Privacy Policy

Introduction

As the SPN product/service provided by Safing ICS Technologies GmbH is a new service, and one of a kind at present, the following Privacy Policy is comprehensive, it has been compiled to better serve those who have concerns about how their ‘Personally identifiable information’ (pii) and other data is being used online.

Pii, is used in privacy law and information security around the world and is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. We do apologise for the length of our policies; however, it is necessary to cover new ground.

Please read this privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our services.

We have been open and transparent on the ways we collect, hold, use, and protect your PII/data, should you have any concerns arising from this privacy policy, please use the contact email address in Article 19. to contact us, we are always happy to hear your comments and suggestions.

Contents

Article 1. Where we collect Data/PII from

At present, Safing ICS Technologies GmbH runs four (4) services, these are as follows, Website, Forum, SPN, and Portmaster update server: these services collect different levels of data, however we aim to collect as little as possible, and all data received by us is treated with the strictest of confidence with privacy always in mind, all data is held securely.

Article 2. Personal Identifiable Information & Data we collect

Although the information collected is basic and may not be classed as PII, we treat all data with the same respect and as such have listed all the data, we collect from the services we provide.

Website:

The data we collect from Website Visitors:

Includes Domains: https://safing.iohttps://docs.safing.io

No tracking, analytics, are currently used. Should this change, we will update this privacy policy in compliance with Article 18..

Forum:

At present the forum is run on a third party service, however, with respect to being open and transparent, our forum when running, is usually on the Reddit platform, we have no control on how their service collects, stores, shares, handles, or uses data, and as such, you are advised to read any and all privacy policies of the sites you intend to use.

Portmaster:

Software running on customers' PC – AGPLv3 License. Please read Article 9. of the Terms of Service. This does not collect, handle, or store any personal identifiable information, except for a per-device API-Token if logged into the SPN, during the SPN login the user/pass is sent to our Customer Hub to retrieve the API-Token, this is never stored, by default no data is collected or processed.

We intend that in the future, opt-in and privacy preserving telemetry functions will be offered to our subscribers.

SPN:

The customer hub holds all data relevant to the administration of our SPN subscription and service to you, and although it is not all classed as PII, the information gathered and stored is as follows and includes the domain: https://account.safing.io

  • Transaction identifier from payment gateway.
  • IP address, this is masked and only held for technical reasons for the period of 24 hours, and then deleted.
  • User name, supplied by you, not your real name.
  • Email address, required for some payment methods, our contact with you for account related information.
  • Country, and country calling code, required for Austrian taxation law.
  • Password, always stored in an encrypted (hashed) form.
  • Survey answers, development purposes for site and service enhancement.

Surveys:

Safing ICS Technologies GmbH run surveys both continuous and in limited time scope in order to best know and understand the needs of our customers, these are used for development and enhancement of our services, data supplied by users is kept until a user deletes it, these surveys only collect basic information and not PII, by way of example and not limited to, "Which Operating Systems do you use?".

Newsletter:

Safing ICS Technologies GmbH periodically sends out a newsletter, when signing up to this service, you agree that Rapidmail will store your email address, and that we have access to said email address. Rapidmail is a GDPR compliant company based in Germany, to read their privacy policy and how they deal with your PII, please follow the link below.

https://www.rapidmail.de/datenschutz

As with any third parties, we take no responsibility for your actions when using said services, it is within your best interests to read all policies on the third party sites you use or visit.

Article 3. How we store and protect your PII & Data

Data Storage:

Data is stored in a protected database on a specially guarded server. The server is operated by us and hosted by Hetzner.

Data Linking:

Information/data used for the purpose of linking payments to a specific user to enable services are as follows:

  • Valid email address, if or when required.

  • User name, not your real name.

  • Payment identifiers, transaction code sent to us via the payment gateway used.

Data Retention:

we are required by law to keep payment records for a period of 7 years, for taxation purposes, even in the event that the account is deleted, we are required to keep the transaction identifiers for this period.

Payment records are only linked to your account until it is deleted, or expired, they then become orphaned and cannot be linked back to your account.

Payments of up to 400€ (incl. Taxes) do not require customer information, i.e. your invoices will be anonymous.

Data Protection:

In Transit: All traffic between the Customer and Safing ICS Technologies GmbH is encrypted using modern Transport Layer Security (TLS). TLS is a cryptographic protocol designed to provide communications security over a computer network and aims primarily to provide confidentiality and data integrity between two communicating computer applications.

At rest: Hot data (in use) is protected on our server, cold data (backups) are encrypted.

Article 4. How we use your PII & Data

The information collected whilst subscribing to the SPN or using the website is basic in nature and only used for the specific reasons of software development and the administration of your account.

  • Valid email address. If or when required, Used for the administration of your account.

  • Transaction identifier, sent by payment gateway. Used for the administration of your account.

  • The internet browser and operating system you are using. Used for software development purposes.

  • The language set by the browser. Used for software development purposes.

  • The part of the IP address that designates country. Used for software development and administration purposes.

  • Referrer. How did you find the site? Used for software development purposes.

Article 5. Third party websites and links

  • Hetzner. Hosting Provider.

  • GitHub. Hosting Provider.

  • PayPal. Payment gateway.

  • Stripe. Payment gateway.

  • Sparkasse Baden: Bank. Payments, wire transfer.

Article 6. Third Party Disclosure

We do not sell, trade, or otherwise transfer to outside parties, your personally identifiable information. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential as per their privacy policies and terms of service.

Information we gain through payment gateways for the purpose of linking to your account are limited to transaction identifiers, please refer to: Article 3. (how we protect your PII Data).

We may release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, privacy, or safety.

Article 7. General Data Protection Regulation (GDPR) explained

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it is now implemented in many countries worldwide, it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018, and grants users’ certain rights under the GDPR policy, these are set out below and clarified in Article 16., alternatively, to read more about GDPR please visit the following link:

https://gdpr-info.eu/

In line with the GDPR, we collect and process the data outlined in this Privacy Policy on the following grounds, for the purposes of fulfilling our contractual obligations to users, including:

  • Providing users with the Services they have requested.

  • Managing user subscriptions and processing payments.

  • Providing customer support.

For a legitimate interest associated with the operation and development of our services and business, including:

  • Enhancing the quality, reliability, and effectiveness of our website and Services.

  • Communicating with customers to provide information and feedback related to our Services and website.

  • With the consent of users, which users can withdraw at any time.

You can exercise your rights under the GDPR to access, transfer, correct, delete, or object to the processing of your personal information by contacting us at:

support@safing.io

Article 8. California Online Privacy Protection Act, (CalOPPA) explained

CalOPPA is the first state law in the United States of America to require commercial websites and online services to post a privacy policy.

The law’s reach stretches well beyond California and requires a person or company in the United States (and conceivably the world) that operates websites/online services collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website, that states exactly the information being collected and those individuals with whom it is being shared. If you would like to read more about this policy, please visit:

https://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

in conjunction with CalOPPA, we agree to the following:

Users can visit our site anonymously, but will need to subscribe to the service, to use said service. Users will be notified of any privacy policy changes as and when they happen and can keep up to date by clicking the link named, (Privacy Policy) at the bottom of our home page. To see what data, we collect from subscribers please refer to: Article 2. Personal Identifiable Information & Data we collect.

Article 9. Fair Information Practices, explained

The Fair Information Practices Principles, form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the world, understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

• We will notify the users via email within 1 business day.

• We will notify the users via in site notification within 1 business day.

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

Safing ICS Technologies GmbH will not share or dispose of member’s information to third parties as per the data protection act 1998, this can be read by following the link below:

https://www.legislation.gov.uk/ukpga/1998/29/data.pdf

Article 10. Children’s Online Privacy Protection Act (COPPA)

The SPN provided by Safing ICS Technologies GmbH is in no way targeted for use in any way shape or form towards minors/children under the age of 18 years, however, as our service does not require data upon subscription concerning age, real name, or home address, we cannot, and will not be held responsible for your child’s actions whilst online, all data collected by us is treated in the same manner, protected behind numerous layers of encryption, used to provide the service to you, and not shared with any third parties.

Article 11. Do not track

In conjunction with CalOPPA and the 2013 amendments, we do not track users of our SPN (Safing Privacy Network), in this case we do not respond to, do not track signals or requests from you, on the understanding that, our service does not track users’ actions or usage whilst on the SPN service. Please read Article 13. No logs policy.

Article 12. Mobile devices

At present we do not provide any mobile applications for our services, however as it is possible to connect to our SPN service using your mobile devices internet browser, the following applies: We do not track, or collect any data from your mobile devices other than information provided by you to subscribe to our service, please refer to: Article 2. Personal Identifiable Information (PII/Data), we collect, and Article 3. How we store and protect your PII/Data.

Article 13. No logs policy

We do not log or store records on user activity using our SPN Service, we are committed to your privacy and DO NOT collect or log browsing history, traffic destination, data content, IP addresses, or DNS queries from Subscribers connected to our SPN.

For the avoidance of all doubt, should any government body or law enforcement agency compel Safing ICS Technologies GmbH to release such subscribed user information, listed above, we cannot supply this information as the data does not exist, and is therefore not in our possession.

Article 14. Cookies

Our service uses cookies required to operate, by way of example and not limited to, when logging in, below you will find an explanation on our cookie usage. Cookies used on our site are on site only; we do not use third party cookies, or transmit information collected, information collected by our cookies are used on our service only.

What are cookies?

Cookies are small text files which a website/service may put on to a member’s computer or mobile device when you first visit a site, service, or page. The cookie helps the website, to recognize your device the next time you visit. There are many functions cookies serve, for example they can help us to remember your username and preferences.

Session cookies last only for the duration of your visit and are deleted when you close your browser, these facilitate various tasks such as allowing a website/service to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality.

Persistent cookies last after you have closed your browser and allow a website to remember your actions and preferences. Sometimes persistent cookies are used by websites/services to provide targeted advertising based upon the browsing history of the device, we DO NOT use targeted advertising cookies of any description.

What do we use cookies for?

We use first party cookies (our own) on our services, for the following purposes:

Login: Once you login to our website/service, a cookie is set containing your encrypted credentials, required to recognize you between page visits.

You can disable this cookie by deselecting “Remember me” in the login form.

Session: Upon first visit of our website/service, the system will create a new unique session for you which will be saved using a cookie on your computer.

Sessions are required to recognize users between page accesses. It is a temporary cookie which will be deleted once you close your internet browser.

Third-Party Services: Displayed ads or sharing content through social networks or comparable actions might cause a cookie created by them, we DO NOT use third parties in that respect, therefor cookies in this category can only be added by the member using a third-party site etc. this is not recommended by Safing ICS Technologies GmbH.

How to disable or delete cookies?

Your internet browser offers specialized options to manage and remove cookies and also offer settings to reject many or all cookies. Please refer to the instructions for your internet browser from the list below.

Article 15. Third party behavioural tracking

Our SPN service DOES NOT use third-party tracking in any form, however, sites we may direct you to during subscription, by way of example only, the payment gateways we use, Stripe, PayPal, or wire transfer, may use such tracking on their services, for the avoidance of all doubt, it is your responsibility to check any third party sites you visit and read their privacy policy.

Article 16. Data request

In compliance with the GDPR, you can request a list of the information we hold on your account, however at this time it is best to remember that any information held by us, is the information freely given by you when you subscribe to our services, in this case data requests must be made using the information given to us, by way of example only, email address if used, in an email, requesting the information to:

support@safing.io

As the data we collect is solely used to run and administer your account, you can ask at any time for us to stop processing, or to erase the data held on your account, however in these aforementioned cases, this will result in the removal of your account from our services, this course of action does not automatically trigger a refund under Terms of Service. Article 10 your right to cancel, and Article 11 refunds. For cases of this type please contact us with your request at:

cancellations@safing.io or support@safing.io

for the avoidance of all doubt, we are a company based around privacy and security, any and all data collected on a members account is basic, by way of example only and not limited to, a verifiable email address, if required, and transaction id’s, these are protected behind encryption.

Information/data held by us on any subscriber is basic and minimal, any and all data requests made by Government, or law enforcement agencies can be applied for, however, this is in the form of single account data only and not by block.

By forwarding the required paperwork, in this case, a written request and reason, with a current court order covering the correct jurisdiction attached, Safing ICS Technologies GmbH will comply with the law, applied by the Austrian court’s jurisdiction under European law.

Article 17. Jurisdiction and Applicable Law

As Safing ICS Technologies GmbH is registered in Austria, any and all disputes will be decided only through the Austrian court system following European law as our guideline. It is important to note: the SPN provided by Safing ICS Technologies GmbH does not collect any IP addresses, browsing history, traffic data, or DNS queries that could be used to identify any specific user.

Article 18. Amendments to the Privacy Policy**

This privacy policy is classed as a living document, and will change from time to time due to changes in laws concerning privacy around the world, as such we reserve the rights to amend/change our Privacy Policy as and when required, without prior notice to you, to remain consistent with applicable privacy laws and principles.

As your continued use of the website or Services constitutes your acceptance of our Privacy Policy, we recommend that subscribers check for updates and reads said content of any amended policies we might make in the future.

Article 19. Contact

If you have any questions regarding our Privacy Policy and how we handle your information, please feel free to contact Safing ICS Technologies GmbH at the email address below, please state your enquiry in as much detail as possible and we will reply as soon as we can, normally within 24 hours of receipt of request:

privacymatters@safing.io

please note: whereas we cannot change our policies to suit every individual, we will listen to your concerns and reply in a timely manner.

Thank you for taking the time to read our policies on how we operate our service and collect, use and protect all of your data.

© Safing ICS Technologies GmbH
2020
All rights reserved.