CodeTwo Terms and Privacy
This is an outdated version of the document - the current version is available here.
We abide by the following principles while processing your data:
- we do not collect more information than it is necessary;
- we do not keep your data if it is no longer needed;
Once you decide to contact us or purchase a license for our software you will be asked to provide your personal details such as your full name, the name and characteristics of the organization that you represent, your contact details or billing details. Depending on the context, we will use this data either to communicate with you and prepare quotations or to provide our services to you and pursue other legitimate goals (e.g. inform you about updates and bug fixes) during the license term. You can find more information about how we process your data once you decide to contact us or become our client in the Contacting us and purchasing software section.
Most of our software solutions require installation in your on-premises IT infrastructure. This means that in the majority of cases we will not have access to your organization’s data and this data will not be stored in our infrastructure. Only if you decide to use CodeTwo Email Signatures for Office 365, some of your organization’s data will be processed within our infrastructure (e.g. some Azure AD data including email addresses of your users). We may also temporarily process data which belongs to your organization if you want to use our technical support services and decide to share program and system logs with us. You can find more information about how we process data in the Our software section and in Terms and Conditions of Sales and Services.
You have the right to request access to your data and the right to have information about you corrected or deleted. You also have the right to have the processing of your data restricted. If the processing of your data is based on your consent, you also have the right to withdraw it at any given time. Withdrawal of your consent will not influence the lawfulness of processing based on this consent before its withdrawal. If the processing of your personal data is based on our legitimate interests, you also have the right to object against such processing. We will not use your data for the purposes of automated decision-making or profiling. You can find more information about your rights in the What are your rights?section.
What information do we collect and when?
Our websites and cookies
Unless you decide to comment on our blog post, download one of our guides, contact us or purchase a license for our software, you can browse our websites without giving away any information about you other than your IP address.
- to collect anonymous and aggregated statistical data about users’ visits on our websites. We use this data to analyze how our websites are used and to improve them using Google Analytics and/or other web traffic analytics tools.
- to advertise our products online. We use tracking and remarketing cookies from Google AdWords, Google Analytics, Facebook Conversion Tracking and Facebook Custom Audiences to advertise our products online. We make use of all targeting features available in Google AdWords including: demographic and location targeting, remarketing, affinity audiences, custom affinity audiences, in-market audiences, similar audiences (learn more about cookies used in ads by Google and about cookies used by Facebook). You can customize Google Display Network advertisements using the Google Ads Settings or block it by installing Google Analytics opt-out browser add-on.
If you decide to post a comment on our blog you will be asked to provide your personal details such as your name and your email. You cannot post a comment without giving away this information about you.
Contacting us and purchasing software
Although you can browse our websites without giving away information about you, once you decide to contact us you will be asked to provide your personal details such as your name, the name and characteristics of the organization that you represent and your contact details. Depending on the type of your question, we will use this data to communicate with you, prepare quotations for you and answer any other questions that you may have. If you are not our client and decide not to become one, we will delete your data immediately after your matter is solved and information about you is no longer needed. The processing of your personal data in all of the above cases is based on our legitimate interest, i.e. the need to respond to business queries received from potential customers.
In order to make a purchase, apart from your personal details and the details of your organization, you may also be asked to provide credit card and other billing information. This data is necessary for us to sell our software to you. Additionally, we will also record your IP address for the purposes of our license control system. We will process this data to perform the agreement concluded with you (i.e. to provide our products and services) and pursue other legitimate goals such as getting your feedback on our products and providing you with vital information about our products and services (e.g. updates, bug fixes, etc.) during the license agreement term. Once the license agreement expires (and you decide not to renew it), we will archive your data and process it to fulfill data retention obligations imposed on us by accounting and tax regulations. We will delete your data after all such statutory data retention periods lapse.
You are not obliged to give us any of the information above, but if you decide not to give it to us or provide us with false or incorrect information we may be unable to respond to your message, to provide our services to you or to process your order.
Unless you decide to use CodeTwo Email Signatures for Office 365, we will not store any personal data that you or your organization process using our software. In particular, we will not process this data within our infrastructure. This means that you will be the controller of your data and that we will not be the processor of such data. This is because most of our software is not cloud-based and requires installation in your on-premises IT infrastructure. It also means that it is your obligation to make sure that processing of personal data within this software is done in accordance with applicable privacy regulations, such as the GDPR.
Our software does not have any capabilities that would allow us to access your IT infrastructure at any time. If you ask us to do so, we may mutually agree to conduct a remote session using e.g. TeamViewer, Skype or other similar tools. You should make sure that you do not reveal any personal or other sensitive data to us during a remote session.
From time to time, if you request technical support from us, we may ask you to provide our technicians with software log files or system log files. You should make sure that you do not reveal any personal or other sensitive data to us when sharing the log files with us. In case it is impossible for you to remove personal data from the log files, we may get access to a limited scope of personal data that you control and process using our software (e.g. some email addresses of people within your organization) contained in the log files. We will use these log files to render technical support services to you and also to analyze the performance of our products and improve them. We will delete the log files once issues that they document are fixed and they are no longer needed.
If you decide to use CodeTwo Email Signatures for Office 365 we will process personal data that you control within our infrastructure at a location of your choice. According to the GDPR, in such a case we will be the processor of such data and you will remain the controller of the data. This data will encompass some of your Azure AD data and email addresses of users within your organization. We will process such data in accordance with the Personal Data Processing provisions contained in Terms and Conditions of Sales and Services. These Terms contain all of our representations and obligations as the data processor and – once accepted by you – constitute a Data Processing Agreement, as prescribed by art. 28 of the GDPR. Even in such case, however, our access policies make it impossible for us to physically access your data.
What are your rights?
In order to comply with requests concerning your rights, sometimes we may ask you to give us some additional information that we will use to verify your identity. If you fail to provide such information and the information that you have already given to us is not sufficient to identify you, we may refuse to fulfill your request.
If you wish to exercise any of the rights described below you can do this by contacting us using this form.
Access to data
You have the right to access the information that we have on you. If you choose to exercise this right, we will also make sure to provide you with a copy of the data we process about you.
We will fulfill your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you with an administrative fee.
Rectification of data, erasure and restriction of processing
If you believe that the information we have about you is incorrect, you are welcome to contact us, so we can update it and keep your data accurate.
We will automatically delete information about you after it is no longer needed for the purposes it was collected. Nonetheless, if at any point you wish for us to delete information about you, you have the right to do so.
You also have the right to obtain restriction of processing of your data.
In case the processing of your personal data is based on a contract, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You can also request us to transmit such data to another controller if it is technically feasible.
Withdrawal of consent and the right to object to processing
If the processing of your data is based on a consent, you have the right to withdraw your consent at any time. Remember that withdrawal of consent will not affect the lawfulness of processing based on this consent before its withdrawal.
In case the processing of your data is based on our legitimate interest you have the right to object to such processing.
We do not use any information provided by you for the purposes of automated decision-making, including profiling.
Disclosure of your data
We guarantee that all your personal information is protected, and that we will not make this information available to third parties in cases different than those specified below, unless you give us a permission to do so or unless such disclosure is necessary to comply with a legal obligation that is imposed on us.
We may share information that you provided us with, while purchasing a license for our software with:
- payment processors, i.e. PayPal and Braintree, in order to be able to process and complete the payment process for your order;
- providers of services necessary to automate and simplify the process of concluding electronic agreements with our clients (e.g. services such as DocuSign);
- providers of services necessary to send transaction-related and product-related information via email and SMS to the extent that such disclosure is necessary to automate, simplify and analyze these processes;
- external accounting and bookkeeping services providers to the extent that such disclosure is necessary to have these services provided to us;
- our legal advisors to the extent that such disclosure is necessary to obtain legal advice or protect our rights in legal proceedings;
- governments and law enforcement authorities only if we are required to do so by law. We will always attempt to redirect the law enforcement agency or government to request any data directly from you. If compelled to disclose your data, we will promptly notify you and provide a copy of the demand.
We may share information obtained in connection with your use of CodeTwo Email Signatures for Office 365 only if required to do so by law or if necessary to protect our rights in legal proceedings.
International data transfers
Whenever possible, we will try to use processors which process personal data within the European Economic Area (“EEA”). In case there is a need for us to use processors located outside of the EEA, we will only disclose personal data to them provided that appropriate international data transfer safeguards described in the GDPR are in place.
If you have further questions about international data transfers that we make or want to obtain a copy of the safeguards that are in place to guarantee the legality of the transfer you can contact us using this form.
How to contact us and seek additional help?
We hope that we will be able to answer all your questions and settle all disputes amicably. Nonetheless, if you think that your rights were not observed or that your privacy was harmed, you can always lodge a complaint with the Polish Personal Data Protection Authority which supervises our operations.
CodeTwo is a limited partnership (CodeTwo sp. z o.o. sp. k.) established under the laws of the Republic of Poland. You can find our full contact details here.
Effective date: 2018-10-24