The ways we keep your information secure.
On May 25, 2018, the most significant piece of European data protection legislation in 20 years will come into force when the European Union's (EU) General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. Please, take time to read our Privacy policy carefully. We want to be clear how we’re using information and the ways in which you can protect your privacy.
This Privacy Policy applies to your Personal Data when you visit www.kanbanize.com or use our Services through this website and does not apply to online websites or services that we do not own or control.
If you have any questions, please, contact us at: dpo (@) kanbanize.com
The Company, providing you services through this website is Businessmap Ltd. (referred to hereinafter as BMAP), a company duly organized under the law of Bulgaria, registered in Bulgaria, having its working address at “ul. Akad. Metodi Popov, 24A, 4th floor, Sofia, Bulgaria”, represented by Dimitar Karaivanov.
We take your right to privacy seriously and work continuously to keep the data we process minimized and in your control. Nevertheless, to enable you to use our services and to improve and secure them, we need to process some personal data. By using any of our services and/or registering an account you agree to have read and understood this Privacy as well as our Cookie Policy.
Personal data is data that describes and is linkable to someone as a person. We collect some personal data in order to provide the services to all our clients and end users. We will only process personal data for legal reasons, if we are obliged to do so by legal authorities. We don’t sell or otherwise distribute your personal data. We may share it with our selected service providers only when it is vital for the provision of our services as explicitly described below. We may process your personal data for the following purposes:
The legal basis for processing such data by BMAP is the performance of a contract according to Article 6 (1) (b) GDPR.
The legal basis for the processing of data provided in the context of the collection and storage of business contact data is Article 6 (1) (f) GDPR. If the establishment of contact is based on pre-contractual measures or aims at the conclusion or prolongation of a contract, Article 6 (1) (b) GDPR is the additional legal basis for the processing.
In case of the subject's consent, the legal basis for processing of the data, is Article 6(1)(a). GDPR.
Purpose of data processing is administration of the contractual obligations with BMAP. The processing of business contact data may be used for one or more of the following purposes: maintenance of contact, information exchange, business cooperation, financial statements and issues. The necessary legitimate interest in the processing of the data is related to the aforementioned purposes.
Other personal data may be entered or uploaded in the Software by the Users, the Individuals or third parties to which access to the BMAP Software has been provided in the process of using the Software.
The legal basis for processing such data by BMAP is the performance of a contract according to Article 6 (1) (b) GDPR.
Processing activities are performed for the purpose of and in relation to providing the Services through the BMAP software, including storage, processing and use of Data for the purpose of providing the Services, providing technical support, communication in regard to use of Services and related activities. Users’ and Individuals' personal data may be used also, where applicable, for accounting, billing and payment purposes, digital signing and other facilitations, related to our services and the performance of our contractual obligations.
Other Personal Data uploaded in the BMAP Software, not indicated in the categories of data above, if any, shall be stored by BMAP within the scope of the BMAP Services.
Data processing activities, listed above, are necessary for the performance of the contracts with our clients, which in this case is the provision of Services we offer through www.kanbanize.com. Under these contracts we are obliged to provide you with information about the latest updates on features and developments of BMAP software, so we shall use your emails to comply with such obligation. All such notifications shall be strictly service-related. We shall not be using your contacts to promote third party products or services.
BMAP shall not use any other personal data, entered or uploaded by BMAP Software Users, Individuals or third parties to which access to the software has been given, except for categories of data, described above. BMAP will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.
Each BMAP Software User and Individual provides personally the Personal data, entered or uploaded to the Software.
BMAP Software Users and Individuals are not allowed to enter third party personal data, including sign up a third party using their email address, without due authorization by such third party or upload any Other Personal data without due authorization by such third party. BMAP does not monitor or control the content, entered or uploaded by BMAP Software Users and Individuals.
It is the BMAP Clients’ and each User’s/Individual’s responsibility to provide and guarantee that the processing personal data activities, performed by the Clients and Users, respectively Individuals, with the BMAP Software are compliant with the requirements of the GDPR, including in regard to the transfer of data towards the subprocessors listed herein and the transfer of data outside the EU/EEA as described herein.
We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.
For providing quality services BMAP engages third party service providers - Subprocessors, carefully selected according to their capacity for personal data protection and processing in compliance with BMAP’s obligations under the GDPR. We provide personal data to our Subprocessors to process it for us, only based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
Based on the above BMAP stores and processes Data out of the EU, including in the United States of America, where some BMAP’S Subprocessors are based.
By using our website and Services, you consent to your Personal Data being transferred to other countries, including countries that have different data protection rules than your country.
You give your explicit consent for personal data transfers outside the EU/EEA to the subprocessors listed below, on your own behalf (for subprocessors, to which BMAP Software Users and Individuals personal data is transferred) and on behalf of all data subjects, whose personal data is entered in the Software by you or by any third party to which you have provided access to the BMAP Software (for subprocessors, to which third party personal data is transferred), including Other Personal Data. You confirm that you have been informed and aware that there may be certain possible risks of transfers of personal data to third countries outside the EU/EEA, including the USA, such as: the third country may not ensure an adequate level of data protection pursuant to Article 45 of the GDPR.
You are responsible for informing all data subjects, whose personal data you entered in the Software, including Other Personal Data, that such personal data may be transferred outside the EU/EEA, including the USA, towards the subprocessors listed herein below, and about all possible risks of such transfer. It shall be your sole responsibility to acquire all data subjects’ explicit consent for such transfer after providing them with the information on possible risks and before entering or uploading any third party personal data in the Software.
BMAP uses as Subprocessors and personal data, entered or uploaded by you in the Software, shall be transferred to the Subprocessors, listed in Annex "Approved Subprocessors" below.
BMAP uses as Subprocessors and BMAP Software Users and Individuals personal data may be transferred to the Subprocessors, listed in Annex "BMAP Subprocessors" below.
BMAP may replace its Subprocessors from time to time. You agree that the list of current Subprocessors may be amended. You agree that if we amend the list of subprocessors in Annex "BMAP Subprocessors", we may inform you about such updates via our monthly newsletters. You agree that if we amend the list of subprocessors in the Annex "Approved Subprocessors", BAMP shall give the clients a written notice of 30 calendar days through a newsletter or via email.
In transfers of personal data outside the EU/EEA BMAP shall take such measures as are reasonably applicable to ensure the transfer is in compliance with applicable data protection legislation. You declare to be informed and agree that such measures shall be transferring the personal data: (i) to a recipient in a country that the European Commission has decided provides adequate protection for personal data; or (ii) to a recipient that has achieved binding corporate rules authorisation in accordance with the applicable data protection legislation; or (iii) to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.
In order to provide your optimal comfort, thorough understanding and effective use of BMAP Software, BMAP may also from time to time engage local partners, speaking the language of your country of origin, registration or operations. By using our website and Services, you consent to BMAP introducing you to such partners via email for the purposes described herein.
All our Subprocessors do not have any right to use the personal information we share with them beyond what is necessary to assist us in making our services possible. When we cooperate with third parties and they process your personal data on our behalf, we make sure your personal data will be handled with the same integrity and security as we do.
You should keep in mind that our website is integrated with and uses Google Analytics. Google platform uses tools to acquire information when you have visited our site. Within these tools, we do not have the ability to recognize the individuals whose data is generated. However, this information can be personalized by Google and affect the content Google shows you. For more information and deactivation of certain features, you should use the settings of the Google platform, as we have no control over it and we can not block its functionalities. Through the control panels of your accounts on the platform, you can also make the appropriate privacy and privacy management settings, including the data management and information Google receives from us, since after the data is transmitted we cannot exercise full control over data processing, including data deletion.
If you need an extensive overview of our trusted partners, please, contact us at: dpo (@) kanbanize.com
We do not share personal information with companies, organizations and individuals unless one of the following circumstances applies:
We may share non-personally identifiable information publicly and with our partners. For example, we may share information publicly to show trends about the general use of our services.
We provide services to and allow our website to be used only by persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our services. If we obtain actual knowledge that we have collected personal data from a person under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18.
In general BMAP processes data while User is using BMAP services and 180 days afterwards in order to prevent loss of data, valuable for the User, and compliance with applicable legislation. Data, collected in trial period, shall be processed for 180 days after trial period in order to facilitate sustainable communication and integrity with returning users.
You have the right to request a copy of your personal details at any time, to check the accuracy of the information held and/or to correct or update this information. You may ask your personal information to be deleted completely, if no enquiry from you is in progress. You also have the right to complain when your personal data protection rights have been violated. For your convenience we have provided a full list of our rights in the last Section GDPR Subject Rights.
We will make commercially reasonable efforts to provide you with reasonable access to any of your personal information we maintain or correct it within 30 days as of receipt of your access request.
If you have given your consent to the processing of personal data, you have the possibility to withdraw your consent for processing. In this case, all personal data will be deleted, unless there are legal reasons to the contrary.
Please, note that after deleting your information, you shall not be able to use adequately the BMAP Services. Users have the right to delete Client Data during the above term in a manner consistent with the functionality of the Services, if such deletion is in accordance with the GDPR (please, see Section GDPR Subject Rights). BMAP will comply with this instruction as soon as reasonably practicable and within a maximum period of 30 days, unless EU or Bulgarian law requires storage. Please, note that BMAP may keep that information for legitimate business or legal purposes or be required (including by contract or GDPR) to keep certain of information and not delete it (or to keep this information for a certain time, in which case BMAP will comply with the deletion request only after BMAP has fulfilled such requirements).
If you wish to access, delete (when applicable) or correct your personal information please contact: dpo (@) kanbanize.com. Please state clearly in the subject that your request concerns a privacy matter, and more specifically whether it is a request to access, correction or deletion. Bear in mind that we may ask for additional information to determine your identity.
You can at any moment unsubscribe from our newsletters and notifications, by sending a notification to dpo (@) kanbanize.com or by using the link in the mailings, but after that we shall not be able to provide you with the full set of BMAP Services, which includes regular update and information about our software and its features.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.
If you interact with our Clients and you seek to access, or correct, amend, or delete inaccurate data, especially when regarding data, entered or uploaded by Clients and/or Users/Individuals, you should address its inquiry directly to the Client because the Client is the data controller and we are only data processors. If the Client requests us to provide, correct or remove the Personal Information, we will respond to their request within 30 days, if the GDPR and our contract with the Client requires so.
Complaints, in case of conflict, can be addressed to dpo (@) kanbanize.com
If you file a privacy-related complaint, we will collect your name and/or company name, name of a complaint-related person, email, and country location and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and to send you an answer once your complaint is reviewed.
If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority of Bulgaria, which is the Commission for personal data protection. More information can be found at: www.cpdp.
You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).
Annex "Approved Subprocessors"
For Clients who have opted to use the EU Amazon Web Services, BMAP shall not use the services of US Amazon Web Services.
|
Type |
Subrocessor |
EU / Non-EU |
Client Data |
Comment |
|
Email server |
Superhosting |
EU |
Email-related data |
|
|
Hosting |
Amazon Web Services |
EU |
All application data |
Data center in Ireland. Client can request to move the Data to the EU data center. |
|
Hosting |
Amazon Web Services |
USA |
All application data |
Data center in USA. This is the default data center. |
Annex "BMAP Subprocessors"
|
Name |
Service |
Country |
|
HubSpot |
Customer relationship management |
USA |
|
Superhosting |
Email server |
BG |
|
Braintree |
Payment gateway |
USA |
|
Amazon Web Services |
Hosting services US |
USA |
|
Amazon Web Services |
Hosting services EU |
Ireland |
|
Freshbooks |
Billing software services |
Canada |
|
Zapier |
Cloud-based integration platform |
USA |
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.