Viseven Privacy Policy

Table of Content

1. Introduction

Viseven Europe OÜ, registry code 12627365, is registered at Lõõtsa Str. 2a, Lasnamäe district, Tallinn, Harju County, 11415, Estonia and its Affiliates (“Viseven Europe”, “Viseven”, or the “Company”, “We”, “Us”, “Our”) are committed to secure and trustworthy Internet commerce and the individual’s right to privacy. This Privacy Policy describes Viseven Europe’s information practices: what information Viseven Europe and its related entities collect about you and why, what we do with that information, how we share it, and how we handle the content you place in our products and services. It also explains the choices available to you regarding our use of your Personal Data and how you can access and update this information.

For the purposes of this Policy, Viseven Europe OÜ is a controller of your Personal Data. Our Affiliate, service providers and/or other business partners may process your Personal Data as data processors on our behalf and pursuant to our instructions in order to assist us in meeting business operations needs and to perform certain services and functions, such as engineering, sales and marketing.

This Privacy Policy is effective as of the date first set forth above. We may update this Privacy Policy from time to time. If we make changes, we will post the updated Privacy Policy on this page or another page that links to this page and specify the date of last revision on the bottom of this webpage. We encourage you to look for updates and changes to this Privacy Policy by checking this date when you access our website. We will notify you of any modifications to this Privacy Policy that might materially affect the way we use or disclose your personal data prior to the change becoming effective by means of a message on this website, unless another type of notice is required by the applicable law. Your continued use of the website and our Services after we have posted changes to this Privacy Policy or notified you, if applicable, is deemed to be your acceptance of those changes.

2. Definitions

“Affiliates” mean entities in Viseven group, namely:

• VISEVEN EUROPE LLC (Ukraine), identification code 38428784, is registered at Peremohy Str. 99, 10003, Zhytomyr, Ukraine
• VISEVEN USA LLC (USA), company number 0450363936, is registered at 1170 Route 22, BRIDGEWATER, NEW JERSEY 08807
• VISEVEN INDIA PRIVATE LIMITED (India), PAN No AAHCV5695A, GSTIN: 07AAHCV5695A1Z5, is registered at 4/65 2ND FLOOR, PHASE 2 ASHOK VIHAR NEAR SAGAR RATNA, 110052, New Delhi

“Authorized Personnel” means (a) Viseven’s employees who have a need to know or otherwise access Personal Data for the purposes stated in this Privacy Policy on behalf of Viseven; and (b) Viseven’s contractors, agents, and auditors who have a need to know or otherwise access Personal Data under this Privacy Policy, and who are bound in writing by confidentiality and other obligations sufficient to protect Personal Data in accordance with this Privacy Policy.

“Content” means any information or data that you upload, submit, post, create, transmit, store or display in a Service.

“Device” is any computer used to access the Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.

“Downloadable products” are Viseven Europe OÜ’s downloadable software products and mobile applications that are installed by customers on an infrastructure of their choice.

“European Data Protection Law” or “GDPR” means the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national legislation implementing the GDPR and, if applicable, the UK data Protection Act 2018 and the UK GDPR.

“Personal Data” is information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, phone number or other information relating to you as an identified or identifiable natural person. Personal Data does not include information that has been anonymized such that it does not allow for the ready identification of specific individuals.

“SaaS products” are the Viseven or its Affiliates` “Cloud” hosted solutions, as well as other Viseven or its Affiliates` hosted solutions that display a link to this Privacy Policy. For the avoidance of doubt, if an Viseven or its Affiliates` hosted solution displays a link to a different privacy policy, this other privacy policy shall apply.

“Services” refers to our SaaS Products made available via our Websites and other services provided to you by Viseven or any of its Affiliates. Unless otherwise stated, our SaaS products and our Downloadable products are treated the same and are Services for the purposes of this document.

“Usage Data” is aggregated data about a group or category of services, features or users that does not contain Personal Data.

“Websites” Viseven or its Affiliates` websites, including but not limited to viseven.com, ewizard.io, cobalt-engine.com and any related websites, sub-domains and pages.

“You” and “your” refers to the individual to whom personal data covered by this Privacy Policy relates.

The terms “controller”, “processor” and consequential verbs used in this Privacy Policy have the meaning stated in GDRP.

3. Scope

This Privacy Policy applies to the information that we obtain through your use of our Website, Services or when you otherwise interact with us.

This Privacy Policy covers the information practices of our:

• Websites
• SaaS products
• Downloadable products

but does not include our products or Services for which a separate privacy policy is provided.

Third party products. These are products or services that are integrated with Viseven products or services. You should always review the policies of third party products and services to make sure you are comfortable with the ways in which they collect and use your information.

The Company’s Websites may contain links to other websites. We are not responsible for the information practices or the content of such other websites. Our Websites may also include social media features, such as the Facebook, Twitter, Google+, LinkedIn, Xing buttons. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy statement of the company providing it.

4. Information we collect

4.1. Information provided directly by you

When expressing an interest in obtaining additional information about our products or Services or accessing secure areas of our Websites, we require you to provide the following Personal Data, where applicable:

• Name, company name, email address, job title, industry, country of residence, phone number.
• Login and password (credentials for access to your personal accounts or instances).
• Employment information, such as information about your career and background information necessary for employment purposes (“Employment information”).

You may provide this information directly if it needed for your use of our Services and/or Websites. If you are our employee or individual subcontractor we also ask you to provide consent for collecting education-, career-related and other background information which we process according to our notice related to processing recruitment data that is provided in your contract or as a separate document by our HR-specialists.

Also, we collect other data that you submit to our Websites or as you participate in any interactive features of the our Services, participate in a survey, contest, promotion, sweepstakes, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us.

In some cases, another user (such as a system administrator) may create an account on your behalf and may provide your information, including Personal Data (most commonly when your company requests that you use our Services). We collect information under the direction of our customers and often have no direct relationship with the individuals whose Personal Data we process. If you are an employee of one of our customers and would no longer like us to process your information, please contact your employer. If you are providing information (including personal data) about someone else, you must have the authority to act for them and to consent to the collection and use of their personal data as described in this Privacy Policy.

We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our Services. Such Content includes any Personal Data or other sensitive information that you choose to include (“Third party personal data”). Commonly, we do not process such data since it is unreachable for us and its use is out of our reasonable control, but in some circumstances, we may be deemed as processors of this data. In this case, we act as processors according to applicable law and/or instructions of the controller of such data, and you (or the company on whose behalf you access and use our Services) are a controller of such data according to the provisions of GDPR. Our actions in the processor`s role are subject to applicable law and/or data processing agreement and/or instructions of the controller of such data. We are not responsible for neither the content of the personal data contained in the Content or other information stored on our servers (or our subcontractors’ servers) at your discretion, nor for the manner in which your collect, handle disclosures of, distribute or otherwise process such information.

4.2. Information received from third parties

We may also obtain information from third-parties, such as:

• Our Affiliates when it is necessary for properly providing Services and/or to conduct business. From our Affiliates we may also obtain Employment information for the purposes of processing.
• Our authorized resellers, distributors and partners if there is lawful basis to do so. For example, if you purchase access to the Services through one of these partners.
• Other third parties, such as email campaigns, marketing partners and publicly available sources. We may use this information to enhance the information that we already maintain about you and to improve the accuracy of our records, in addition to other purposes described in this Privacy Policy.
• Social media and authentication services. We may have access to certain information from a third-party social media or authentication service if you log into our Services through the service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. By authorizing us to connect with a third-party service, you authorize us to access and store your name, email address(es), current city, profile picture URL, and other information that the third-party service makes available to us, and to use and disclose it in accordance with this Privacy Policy. You should check your privacy settings on these third-party services to understand and change the information sent to us through these services.

4.3. Information collected automatically

• Web Logs

As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and SaaS Products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information. In the case of our SaaS Product, the URLs you accessed (and therefore included in our log files) include usernames as well as elements of Content as necessary for the SaaS Product to perform the requested operations. Occasionally, we connect Personal Data to information gathered in our log files as necessary to improve our Services for individual customers. In such a case, we would treat the combined information in accordance with this Privacy Policy.

• Analytics information from Website and SaaS Products

We collect analytics information when you use our Websites and SaaS Products to help us improve our products and services. In the SaaS Products, this analytics information consists of the feature and function of our Service being used, the associated license identifier (SEN) and domain name, the username and IP address of the individual who is using the feature or function (which will include Personal Data if the Personal Data was incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of our Services are being affected.

• Analytics information Derived from Content

Analytics information also consists of data we collect as a result of running queries against Content across our user base for the purposes of generating Usage Data.

Though we may happen upon sensitive or Personal Data as we compile Usage Data from Content across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Content of any particular customer.

• Analytics and other information from Downloadable products

We collect analytics information when you use our Downloadable products to help us improve our products and Services. Our Downloadable products contain a feature that sends information about the technical operation of the Downloadable products on your systems to us.

In addition, we collect analytics information from Downloadable products that is a subset of the analytics information described above for Websites and SaaS Products. As with Websites and SaaS Products, the analytics information we collect includes elements of Content related to the function the user is performing, but with an important caveat. With the Downloadable products, before sending the information to servers, we filter the analytics information to remove elements that we believe may contain sensitive or Personal Data.

During the installation of our Downloadable products, the installer may send analytics information to us to allow us to understand where in the installation process users are experiencing trouble or dropping out. Examples of information we collect for these purposes include the name and version of the Downloadable product and the server ID, SEN, and IP address of the customer instance.

• Google Analytics

Our Services use Google Analytics, a web analytics service of Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). The use includes the “Universal Analytics” operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user’s activities across devices.

• Cookies

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. Cookies enable us to track and target the interests of our users to enhance the experience on our site. Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that, some features of this site may not work as intended.

Our Services and Websites use the following types of cookies:

• Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
• Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
• Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
• Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
• Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.
• We may use other third-parties cookies installed in our Services.

You can decide whether to accept or reject cookies other than necessary cookies. You can manage your cookie preferences by clicking on the “Cookies Settings” on our cookie banner, which provides you with a list and extensive description of cookies.

For more information on Cookies, please visit http://www.allaboutcookies.org/.

You can also change your browser’s settings to delete cookies that have already been set and to not accept new cookies.

• Other tracking technologies

Cookies are not the only way to recognize or track visitors to a website. We may use other similar technologies from time to time, called pixel tags (or web beacons or clear gifs). These are tiny graphics files that contain a unique identifier permitting us to recognize when someone has visited our Websites and track the online movements of Website users. This helps us better manage the Website by informing us what content is effective and improve the effectiveness of our marketing campaigns. In contrast to cookies, which are stored on a user’s computer hard drive, pixels are embedded on Website pages. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

5. Use of information collected

We use the information collected from our Websites, Services and other sources as defined above for the purposes as follows:

5.1. Based on the performance of a contract with you or to take steps at your request prior to entering into a contract, we use your Personal Data to:

• Provide Services and manage your user account.
• Respond to your service requests, questions and concerns.
• Enable you to access and use our Services, including uploading, downloading, collaborating on and sharing Content.
• Process and complete transactions, and send you related information, including purchase confirmations and invoices.
• Send transactional messages, including responding to your comments, questions, and requests related to your use or intention to use of our Services.
• Provide customer service and support, send you technical notices, updates, security alerts, and support and administrative messages.
• To conduct HR activities with regard to your Employment information, ensure and perform our rights and obligations as an employer or a customer if you act as an individual contractor.

5.2. To the extent permitted by applicable law, and for certain legitimate interests, we use your Personal Data to:

• Operate and administer our Websites, provide you with content you access and request (e.g., to download content from our Websites), and to respond to your requests for our Services (including sharing your personal data with our resellers as necessary to respond to your request for the Services in an efficient manner and facilitate the sale of our Services, as described in the “Personal Data sharing and disclosure” section below).
• Send promotional communications, such as providing you with information about services, features, surveys, newsletters, offers, promotions, contests, events and sending updates about our products and/or Services, providing other news or information about us and our select partners that may be interesting to you, including by email, push-notification or otherwise, as permitted by law.
• Invite you to events, meetings, workshops, roundtables, congresses (including professional training), identified as of specific interest to you, organized and managed by us, our Affiliates and/or partners, resellers and other contracting parties to these activities, independently or in cooperation with other entities identified from time to time in the invitations (brochures and/or presentations) that will be previously mailed or delivered to you to allow you to register for the event; execute complementary activities following your registration for these events, such as, for example, activities related to the organization and management of them; if you attend, to use your personal images that may have been collected in the course for possible publication on different (paper, tape and/or digital) supports, or through other means of communication or media, including websites, portals and social networks present on the internet.
• Send administrative information to you, for example, information regarding the Websites, Services and changes to our terms, conditions, and policies.
• Monitor and analyze trends, usage, and activities in connection with our Services and for marketing and/or advertising purposes. It helps to improve your user experience, develop our Services and business.
• Investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.
• Personalize our Services, including by providing content, features, or advertisements that match your interests and preferences.
• For other internal business purposes, such as data analysis, benchmarking, audits, conducting research, analysis, studies or surveys and identifying usage trends.
• To (a) comply with legal obligations and legal process; (b) respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) enforce terms of Services; (d) protect our operations; (e) protect our rights, privacy, safety of property, and/or that of you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain.
• Transfer your Personal Data to the partner(s) in the event, meeting, workshop and similar activities, to reseller and marketing partners, who may use them, as independent data controllers, for marketing initiatives aimed at: promoting products or services, carrying out market research, performing statistical surveys, any further activities that these subjects will be required, pursuant to the current legislation on the protection of personal data, to communicate by means of a privacy notice.
• If you ask us to delete your data or to be removed from our marketing lists and we are required to fulfill your request, to keep basic data to identify you and prevent further unwanted processing.
• For other purposes about which we obtain your consent.

Where required by law we will only send you marketing information if you consent to us doing so at the time you provide us your personal data. You may opt-out of receiving such emails by following the instructions in each promotional email we send you or by updating your user settings. In addition, if at any time you wish not to receive future communications or you wish to have your name deleted from our mailing lists, please contact us at privacy@viseven.com. We will continue to contact you via email regarding the provision of our Services and to respond to your requests.

6. Personal Data sharing and disclosure

We will not share or disclose any of your Personal Data or Content with third parties except as described in this Policy. We share your Personal Data only with Authorized Personnel as needed for achievement of purposes specified herein and subject to the framework of applicable data protection legislation.

6.1. Disclosures made by you

When you use our Services, Content you provide will be displayed back to you. Certain features of our Services allow you or your administrator to make some of your Content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you input into Services.

6.2. Collaboration

You may create Content and grant permission to other Services` users to access it for the purposes of collaboration. Some of the Services collaboration features display your profile information, including Personal Data included in your profile, to users with whom you have shared your Content. Where this information is sensitive, we urge you to use the various security and privacy features of Services to limit those who can access such information. Your sharing settings may make any information, including some Personal Data, that you submit to the Services visible to the public, unless submitted to a restricted area.

6.3. Access by your system administrator

You should be aware that the administrator of your instance in our Services may be able to:

• access information in and about your Services account;
• access communications history, including file attachments, for your Services account;
• disclose, restrict, or access information that you have provided or that is made available to you when using your Services account, including your Content;
• control how your Services account may be accessed or deleted.

We do it in accordance with Services contracts and/or our legitimate interests provided that such interests are not overridden by your interests or fundamental rights and freedoms which require protection of Personal Data.

6.4. Service providers and subcontractors

We work with third party service providers to provide website, application development, hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis, email communication and customer support services, analytics and data providers, marketing, advertising and investor relations and other services for us. These service providers may have access to or process your information for the purpose of providing those services for us.

Depending on your use of our Services and on our processing activities, we may engage the following service providers, who may be deemed as processors or sub-processors in accordance with the activities and the nature of processing they perform:

Name	Services	Country	Privacy statement and Data Processing Addendum (if applicable)
Microsoft Inc.	Power BI analytics, Integration with MS Office and Office 365	Global	Privacy Statement Data Processing Addendum
Atlassian Pty Ltd	Workflow management	Global	Privacy Policy Data Processing Addendum
CREATIO EMEA LTD	Enterprise resource planning, marketing services	EU, USA	Privacy Policy Data Processing Addendum
ZoomInfo Technologies LLC	Website analytics	USA	Privacy Policy
Amazon Web Services EMEA SARL	Hosting and storage services	EU	Privacy Statement Data Processing Addendum
Hi Bob, Inc.	Accounting and HR services	USA	Privacy Policy Data Processing Addendum
Lever	Database of recruiters	USA	Privacy Notice Data Processing Addendum Other legal information
LinkedIn Sales Navigator	Marketing activities	Global	Privacy Policy Data Processing Addendum
TalentLMS (Epignosis LLC)	Learning management system	Global	Privacy Notice Data Processing Addendum
Hetzner Online GmbH	Server capacities, licenses, data lake	EU	Privacy Policy Notice on Technical and Organizational Measures

6.5. Affiliates

We may share your data with our Affiliates for administrative purposes, to help provide our Services and related customer support or to conduct sales and marketing activities on our behalf. For example, if you request information about a company or a service from a Viseven company, then we may pass your personal data relevant to such request onto another Viseven company to enable them to appropriately respond to your request.

Also, as to Employment information, we may share your Personal Data with our Affiliates to conclude internal HR activities and to perform other rights and obligations with regard to Authorized Personnel.

6.6. Resellers and distributors

When necessary to provide Services or respond your inquire about the Services, we may share your personal data with our authorized resellers, distributors and other business partners as necessary to respond to your request for our Services in an efficient manner and facilitate the sale of our Services and for those third parties’ own marketing services.

These third parties will process your personal data as separate data controllers and in accordance with their privacy policies. Please refer to the privacy policy of the applicable reseller for information on the reseller’s privacy practices. If sharing of your Personal Data includes cross-border transfer to third countries, we ensure compliance with Chapter 5 of GDPR, where applicable, and take appropriate measures to protect your Personal Data as prescribed by law.

6.7. Social media widgets

Our Services may contain social media features, such as the Twitter “tweet” button. These features may collect your IP address, which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it. Also, where permissible according to applicable law and subject to your consent, we may share your Personal Data with social network websites, such as Facebook, LinkedIn or Google, to generate leads, drive traffic to our websites or otherwise promote our products or Services. The social network websites with which we may share your personal data are not controlled or supervised by us. Therefore, any questions regarding how your social network websites service provider processes your personal data should be directed to such provider.

6.8. Business transfers

We may share or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on our Services of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data in this case.

6.9. Legal requirements and protection of our rights

We may disclose your Personal Data to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Viseven‘s products and services, (d) to protect us, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

6.10. Aggregated or anonymized data

We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.

7. Information we do not share

We do not share Personal Data about you with third parties for their marketing purposes (including direct marketing purposes) without your permission. We will share your Personal Data with third parties only in the ways that are described in this Privacy Policy. We do not sell your Personal Data or Content to third parties.

8. Data retention and security

We retain your personal data for as long as reasonably necessary to provide the Services and fulfil the transactions you have requested, complying with our legal obligations or for other legitimate business purposes, such as maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, enforcing our agreements and other purposes specified in Section 5 of this Privacy Policy. After the applicable retention period has elapsed, your personal data will be anonymized and/or deleted.

The security of your Personal Data and our Customers’ information is important to us. We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. While we take reasonable efforts to guard your Personal Data, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any Third party personal data you choose to store in Websites or SaaS Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that information. If you have any questions about security on our Websites, or within our products and services, you can contact us at support@viseven.com.

Where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS).

Where Downloadable products are used, responsibility of securing access to the data you store in the Downloadable products rests with you and not Viseven. We strongly recommend that administrators of Downloadable products configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data.

9. Notice under California Consumer Privacy Act

Our Website and Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer (you) or household (“Personal Data”,” Personal Information”). In particular, we collected the following categories of Personal Information within the last twelve (12) months:

Category	Examples
A. Identifiers	Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
D. Commercial information	Records of personal property, products or Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
F. Internet or network activity	Browsing history, search history, information on a Consumer’s interaction with a Website, application, or advertisement.
G. Geolocation data	Physical location or movements.
I. Professional or employment-related information	Current or past job history or performance evaluations.

We obtain the categories of Personal Information listed above from the following categories of sources:

• Directly from you. For example, from forms you complete or products and Services you use and/or purchase.
• Indirectly from you. For example, from your activity on our Website.

We do not intentionally collect other categories of Personal Data, such as:

• Category C – Protected classification characteristics under California or federal law (age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
• Category E – Biometric information (genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data).
• Category H – Sensory data (audio, electronic, visual, thermal, olfactory, or similar information).
• Category J – Non-public education information (education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records).
• Category K – Inferences drawn from other personal information (profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes).

Personal Information does not include (i) publicly available information from government records; (ii) deidentified or aggregated Consumer information; (iii) information excluded from the scope of the CCPA, including:

• Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 ( HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
• Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We may use or disclose the Personal Information we collect for one or more of the business described in Section 5 of this Privacy Policy.

California Privacy Rights. To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the Personal Information we collect:

• The right to know what Personal Information we have collected and how we have used and disclosed that Personal Information;
• The right to request deletion of your Personal Information;
• The right to be free from discrimination relating to the exercise of any of your privacy rights.

Exercising Your Rights. California residents can exercise the above privacy rights by contacting us at privacy@viseven.com

In order to protect your Personal Information from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information for verification. If we cannot verify your identity, we will not provide or delete your Personal Information.

You may submit a request to know or a request to delete your Personal Information through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us.

Without limiting our ability to disclose information as described in the section of our Privacy Policy entitled “Business transfers”, for purposes of the California Consumer Privacy Act we do not and will not sell your Personal Data.

10. Privacy notice under GDPR

This section applies to individuals in the EEA, the UK and/or Switzerland.

10.1. Lawful basis for processing

Our legal basis for the processing of Personal Data are: (i) consent or (ii) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of our Services, preventing fraud, ensuring information and network security, direct marketing and advertising, and complying with industry practices. For more information please refer to Section 5 “Use of information collected” above.

10.2. Your rights

As the data subject, you have:

• the right of access (Art 15 GDPR). If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of the personal data along with certain other details.
• the right to rectification (Art 16 GDPR). If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible.
• the right to erasure (Art 17 GDPR). You may ask us to erase your Personal Data in some circumstances, such as where we no longer need it or you withdraw your consent. If we shared your Personal Data with others, we will alert them to the need for erasure where possible.
• the right to restriction of processing (Art 18 GDPR). You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible.
• the right to data portability (Art 20 GDPR). You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that we processed with automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
• the right to object (Art 21 GDPR). You may ask us at any time to stop processing your Personal Data, and we will do so:
  • if we are relying on a legitimate interest to process your Personal Data – unless we demonstrate compelling legitimate grounds for the processing or your Personal Data is needed to establish, exercise, or defend legal claims; or
  • in certain circumstances, if we are processing your Personal Data for direct marketing.
• the right to withdraw consent (Art 7 (3) GDPR). If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
• the right to make a complaint with the data protection authority. If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

You may contact us at privacy@viseven.com to exercise your rights. Viseven Europe OU will be responsible for responding to your requests, in accordance with the GDPR.

10.3. International transfers of Personal Data

Personal Data may be transferred outside of EEA and/or UK and/or Switzerland or other countries which ensure an adequate level of protection (hereinafter – Safeguards Area), provided that certain conditions as set out in the applicable legislation are complied with. Your Personal Data will also be processed by Authorized Personnel operating outside Safeguards Area who work for us. This includes personnel engaged in, among other things, the fulfilment of your order and the provision of support services. If applicable, we are party to data transfer agreements/data processing addendums or equivalent legal instrument with each of our service providers and the members of our group and we will (i) keep each document up to date with current law, and (ii) only engage in personally identifiable information transfers from Safeguards Area to outside Safeguards Area in accordance with such an agreement or an alternative means of transfer in compliance with data protection legislation. Where we transfer your Personal Data as described above, we will take steps to ensure that your Personal data receives adequate security protection where it is processed and your rights continue to be protected pursuant to the applicable data protection law, including through the use of Standard Contractual Clauses approved by the European Commission.

11. Sensitive personal information

“Sensitive personal information” is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information, Protected Health Information (as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or special categories of personal data as defined in Art. 9 GDPR from individuals through our Services. You must not submit to us sensitive personal information or protected health information of any kind through our Services. If, however, you inadvertently or intentionally submit or transmit sensitive personal information and/or protected health information to us, you will be considered to have explicitly consented to us processing that information in the context of providing Services to you or, where applicable, for employment purposes.

12. Children

Our Services are not directed to children who are under the age of 16. We do not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through the Services or Website, please contact us at privacy@viseven.com and we will endeavor to delete that information from our databases.

13. Communications preferences

You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails.

14. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes to our information practices. We will provide notification of material changes to this statement through the Company’s Websites or to our customer via email prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

You also have the right to lodge a complaint with a supervisory authority if you believe that your Personal Information is mistreated. For this you may contact Estonian Data Protection Inspectorate at http://www.aki.ee/.

15. Contacting us

Questions regarding this Privacy Policy or the information practices of the Company’s Websites should be directed to Viseven Europe as follows:

Mail:

Privacy Viseven Europe OÜ
Lõõtsa Str. 2a, Lasnamäe district,
Tallinn, Harju County, 11415, Estonia
Email: privacy@viseven.com

Effective Date

This policy was effective March 2014
The policy revised November 2014
The policy was last revised February 2015
The Policy was last reviewed March 2016
The Policy was last reviewed April 2017
The Policy was last reviewed October 2022