DATA PROTECTION OFFICER’S DETAILS
Phone: +385 1 7812 480, mail: [email protected]
At Vizibit, we take the privacy and security of personal information of our users, employees, business partners, and other individuals with whom they have entered into a business cooperation and whose personal data is collected and processed as part of our daily business activities very seriously. We are hereby informing you about the personal data we collect, how we process it, how we protect it, and what your rights are regarding the data processing.
This Policy policy defines basic principles and rules for the protection of personal data in accordance with business and security requirements of Vizibit as well as legal regulations, best practices and internationally accepted standards. In order to ensure fair and transparent data processing, Vizibit strives to provide clear information regarding processing and protection of collected and processed personal data, and to ensure simple control and management of personal data and privacy.
PRINCIPLES OF PERSONAL DATA PROTECTION
We shall give special attention to the principles of Personal Data processing when processing Personal Data:
- Lawfulness, fairness, and transparency of processing – this means that processing must comply with a particular legal basis, and the principles of fair and transparent processing require that the individual is informed of the processing procedure and its purposes, and that the Vizibit is obliged to provide the data subject with all additional information necessary to ensure fair and transparent processing, taking into account the particular circumstances and context of the processing of Personal Data;
- Purpose limitation – this means that the personal data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Data minimisation – this means that the data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate, complete and up to date – this means that the data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Storage limitation – this means that the data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data is processed; Personal Data may be stored for longer periods insofar as the Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to the implementation of appropriate measures required by the Regulation;
- Integrity and confidentiality – this means that the data must be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage;
- Accountability – this means that Vizibit is responsible for abiding by these principles and that, in the event of their breach, the burden of proof lies with Vizibit.
LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
We process personal data in accordance with the provisions of Regulation EU 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter: GDPR), The Act on the Implementation of the General Regulation on Data Protection (Official Gazette 42/2018) and other valid legal regulations governing the subject area.
Legal basis for using User’s Personal Data depends on:
- the services that User uses (contract or pre-contractual measures, Article 6(1)(b) GDPR);
- our need to comply with a legal obligation (Article 6(1)(c) GDPR);
- consent that User have given (consent, Article 6(1)(a) GDPR); or
- a legitimate interest, such as ensuring the security of the website, sending information on the use of our platform or products, insofar as they are similar to those that were already purchased or requested from us and such communication were not deactivated(Article 6(1)(f) GDPR).
2. WHAT PERSONAL DATA WE COLLECT AND PROCESS, HOW IT IS COLLECTED AND PURPOSE?
To provide you access to the Vizibit products, free or paid licences and certificates or more information, Vizibit website and application solutions require you to provide personal identifiable data. This information may be collected during the account registration process or at a later time. You can view and update the personal information mentioned below at any time from your application service account. Please note that certain information is required for the basic functioning of your account, while other information is optional.
- Name (mandatory) – The information used in notification emails serves to identify you to the intended recipient(s). Your name is also recorded on your visual representation of signature, for profile application settings as well in reporting inside the application. Additionally, this information is utilised within our marketing and email sending platform to keep you informed about product updates, informative blogs, and newsletters. If you wish to unsubscribe from our marketing emails, please use the provided link.
- Email (mandatory) – Your email address serves as the unique identifier for your application service account, necessary for logging in. Please note that this information cannot be modified once it has been submitted, except by deleting the account and creating a new one with a different email address. In addition, your email address is utilised for sending notifications from the application service, and is also shared with our marketing and email sending platform. If you wish to unsubscribe from our marketing emails, please use the provided link.
- Password/Confirm Password (mandatory) – This allows you to be authenticated before allowing access to your application service account. The password is processed and stored using hashed and salted method.
- Phone (optional) – We may use your phone number to authenticate you when performing secure remote signing.
- Job Title (optional) – This information can be entered into your application service account and is used on the visual representation of the signature. If entered, this information will be shared in workflows using your signature image. You can always delete this information in your signing account settings for future use.
- Company Name (optional) – This information is used in the context of Business based plans on our application services to identify your organisation. This information can be entered into your application service account and is used on the visual representation of the signature. If entered, this information will be shared in workflows using your signature image. You can always delete this information in your signing account settings for future use.
- Image of your handwritten signature (optional) – This information can be uploaded into your application service account and is used on the visual representation of the signature. If entered, this information will be shared in workflows using your signature image. You can always delete this information in your signing account settings for future use.
- Billing Info – This information may be used in order to allow you to become a User for our application solutions, and in order for us to charge you for usage of certain functionalities and services of the application solutions.
- Name (mandatory)
- E-mail address (mandatory)
- Country (mandatory)
- Company name (optional for individuals, mandatory for companies)
- Address (optional)
- VAT Number (for companies) (optional)
- City (for companies) (optional)
- Postcode (for companies) (optional)
If you pay with Paddle, the data you enter will be transmitted to Paddle. Your data is transmitted on the basis of Article 6(1)(b) GDPR (contract). Your data is forwarded for the sole purpose of processing your payment and only to the extent that is necessary for that purpose.
- Documents – When using certain iterations of our application solutions and uploading documents to be signed through it, the uploaded documents often contain information relating to the User or third persons that may constitute Personal Data. The user is a Data Controller of uploaded documents. The processing of such Personal Data is not necessary for the provision of services.
Personal Data uploaded with documents may include:
- Personal Data relating to the User or third persons contained in uploaded documents
Our processing of these Personal Data is limited to minimum necessary storage on our systems in order to provide our services, and only when using certain iterations of our application solutions that provide Users with storage options using AES encryption. This Personal Data is never processed for any other purpose.
- Miscellaneous Data – As a part of the application services you may configure different sets of data based on your business needs. This may include:
- Contacts with whom documents are shared with (Email)
- Your handwritten signature image and company logo image. If selected by you then this information is embedded inside your signed document(s).
- Documents drive – Centrally held documents made available to you by your enterprise administrator, documents in workflows including you or that you have uploaded yourself
- Any comments you add
- Any form field data you enter into a document
- Custom email content set by you (or your administrator) to notify recipients. Note that the sole purpose of email contents is to give reminders at different events. At Vizibit we don’t expect or require you to enter sensitive data inside the email contents configured in your profile and we will not be responsible for its safety hence customers must avoid providing such info in email contents.
- Any comments you add for your document recipients
- Any document metadata you provide
For certain authentication services the user has to provide a phone number to Vizibit before initiating the login/signing process. These authentication services include:
- Mobile ID
- Infobip OTP
- GET IN TOUCH WITH US form – This information is used when you contact us in regards to providing our services to you using our CONTACT page. In the contact us form you need to provide basic mandatory information such as your Name, Email, Company Name and website as well as Country. If submitted, this information is also shared with our marketing and CRM platforms to enable our sales team to contact you accordingly and deal with your request. If you wish to unsubscribe from our marketing emails, please use the provided link.
- Usage Data – We may collect information on how our application solutions are accessed and used. This Usage Data may include information such as your IP address, your device’s Device ID, your browser type, browser version, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
- Logs – We collect information on how our application solutions are accessed and used. This Usage Data includes information such as your IP address, your browser type, browser version, the time and date of your visit, the time spent on those pages and other diagnostic data. This information can only be associated with individuals indirectly. We will not combine this data with other sources of data. We reserve the right to review this data at a later point in time if we become aware of specific indications of unlawful use.
OTHER VIZIBIT’S APPLICATION SOLUTIONS (ADD-INS)
- Vizibit provides other application solutions which run inside 3rd party applications. These 3rd party applications are: Microsoft tools and Google Workspace. Here we define which personal information is shared from these external applications using our app and vice versa:
- Following personal information can be seen from inside the add-ins: Document owner, email, next signer email
- Your contacts or user information (name, email, phone number) can be pushed to Vizibit as contacts.
- Documents can be pushed to Vizibit application solutions and updated documents can be updated back
PROCESSING OF YOUR SUPPORT REQUESTS
- When contacting our Support Centre, we process your support requests and manage your customer data. These requests include your Name and email, and any optional Personal Information that you provide us with in the message part of the request form.
3. PROCESSING OF PERSONAL DATA THROUGH VIDEO SURVEILLANCE
- WHAT DO WE USE THIS PERSONAL DATA FOR (PURPOSE)?
Protection of persons and property
- LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
Legitimate interest of Vizibit as controller of personal data processing.
- WHO CAN BE CONSIDERED AS RECIPIENT?
The video can be delivered on request to the competent authorities (police, court) if necessary for conducting procedures based on special regulations
- HOW LONG THE WE STORE THIS PERSONAL DATA?
We keep video surveillance system recordings for up to six months or longer if they are exempted as evidence in court, administrative, arbitration or other proceedings.
Cookies can be permanent, meaning that they stay stored on the user’s computer after visiting the website, and temporary, meaning they are stored only during the visit to the website.
COOKIES USED ON THIS WEBSITE
- Google Analytics (_ga) – Registers unique ID that is used to generate statistical data on how the visitor uses the website.
- Google Analytics (_ga_#) – Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.
- Elementor – Used in context with the website’s WordPress theme. The cookie allows the website owner to implement or change the website’s content in real-time.
- Google captcha
- com – Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. Description: Stores the user’s video player preferences using embedded YouTube video. Registers unique ID to keep statistics of what videos from You Tube the user has seen. Tries to estimate the users’ bandwidth on pages with tegrated YouTube videos.
HOW TO MANAGE COOKIES?
If you block all cookies in your browser settings (including essential cookies), you may significantly reduce the functionality of individual web pages.
Once you have given us your cookie consent, we will store the cookie on your device to be used for your future visits to this website.
If, at any time, you wish to withdraw your cookie consent, you will have to manually erase cookies through the settings in your internet browser.
The following links may be useful if you are interested in more details regarding cookies management for certain browsers:
- Google Chrome
- Mozilla Firefox
- Internet Explorer
- Android Browser
- Opera Mobile
- Safari (Desktop)
- Safari (Mobile)
More information on cookie usage may be found at www.allaboutcookies.org.
5. YOUR DATA PROTECTION RIGHTS
The rights of the User as the data subject in terms of GDPR, related to the processing of Personal Data are as follows:
- Right of access – The data subject shall have the right to obtain from Vizibit confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and purposes of the processing, categories of personal data concerned, possible recipients to whom the personal data have been or will be disclosed, etc.:
- Right to erasure (“right to be forgotten”) – The data subject shall have the right to obtain from Vizibit the erasure of personal data concerning him or her without undue delay and Vizibit shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing
- data subject objects to the processing and the legitimate grounds for pursuing the right to erasure supersede the legitimate grounds of the Data Owner/Controller to process and/or store personal data
- personal data have been unlawfully processed
- personal data have to be erased for compliance with a legal obligation
- Right to rectification – The data subject shall have the right to obtain from Vizibit without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to data portability – The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to Vizibit, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. It should be taken into account that the right to data portability relates exclusively to the personal data of the data subject.
- Right to object – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. Vizibit shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Furthermore, where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Right to restriction of processing – The data subject shall have the right to obtain from Vizibit restriction of processing where the accuracy of the personal data is contested by the data subject, the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, and if the data subject objected to the processing and expects conformation that the legitimate grounds of the controller supersede the legitimate grounds of the data subject. The data subject has the right at any time to request that the aforementioned rights be exercised.
- Withdrawing your consent – The data subject shall have the right to withdraw the consent regarding processing at any time in which case personal data collected on the basis of such consent will no longer be used for the purposes mentioned.
If you consider that the processing of personal data carried out by us is against privacy protection regulations please let us know by writing to Vizibit or sending an email to: [email protected]
If you believe that Vizibit is processing your data in an unlawful manner and you cannot resolve it in cooperation with us, you have the right to file a complaint with a Supervisory Body (Croatian Personal Data Protection Agency – AZOP).
6. DISCLOSURE TO THIRD PARTIES
We may share your Personal Data with the following types of recipients:
- With our Trust Service Providers;
Swisscom (Switzerland) Ltd
Enterprise Customers Identification Services
HR-10000 Zagreb, Croatia
Financial Agency (FINA)
Ulica grada Vukovara 70,
HR-10000 Zagreb, Croatia
- With any competent law enforcement body, regulatory authority, government agency, court of law or other third party where we believe disclosure is necessary
- (i) as a matter of applicable law or regulation,
- (ii) to exercise, establish or defend our legal rights, or
- (iii) to protect your vital interests or those of any other person.
- With any other person with your consent for such disclosure.
TRANSFERS OF YOUR PERSONAL DATA TO OTHER COUNTRIES
7. SECURITY OF PERSONAL DATA
We actively maintain technical, physical, and administrative security measures designed to provide a high level of protection of User’s Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls.
While we are dedicated to securing our systems and services, Users are responsible for ensuring and maintaining the privacy of their password(s) and account/profile registration information and for verifying that the Personal Data we maintain about them are accurate and current.
8. HOW LONG WE WILL RETAIN YOUR PERSONAL DATA?
We process your personal data until the purpose of processing personal data is met. After the end of the purpose for which they were collected, we no longer use your personal data, and they remain in our storage system and we keep them as much as we are obliged by law on keeping archival materials.
10. CONTACT INFORMATION
If you have any comments or queries in relation to the processing of your personal data, send us an email to: [email protected]