CodeTwo Terms and Privacy
Published: 2021-11-18. See previous versions (https://www.codetwo.com/regulations/privacy#previous-versions)
We abide by the following principles while processing your data:
- we do not collect more information than it is necessary;
- we do not keep your data if it is no longer needed;
Once you decide to contact us, download some of our guides, download or access a trial version of our Software or purchase a license for our Software you will be asked to provide your personal details which – depending on the context – may encompass your full name, your contact details, the name and characteristics of the organization that you represent or billing information. Depending on the context in which you provide your personal data to us, we may use this data e.g. to perform an agreement concluded with you, fulfill statutory data retention obligations (e.g. resulting out of tax law or accounting law regulations), communicate with you and prepare quotations for you, inform you about updates and bug fixes, seek your feedback on our Software and pursue other legitimate goals (e.g. prevent ourselves against fraud). You can find more information about how we process your data in these contexts in the What information do we collect and when? section.
Most of our Software solutions require installation in your on-premises IT infrastructure. This means that in the majority of cases we will not have access to your organization’s data and this data will not be stored in our infrastructure. Only if you decide to use CodeTwo Email Signatures for Office 365, some of your organization’s data will be processed within our infrastructure. We may also temporarily process data which belongs to your organization if you want to use our technical support services and decide to share program and system logs with us. You can find more information about how we process data in the What information do we collect and when? section and in Terms and Conditions of Sales and Services.
You have the right to request access to your data and the right to have information about you corrected or deleted. You also have the right to have the processing of your data restricted. If the processing of your data is based on your consent, you also have the right to withdraw it at any given time. Withdrawal of your consent will not influence the lawfulness of processing based on this consent before its withdrawal. If the processing of your personal data is based on our legitimate interests, you also have the right to object against such processing. We will not use your data for the purposes of automated decision-making or profiling. You can find more information about your rights in the What are your rights? section.
What information do we collect and when?
Our websites and cookies
You can browse our websites without giving away any information about you other than your IP address. Recording of your IP address is necessary for technical purposes related to the administration of our servers. We will also use it to collect general, statistical information about you (e.g. to get information about the region from which you connect with our websites). We will not be able to identify you based only on your IP address.
Our websites use the so-called 'cookies', which are small information files saved to your hard drive. We make use of (1) session cookies, which remain on your device until a web browser session is completed or the web browser is closed, and (2) persistent cookies, which remain on your device until their expiry date is reached or until you delete them. The persistent cookies that we use are never stored for more than a year.
- to collect anonymous and aggregated statistical data about users’ visits on our websites. We use this data to analyze how our websites are used, perform A/B testing and to improve our websites by using Google Analytics and/or other web traffic analytics tools, such as HotJar and CrazyEgg. Learn more about cookies used by Google Analytics and Google Optimize (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#experiments), cookies used by HotJar (https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookie-Information) and cookies used by CrazyEgg (https://www.crazyegg.com/privacy).
- to advertise our products online. We use tracking and remarketing cookies from Google Ads (https://policies.google.com/technologies/ads), Google Analytics (https://support.google.com/analytics/topic/2919631), Bing (https://privacy.microsoft.com/en-US/), LinkedIn (https://www.linkedin.com/legal/cookie-policy), Facebook Conversion Tracking and Facebook Custom Audiences (https://www.facebook.com/policies/cookies/) to advertise our products online. We make use of all targeting features available in Google Ads, including: demographic and location targeting, remarketing, affinity audiences, custom affinity audiences, in-market audiences, similar audiences (learn more about third-party cookies by clicking the links above). You can customize Google Display Network advertisements by using the Google Ads Settings (https://www.google.com/settings/ads) or block sending your data to Google Analytics by installing Google Analytics opt-out browser add-on.
Commenting on our blog posts
If you decide to post a comment on our blog you will be asked to provide your personal details such as your name and your email. We need this data to ensure smooth functioning of our blogs (e.g. ban spammers). The processing of your personal data in this case is based on a contract which is concluded between you and us when you decide to use our blog. We will process your data as long as your comment is visible on our blog. You cannot post a comment without giving away this information about you.
Once you decide to contact us you will be asked to provide your personal details such as your name, the name and characteristics of the organization that you represent and your contact details. Depending on the type of your question, we will use this data to communicate with you, prepare quotations for you and answer any other questions that you may have. If you are not our client and decide not to become one, we will delete your data after your matter is solved and information about you is no longer needed. The processing of your personal data in all of the above cases is based on our legitimate interest, i.e. the need to respond to business queries received from current and potential customers.
Information about the availability and performance of our services
If you decide to receive information about the availability and performance of our services, you will be asked to provide your personal data, such as an email address. If you want, you can also share your phone number with us. Your contact information is necessary for us to inform you about the availability and performance of our services, possible accessibility problems or planned maintenance, as well as to contact you to ask for your feedback or offer our Software. In this case, the processing of your personal data is based on your consent. We will process your personal data until you withdraw your consent or until we get your feedback. You have the right to withdraw your consent at any given time. You are not obliged to give us any of the above information, but you cannot receive information about the availability and performance of our services without providing us with your email address first. Providing a phone number is optional – you don’t need to do that.
Downloading our guides
If you decide to download one of our guides you may be asked to provide your personal details such as your name and your email. We need this data to make the file that you want to download available to you and to be able to contact you after you download our guide and ask for your feedback or offer you our Software. We will only process your personal data for the period necessary to follow up on your download or get your feedback. The processing of your data in such case is based on our legitimate interest.
Downloading trial versions of our Software
If you decide to download or access a trial version of our Software you will be asked to provide your personal details such as your name and your email. If you wish to do so, you may also share your telephone number with us. We need your personal details to:
- make the download or access available to you, to grant you a trial license for our Software and send you important notifications about the Software. The processing of your data in such case is necessary to perform the agreement concluded between you and us;
- prevent ourselves against actions of users who try to make use of the trial version against our Terms and Conditions of Sales and Services. The processing of your data in such case is based on our legitimate interest;
- seek your feedback on our Software, contact you during or right after the trial period and help you make the best use of our Software during this time. The processing of your data in such case is based on our legitimate interest.
If you don’t purchase a license for our Software, we will delete your personal data after all claims that you may bring against us in connection with the use of trial versions of our Software become time-barred.
You are not obliged to give us any of the information above, but you cannot download or access a trial version of our Software without giving away your name and your email. However, you do not have to give away your telephone number if you don’t want to do so.
Purchasing a license for our Software
In order to purchase a license for our Software, apart from your personal details and the details of your organization, you may also be asked to provide credit card data and other billing information. This data is necessary for us to sell a license for our Software to you. Additionally, we will also record your IP address for the purposes of our license control system. We will process this data to perform the agreement concluded with you (i.e. to provide our products and services) and pursue other legitimate goals such as getting your feedback on our products and providing you with vital information about our products and services (e.g. updates, bug fixes, etc.) during the license agreement term. Once the license agreement expires (and you decide not to renew it), we will archive your data and process it to fulfill data retention obligations imposed on us by accounting and tax regulations. We will delete your data after all such statutory data retention periods lapse.
You are not obliged to give us any of the information above, but if you decide not to give it to us or provide us with false or incorrect information we may be unable to respond to your message, to provide our services to you or to process your order.
Making use of our Software
Unless you decide to use CodeTwo Email Signatures for Office 365, we will not store any personal data that you or your organization process using our Software. In particular, we will not process this data within our infrastructure. This means that you will be the controller of your data and that we will not be the processor of such data. This is because most of our Software is not cloud-based and requires installation in your on-premises IT infrastructure. It also means that it is your obligation to make sure that processing of personal data within this Software is done in accordance with applicable privacy regulations, such as the GDPR.
Our Software does not have any capabilities that would allow us to access your IT infrastructure at any time. If you ask us to do so, we may mutually agree to conduct a remote session using e.g. TeamViewer, Skype or other similar tools. You should make sure that you do not reveal any personal or other sensitive data to us during a remote session.
From time to time, if you request technical support from us, we may ask you to provide our technicians with Software log files or system log files. You should make sure that you do not reveal any personal or other sensitive data to us when sharing the log files with us. In case it is impossible for you to remove personal data from the log files, we may get access to a limited scope of personal data that you control and process using our Software (e.g. some email addresses of people within your organization) contained in the log files. We will use these log files to render technical support services to you and also to analyze the performance of our products and improve them. We will delete the log files once issues that they document are fixed and they are no longer needed.
From time to time, to ensure proper performance of the agreement concluded with you, we may use your email address or telephone number that you provided us with while purchasing a license for our Software, or that you defined in our Software, to send you technical information, e.g. about the necessity to update the Software, difficulties in accessing the service, or planned maintenance. We provide you with such information so that you can make use of the purchased license for our Software without any issues.
If you decide to use CodeTwo Email Signatures for Office 365 we will process personal data that you control within our infrastructure at a location of your choice. According to the GDPR, in such a case we will be the processor of such data and you will remain the controller of the data. In principle, this data will encompass some of your Azure AD data and email addresses of users within your organization. In respect of some of the additional features of CodeTwo Email Signatures for Office 365, we might ask you to grant our application additional access rights and process other types of data than mentioned above. See Appendix 3 in Terms and Conditions of Sales and Services (https://www.codetwo.com/regulations/sales-and-services#appendix-3).
We will process all data that you entrust us for processing in accordance with the Personal Data Processing provisions contained in Terms and Conditions of Sales and Services (https://www.codetwo.com/regulations/sales-and-services). These Terms contain all of our representations and obligations as data processor and – once accepted by you – constitute a Data Processing Agreement, as prescribed by art. 28 of the GDPR. Even in such case, however, our access policies make it impossible for us to physically access your data.
What are your rights?
In order to comply with requests concerning your rights, sometimes we may ask you to give us some additional information that we will use to verify your identity. If you fail to provide such information and the information that you have already given to us is not sufficient to identify you, we may refuse to fulfill your request.
Access to data
You have the right to access the information that we have on you. If you choose to exercise this right, we will also make sure to provide you with a copy of the data we process about you.
We will fulfill your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you with an administrative fee.
Rectification of data, erasure and restriction of processing
If you believe that the information we have about you is incorrect, you are welcome to contact us, so we can update it and keep your data accurate.
We will automatically delete information about you after it is no longer needed for the purposes it was collected for. Nonetheless, if at any point you wish for us to delete information about you, you have the right to do so.
You also have the right to obtain restriction of processing of your data.
In case the processing of your personal data is based on a contract, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You can also request us to transmit such data to another controller if it is technically feasible.
Withdrawal of consent and the right to object to processing
If the processing of your data is based on a consent, you have the right to withdraw your consent at any time. Remember that withdrawal of consent will not affect the lawfulness of processing based on this consent before its withdrawal.
In case the processing of your data is based on our legitimate interest you have the right to object to such processing.
We do not use any information provided by you for the purposes of automated decision-making, including profiling.
Disclosure of your data
We guarantee that all your personal information is protected, and that we will not make this information available to third parties in cases different than those specified below, unless you give us a permission to do so or unless such disclosure is necessary to comply with a legal obligation that is imposed on us.
We may share information that you provided us with while purchasing a license for our Software, or that you defined in our Software, with:
- payment processors, i.e. PayPal and Braintree, in order to be able to process and complete the payment process for your order;
- providers of services necessary to automate and simplify the process of concluding electronic agreements with our clients (e.g. services such as DocuSign);
- providers of services necessary to send transaction-related and product-related information via email and SMS to the extent that such disclosure is necessary to automate, simplify and analyze these processes, to ensure proper performance of the agreement concluded with you;
- external accounting and bookkeeping services providers to the extent that such disclosure is necessary to have these services provided to us;
- our legal advisors to the extent that such disclosure is necessary to obtain legal advice or protect our rights in legal proceedings;
- governments and law enforcement authorities only if we are required to do so by law. We will always attempt to redirect the law enforcement agency or government to request any data directly from you. If compelled to disclose your data, we will promptly notify you and provide a copy of the demand.
We may share information obtained in connection with your use of CodeTwo Email Signatures for Office 365 only if required to do so by law or if necessary to protect our rights in legal proceedings.
International data transfers
Whenever possible, we will try to use processors which process personal data within the European Economic Area (“EEA”). In case there is a need for us to use processors located outside of the EEA, we will only disclose personal data to them provided that appropriate international data transfer safeguards described in the GDPR are in place.
If you have further questions about international data transfers that we make or want to obtain a copy of the safeguards that are in place to guarantee the legality of the transfer you can contact our Data Protection Officer using this form (https://www.codetwo.com/form/data-protection/).
How to contact us and seek additional help?
We hope that we will be able to answer all your questions and settle all disputes amicably. Nonetheless, if you think that your rights were not observed or that your privacy was harmed, you can always lodge a complaint with the Polish Personal Data Protection Authority which directly supervises our operations or with a personal data protection authority of the country that you reside in.
CodeTwo is a limited partnership (CodeTwo sp. z o.o. sp. k.) established under the laws of the Republic of Poland. You can find our full contact details here (https://www.codetwo.com/company/contact).
- 2021-01-12 (https://www.codetwo.com/regulations/privacy/archive-2021-01-12)
- 2020-10-28 (https://www.codetwo.com/regulations/privacy/archive-2020-10-28)
- 2020-04-09 (https://www.codetwo.com/regulations/privacy/archive-2020-04-09)
- 2019-07-25 (https://www.codetwo.com/regulations/privacy/archive-2019-07-25)
- 2019-03-29 (https://www.codetwo.com/regulations/privacy/archive-2019-03-29)
- 2018-12-27 (https://www.codetwo.com/regulations/privacy/archive-2018-12-27)
- 2018-10-24 (https://www.codetwo.com/regulations/privacy/archive-2018-10-24)
- 2018-05-02 (https://www.codetwo.com/regulations/privacy/archive-2018-05-02)
- 2017-03-31 (https://www.codetwo.com/regulations/privacy/archive-2017-03-31)