privacy Shield Framework.
For Personal Data that you provide us for the technical scope of the Service, and under the User Data, we use SSL password encryption. All pages within your Account are served through a HTTPS protocol, while the connections you make between the Account and your external data suppliers are performed via OAuth standard protocol for authorization (your credentials for the external data supplier are not shared with the Service during the authorization). The data is stored securely on Amazon Web Service (AWS), who is compliant with the EU-US and Swiss-US Privacy Shield Framework and GDPR.
Upon Termination of the Service, we cease the processing of your Personal Data and User Data within a reasonable time which may not exceed 30 days. Following this time frame, the information which was collected and processed for a legitimate interest during the course of providing the Service will be archived and stored securely:
- Financial records are kept for 10 years under financial legislation in force
- User Data is kept for 6 months.
Should Caphyon become aware of any data security incident, we will immediately notify you regarding the incident and take reasonable steps to minimize the eventual harm on the Personal Data and / or User Data. The notification will take place via email.
Changes to the Policy
This Policy is effective from May 25, 2018 and may be subject to changes from time to time, by updating this page.