Data protection & privacy policy
Effective from: July 1st, 2019.
This document contains information about data processing and data protection of Clients using the Hyperflow Service Platform, including cookie files saved on the terminal device (Web browser or mobile device).
1. How we are? What information do we collect?
- The operator of the service platform – available at https://hyperflow.eu is: Machine Mind Ltd, 35 Follager Road, CV21 2JF Rugby, United Kingdom (United Kingdom), which is a company (Private Limited Company) legally registered in England and Wales under number 11731290 in the register kept by Companies House UK.
- The Operator is the Administrator of personal data provided voluntarily by clients during account registration, purchase of services, use of the services or using various types of marketing campaigns that may be executed by the Operator.
- The data provided by customers is used to provide services, which includes the following activities:
- technical launch of services,
- invoicing,
- processing and storage of financial documents based on tax, financial and accounting regulations, etc.,
- informing about dates of service expiration and the possibility of their extension,
- informing about planned technical works,
- informing about important configuration changes,
- informing about changes in regulations,
- provision of technical service, including answers to questions from Service Users,
- explanations of settlements,
- direct commercial contact – if the Customer requests it
- An operator, as a company providing IT services in data analysis, may also be a processor of personal data – in relation to data, which administrators are clients and which have been entrusted to them by concluding an appropriate contract. Detailed rules then determine this contract. This Policy does not apply to the use of this type of data. The operator is not their administrator.
- This Policy does not include any information about services, products or websites belonging to entities other than the Operator.
- Service obtains information about Customers and their behavior in the following way:
- Through data entered voluntarily in forms, which are entered into the Operator’s systems,
- By cookies and similar technologies in the end devices,
- By saving technical logs at the web server level and the Operator application.
2. How do we protect your data?
- The operator applies various types of protective mechanisms to personal data, in particular:
- protection against unauthorized access,
- protection against data loss.
- The Clients’ passwords are not saved in the database in an explicit manner. They are irreversibly encrypted.
- The places of login and entering personal data are protected at the transmission layer (SSL certificate).
- The operator applies measures to protect against data loss (e.g. disk arrays, regular backups).
- The operator applies adequate protection measures for the processing sites in case of fire (eg special fire extinguishing systems).
- The operator applies adequate measures to protect the processing systems in the event of a sudden power failure (eg dual power lines, aggregates, UPS voltage backup systems).
- The operator applies means of physical protection of access to data processing sites (eg access control, monitoring).
- The operator applies measures to ensure appropriate environmental conditions for servers as part of the data processing system (e.g. environmental conditions control, specialized air conditioning systems).
- The operator applies organizational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.).
3. Information about European General Data Protection Regulation (GDPR)
We inform your that according to the European General Data Protection Regulation in relation to your personal data processed by us you have the following rights:
1) Right to information
This right gives you the ability to ask us for information about what your personal data is being processed and the rationale for such processing.
2) Right to access
This right gives you the ability to get access to your personal data that is being processed. You can also request copies of the personal data.
3) Right to rectification
This right gives you the ability to ask for modifications to your personal data in case that you believe that your personal data is not up to date or accurate.
4) Right to withdraw consent
This right gives you the ability to withdraw a previously given consent for the processing of your personal data for a purpose. Please be advised that if you withdraw your consent we won’t be able to provide services to you using our Platform. In this scenario your account will be terminated according to §9 HyperFlow Platform Terms of Service.
5) Right to object
This right gives you the ability to object to the processing of your personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario would be when you ask us that your personal data should not be processed for certain purposes while a legal dispute is ongoing in court.
6) Right to object to automated processing
This right gives you the ability to object to a decision based on automated processing. Using this right you may ask us to review your request manually, because you can believe that automated processing of your request does not consider your unique situation.
We inform you about this right, because this is required by law, but we also ensure that in our company we do not use automated processing.
7) Right to be forgotten
Also known as the right to erasure,this right gives you the ability to ask for the deletion of your data. This will generally apply to situations where your relationship with us has ended. It is important to note that this is not an absolute right, and depends on your retention schedule and retention period in line with other applicable laws.
8) Right for data portability
This right gives you the ability to ask for transfer of your personal data. As part of such a request, you may ask for your personal data to be provided back to you or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.
4. What information do we store in system logs?
- Information about certain behaviors of Customers are registered. These data are used to administer the website and to ensure the most efficient service provided.
- We can register:
- resources defined by the URL (addresses of the requested resources: pages, files),
- the time of arrival of the query,
- time of sending a response,
- name of the client station – identification performed by the HTTP protocol,
- information about errors that occurred during the execution of the HTTP transaction,
- URL address of the page previously visited by the Service Recipient (link referrer) – in the case when the Website was accessed via a link,
- information about the Service Receiver’s browser,
- Information about IP address,
- diagnostic information related to the process of self-ordering services through the recorders on the website.
5. Information About cookies.
- The website uses cookies.
- Cookies are IT data, especially text files, which are stored on the end device of the Service Recipient and are intended for the use of websites. Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number.
- Cookies are placed on the end device of the Service Recipient by the Website operator who also has access to them
- Cookies are used to:
- creating statistics that help to understand how the Service Users use websites, which allows improving their structure and content,
- maintaining the Customer’s session (after logging in), thanks to which the Service User does not have to re-enter their login and password on each subpage of the Service Platform.
- The Website uses two basic types of cookies: “session” and “persistent” cookies. Session cookies are temporary files that are stored in the Customer’s end device until logging out, leaving the website or turning off the software (Web browser). Persistent cookies are stored in the Customer’s terminal device for the time specified in the cookie file parameters or until they are removed by the Customer.
- Software for browsing websites (web browser) usually by default allows the storage of cookies on the end user’s device. Website Users can change the settings in this area. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject is provided in the help or documentation of the web browser.
- Restrictions on the use of cookies may affect some of the functionality available on the Website.
- Cookie files placed on the Service User’s end device may also be used by entities cooperating with the Website operator, in particular for companies: Google (Google Inc. with its registered office in the USA)
- The operator uses the Google Analytics service to analyze website traffic.
- The Service Recipient can view and edit the information resulting from cookies in terms of information about the Customer’s preferences collected by the Google advertising network using the tool: https://www.google.com/ads/preferences/
6. Managing cookie files – how to give consent and withdraw consent in practice?
- If the Client does not want to receive cookies, he may change the browser settings. Please be advised that disabling the cookies necessary for the authentication, security and maintenance of the User’s preferences will prevent the use of the Services Platform.
7. Changes to the privacy policy
- The Operator reserves the right to change this Privacy Policy at any time. If this occurs, these changes will be published in this Privacy Policy and other places that the operator deems appropriate to inform the Customers about the changes. If the changes are significant, the Operator will notify the Customers about this by e-mail or via a notification on the home page, at least thirty (30) days before the changes are made.