DEFA Privacy Policy

Endorsed 25.05.2018

1. Introduction

DEFA Group (‘DEFA’) is committed to data privacy and protection. This Privacy Policy applies to all personal data DEFA collects from you, through our interactions with you and through our Products and Services including how we use and protect that data. DEFA is the controller of this data.

This Privacy Policy does not apply to the data you input to our Products and Services, or the files generated whilst using our Products and Services i.e. ‘Your Content’. You act as the controller of ‘Your Content’.

This Privacy Policy applies to all websites (‘Sites’) which are run by, or under the control of, DEFA and our Products and Services. It does not apply to any ‘Third Party Services’ including applications or software that integrates with our Sites, Products and Services.

DEFA is following the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’).

2. Processing of personal data and purpose

When a subscriber (any person who uses a Service) installs, runs and uses our Services we collect data on the following;

– Information provided by the Subscriber:
DEFA collects the name, email address and phone number of a Subscriber

– Cookies:
DEFA may collect information about your use of our Services through the use of cookies, pixels, tags or similar technologies. (See point 6. below for further information on cookies)

– Location data:
DEFA uses a mobile device’s location services which, depending on the device and available services, uses a combination of cellular, Wi-Fi and GPS to determine a location.

– Device information:
DEFA collects information about the device’s operating system, device identifier, sensors, carrier, language, battery performance, Wi-Fi or other network connections and other data that you permit the App to access on your device including through permissions on your device (e.g. Google Play on Android).

– Processing for the purpose of providing a service from DEFA
DEFA is processing personal data about the Subscribers of a Service on behalf of our Customers, for the purpose of operating the Service.

For the processing, for these purposes DEFA is regarded as the processor of the personal data on behalf of the Customers. The Customers are regarded as the controllers of the personal data.

– Processing for the purpose of developing/improving a service from DEFA
From DEFA’s agreement with the Customer, DEFA may process personal data about the Subscribers for DEFA´s own purposes, provided that DEFA has obtained a freely given consent from the Subscribers. This consent will be obtained electronically when the Subscribers sign up to use a Service.

DEFA will process the Subscribers’ personal data for various purposes:

• Customer service/support: we may use a Subscribers contact information, device information and usage data in connection with our customer service.

• Product activation: We use data, including device and application type, location, and unique device, application, network and subscription identifiers to activate software and devices that require activation.

• Developing the user experience: data we collect may help us improve our overall user experience.

• To improve DEFA’s services: we may use our Subscribers personal information to create a better understanding of who are our users and how they use our services. This data helps us to improve our services to fit better to our users’ needs.

• Marketing and Event Communication: We use personal data to deliver marketing and event communications to you across various platforms, such as email, direct mail, online social media and via our Sites. We also may send you invitations to trade shows or trainings relating to our Products and Services that occur nearby you, based on your address.

Third parties may also market to you on our behalf based on your use of their third-party services. For example, when you grant permission through your mobile device’s system settings. Once you give permission, the Third Party may use your mobile device’s GPS, Bluetooth or Wi-Fi connections to serve information about DEFA, You should consult and review the relevant third-party privacy statement or policy for information on their data processing practices.

If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. We also maintain email preference centers for you to manage your information and marketing preferences. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.

3. How data is shared

DEFA’s policy and that of its affiliates will be to protect the user’s information both online and off-line. Information retrieved or provided to us by using our apps, web pages or through any other communication platforms is restricted to only those employees, contractors or sub-contractors of DEFA who have valid reasons to access this information to perform any Service you have requested or authorized.

DEFA will not share your personal data to any other third party, unless:

• Subscriber has clearly granted us a permission to do so

• Applicable law requires us to share your personal information

DEFA may share your personal data in the following circumstances to:

• DEFA controlled contractors or sub-contractors, located both within and outside of your country, including outside the European Union (in this event we will use appropriate legal frameworks to operate data transfers)

• DEFA controlled Service providers who perform functions on our behalf, located both within and outside of your country, including outside the European Union (in this event we will use appropriate legal frameworks to operate data transfers) for example, sharing payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud/credit risk prevention and reduction.

• DEFA controlled agents and representatives, located both within and outside of your country, including outside the European Union (in this event we will use appropriate legal frameworks to operate data transfers) who sell or resell products/provide Services on our behalf.

4. Data Security

DEFA is committed to protecting the security of your personal data. We use commercially reasonable physical and technical safeguards/security controls to secure your data and implement organisational security policies, procedures and employee training.

DEFA reserves the right to use third party vendors and cloud hosting services. We require those parties to whom we transfer personal data, to comply with the same data security measures. In some cases, we may need to disclose or transfer your personal data within DEFA or to third parties in areas outside of your home country. When we do this, we take steps to ensure that personal data is processed, secured, and transferred according to applicable law.

5. Data Retention

DEFA retains personal data for as long as is necessary to provide the services you have requested, and for purposes such as compliance with legal obligations. We are required by Law to retain some types of information for certain periods of time such as financial records, personal data will be deleted or anonymised thereafter.

6. Subscriber’s rights regarding personal data

Subscribers have choices about the data we collect. When you are asked to provide personal data that is not required for the purposes of providing you with our Products and Services, you may decline. However, if you choose not to provide data that is necessary to provide a Service, you may not have access to certain features, Sites, Products, or Services.

DEFA aims to keep all personal data we hold accurate and up to date. However, If you believe that the information we hold about you is incorrect or out of date, please contact dpo@defa.com

DEFA uses cookies (small, often encrypted, text files that are stored on your computer or mobile device) or similar technologies to provide our Products and Services and help collect data. The following explains how we use cookies to collect information about the way you use our Sites, Products and Services, and how you can control them.

Cookies at defa.com is used to collect data anonymously. They are used to, unless otherwise specified, collect user statistics and language settings.

Types of cookies used at defa.com:

Google Analytics:
Google Analytics is a very common tool for analysing user behaviour on websites. This is a free service from Google that enables the site owner to monitor the number of visitors, page views, traffic sources, length of visits, the geographic location of visitors (area) and more. To store information about visitors, Google uses a javascript, which in turn stores 6 different types of cookies. These cookies are used to track usage patterns on the site. The types of cookies are as following:

__utma: Is stored for 2 years after the last visit.
__utmb: Is stored for 30 minutes after the last visit.
__utmc: Is stored until the browser is closed.
__utmz: Is stored for 6 months after the last visit.
__utmv: Is stored for 2 years after the last visit.
_ga: Is stored for 2 years after the last visit.

Google Remarketing:
When you visit a website, a cookie is stored in your browser. When you visit other sites, ads from the site you first visited is retrieved and displayed in available ad spaces. These ads are designed to be relevant to your interests and needs. If no cookie is stored in your browser, another ad, which might not be relevant to you, is displayed instead.
The names of cookies used for Google Remarketing may vary between _drt_, FLC and exchange_uid. The sender is always doubleclick.net and this is the address you should look for in order to find the cookies we use.

Facebook Pixel:
The Facebook Pixel is used to collect anonymous data about the usage patterns and interests of users. Individual users can not be identified by using this data. The purpose of the Facebook is to provide users with relevant ads and information on Facebook and on other media outside defa.com.

What data is being processed:
At defa.com, data is processed using the methods described above.

The purpose of data processing:
The purpose of processing this data, (except login information), is not to identify you as a user, but to create a better, more intuitive and more relevant experience or all users.

Who processes the data:
Unprocessed cookie data has no value, as they only store a random identification number. Meaningful data can only be retrieved by connecting these numbers in a database for processing. The owners of defa.com, hereby confirm that this data will only be processed following the strictest standards, and that it will only be used for the purposes described above. Identification of individual user will only be required in situations where this is strictly necessary, as when creating an account, logging in or purchasing a product.

General information about cookies:
Cookies are small files that are stored by your browser on your computer or device. Cookies will not be transferred to other browsers on your device. Cookies usually contain four parameters:
– The name of the cookie
– The unique id of the individual cookie (this is tied to your browser)
– How long the cookie will be stored on your device
– The domains that the cookie is applicable for

Because of the last point here, abusing a cookie is very hard. The cookie is only valuable for the intended domain. Attempting to move it to another domain will also remove the value of the cookie information, as one would not have access to the database.

You can turn off cookies:
You can turn off cookies in your browser. However, it is important to be aware that many websites will not function when cookies are disabled. For example, you will not be able to shop at web stores or log in to social media accounts.

DEFA Sites are not intended for Children, If we learn that we have received any information directly from a Child under age 13 without their parent’s verified consent, we will use that information only to inform the child (or their parents or legal guardians) that they cannot use the Sites, Products or Services.

7. Access to personal data

You have the right to gain access the personal data we have collected about you, how we process it, purposes, security measures etc.

Data subject access requests regarding processing of personal data for the purpose of providing a Service must be directed directly to the Customers. The Customers will refer the data subject access request to DEFA.

Data subject access requests regarding processing of personal data for DEFA’s own purposes should be directed directly to DEFA. In this case please send a written request to dpo@defa.com

8. How you can withdraw your consent or update, rectify or delete your personal data

You can withdraw your consent or update, rectify or delete your personal data at any time. Please use the Data Protection Request form found here, or contact us by e-mail dpo@defa.com

9. Changes to this Privacy Policy

We reserve the right to alter our privacy policy at any time.

10. Contact Information

For any questions about this Privacy Policy please contact us by e-mail at: dpo@defa.com