Privacy Note

Vizlib Ltd (a company incorporated in England and Wales (registration number: 10431702) having its registered office at 25 North Row, Mayfair, London, W1K 6DJ which trades as “Vizlib”) attaches great importance to protecting and respecting your privacy. Vizlib is committed to protecting your personal data and privacy.

The purpose of this policy is to inform you of our practices regarding the collection, use and sharing of personal data that is provided to Vizlib through the use of our services, products or website.

Vizlib understands the importance of the General Data Protection Regulation (GDPR) and tries constantly to apply it to its fullest extent. The GDPR has not only direct application in the European Union, but also a principle of extraterritoriality and under certain circumstances, protection of personal data is extended outside European borders.

In our Privacy Notice we use a few GDPR terms; the understanding of these terms is essential, in order to better understand your rights and our Privacy Notice. Below you will find some terms as defined in the GDPR:

1. Personal data:

   any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. Processing:

   any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. Controller:

   the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

4. Processor:

   a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

5. Consent:

   any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

This Privacy Notice applies to personal data provided by our clients (which may include the organisation, firm or entity for whom you work) and their staff, and any third party suppliers whose data we process. In this notice “you” refers to any individual whose personal data we hold or process.

For the vast majority of services provided by Vizlib, Vizlib is qualified as a controller when it collects data for processing, for instance for license key controls, service performance and improvement, technical assistance/support, client contact purposes or through DataViz Market.

Vizlib is not the controller of any personal data contained in user-generated content which is provided to Vizlib by users of Vizlib Collaboration tools. We hold this information as a data processor. The relevant user of our service is the controller for this data. Our terms require that such users process this data in accordance with applicable data legislation. In our Terms & Conditions this is defined as “Collaborator Personal Data” and the processing of Collaborator Personal Data by us will be governed by the terms of our Data Processing Agreement (“DPA”).

PERSONAL DATA YOU PROVIDE TO US:

More specifically, the following personal data is (or might be) provided directly by you (or on your behalf by the organisation, firm or entity for whom you work):

• User ID
• Name and Surname
• Email address
• Telephone number (optional)
• Company name (optional)
• Information about your professional status or role such as your profession, country of employment and job title
• Personal data of any kind submitted via Vizlib Collaboration tools

PERSONAL DATA AUTOMATICALLY COLLECTED:

Furthermore, Vizlib collects automatically data via its website IP addresses, connection data, types and versions of Internet browsers used, types and versions of your browser plugins, data about your browsing path on our website, the content that you access or view, the search terms used, download errors, the length of time that certain pages are viewed, the advertising ID of your device, the interactions with the page and any number of pages. By provisioning of its cloud services, Vizlib automatically collects: IP address, license key, hashed userid, version and type of Vizlib extension used. Among the technologies used to collect this information, we use cookies. For more information, consult the “cookies” section of this Privacy Notice.

PERSONAL DATA PROVIDED FROM THIRD PARTIES:

We may receive personal data about you from third sources. This is the case when you use one of our resellers in order to have access to Vizlib products and services or in case of online payment for our products. In the second case, we may provide you with another payment solution. Please, contact us.

If we obtain your personal data from the organisation, entity or firm for whom you work or from any other third party, your privacy rights under this Privacy Notice are not affected and you are still able to exercise the rights contained within this notice. You do not have to supply any personal data to us however in practice we may be unable to provide our services to you without personal data (for instance we will need contact information in order to communicate with you or your organisation). You may withdraw our authority to process your personal data (or request that we restrict our processing) at any time but there are circumstances in which we may need to continue to process personal data (please see below).

In order to be more transparent, Vizlib wants to share with you its processing purposes:

Provision of our service: It is necessary for Vizlib to obtain certain information from its users in order to provide its services and communicate with users in relation to the service.

License check: Vizlib provides you with online services and products. For this reason, Vizlib has to check that you have the right to use them. This is based on your decision to download a trial version (Freemium) or pay for a SaaS license.

Support: a SaaS license gives you access to Vizlib support services. Vizlib has to be able to identify the source of your technical problem and improve support or online services.

Marketing purposes: Vizlib may contact you, in order to inform you about its products and services, promotions, product upgrades, special offers, and updates.

DataViz Market: to give you access to products of third parties that interest you. This is based on your decision to access a trial version (Freemium) or obtain a license for a product through the DataViz Market.

Vizlib Collaboration: this tool allows users to write comments and communicate with one another through our service, producing their own user-generated content. Users are free to input any data they like, which may include personal data, and such data is stored on our hosted database. We only store data of this nature. We do not process it in any other way.

Supplier Information: we hold information about our suppliers such as contact information which we use to procure goods and services from those suppliers.

Please note that Vizlib does not collect data for commercial purposes that are not related to Vizlib products & services.

Vizlib does not use your personal data for any reason that is not compatible with the purposes it was collected. Through the on-premise version of our software, available for subscribed enterprise customers, no personal data is collected; Contact-us at support@vizlib.com.

Vizlib is a Business to Business software and it is not addressed to children! No personal data of children is intentionally collected! If we realize that a child has provided personal information, we will delete it with no delay.

Vizlib does not knowingly collect and process special categories of personal data. However, we are cannot guarantee that personal data within a special category will not be generated by a user of our service and then stored on our database. This data is irrelevant to the services provided by Vizlib and incompatible with our processing purposes.

Your data is collected for specified, explicit and legitimate purposes. Any processing made by Vizlib is compatible with the following purposes. In order to comply with the provisions of the GDPR, Vizlib has determined a LAWFUL BASIS for each processing purpose, in order to process your data.

• Provision of our service: Legitimate interests
• License check: Legitimate interests
• Support: Legitimate interests
• Upgrades to Vizlib Services and Product: Legitimate interests
• DataViz Market: Legitimate interests
• Third party Marketing purposes: Consent
• Vizlib Collaboration: Legitimate interestsSupplier Information: Legitimate interests

LEGITIMATE INTERESTS:

a legitimate interest in this context means a valid interest we have in processing your personal data which is not overridden by your interests in data privacy and security. Vizlib is a SaaS platform that provides you with online services and products. Vizlib has a legitimate interest in processing its users’ personal data because without such data Vizlib cannot provide its services or its support services. License checks, which require the use of personal data, are necessary to protect Vizlib’s products especially in relation to usage limitation and intellectual property rights. If users choose to submit data (which may include personal data) when using Vizlib Collaboration, then we have a legitimate interest in storing this data so it can be viewed by other users at the time of posting and referred back to in future. Upgrades to Vizlib Services and the Vizlib Product does affect the usage of our services, even under the freemium model.

CONSENT:

for marketing purposes, Vizlib requires your consent when collecting your data. For this reason, a checkbox is at your disposal on the user profile page once you sign-up: [https://home.vizlib.com/]. Your consent may be withdrawn at any time by (i) unchecking the relevant box on your account, (ii) clicking on the unsubscribe link provided in each of our communications or (iii) contacting us: see the contact section below.

DATA MINIMISATION:

Adequate, relevant and limited to what is strictly necessary in relation to the processing purposes. When ordering a service, we only ask you to provide data that is necessary for Vizlib in order to provide you with our services or products.

ACCURACY:

Accurate and kept up to date; if Vizlib becomes aware that it is processing any inaccurate data it is erased or rectified without delay. Please consult your rights.

STORAGE LIMITATION:

Data is stored no longer than is necessary for the processing purposes; Personal data collected by Vizlib from our clients and their users is kept during the entire duration of the contractual relationship and for the following 12 months. At the end of this retention period, such data is completely erased from all media and backups. We will hold information for suppliers for up to 7 years from the date on which our agreement with that supplier terminated.

INTEGRITY & CONFIDENTIALITY:

Your data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. Please consult the security section of this Privacy Notice.

Vizlib takes appropriate measures to provide you with any information related to your data and your rights. We also want to facilitate the exercise of your data rights. Please contact us at privacy@vizlib.com, if you have any questions or you want to exercise any of your rights (see below); we will respond to your request as soon as possible and no later than a month after receiving your request. Please note that any reasonable information queries related to your data or the exercise of your rights is free of charge!

RIGHT OF ACCESS:

You have the right to obtain from Vizlib confirmation as to whether or not your personal data is being processed.

In addition to that, you have the right to access your personal data and obtain information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, your GDPR rights, any available information as to the source of your data and finally the existence of automated decision-making, including profiling. Furthermore, in case of transfer to a third country, you have the right to be informed about measures of security relating to the transfer.

In order to exercise your right to access your personal data, Vizlib shall provide a copy of the personal data undergoing processing.

A number of the above questions are answered in the present Privacy Notice. Although, within a month from your request you will receive a copy of specific information about your personal data. Be aware that Vizlib will ask you to provide proof of identity, in order for you to exercise your rights.

RIGHT TO RECTIFICATION:

You have the right to demand rectification of inaccurate personal data and complete any incomplete personal data.

RIGHT TO ERASURE:

You have the right to make a request about the erasure of your personal data or request that your personal data be transferred or exported to another organisation. This right is not absolute and must be based on specific circumstances. You should be aware that Vizlib may reject your request on the basis of GDPR rules. For more information, please do not hesitate to contact us.

RIGHT TO RESTRICTION OF PROCESSING:

You may have the right to obtain restriction of processing for specific reasons mentioned in the GDPR. For more information, please do not hesitate to contact us. Vizlib shall inform you before the restriction of processing is lifted.

RIGHT TO DATA PORTABILITY

You have the right to receive your data in a structured, commonly used and machine- readable format, in order to transmit it to another service provider. To exercise your data portability right you can request that your data be transmitted directly to the service provider that you shall indicate to Vizlib, if technically possible.

RIGHT TO OBJECT:

You can at any time object to processing of your personal data. As of such request, Vizlib shall no longer process your data. To exercise this right you must provide Vizlib with an objection on grounds that are related to your situation in particular.

RIGHT TO WITHDRAW CONSENT

At any time, you may withdraw any permission you have given us to process your personal data. For example, you can request that your personal data will not be used to contact you for direct marketing purposes. You also have the right to request that your personal data will not be used for profiling purposes.

RIGHT TO COMPLAIN:

If you are not satisfied with the way Vizlib applies the GDPR rules or if Vizlib does not respect the one-month response time previously announced, please be aware that you have the right to lodge a complaint with a supervisory authority; The supervisory independent authority in the United Kingdom is the ICO (Information Commissioner’s Office).

Vizlib keeps your personal data in the European Union. However, it is possible that personal data we collect through our online platform or as part of our services will be transferred to other countries, some of which may have less protective personal data protection legislation.

This is particularly the case regarding data transmitted to our subcontractors located outside the EU, in particular in the United States. Subcontractors are called processors by the GDPR. Vizlib has contracts with processors that provide sufficient guarantees about data protection, respect the GDPR or the Privacy Shield and only act on Vizlib instructions.

Vizlib has verified that our non-EU subcontractors are Privacy Shield certified. The Privacy Shield is a self-certification mechanism for companies established in the United States that has been recognised by the European Commission as providing an adequate level of protection for personal data transferred by a European entity to companies established in the United States. This mechanism is therefore considered to offer legal guarantees for such data transfers.

There are certain additional circumstances in which we may disclose your personal data to third parties, as follows:

• we may be required to disclose certain data to regulators or other lawful authorities;
• we may disclose information to our group companies;
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
• in order to enforce any terms and conditions or agreements for our services that may apply;
• if we are sub-contracting services to a third party we may provide information to that third party in order to provide the relevant services;
• we may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation or investment round, but we will take steps with the aim of ensuring that your privacy rights continue to be protected;

to protect our rights, property and safety, or the rights, property and safety of our users or other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

When using the DataViz Market third parties have access to your data. These third parties are the companies that own the products and services that are promoted through the DataViz Market. We draw your attention to the fact that if you decide to use DataViz Market products and as a consequence permit our partners access to some of your personal data, their privacy policies apply in addition. Vizlib have no control over the collection or processing of your personal data by a third party on its own platform.

Vizlib takes the necessary precautions by having implemented appropriate technical and organisational measures to preserve the security and confidentiality of personal data, in particular to prevent any accidental, unauthorised or unlawful access, disclosure, alteration, loss or destruction. If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to our management team and/or the Information Commissioner’s Office (ICO) as is deemed necessary. If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as reasonably possible.

• Data minimisation;
• transparency about our processes, policies & actions;
• daily backups;
• an authorisation management system that limits access to data only to those who need access to it in the context of their duties and scope of activity;
• a strict password policy for Vizlib personnel including two-way authentication;
• processes to trace all actions performed on our information system; we perform regular penetration tests and write reports in the event of an incident affecting our customers’ data;
• a limited storage period (12 months after your contract term);
• regular reviews of personal data;
• updated documentations;
• encryption by default;
• contracts with GDPR or Privacy Shield compliant subcontractors;
• servers based in the European Union (Ireland);
• Data Protection Impact Assessment reports for future projects.

Cookies are small texts used to store information on web browsers. They are used in particular to store and receive identifiers and other information on devices. Vizlib is a SaaS platform. This means that it is a company that specializes in providing a software service online. Vizlib place cookies on your device (one per extension) to cache the license key in order to reduce the numbers of calls to Vizlib services for performance reasons, better user experience and marketing purposes only for Vizlib products and services.

For your own safety, keep your password secret and do not communicate it to anyone.

The present Privacy Notice does not concern web links that lead to 3rd party websites. When it comes to your personal data, please remember to consult those 3rd party privacy policies.

Vizlib reviews regularly its Privacy Notice. We will post details of any changes to our policy on our website to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties. Please ensure you check the website regularly for any updates.

If you need to contact us about our privacy policy, if you have suggestions in order to improve it, if you want to exercise your rights or make a request, please write to us:

E-mail: privacy@vizlib.com

Address: 25 North Row, Mayfair, W1K 6DJ

You have the right to lodge a complaint with a supervisory authority; The supervisory independent authority in the United Kingdom is the ICO (Information Commissioner’s Office).