Your privacy is important to us
Formify AB ("Formify") is committed to protecting the privacy of your information and want you to be familiar with how we collect, use, and share information about you.
This policy is intended to help you understand:
This Privacy Policy (“Policy”) covers the information Formify (“Formify”, “we” or “us”) gather on our web site and all related web sites, our software and applications, as well as all other services provided by us on which a link to this Policy is displayed. It also covers all communications with including, but not limited to, email, phone and online chat. Collectively we refer to all of this as our “Service”.
This Policy is incorporated into and is subject to the Formify Terms and Conditions (“Terms”). Capitalized terms used but not defined in this Policy have the meaning given to them in the Terms.
1. Definitions
“Client” – A customer of Formify. This includes both paying subscribers as well as subscribers of our free services.
“Client Data” – Personal data, reports, addresses and other files, folders or documents in electronic form that the User of the Service stores or collects within the Service.
“Personal Data” – Any information relating to an identified or identifiable natural person.
“Public Area” – Area of of our Service that can be accessed both by Users and Visitors.
“Restricted Area” – Area of our Service that can only be accessed by Users, and where access requires authorization.
“User” – An employee, agent or representative of a Client, who primarily uses the restricted areas of the Site or Service.
“Visitor” – An individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.
“GDPR” – The “General Data Protection Regulation”. A regulation in EU law on data protection and privacy, replacing the older “Data Protection Directive”.
2. What information we collect
We collect different types of information from or through the Service. The legal basis for Formify’s collection and processing of personal data is that the processing is necessary for providing the Service in accordance with the Terms (GDPR Article 6(1)(b)), to meet our obligations under the law (GDPR Article 6(1)(c)) and for Formify’s legitimate interests in line with GDPR Article 6(1)(f). We may also process data upon your consent, asking for it as appropriate.
2.1. User-provided information
When you as a User or Visitor make use of our service you may provide, and we may collect, Personal Data. Examples of such data is your name, email address, phone number and necessary billing information. Personal Data also include other information, such as geographic area or preferences, when it can be linked to a specific individual. You may provide us with Personal Data in various ways when using the Service, including when registering an account, posting Client Data, opening a shared presentation or contacting us through various means.
2.2. Information collected by Clients
A Client or User may upload and store Client Data into the Service, or use the Service to collect Client Data from Users and Visitors. Formify have no direct relationship with the individuals whose Personal Data it hosts as part of Client Data. Each Client is thus responsible for providing notice to and, where applicable, collecting consent from its customers and third persons concerning the purpose for which the Client collects their Personal Data and how this Personal Data is processed in or through the Service as part of Client Data.
2.3. Automatically collected information
When a User or Visitor uses the Service, we may automatically collect certain information on how the Service or the content provided by the Service is accessed and interacted with. Examples of such information is IP address, timestamp, which web browser and type of devices was used, what action resulted in the access or interaction, as well as previous access or interactions by the User or Visitor with the Service or content provided by the Service.
2.4. Integrated services
You may be given the option to access or register for the Service through the use of your user name and password for certain services provided by third parties (each, an “Integrated Service”), such as through the user of your Google account, or otherwise have the option to authorize an Integrated Service to provide Personal Data and other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, company name, work title, email address, phone numbers, profile picture and other information the Integrated System makes available to us, and to use and disclose that information accordance to this Policy. Please carefully review each Integrated Service’s terms of use, privacy policies and privacy settings before using their services and connecting it to our Service.
2.5. Information from other sources
We may obtain information, including Personal Data, from third parties and sources other than the Service, such as partners, advertisers, Integrated Services and publicly available information. If we combine or associate information from other sources with Personal Data that we collected through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
3. How we use information
We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:
3.1. To provide the Service
We use the information, other than Client Data, to operate, maintain, repair, improve and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions, to provide support to Users of the Service. We process Client Data solely in accordance with the directions provided by the applicable Client or User.
3.2. For research and development
We use the information to understand and analyze the usage trends and preferences of our Visitors and Users using the Service or content provided by the Service. We also use it to improve the Service by developing new products, services, features and functionality. Should this purpose require Formify to process Client Data, then the data will only be used in anonymized or aggregated form.
3.3. To communicate with you
We may use the email address of, or other information about, a Visitor or User to contact that user for administrative purposes such as customer service, addressing intellectual property infringement, right of privacy violations, defamation issues or other legal issues related to the Client Data or Personal Data uploaded to, or otherwise stored, in the Service. We may also use that information to contact you regarding updates of our Service, policy changes or events and promotions related to our Service or partners. You may opt-out from promotional content by using the unsubscribe option or contacting us.
3.4. Cookies, analytics and tracking
We use automatically collected information and other information collected on the Service through cookies and similar technologies to (a) personalize our Service, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits, (b) provide customized content, advertisements and information, (c) monitor and analyze the effectiveness of Service and third-party marketing activities, (d) monitor aggregate site usage metrics and user flow analytics and (e) provide relevant crash logs and usage metrics for our software and applications.
3.5. For safety and security
We use the information, including automatically collected information, in order to verify accounts, monitor suspicious or fraudulent activity and to identify violations of Service policies.
3.6. To protect our legitimate business interest and legal rights
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interest of others, we use the information in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
3.7. With your consent
We may also use the information for purposes not listed above upon the consent from the Client, User or Visitor.
4. How we share information
Except as described in this Policy, we will not intentionally share Personal Data or Client Data that we collect or store on the Service to third parties without the consent of the applicable Visitor, User or Client. We may share information to third parties if you consent to us doing so, as well as in the following circumstances:
4.1. Public areas
Information that you voluntarily choose to include or make available in a Public Area of the Service will be available to any Visitor or User who has access to that content. Examples of such activities are commenting on a public blog post or sharing an online document.
4.2. Service providers
We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analytics and other services. These third parties may have access to, or process Personal Data or Client Data as part of providing those services for us. In such cases they do so under close instructions from us, including policies and procedures designed to protect your information.
4.3. Links to third-party services
The Service may include links that direct you to other websites of services whose privacy practices may differ from ours. If you submit information to any of those third-party services, your information is governed by their privacy policies, not this Policy. We strongly encourage you to carefully read the privacy policy for any website you visit or application you use.
4.4. Our partners and events
We occasionally partner with third parties who co-sponsor events with us, such as webinars and other live events. In these cases, both parties may share Personal Information that you provide when registering for the co-sponsored event to allow them to contact you regarding products, programs, services and promotions that they believe may be of interest to you. While we choose to partner with reputable third parties that respect your information, we are not responsible for the information practices of their third-party partners.
4.5. Non-personally-identifiable information
We make certain automatically-collected, aggregated or otherwise non-personally-identifiable information available to third parties for various purposes, including (a) compliance with various reporting obligations, (b) for business or marketing purposes, (c) to assist such parties in understanding our Clients’, Users’ and Visitors’ interests, habits and usage patterns for certain programs, content, services and/or functionality available through the Service.
4.6. Law enforcement, legal process and compliance
We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (a) take precautions against liability, (b) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (c) investigate and defend ourselves against any third-party claims or allegations, (d) protect the security or integrity of the Service and any facilities or equipment used to make the Service available or (e) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.
4.7. Change of ownership
Information about Users and Visitors, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the User or Visitor information commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.
Client Data may be physical or electronically transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, for the sole purpose of continuing the operation of the Service, and only if the recipient of the Client Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.
5. How we store and transfer information
5.1. Where information is stored and transferred
We use data hosting service providers in the EEA (European Economic Area) to host the Service.
We may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Service. Whenever we transfer your information, we take steps to protect it.
We will comply with GDPR requirements providing adequate protection for the transfer of personal information from Europe to the U.S. Also, we may transfer your data to the U.S., the EEA, or other countries and regions deemed by the European Commission to provide adequate protection of personal data in connection with storage and processing of data, fulfilling your requests, and operating the Service.
5.2. How information is secured
We follow generally accepted industry standards to protect the information, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession.
However, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet of while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
5.3. Security when you share
You may share Client Data to other Users or Visitors, for example as a shared online document to a Public or Restricted Area, and we may provide you with different privacy settings to limit the intended recipients of such a share. Please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other Users or Visitors with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.
6. How long we keep information
How long we keep information we collect depends on the type of information, as described in further details below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
6.1. Client information
The information associated to a Client, including Client Data, will be retained for as long as the account is active and reasonable period thereafter, as stated in our Terms, in case the Client decide to re-activate the Service. We may also retain some of the information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Service.
6.2. Billing information
We retain all billing information and legal transactions between the Client and Formify for a minimum of 10 years as required under Swedish taxation and accounting laws.
6.3. User information
When a User account is deactivated, disabled or removed from a Client account, some or all of the information, including Client Data the User provided or collected, will remain in order to continue providing full use of the Service to the Client.
6.4. Automatically collected information
Automatically collected information related to usage of our websites will be retained for a reasonable period of time in order to assets trends and improve the service over time. Automatically collected information regarding usage of our software and applications, including crash reports, will be retained for 90 days.
6.5. Marketing information
If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Service, such as when you last opened an email from us or ceased using the Service.
7. How to access and control your information
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.
7.1. Access, Correction, Deletion
We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Service. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete or transfer any information about you that we have obtained from an Integrated Service, you may contact us as set forth in the “How to Contact Us” section. At your request, we will have any reference to you deleted or blocked in our database.
You may update, correct, or delete your Account information and preferences at any time by accessing your Account settings page on the Service. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Service.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact Formify’s Data Protection Officer at dpo@formify.eu. You also have a right to lodge a complaint with data protection authorities.
This provision does not apply to Personal Data that is part of Client Data. In this case, the management of the Client Data is subject to the Client’s own Privacy Policy, and any request for access, correction or deletion should be made to the Client responsible for uploading, storing or collecting the data using the Service.
If the Client requests that Formify remove the data, then we will respond to its request within thirty (30) days. We will delete, amend or block access to any Personal Data that we are storing only if we receive a written request to do so from the Client who is responsible for such Personal Data, unless we have a legal right to retain such Personal Data. We reserve the right to retain a copy of such data for archiving purposes, or to defend our rights in litigation.
7.2. Data portability
Data portability is the ability to obtain some of Personal Data in a format you can move from one service provider to another. Should you request it, we will provide you with an electronic file of your basic account information and relevant Personal Data we have about you.
This provision does not apply to Personal Data that is part of Client Data. In this case, the management of the Client Data is subject to the Client’s own Privacy Policy, and any data portability request should be made to the Client responsible for uploading, storing or collecting the data using the Service.
7.3. Opting out from commercial communications
If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email or by sending an email to the address provided in the “How to Contact Us” section.
Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.
7.4. Formify ’s privacy center
The Privacy Center, available at formify.eu/privacy, will include the latest version of this Policy, our Terms, and other privacy related resources.
7.5. Do not track signals
Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indication that you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Service do not currently respond to browser DNT signals.
8. Other important privacy information
8.1. Notice to end users
Most of our products are intended for use by organizations, referred to as Client in this Policy. Where the Service are made available to you through an organization (for example your employer), that organization is the administrator of the Service and is responsible for he accounts over which it has control. In this case, please direct your data privacy questions to your administrator, as your use of the Service is subject to that organizations policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different from this Policy.
8.2. Minors and children’s privacy
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at privacy@formify.eu and request that we delete that child’s Personal Data from our systems.
The Service is not intended to be used by minors, and is not intended to be used to post content to share publicly or with friends. To the extent that a minor has posted such content on the Service, the minor has the right to have this content deleted or removed using the deletion or removal options detailed in this Policy. If you have any question regarding this topic, please contact us as indicated in the “How to Contact Us” section. Please be aware that, although we offer this deletion capability, the removal of content may not ensure complete or comprehensive removal of that content or information.
8.3. Changes and updates to this policy
We may change or update this Policy periodically to reflect changes to the information practices. We will post any changes in the Policy on our Privacy Center, available at formify.eu/privacy, and, if the changes are significant, we will provide a more prominent notice by adding a notice on our website, login screens, or by sending you an email notification.
Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.
8.4. How to contact us
Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by sending an email to privacy@formify.eu. If you have any concerns or complaints about this Policy or your Personal Data, you may contact Formify’s Data Protection Officer by sending an email to dpo@formify.eu.
Appendix 1. Data controller and data processor
Formify do not own, control or direct the use of any of the Client Data stored or processed by a Client or User via the Service. Only the Client or Users are entitled to access, retrieve and direct the use of such Client Data. Formify are largely unaware of what Client Data is actually being stored or made available by a Client or User to the Service and does not directly access such Client Data except as authorized by the Client, or as necessary to provide Services to the Client and its Users.
Because Formify do not collect or determine the use of any Personal Data contained in the Client Data and because it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, Formify are not acting in the capacity of data controller in terms of the GDPR and does not have the associated responsibilities under the GDPR. Formify should be considered only as a processor on behalf of its Clients and Users as to any Client Data containing Personal Data that is subject to the requirements of the GDPR. Except as provided in this Privacy Policy, Formify do not independently cause Client Data containing Personal Data stored in connection with the Services to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on behalf of Formify in connection with Formify’s provision of Services to Clients. Such actions are performed or authorized only by the applicable Client or User.
The Client or the User is the data controller under the Regulation for any Client Data containing Personal Data, meaning that such party controls the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data.
Formify are not responsible for the content of the Personal Data contained in the Client Data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Client or User nor are Formify responsible for the manner in which the Client or User collects, handles disclosure, distributes or otherwise processes such information.
2020-11-11