Privacy policy for Android Host

Version 2.0 – 2018-05-25 (Android App related parts only)

0. Preface

Your privacy is important to us. As a provider of secure communications software and services, we know the importance of protecting your information. Thus, we have established this strong privacy policy to assure you that we will not misuse any information we receive about you. This policy applies whether you are a company, an organization, a government entity, an individual or any group of individuals.

0.1 Links to specific situations

0.2 Changes from previous versions

0.2.1 Changes from version 1.0

  • We are not asking for more permissions
  • The fundamental principles are not changed
  • There are now details sections for each of the situations where you give us information
  • Various formalities have been added or changed to comply with the EU GDPR
  • Because these changes are entirely to your benefit, they take effect without a 30 day delay.

5. Using our Android Host App (#AndHost)

5.1 Data collected from our Android Host App (If you don’t sign up for myCloud)

We collect little or no data from your use of this product:

  • On first run (and on later runs if it fails), the Host App may try to install an add on specific to the branding of your Android Device and its firmware, this download will be from either the App Market where you downloaded the Host App or directly from WiseMo servers. In either case, the Host App may also contact the WiseMo Servers for information about which add-on corresponds to the device. This provides us with your IP address, the device model and some technical information about the firmware version.
  • If the feature to check for software updates is enabled, the IP address and operating system and software version may be provided to our web servers in order to do that check, alternatively the App Market where you downloaded the Host App may do this checking itself without contacting us.
  • If you send us a support log or otherwise contact us for support, our #support privacy policy applies to that.
  • If you connect the product to our myCloud service, the myCloud section below also applies.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

5.2 How we use this data

We use the add-on selection and software update request data to provide you with the requested functionality, to identify missing add-ons and to keep the servers doing this running [GDPR 6(1) (b)]. We also use this data to maintain the security of our servers [GDPR 6(1) (f)]

5.3 Additional data collected if you add the Android Host App to a myCloud domain

When you use the myCloud service, it obtains uses and logs the following data from you:

  • The e-mail address and password of your myCloud login
  • The name of the device where the Host is running
  • (optional) the logged in user name on the device where the Host is running
  • The IP address and thus general geographic area of the device used
  • The Type, model, operating system and Web Browser (incl. versions) of the device used
  • The time and date
  • If and when a myCloud connection is requested to a Host
  • The amount of data transferred through myCloud and the duration of the connection.
  • The amount of usage that you paid for or are allowed to test under a Trial license
  • If you want or don’t want to also sign up for news e-mails, see our news e-mails privacy policy #newsmail.

You or the administrator users in you myCloud domain you can change or delete this data at any time except for the IP address, general area, device information and timestamp (those can only be deleted) and the internal master log files used by WiseMo for maintenance etc. (cannot be deleted). The amount of usage paid for can only be changed via payment transactions.

All remaining myCloud customer data except the internal master log files and our internal customer records (purchase history, e-mail, name, domain name) are deleted 8 to 400 days after the myCloud subscription (paid or trial) expires. Our internal customer records are kept for at least 5 years after the last commercial transaction.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

5.4 How we use this data

We use the e-mail address for password recovery, to send you important notifications (such as subscription expiry) and to communicate with you about account changes and purchase decisions [GDPR 6(1) (b)]. We use the above data to provide the functionality of the myCloud service (for example, we use the general geographic area to route connections through a nearby server), to provide other services (such as skin downloads) and to keep the myCloud servers running well [GDPR 6(1) (b)]. We also use this data to check that you do not use more than the number of clients that you paid for and to maintain the security of the myCloud servers [GDPR 6(1) (f)]

5.5 Data you may process via myCloud

You may cause the myCloud service to process the following data on your behalf. WiseMo acts solely as a processor of this data, using it only to perform the processing you request:

  • Data transmitted between Host and Guest (This data is end to end encrypted by default so we cannot see it, and we encourage you to not turn encryption off)
  • (optional) Any configuration data that you store in myCloud for deployment to devices.
  • (optional) The e-mail addresses of users you invite to join your myCloud domain.
  • (optional) The names and phone numbers of devices to which you deploy client software via e-mails or text messages.

You or the administrator users in your domain can change or delete this information directly as long as it remains in the active part of the service. The content transmitted (in addition to being encrypted) is not stored by WiseMo.

5.6 Additional data when you purchase myCloud usage or purchase a license directly

When you purchase (additional) myCloud usage licenses, or perpetual licenses for standalone use of the Android Host App, the privacy policy for our web shops (#shops) applies.

5.7 Data encryption by default

By default, data transmitted between Guest and Host products is encrypted end-to-end. You can turn this off if you want to, though this is not recommended. When you are not using our myCloud service, the data is not sent through our servers at all.

5.8 Android permissions

(Google policy requires us to repeat this information here)

  • Internet and Wi-Fi permissions: The purpose of our Host App for Android is to let you or your authorized users control it over Internet and Wi-Fi, so it obviously needs those Android permissions to do that
  • In-app purchase: To allow you to make a onetime purchase of a perpetual license from inside the app.
  • Permissions not included elsewhere on this list: These are for things you can access remotely using our Host App for Android, subject to your own choice of in-app security settings.
  • Bluetooth and Phone permissions: On some devices, our Host App for Android needs these permissions to determine the name and model of the phone, so your authorized users can select it for connections and see the proper model specific “skin” when you allow them to control your phone.
  • Google Cloud Messaging and SMS permissions: We may use Google Cloud Messaging and SMS to reduce mobile data and battery usage for myCloud subscribers
  • Root permission: On devices with this ability, we may use the root permission as an alternative to a brand-specific add-on and to extend the remote file transfer, terminal access etc. available to authorized users (subject to you own choice of in-app security settings).
  • Device Administrator Permission: Our Host application is for remote support and management (which is explicitly described in the app description on Google Play). When the Host is running, the device can be managed remotely from a WiseMo Guest module.On Samsung devices – and Samsung only – we are using the KNOX SDK (Samsung API) that provides additional vendor-specific functionality we find useful for our application. We are using the following permissions from the KNOX SDK:
    • android.permission.sec.MDM_SECURITY – to be able to reboot device remotely
    • android.permission.sec.MDM_REMOTE_CONTROL – remotely control device

    In order to obtain access to these APIs on Samsung our Host App for Android needs to be assigned as device administrator, therefore it needs to include “Device Administrator” permission in the App description (which is the same for all devices) as described in the Samsung KNOX SDK to get access to the Remote Control API and to be able to reboot the device

    Below are additional details about the device admin handling in our WiseMo Host app on Android:

    1. If the app runs on a Samsung device with KNOX SDK support, our application asks the user to accept assigning device administrator rights to our Host app. We do not ask the user to assign device administrator rights on non-Samsung devices.
    2. If the user accepts the Host app to run as device administrator, Host configures the KNOX SDK, so the device can be managed remotely. This will show some generic Samsung warnings about what other apps could do with that permission; we only use the “Allow Remote Control of device” part, which is the purpose of our WiseMo Host for Android. There will also be a second prompt about Samsung’s own privacy policy for this feature, which you may want to read as it is beyond our control.
    3. Because a user is not able to uninstall an app in “Application Manager” that is assigned device administrator rights (and able to understand – Uninstall is just grayed out), we have added a menu item to our app so the user easily can uninstall our app and hence revoke the Hosts device administrators privileges. Just click on the menu icon (3 dots) in the upper right corner and choose “Uninstall“.

5.9 Outsourcing

The add-on detection, update checking and myCloud services are partially outsourced to companies that operate under our command and within this policy, inside and outside the EU.

5.10 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

6. Using our Android Guest App (#AndGuest)

6.1 Data collected from our Android Guest App (If you don’t sign up for myCloud)

We collect little or no data from your use of this product:

  • If the feature to check for software updates is enabled, the IP address and operating system and software version may be provided to our web servers in order to do that check, alternatively the App Market where you downloaded the Host App may do this checking itself without contacting us.
  • If you send us a support log or otherwise contact us for support, our #support privacy policy applies to that.
  • If you connect the product to our myCloud service, the MyCloud section below also applies.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

6.2 How we use this data

We use the software update request data to provide you with the requested functionality and to keep the servers doing this running [GDPR 6(1) (b)]. We also use this data to maintain the security of our servers [GDPR 6(1) (f)]

6.3 Additional data collected if you add the Android Guest App to a myCloud domain

When you use the myCloud service, it obtains uses and logs the following data from you:

  • The e-mail address and password of your myCloud login
  • The name of the device where the Host is running
  • (optional) the logged in user name on the device where the Host is running
  • The IP address and thus general geographic area of the device used
  • The Type, model, operating system and Web Browser (incl. versions) of the device used
  • The time and date
  • If and when a myCloud connection is requested to a Host
  • The amount of data transferred through myCloud and the duration of the connection.
  • The amount of usage that you paid for or are allowed to test under a Trial license
  • If you want or don’t want to also sign up for news e-mails, see our news e-mails privacy policy (#newsmail)

You or the administrator users in you myCloud domain you can change or delete this data at any time except for the IP address, general area, device information and timestamp (those can only be deleted) and the internal master log files used by WiseMo for maintenance etc. (cannot be deleted). The amount of usage paid for can only be changed via payment transactions.

All remaining myCloud customer data except the internal master log files and our internal customer records (purchase history, e-mail, name, domain name) are deleted 8 to 400 days after the myCloud subscription (paid or trial) expires. Our internal customer records are kept for at least 5 years after the last commercial transaction.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

6.4 How we use this data

We use the e-mail address for password recovery, to send you important notifications (such as subscription expiry) and to communicate with you about account changes and purchase decisions [GDPR 6(1) (b)]. We use the above data to provide the functionality of the myCloud service (for example, we use the general geographic area to route connections through a nearby server), to provide other services (such as skin downloads) and to keep the myCloud servers running well [GDPR 6(1) (b)]. We also use this data to check that you do not use more than the number of clients that you paid for and to maintain the security of the myCloud servers [GDPR 6(1) (f)]

6.5 Data you may process via myCloud

You may cause the myCloud service to process the following data on your behalf. WiseMo acts solely as a processor of this data, using it only to perform the processing you request:

  • Data transmitted between Host and Guest (This data is end to end encrypted by default so we cannot see it, and we encourage you to not turn encryption off)
  • (optional) Any configuration data that you store in myCloud for deployment to devices.
  • (optional) The e-mail addresses of users you invite to join your myCloud domain.
  • (optional) The names and phone numbers of devices to which you deploy client software via e-mails or text messages.

You or the administrator users in your domain can change or delete this information directly as long as it remains in the active part of the service. The content transmitted (in addition to being encrypted) is not stored by WiseMo.

6.6 Additional data when you purchase myCloud usage

When you purchase (additional) myCloud usage licenses, the privacy policy for our web shops (#shops) applies.

6.7 Data encryption by default

By default, data transmitted between Guest and Host products is encrypted end-to-end. You can turn this off if you want to, though this is not recommended. When you are not using our myCloud service, the data is not sent through our servers at all.

6.8 Android permissions

(Google policy requires us to repeat this information here)

  • Internet and Wi-Fi permissions: The purpose of our Guest App for Android is to let you or your control other devices over Internet and Wi-Fi, so it obviously needs those Android permissions to do that
  • Files, media and “photos” permission: This is so you can use the storage to copy configuration and log files to and from other devices for backup or moving devices.
  • Bluetooth and Phone permissions: On some devices, our Guest App for Android needs these permissions to determine the name or model of the phone; this may be reported to the controlled host as an indication of who controlled it.

6.9 Outsourcing

The update checking and myCloud services are partially outsourced to the companies that operate under our command and within this policy, inside and outside the EU.

6.10 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

8. Buying licenses and subscriptions in our web shops (#shops)

This applies to paying for myCloud service subscriptions in the myCloud web interface and to our online shop for perpetual licenses

8.1 Data collected by our web shops

  • An e-mail address for electronic delivery (for myCloud, your myCloud login e-mail address is used).
  • (Optional) a password so you can log in to your previous shopping cart (for myCloud, your myCloud account password is used).
  • Your Name and Address
  • (Sometimes): Your phone number.
  • (For business customers) Your company name
  • (For business customers in the EU/EEA) Your company VAT registration number.
  • What currency you want to pay in
  • Your choice of product(s) to purchase.
  • (Optional) a coupon code for promotions etc.
  • A Credit or Debit card (with associated authentication data) for paying.
  • The IP address, browser and operating system you use to visit the web shop
  • (optional) If you want or don’t want to also sign up for news e-mails, see our news e-mails privacy policy (#newsmail)

Our internal customer records are kept for at least 5 years after the last commercial transaction.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

8.2 How we use this data

We use this data to complete the purchase transaction, electronically deliver the product and to apply the correct VAT rate for EU/EEA customers. [GDPR 6(1) (b)], we also use it for our general accounting, which may be inspected by auditors and authorities [GDPR 6(1) (c) and (f)] and to keep the web shop servers running and secure [GDPR 6(1) (f)].

Your credit card data is collected and processed exclusively by a professional 3rd party payment gateway (DIBS, Subsidiary of Nets) which has been certified by banks /credit card companies to handle such information (VISA/MasterCard PCI certification). WiseMo does not have access to your detailed Credit Card information and we cannot and do not use it or store it. We only have access to truncated information for use on receipts and confirmations that the payment has been completed successfully.

8.3 Outsourcing

The credit card processing is fully outsourced to the DIBS subsidiary of Nets in Denmark (EU)

The shop servers and our accounting are partially outsourced to processors and sub-processors inside and outside the EU.

8.4 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

10. Signing up for our news mails (#newsmail)

This applies to providing your e-mail to us as a contact that we can send news and offers to

10.1 Data collected when you provide your e-mail address to our mail lists

  • An e-mail address
  • An indication if you want to receive news emails to this address. For myCloud, you will be asked about this up front and can change it in the web interface. For other sign up methods, you will have to contact us at unsubscribe@wisemo.com to change your consent.
  • Whether or not your consent was given via a separate option or was implied by another contact with WiseMo
  • (optional) Your name
  • (optional) Your country and maybe state
  • The IP address, browser and operating system you used to sign up or change this if done via a web interface.

We keep this data until you unsubscribe.

10.2 How we use this data

We use this data to send you the news e-mails with your consent [GDPR 6(1) (a)] and to keep our servers running and secure [GDPR 6(1) (f)].

If your consent was given or updated explicitly, your name and e-mail may also be shared with our channel partner serving your geographic area so they can serve you locally. They may only use this information as long as they remain our channel partner for your geographic area. [GDPR 6(1) (a)]

10.3 Unsubscribing

To stop receiving news e-mails, just tell us at unsubscribe@wisemo.com (send from the address you want unsubscribed).

10.4 Outsourcing

The mail and subscription web servers are partially outsourced to processors and sub-processors inside and outside the EU.

10.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

11. Contacting support (#support)

This applies when you contact us in any way (web form, e-mail, phone or otherwise) about a practical or technical problem with our products or how you use them.

11.1 Data you provide us with a support request

  • An e-mail address (preferred) or other way to reply to your request.
  • (Optional) Your name etc.
  • Which product(s) this is about.
  • What kind of license you have to use our products (if applicable).
  • The myCloud domain you use (if any).
  • Your description of the problem and answers to our questions.
  • (optional) Any technical log files, screenshots and other data you may send us.
  • (optional) Access to your affected device.
  • The IP address, browser and operating system you used to make the support request if done via a web interface.

Support cases are often kept indefinitely to help us not repeat our own mistakes.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

11.2 Information we may gather ourselves for a support request

With your request (and thus consent) to help you, we may ourselves gather some or all of the following information about you:

  • Any additional data we may have on file about you, such as accounts and purchase history.
  • Any internal or user visible logs our servers have about your (attempted) access to our servers.
  • Any data you have stored with us for processing if that seems relevant to your questions. This is considered part of the processing that you requested, specifically in the form of that support request.

11.3 How we use this data

We use this data to satisfy your request support, and if applicable fix any related issues in the quality of the products and services you licensed from us [GDPR 6(1) (b)]. We also use the information to keep the support request handling servers (mail servers, support web forms etc.) running and secure [GDPR 6(1) (f)]. We may also use the information to fix or prevent similar issues in products that you have not chosen to license from us, in the hope that you might do so later [GDPR 6(1) (b)].

11.4 Outsourcing

The support request handling, including personnel, web and mail servers are partially outsourced to processors and sub-processors inside and outside the EU.

11.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

14. Receiving an e-mail with a preconfigured product (#configmail)

These messages are a suggestion that you install a version of our software preconfigured to provide access for a specific WiseMo customer (“the domain customer”). DO NOT ACCEPT OR INSTALL THE SOFTWARE IF YOU DO NOT KNOW AND TRUST THE DOMAIN CUSTOMER WHO REQUESTED THAT IT WAS SENT TO YOU, IT WILL TYPICALLY GIVE THEM FULL AND UNLIMITED ACCESS TO YOUR DEVICE OR COMPUTER!

14.1 Data we have about you when you get the mail

All of this information is controlled and provided by an existing administrator user of that existing domain.

  • The name of the myCloud domain you are being asked to join
  • The configuration included in the product sent
  • Which WiseMo customer is responsible for that myCloud domain (“The domain customer”)

The e-mail was sent directly by the domain customer, not by WiseMo, we do not know who you are or what your e-mail address is.

All remaining myCloud customer data except the internal master log files and our internal customer records (purchase history, e-mail, name, domain name) are deleted 8 to 400 days after the myCloud subscription (paid or trial) expires. Our internal customer records are kept for at least 5 years after the last commercial transaction.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

14.2 How we use this information if you do nothing

If you do nothing about the message, we used the information only to be ready in case you (or another recipient) accept the preconfigured software. We do all this on behalf of the customer responsible for that myCloud domain (“The domain customer”); the domain customer stored the configuration, sent it to you, determined the configuration and can remove it again. That domain customer might also send you more than one preconfigured product. All of this is generally between you and the domain customer, however if you cannot contact the domain customer directly, you may contact WiseMo support for assistance in doing so (subject to our #support privacy policy).

However we may use data about the storing of configuration to service the domain customer at their request [GDPR 6(1) (b)] and use related log data to keep our servers running and secure [GDPR 6(1) (f)] and to take precautions against abusive (spam like) sending of such messages. [GDPR 6(1) (f)

14.3 How we use the information if you accept the software

If you accept the invitation, you become a user of our myCloud service subject to our #myCloud privacy policy. YOU ALSO ACCEPT THE CONFIGURATION PROVIDED BY THE DOMAIN CUSTOMER AND HOW THEY MIGHT USE THE ACCESS TO YOUR DEVICE; THIS IS BETWEEN YOU AND THE DOMAIN CUSTOMER.

14.4 Outsourcing

The storage and download of preconfigured products is partially outsourced to processors and sub-processors inside and outside the EU.

14.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

15. Receiving an SMS with a preconfigured product (#configsms)

These messages are a suggestion that you install a version of our software preconfigured to provide access for a specific WiseMo customer (“the domain customer”). DO NOT ACCEPT OR INSTALL THE SOFTWARE IF YOU DO NOT KNOW AND TRUST THE DOMAIN CUSTOMER WHO REQUESTED THAT IT WAS SENT TO YOU, IT WILL TYPICALLY GIVE THEM FULL AND UNLIMITED ACCESS TO YOUR DEVICE OR COMPUTER!

15.1 Data we have about you when sending you the text message

All of this information is controlled and provided by an existing administrator user of that existing domain.

  • Your name and phone number (obviously)
  • The name of the myCloud domain you are being asked to join
  • The configuration included in the product sent
  • Which WiseMo customer is responsible for that myCloud domain (The domain customer)
  • The e-mail address of the domain customer (included in the text message)

All remaining myCloud customer data except the internal master log files and our internal customer records (purchase history, e-mail, name, domain name) are deleted 8 to 400 days after the myCloud subscription (paid or trial) expires. Our internal customer records are kept for at least 5 years after the last commercial transaction.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

15.2 How we use this information if you do nothing

If you do nothing about the message, we used the information only to send you this message and to be ready in case you accept the preconfigured software. We do all this on behalf of the customer responsible for that myCloud domain (“The domain customer”); the e-mail of the domain customer is stated in the text message. The domain customer requested the sending of the configuration, determined the configuration and can remove it again. That domain customer might also send you more than one preconfigured product. All of this is generally between you and the domain customer, however if you cannot contact the domain customer directly at their stated e-mail address, you may contact WiseMo support for assistance in doing so (subject to our #support privacy policy).

However we may use data about the sending of the preconfigured product to service the domain customer at their request [GDPR 6(1) (b)] and use related log data to keep our servers running and secure [GDPR 6(1) (f)] and to take precaution against abusive (spam like) sending of such messages. [GDPR 6(1) (f)

15.3 How we use the information if you accept the software

If you accept the invitation, you become a user of our myCloud service subject to our #myCloud privacy policy. YOU ALSO ACCEPT THE CONFIGURATION PROVIDED BY THE DOMAIN CUSTOMER AND HOW THEY MIGHT USE THE ACCESS TO YOUR DEVICE; THIS IS BETWEEN YOU AND THE DOMAIN CUSTOMER.

15.4 Outsourcing

The sending of preconfigured product messages is partially outsourced to processors and sub-processors inside and outside the EU.

15.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

Common part (#common)

16. General exceptions

Regardless of the rules above, the following situations are exempted:

16.1 Your requests

If you ask us to do something that requires that we access your data, we may access your data to do so.

Similarly, if you explicitly grant us additional permissions beyond those in this policy, those permissions apply to your data regardless of this policy. [GDPR 6(1) (a)]

16.2 YouTube videos and App stores

  • If you click to play any of the YouTube videos on our websites, your browser will connect directly to Google’s YouTube service, and they will probably set cookies and otherwise collect data on your visit. This is between you and Google, and is beyond our control.
  • If you follow any of our links to online App stores, such as Apple’s App Store or Google’s Play store, you will be connecting directly to those stores and they will probably collect data on your visit. This is between you and that App store, and is beyond our control.

16.3 Law enforcement

If the applicable authorities make a valid legal request requiring us to reveal some of your data, we may comply with such requests regardless of this policy. We are not responsible for the actions of Law enforcement agencies and/or their officers. [GDPR 6(1) (c)]

16.4 Self-defense and exigent circumstances

If we believe in good faith that you are harming or threatening us or the systems and services we use, including but not limited to unreasonable overloads, sending unsolicited bulk email (“Spam”) etc., we may disregard this policy to investigate and protect ourselves. The same applies if you appear to be using our systems or services to do so to others. [GDPR 6(1) (d) and (f)]

16.5 Non-payment etc.

If you fail to pay our invoices on time or a payment bounces, we may use any information at our disposal to locate you and identify you for debt collecting purposes, regardless of this policy. The same applies if you attempt to deceive us in any way. [GDPR 6(1) (f)].

16.6 Imposters

If you or a 3rd party pretend to be someone else, we might erroneously act in reliance on the truthfulness of such pretense, thus accessing, using or sharing data in a way that would have been permitted only if the pretense was the truth. Additionally we might use any information at our disposal to discover or prevent such a situation, but do not warrant that we will always succeed in doing so. If we discover that we have actually processed or shared your data with an imposter, or that it has otherwise been compromised, we will attempt to contact the real you as soon as practically possible. [GDPR 34]

16.7 Subcontractors

We may employ subcontractors and processors to work on our behalf, and so may you. Such subcontractors are allowed to do what their principal may do and each party is responsible for actions legitimately done on their behalf. [GDPR 28 et seq]. All processors and sub-processors working for WiseMo are contractually required to only process data as we tell them to (and we are bound by this policy). Furthermore, any processors and sub-processors working for WiseMo outside the EU (and countries ruled adequate by the EU) are required to sign standard data protection clauses as an appropriate safeguard [GDPR 46(2) (c) or (d)]

16.8 Backups

Our major system and database backups may naturally contain (partial) data that has otherwise been deleted due to being on the same storage or in the same image as non-expired data. [GDPR 32(1) (b)]

 

17. Your general rights

In accordance with the EU GDPR, you have at least the following statutory rights:

  • You have the right to a copy of the personal data we have on you. For most such data you can see the data directly in the relevant web interfaces, contact us at info@wisemo.com for copies of other personal data we have on you.
  • You have the right to correct any wrong data we may have on you. For most such data you can change it yourself in the relevant web interfaces, contact us at info@wisemo.com for corrections to other data.
  • You have the right to have much of your data deleted from our systems. For most such data you can delete it yourself in the relevant web interfaces, contact us at info@wisemo.com for deletions of other data.
  • In the special cases listed in GDPR article 18 you have the right to demand that we restrict processing of your data without actually deleting it. Such formal demands shall be sent to both info@wisemo.com and abuse@wisemo.com.
  • You have the right to object to our otherwise legal processing of your data, send you objection to info@wisemo.com
  • You have the right to receive your main data in a common format suitable for data interchange and to have us send that data to another company on your behalf. Send such requests to info@wisemo.com
  • You have the right to lodge a formal complaint with the authorities as explained under Disputes
  • You may have additional statutory rights that cannot be waved.

18. Disputes, choice of law etc.

18.1 In case of dispute

If you have any questions regarding this policy or believe someone is not complying with it or otherwise using your information unlawfully, you should contact us at our complaints address abuse@wisemo.com, or contact our CEO directly. Both you and we shall be prepared to negotiate a reasonable amicable solution and seek to avoid formal legal proceedings.

Additionally, you have the right under the EU GDPR to lodge a formal complaint with the Danish Data Protection Authority (Datatilsynet) at www.datatilsynet.dk or to the data protection supervisory authority in the EU/EEA country where you reside. [GDPR 77].

18.2 Choice of law

This policy shall be construed and interpreted according to the laws of the Kingdom of Denmark, except for those rules that would specify a different choice of law and/or venue. In particular, this policy is subject to the EU GDPR, the additional rules in the various data protection laws of Denmark as well as the statutory and customary limits on financial damages.

18.3 Choice of venue

If a formal legal dispute related to this policy is to be settled by formal mediation or court proceedings, such proceedings shall be brought before the courts or other legal institutions having ordinary geographical jurisdiction over the primary residence or place of business of the party against whom such proceedings are brought. Unless otherwise agreed, the primary residence or place of business of each party is the one specified in pre-dispute business communication amongst the parties or (at the other party’s choice) the place specified in pertinent official public records. This does not apply to formal complaints to the data protection supervisory authorities, where the EU GDPR Chapter VI to VIII determines the choice of venue.

18.4 Attorney’s fees etc.

If a matter is settled without formal legal proceedings, neither party shall be required to pay any attorney’s fees or other case handling fees of the other. If formal legal proceedings are brought, the prevailing party shall be entitled to payment of actual reasonable attorney’s fees, legal fees, actual court fees etc.

18.5 LIMITATION OF LIABILITY

LIABILITY UNDER THIS POLICY IS LIMITED TO AT MOST 1000 DANISH KRONER UNLESS A HIGHER LIMIT (OR NO LIMIT) IS REQUIRED BY APPLICABLE LAW. LIABILITY RELATED TO PAID PRODUCTS OR SERVICES IS ALSO LIMITED TO THE PRICE ACTUALLY PAID. LIABILITY IN THE UNLIKELY EVENT OF ACTUAL DEATH OR ACTUAL BODILY HARM IS ALSO SUBJECT TO THE STATUTORY LIMITS OF DANISH LAW.

 

19. How to contact us

Should you have other questions or concerns about these privacy policies, please contact us at info@wisemo.com .

 

20. Changes to this policy

Each non-draft version of this policy shall be identified by a version number and date of publication, both of which shall be increased upon any change. Changes that entirely benefit you, or merely change our location or contact address take effect immediately upon publication. Changes that go beyond that take effect 30 days after publication.