Last Update : May 2018
Pursuant to the GDPR, Privowny is the data controller with respect to any personal data collected and processed as part of or in connection with our Platform.
2.1. Personal Data we collect
- Email address
- Country of residence
- Your passwords
- Your email aliases
- The data you left on each website or app that you visited
We may also collect technical data relating to your use of the Platform, notably including the following :
- IP address,
- User Agent,
- Activity logs on our Website
2.2. Why and when we collect personal data
Privowny collects your personal data in order to provide you with the Services, conduct our business functions and activities, improve and ensure the security of our Platform, market and sell our Services as well as to comply with our legal obligations.
We also collect your personal data when you visit and otherwise use the Platform, as specified above, when you register and create an account, provide us with such information using electronic or hard form media, contact us by telephone, fax, email, post or via the Platform or any other mean.
Please note that by default, all passwords collected by the system are encrypted, but you can choose to encrypt any other data. We do not have access to encrypted information you store on your account. Privowny uses 2048-length RSA Public/Private keys for encryption.
Information Retention. We store your personal data for as long as necessary to provide you with the Services you have requested, or for other business purposes such as complying with our legal obligations, resolving disputes and enforcing the agreements to which Privowny is a party.
Please note that Privowny is required by applicable law and/or regulations to retain some types of information for certain periods of time (e.g. statute of limitations). If your personal data is no longer necessary with respect to purposes for which it is processed and Privowny has no legal obligation to retain it, subject to the prior exercise of your right to deletion, we will erase it from our systems and destroy all record of it.
2.3. How we collect personal information
We collect personal information using a variety of supports in connection with the Platform, as described below.
2.3.1. The website DigitalID.Privowny.com
We automatically collect your IP addresses for audience and use analytics when you access the website https://digitalid.privowny.com.
2.3.2. The DigitalId Extension
When you download and install the DigitalId Extension, we collect your IP address, activity logs,
When you create an account with us, you provide us with mandatory information that is necessary for the purpose of enabling us to create and to secure your account, including your email address and your account password. However, please note that we do not store the master password, i.e. the password which enables to decrypt all your encrypted data.
2.3.3. The DigitalId Application
Subject to your choices regarding “application usage” records, we collect information relating to your use of the Service on the DigitalId Application (Android). You may access such information and restrict the creation of “application usage” records directly using your device settings.
Privowny uses first party cookie or tokens which are necessary for your usage of the Service (i.e., the possibility to log in and out of our Service, keep open session of your service, collecting crash logs). These data are anonymized. Privowny uses web analytics only to better understand the use of its Platform. We do not use analytics for other purpose.
Privowny does not use so-called “tracking cookies” that follow your browsing activity across the internet without you having explicitly agreed to it.
2.4. Sharing of your personal data
Privowny protects your privacy. As a result, we do not sell, rent or otherwise share any of your personal data with third parties for advertising or commercial purposes. We only disclose your personal data to third-party processors that provide services to us, or to other third parties where expressly instructed by you, as the case may be.
In this respect, we only use carefully vetted third-party processors, located inside or outside of the European Union territory, to provide us with certain services. Each and every one of our third-party data processors is contractually bound to comply with the GDPR, in particular with respect to data security and confidentiality, and only process your personal data on our behalf and under our instructions in order to offer the contracted services to Privowny.
When you use the Services, all type of data collected by Privowny, including data you choose to store on the Service, is stored on Privowny’s platform with Amazon Web Services, our hosting service providers in the European Union.
We may also share your non-encrypted personal data with official authorities and government bodies when and where required to do so by applicable laws and regulations. In such event, we endeavour to only disclose the necessary information to comply with our obligations under applicable laws and regulations.
2.5. Your Rights
Under the GDPR, you have rights that apply to your personal data, including right to access, rectify, erase or have the personal data that we hold about you ported to another data controller or service provider.
2.5.1. Access and Rectification
You can access and receive a copy of the personal data that we hold about you at any time via the Platform using the “Export Data” feature. You can always create an export and download your personal data from your DigitalId account your personal data therefrom. Please go on “My account” to have more information about these features. Under certain circumstances, there may be some legal or administrative reasons allowing us to deny such access. If we refuse your request to access your personal information, we will provide you with reasons for the refusal where we are required by law to disclose those reasons.
You can also correct your personal data directly by logging into your DigitalId account and updating or editing your data at any time.
Privowny uses its best efforts to ensure that any personal information we collect and hold is accurate, complete and up-to-date. In this respect, you undertake to provide us with true, accurate, current and complete information about yourself as requested, and properly update the information provided to us so that it remains accurate, complete and up-to-date at all times.
Alternatively, please notify us regarding any change that applies to the personal data you provided us with, notably by editing your account information in the “My account” page if you believe that the personal information is inaccurate or incomplete, and we will correct the information.
You can delete the data you stored on your Privowny account whenever you want, free of charge, from your DigitalId account. Please go on “My account” to have more information about these features.
We will delete your Privowny account, including any data stored thereon, two years after the last activity on said account, including any connection, browsing or use of said account.
If you reside within the European Union, you have the right to ask for a copy of your personal data and/or ask for it to be ported to another data controller or service provider of your choice where the lawful basis for the processing is (i) (a) a contract or (b) your consent and (ii) by automated means. Please note that such a request could be limited to the sole Personal Information you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures. You can always create an export and download your personal data from your DigitalId account your personal data therefrom. Please go on “My account” to have more information about this feature.
2.6. Security and confidentiality
Privowny values your privacy and use its utmost efforts to warrant the security and confidentiality of any information you may provide us with or any data we collect in the course of providing you with our Services. Consequently, we implemented appropriate technical and organisational measures to ensure that personal data we hold, whether in hard copy or on our computer systems, remains protected at any time against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
In particular, Privowny uses state-of-the-art technologies and techniques in order to safeguard your personal data, including asymetric RSA encryption, Firewalls and VPNs. Any data transferred between you and the Service is always encrypted. Please note that Privowny’s staff cannot decrypt any encrypted data, only end-users can.
In case of dispute, you have the right to lodge a complaint to the Data Protection Authority of your country of residence’s, or to our lead European data protection authority, the French Data protection agency (CNIL - www.cnil.fr).
If you reside outside of France but within the European Union, a list of all the European Data Protection Authorities and how to contact them is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080