Introduction and Scope
This document serves as a template to guide the privacy officer and legal counsel in creating a privacy notice for users and data subjects regarding the use and processing of their personal data. It is essential to conduct a comprehensive review of all privacy and legal requirements when drafting the official privacy notice and before publishing it for data subjects to review prior to the collection of their personal information.
Data Controller and Data Processor
Druid Vision Ltd’s business clients act as data controllers for most of the information entered into the Druid Vision Ltd web application, website, and supporting systems, or shared periodically with Druid Vision Ltd employees to provide services. Druid Vision Ltd functions primarily as a data processor for most information stored and processed. Certain information, such as IP addresses and user behavior within the Druid Vision Ltd platform, is collected directly by Druid Vision Ltd for security, logging, and application performance purposes. In these instances, Druid Vision Ltd is both the data controller and processor. Additionally, Druid Vision Ltd uses various technologies and partners that occasionally act as sub-processors (detailed list provided below). For any inquiries or concerns about personal information processing and handling, users can contact Druid Vision Ltd directly via email through the Druid Vision Ltd Security Officer – Mario Sanpietro, reachable at hey@druid.vision
Types of Data Collected
The Druid Vision Ltd web application and supporting applications gather personal data including cookies, usage data (e.g., page and link clicks, time spent on page), email address, phone number, first name, last name, province, state, country, ZIP/Postal code, city, address, and company name. Detailed information on each type of personal data collected is available in the dedicated sections of this Privacy Policy or through specific explanation texts displayed before data collection. The Druid Vision Ltd web application may collect personal data that users voluntarily provide or, in the case of usage data, collected when using the website, the Druid Vision Ltd web application, and its supporting applications. Specific data is necessary for the Druid Vision Ltd web application and supporting applications to provide services. If data is mandatory, it will be indicated throughout the website and Druid Vision Ltd web application. If the Druid Vision Ltd website or web application specifies that data is not mandatory, users can choose not to share this data without impacting the availability or functioning of the service. Users unsure about which personal data is mandatory can contact the Druid Vision Ltd Security Officer at hey@druid.vision
Any use of cookies or other tracking tools by the Druid Vision Ltd website, web application, and its supporting applications serves to provide the service engaged by Druid Vision Ltd, in addition to any other purposes described in this document and the Cookie Policy.
Mode, Place, and Methods of Processing the Data
Druid Vision Ltd implements appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of data. Data processing is carried out using computers or IT-enabled tools, strictly following organizational policies and procedures related to the indicated purposes. In some cases, data may be accessible to Druid Vision Ltd employees involved in the operation of the Druid Vision Ltd website, web application, and supporting applications. Data may also be accessible to external parties appointed, if necessary, as data processors or sub-processors by Druid Vision Ltd. External parties may include third-party technical service providers, hosting providers, and IT companies.
Legal Basis of Processing
Druid Vision Ltd may process personal data relating to users if one of the following applies:
- Users have given their consent for one or more specific purposes.
- Provision of data is necessary for the performance of an agreement with the user.
- Processing is necessary for compliance with a legal obligation.
- Processing is necessary for the legitimate interests pursued by the controller or by a third party.
In any case, Druid Vision Ltd will gladly help clarify the specific legal basis that applies to the processing, mainly whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract.
Place
The data is processed at Druid Vision Ltd’s operating offices, hosting facilities, and, for some data, third-party sub-processors. The majority of data is stored and processed within Canada and the United States. In some cases, data may be stored within the US or EU via third-party sub-processors. Depending on the user’s location, data transfers may involve transferring the user’s data to a country other than their own. To find out more about the processing of such transferred data, users can consult the section containing details about the processing of personal data. Users are entitled to learn about cross-border data transfers. If any such transfer occurs, users can find out more by checking the relevant sections of this document or inquiring directly with Druid Vision Ltd.
Retention Time
Personal data is processed and stored for as long as required to fulfill the purpose for which it is collected. Therefore:
- Personal data collected for the performance of a contract between Druid Vision Ltd and a business customer is retained until such contract has been entirely performed or the business customer requests data deletion.
- Personal data collected for Druid Vision Ltd’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding Druid Vision Ltd’s legitimate interests within the relevant sections of this document or by contacting Druid Vision Ltd.
Druid Vision Ltd may retain personal information for a longer period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, Druid Vision Ltd may be obliged to retain personal data for a longer period whenever required to perform a legal obligation or upon order of an authority. Once the retention period expires, the user’s personal data will be securely deleted.
The Purposes of Processing
The data concerning the user is collected to allow Druid Vision Ltd to provide its services, as well as for the following purposes: analytics, user database management, managing contacts and sending messages, handling payments, interaction with external social networks and platforms, remarketing and behavioral targeting, contacting the user, displaying content from external platforms, hosting and backend infrastructure, interaction with live chat platforms, and spam protection. Users can find further detailed information about such purposes of processing and the specific personal data used for each purpose in the respective sections of this document.
The Rights of Users
Users may exercise certain rights regarding their data processed by Druid Vision Ltd. In particular, users have the right to do the following:
- Withdraw their consent at any time. Users have the right to withdraw consent after they have previously given their consent to the processing of their personal data.
- Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their data. Users have the right to learn if Druid Vision Ltd is processing their data, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the data undergoing processing.
- Verify and seek rectification. Users have the right to verify their data accuracy and ask for it to be updated or corrected.
- Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, Druid Vision Ltd will not process their data for any purpose other than storing it.
- Have their personal data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from Druid Vision Ltd.
- Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used, machine-readable format, and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user’s consent, on a contract that the user is part of, or on precontractual obligations.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details About the Right to Object to Processing
Where personal data is processed for the public interest, in the exercise of an official authority vested in Druid Vision Ltd or for the legitimate interests pursued by Druid Vision Ltd, users may object to such processing by providing a ground related to their particular situation to justify the objection. Users should know that if their personal data is processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether Druid Vision Ltd is processing Personal Data for direct marketing purposes, users may refer to the relevant sections of this document.
How to Exercise These Rights
Any requests to exercise user rights can be directed to Druid Vision Ltd through the contact details provided in this document (privacy@druidvision.com). These requests can be exercised free of charge and will be addressed by Druid Vision Ltd as early as possible and always within one month.
Cookie Policy
The Druid Vision Ltd website and web application use cookies. To learn more and for a detailed cookie notice, the user may consult the Cookie Policy.
Additional Information about Data Collection and Processing
Legal Action
Users’ personal data may be used for legal purposes by Druid Vision Ltd in court or the stages leading to possible legal action arising from improper use of this application or the related services. Users declare they are aware that Druid Vision Ltd may be required to reveal personal data upon request of public authorities.
Additional Information About Users’ Personal Data
In addition to the information contained in this privacy notice, this application may provide users with additional and contextual information concerning particular services or the collection and processing of personal data upon request.
System Logs and Maintenance
For operation and maintenance purposes, this application and any third-party services may collect files that record interaction with this application (e.g., system logs) using other personal data (e.g., IP Address) for this purpose.
Information Not Contained in This Notice
More details concerning the collection or processing of personal data may be requested from Druid Vision Ltd at any time. Users may use the contact information at the beginning of this document.
How “Do Not Track” Requests are Handled
This application does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor “Do Not Track” requests, users should read their privacy policies.
Changes to This Privacy Notice
Druid Vision Ltd reserves the right to make changes to this privacy notice at any time by giving notice to users on this page and possibly within this application or—as far as technically and legally feasible—sending a notice to users via any contact information available to Druid Vision Ltd. Users are strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed based on the users’ consent, Druid Vision Ltd shall collect new consent from the user where required.
This privacy notice relates to the Druid Vision Ltd website, application, and supporting services unless otherwise stated within this document.