Privacy Policy
Introduction
The https://signkontrol.com website (the "Website") is provided by SignKontrol, S.A., a Panama based company, having its registered office at Oceania Business Plaza, Tower 1000 30F, Panama City, Panama ("SignKontrol"). SignKontrol offers a complete online, cloud based digital signage platform that allows you to display videos, images, and online web pages (the "SignKontrol Software").
SignKontrol is committed to respect your privacy and applicable data protection laws and regulations. This Privacy Policy (the "Policy") intends to inform you about the way we use your personal data (i.e., any data related to an identifiable natural person, either directly or indirectly), either we collect them, when you visit our Website or when ordering and using our Services through the SignKontrol Software.
By accessing and using this Website, you confirm that you have read and fully understood this Policy, that you agree to the collection and the usage of your own and others' personal data in accordance with the Policy and that you have the authority to provide SignKontrol with all information submitted by you via the Website and SignKontrol Software, including but not limited to the personal data of third parties.
General Principles of the Processing
SignKontrol (referred to as "we", "us", "our", or "SignKontrol" in this Policy) collects and processes personal data in a transparent manner, to the extent necessary for specified, explicit and legitimate purposes, and does not process it further in a manner incompatible with those purposes. We take care that the data we collect are accurate and, when necessary, updated. We take all reasonable steps to immediately delete or rectify personal data, if inaccurate, or we assist our customers in deleting or rectifying personal data stored or otherwise processed in the SignKontrol Software. We process data in a way that guarantees their security, including their protection against unauthorized or unlawful processing and accidental loss, destruction, or degradation, using appropriate technical or organizational measures. We are ready to prove at any moment how we adhere to the above principles. We take the appropriate technical and organizational measures for the security, confidentiality, integrity, and availability of the data. We expressly declare that these measures ensure that, by definition, personal data are not made accessible without the intervention of the natural person to an indeterminate number of natural persons. We respect your rights under the GDPR, where applicable, and other applicable data protection laws and regulations. When we must share personal data with a third party, we inform you about such data sharing and take appropriate steps to ensure an adequate level of data protection by the third party.
SignKontrol as Data Controller
1. Data Collected Through the Website
"SignKontrol" is the "Data Controller" of all Personal Data collected through the Website. This means that SignKontrol determines the means and the purposes of the processing and is responsible to reply to data subjects' requests. A visitor of our Website is the person simply visiting our Website, as well as the person interacting with our Website by filling in and sending the register form (referred to as "you", "your" or "Visitor" in this Policy).
Cookies
To track overall trends in our Website traffic, we use Plausible, an EU based company, and GDPR compliant. For the privacy policy of Plausible see https://plausible.io/data-policy. We do not use cookies; we do not generate any persistent identifiers and we do not collect or store any personal or identifiable data. All the data is aggregated data only and it has no personal information.
Register Form
You may wish to fill in the register form to get an idea of our Services and see whether you would like to become our Customer. Your name and email are necessary, so that SignKontrol can contact you. You may ask us to delete your contact details any time after that, or SignKontrol shall delete them after no later than three years of inaction.
2. Data Collected through Customer's Purchasing and Use of the Services
A Customer is a Visitor of our Website that has either purchased or signed up for a free-trial and is using the Services offered through SignKontrol Software (referred to as "Services" in this Privacy Policy).
With regard to our Customers we process following categories of personal
data (Customer's Data):
Name & Surname (optional)
Email and Password
Last IP Address of the Customer
Billing Address and Phone Number
Traffic Data in the SignKontrol Application
Processing of Email and Password for the performance of the Digital Signage SaaS Agreement
We process Customer's Email and Password to identify our Customers & Accounts and allow them to log into their Account. Our customers may authorize the use of the Services to other Users ("Authorized Users") and/or their Affiliates ("Authorized Affiliates"), both referred as "Designated Users" in this Policy. For the same purpose (identification and log in) we process the Email and password of Designated Users.
We process Emails to send out automated system notifications, like notifications about displays being offline and errors with the Account. You can disable the offline displays notifications through the system, but all other error notifications are too important for the well-being of the Account, so they cannot be suppressed. We send out two non-marketing automated emails to try and help new Customers and Designated Users with any questions they may have, the first one generated 2 hours after the creation of the Account is created, and the second one 2 days after. No other automated emails like that are ever sent. These two emails are purely to assist, and to trigger user response in case they have feedback, and do not promote our services/products or any 3rd party.
We process Emails to send billing-related notifications, if the Account is on a paid subscription, and only to the Customers or the Designated Users that, at the choice of the Customer, have access to the Subscription section of the Account.
The legal basis of these processing activities is the performance of the contractual obligations. Therefore, we retain relevant personal data for the duration of the Digital Signage SaaS Agreement (the "Agreement"). After termination or expiry of the Agreement we retain billing data if it is required by law for accounting and tax purposes, and in case of a judicial challenge to defend our claims.
Processing of Name and Surname
The Name & Surname are used to easily identify and communicate with our Customers and Designated Users. This information is also used by other Designated Users within a single SignKontrol Account, so that they can easily identify other Users through our "User Management" section.
We use the Name & Surname in some automated system notifications and emails.
Name & Surname are optional information for better communication and account management.
Processing of Last IP Address
We process the Last IP Address of the Customer and Designated Users to acquire geolocation data, namely the city location from which the Account was accessed. We then use this information to derive the Country and the time zone. This allows us to pre-fill the time zone settings for the Account, so that the Customer, and Designated Users do not have to set a time zone, or pre-select the Country, if they make an order.
Additionally, in cases of violation of our Terms of Services, we use this IP Address as an element to confirm the violation, e.g., using multiple Free-Trial Accounts which is prohibited. The Last IP Address is not relayed to any 3rd party service providers.
This processing activity is based legally on the overriding legitimate interest of SignKontrol. In that respect you may object to this processing activity based on your special circumstances; however, we may not satisfy your request, in case of compelling reasons that supersede your interests.
Processing of Billing Address and Phone Number
We use Billing Address and Phone Number solely for the purpose of invoicing.
The legal basis for this processing activity is the performance of our contractual obligations and we retain this information for the duration of the contract. However, Customers and Designated Users can at any time remove their billing details stored in our database. However, we retain the phone number and may use the phone number in a future incident, only to prevent service downtime.
Your phone number may be used to send out automated system notifications about displays being offline via SMS if your contract includes such an option.
Also, your phone number may be used after duration of contract to facilitate returning Customers and make future purchases easier. For example, we might use the phone in an effort to help our Customers reinstate a recently cancelled SignKontrol Account. You may object to this processing of your contact details after duration of contract. We may not satisfy your request only if retention is required by applicable law at the time or retention is necessary for the defense of legal claims.
Processing of Logging Data
We may process logging data from time to time to perform an audit whether copyright of the Services is respected.
This processing activity is based legally on the obligations undertaken by the Agreement and their monitoring.
SignKontrol as Data Processor
Personal Data Processed on instructions by the Customer
SignKontrol is the "Data Processor" for all personal data processed in relation to the provision of the Services under the Digital Signage Subscription Services Agreement. This means that such Personal Data is collected on the Customer's/Account Owner's behalf for his/her own purposes, that Customer/Account Owner is solely responsible i) for the legality, reliability, accuracy, and quality of such Personal Data ii) for the legality of the processing purposes and iii) for the necessity of the processing to serve these purposes, and that the Customer/Account Owner is the Data Controller of Personal Data processed, while using the Services. Therefore, the Customer/Account Owner is responsible to satisfy the requests of the data subjects, whose Personal Data is processed through the SignKontrol Software. Additionally, the Customer/Account Owner is responsible to inform the data subjects (any person whose personal data is processed by usage of the SignKontrol Software) about the scope, the purpose, the duration, and the means of the processing, and to acquire the consent of the data subjects, whose personal data is being processed through the SignKontrol Software, where required. SignKontrol executes a Data Processing Addendum with the Customer/Account Owner as an integral part of the Digital Signage Subscription Services Agreement, whereby also the security measures are described.
How the Services accommodate Your Rights
Based on a Data Processing Addendum (DPA) we conclude with our Customers (Data Controllers) we undertake the responsibility to assist by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights. Additionally following technical and organizational measures are accommodated in the Services:
Consent and Notice
A Customer, before creating an Account, has to accept the Terms of Services and the DPA including the instructions by the Customer about how personal data uploaded to SignKontrol Software are going to be processed. Every Designated User is informed about our Privacy Policy, the Terms of Services, accompanied by the DPA before signing up in the Account for the first time. Customer and the Designated User may at all times access and review the Terms of Services, the DPA, and our Privacy Policy under Account Settings/Personal Data and Compliance.
Access, Rectification and Deletion
A Customer, to create an Account, must insert an access code. Following security measures are accommodated: a) authentication of users before access; ii) encryption of passwords iii) activation of secure password policy by Customer in the Enterprise Plan; iv) change of passwords every six months; and iv) prevention of access after suspicious access attempts. Customer manages each user's access to and use of the Services by assigning to each user a credential and user type that controls the level of access to and use of the Services. Customer is responsible for protecting the confidentiality of its own and each user's login and password and managing each user's access to the Services. The Services enable the Customer to assign specific rights (of view, access, modification, and deletion) based on the tasks and responsibilities of the Designated User. Customer and Designated Users may extract, rectify, and delete personal data uploaded, depending on the rights given to them by the Customer by selection of a user type.
Deletion of the Account
Customer and any Designated User with Admin Rights can request deletion of the Account through in-app option, in the Profile settings of the Customer, or by sending an email.
We reply to the request through email, asking for a confirmation, and informing the Customer and all Designated Users with Admin rights. This is required to verify that the requester has indeed legitimate access to the associated email Account, and that all administrative Designated Users are aware. In case the request seems suspicious, we might investigate further before proceeding with complete deletion of the Account.
Upon confirmation, we initiate following process:
All information related to the Account is removed from our Database.
All files on our cloud storage that are related to the Account are marked for deletion.
All information regarding the Account is explicitly deleted from all Service Providers. If the Service Provider has a special procedure to be followed in this case, we will use that procedure instead of standard API calls.
In the event of Subscription Term non-renewal by the Parties, the Account is marked as inactive. If Customer does not log into Account for more than 365 days, Account is permanently deleted and the content of the Account is either deleted or returned, as requested by Customer. After 6 months of inactivity, SignKontrol shall provide bi-monthly (every 60 days) reminder notifications before deleting the Account, giving the Customer the opportunity to retain the content and reactive the Account with a paid subscription.
Security
Either we process personal data as Data Controllers or Data Processors we take appropriate technical and organizational security measures to protect the integrity, accessibility, and confidentiality of your data. These measures are physical and environmental security measures, as well as IT security measures, including but not limited to the use of updated anti-virus and firewalls, safe protocols, user authentication processes, encryption, data separation, vulnerability, and penetration tests etc. We also have in place specific procedures for incident management and a Data Breach Policy.
Sharing your Data -- International Data Transfer
We do not share personal data with any third party, unless required to do so by law; in such a case, we shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, e.g., to protect confidentiality of a criminal investigation.
Your Rights
We respect your rights as a data subject under the GDPR and other applicable data protection laws and regulations. Bear in mind that we are entitled to answer to your requests as a data subject, when acting as Data Controllers, if you contact us at this email address: privacy@signkontrol.com. When we are acting as Data Processors the Data Controller, our Customer, is responsible to address your requests. However, we shall provide any reasonable assistance to the Data Controller for the satisfaction of your rights.
If you are a resident of California, the California Consumer Privacy Act ("CCPA") provides you with certain rights over your personal information. We only process your personal information at the direction of, and to the extent allowed by, our Customers and never for our own purposes. We will work at our Customer's direction to ensure that your rights provided by the CCPA are respected.
You should know that you, as a data subject, have the following rights under the GDPR.
Information and Transparency
You have the right to be informed about any processing of your personal data (the purpose, scope, duration and means, as well of data sharing). We adhere to the principle of transparency in processing. For any question regarding this Policy you may contact us at privacy@signkontrol.com. We will respond without delay and in any case within one month upon receipt of the request.
Access
You have the right to receive confirmation on whether your personal data are processed and in case this happens, all required information thereof (processing means, goal, records etc.). This enables you to receive a copy of the personal information the data controller holds about you and to check that your data are lawfully processed. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, you may be charged with a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, the data controller may refuse to comply with the request in such circumstances.
Rectification
You have the right to require the rectification of incomplete or inaccurate data relating to you without undue delay, as well as to fill in incomplete data, if necessary for processing. If you are an Account Owner or, if you have a Sub-account as a User of the Services you can update Personal Data submitted in the Account or Sub-account through your profile by selecting "My information" from the options menu at the top of the screen.
Erasure
You have the right to ask for the erasure of personal data concerning you without undue delay. We, if we are the data controllers, shall erase the data, when one of the following grounds applies: a) personal data is no longer necessary in relation to the purposes of processing; or b) the person requesting the erasure withdraws consent on which the processing is based and there is no other legal ground for the processing; or c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing or the data subject objects to processing for direct marketing; or d) the personal data have to be erased in compliance with a legal obligation. We shall not proceed to the erasure of personal data, if the data must be maintained in compliance with a legal obligation or in case the processing is required for the establishment, exercise, or defense of legal claims.
Restriction of processing
You have the right to request restriction of processing, if the accuracy of personal data is disputed, for that period that allows the data controller to verify the accuracy of personal data or based on any other legitimate reason specified in applicable data protection laws. For example, you may ask suspension of the processing of your personal data, if you want the data controller to establish its accuracy or the reason for processing it.
Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format as well as the right to request the direct transmission of personal data by another to another (controller or processor), if this is technically feasible.
Right to Object
You may oppose the processing of personal data, which takes place based on overriding legitimate interest without your consent. In this case, data controller may no longer process your personal data, unless it demonstrates imperative and legitimate reasons for the processing that outweigh the interests, rights, and freedoms of you as a data subject or for the establishment, exercise, or defense of legal claims.
No automated individual decision-making
We fully respect your right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to object to such automated individual decision-making.
Consent Withdrawal
In case you have provided your consent to the collection, processing, and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In this case we will notify you.
Children
Our services are not directed to children. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will immediately delete such information. If you become aware that a child has provided us with his/her personal data, please contact us at the contact information below.
Complaint to a Supervisory Authority
You have the right to lodge a complaint with a Supervisory Authority, meaning an independent public authority which is established by an EU Member State, pursuant to the GDPR, if you consider that the processing of your personal data infringes the GDPR and other applicable European Union or member state data privacy laws.
Changes to this Privacy Policy
Our Privacy Policy may change from time to time and any changes to this Policy will be updated to describe these changes. You are expected to check our website from time to time to take notice of any changes in this Policy. If you have any further questions about this Policy or how we handle your personal data, which are eventually not dealt with here, please get in touch with us by writing to privacy@signkontrol.com.