Last updated: 2018-08-02
We are happy that you have shown interest in InfraSight Labs and our products. Ensuring your data is protected is of high priority to us and with this document we wish to inform you of what Personal Data we manage and why. The use of our Internet pages is possible without any indication of Personal Data; however, if a Data Subject wants to use special enterprise services via our website or software, processing of Personal Data will become necessary. If the processing of Personal Data is necessary and there is no statutory basis for such processing, we generally obtain Consent from the Data Subject.
The processing of Personal Data, such as the name, e-mail address or telephone number of a Data Subject shall always be in line with the General Data Protection Regulation, and in accordance with the country-specific data protection regulations applicable to InfraSight Labs. By means of this data protection statement, we would like to inform the general public of the nature, scope, and purpose of the Personal Data we collect, use and process.
As the Data Controller, InfraSight Labs has implemented technical and organizational measures to ensure protection of Personal Data through this website and InfraSight Labs’ software. Internet-based data transmissions may however in principle have security gaps, meaning absolute protection can not be guaranteed. For this reason, every Data Subject is free to transfer Personal Data to us via alternative means, e.g. by phone.
- “Authorized Partner” means any company authorized by InfraSight Labs to sell and market InfraSight Labs’ Products to end customers.
- “Consent” means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
- “Data Controller” or “Controller Responsible for the Processing” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
- “Data Subject” means any identified or identifiable natural person, whose Personal Data is processed by the Controller responsible for the Processing.
- “Licensed program” or “Software” means the InfraSight Labs proprietary software program, such as vScope or any other software or service provided by InfraSight Labs to a customer with a license agreement.
- “Personal Data” means any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Profiling” means any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
- “Processor” or “Data Processor” means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
- “Recipient” means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with legal jurisdictions shall not be regarded as Recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- “Restriction of Processing” means the marking of stored Personal Data with the aim of limiting their processing in the future.
- “Third Party” means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.
2. Rights of the Data Subject
Right of confirmation
Each Data Subject have the right granted by the European legislator to obtain from the Controller the confirmation as to whether or not Personal Data concerning him or her are being processed. If a data subject wishes to avail him or herself of this right of confirmation, he or she may, at any time, contact our Data Protection Officer or another employee of the Controller.
Right of access
Each Data Subject have the right granted by the European legislator to obtain free information from the Controller about his or her Personal Data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the Data Subject access to the following information:
- The purposes of the processing;
- The categories of Personal Data concerned;
- The recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
- Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the Controller alteration or deletion of Personal Data, or restriction of processing of Personal Data concerning the Data Subject, or to object to such processing;
- The existence of the right to lodge a complaint with an administrative authority;
- Where the Personal Data are not collected from the Data Subject, any available information as to their source;
- The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the General Data Protection Regulation and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the Data Subject.Furthermore, the Data Subject shall have a right to obtain information as to whether Personal Data are transferred to a third country or to an international organization. Where this is the case, the Data Subject has the right to be informed of the appropriate safeguards relating to the transfer.If a Data Subject wishes to avail him or herself to this right of access, he or she may at any time contact our Data Protection Officer or another employee of the Controller.
Right to rectification
Each Data Subject shall have the right granted by the European legislator to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.If a Data Subject wishes to exercise this right to rectification, he or she may, at any time, contact our Data Protection Officer or another employee of the Controller.
Right to erasure (Right to be forgotten)
Each Data Subject shall have the right granted by the European legislator to obtain from the Controller the erasure of Personal Data concerning him or her without undue delay, and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The Data Subject withdraws Consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
- The Data Subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the Data Subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The Personal Data have been unlawfully processed.
- The Personal Data must be erased for compliance with a legal obligation in European Union or Member State law to which the Controller is subject.
- The Personal Data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
- If one of the aforementioned reasons applies, and a Data Subject wishes to request the erasure of Personal Data stored by InfraSight Labs, he or she may at any time contact our Data Protection Officer or another employee of the Controller. The Data Protection Officer of InfraSight Labs or another employee shall promptly ensure that the erasure request is complied with immediately.Where the Controller has made Personal Data public and is obliged pursuant to Article 17(1) to erasure the Personal Data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other Controllers processing the Personal Data of the Data Subject has requested erasure by such Controllers of any links to, or copy or replication of, those Personal Data, as far as processing is not required. The Data Protection Officer of InfraSight Labs or another employee will arrange the necessary measures in individual cases.
Right of restriction of processing
Each Data Subject shall have the right granted by the European legislator to obtain from the Controller restriction of processing where one of the following applies:
- The accuracy of the Personal Data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the Personal Data.
- The processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests instead the restriction of their use instead.
- The Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims.
- The Data Subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.If one of the aforementioned conditions is met, and a Data Subject wishes to request the restriction of the processing of Personal Data stored by InfraSight Labs, he or she may at any time contact our Data Protection Officer or another employee of the Controller. The Data Protection Officer of InfraSight Labs or another employee will arrange the restriction of the processing.
Right to data portability
Each Data Subject shall have the right granted by the European legislator, to receive the Personal Data concerning him or her, which was provided to a Controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another Controller without hindrance from the Controller to which the Personal Data have been provided, as long as the processing is based on Consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the Data Subject shall have the right to have Personal Data transmitted directly from one Controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.In order to assert the right to data portability, the Data Subject may at any time contact the Data Protection Officer designated by InfraSight Labs or another employee of the Controller.
Right to object
Each Data Subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of Personal Data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.InfraSight Labs shall no longer process the Personal Data in the event of the objection, unless we can demonstrate compelling legitimate interest for the processing which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defense of legal claims.If InfraSight Labs processes Personal Data for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of Personal Data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the Data Subject objects to InfraSight Labs to the processing for direct marketing purposes, InfraSight Labs will no longer process the Personal Data for these purposes.In addition, the Data Subject has the right, on grounds relating to his or her particular situation, to object to processing of Personal Data concerning him or her by InfraSight Labs for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.In order to exercise the right to object, the Data Subject may directly contact the Data Protection Officer of InfraSight Labs or another employee. In addition, the Data Subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.
Automated individual decision-making, including profiling
Each Data Subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the Data Subject and a data Controller, or (2) is not based on the Data Subject’s explicit Consent.If the decision (1) is necessary for entering into, or the performance of, a contract between the Data Subject and a Data Controller, or (2) it is based on the Data Subject’s explicit Consent, InfraSight Labs shall implement suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express his or her point of view and contest the decision.If the Data Subject wishes to exercise the rights concerning automated individual decision-making, he or she may at any time directly contact our Data Protection Officer of InfraSight Labs or another employee of the Controller.
- Right to withdraw data protection Consent
Each Data Subject shall have the right granted by the European legislator to withdraw his or her Consent to processing of his or her Personal Data at any time.If the Data Subject wishes to exercise the right to withdraw the Consent, he or she may at any time directly contact our Data Protection Officer of InfraSight Labs or another employee of the Controller.
3. Data collection
- We collect Personal Data when you request our content marketing assets, in order to provide useful content and follow up on its effectiveness for marketing purposes.
- We collect data when you contact us to respond to your request, question, or issue, and to follow up on the resolution
- We collect information when you buy and/or use our software or services. We do this to be able to deliver our services, to send you important operational information, for contractual reasons, to process financial transactions, and for legal and regulatory reasons.
- We may also collect information to prevent and detect crime, fraud or corruption.
- Most often, we collect name, email, phone, address, job title and company.
- If you sign a contract with InfraSight Labs, we collect further details such as, but not limited to, your signature or other proof of identity, the IP address (if signing digitally).
- We may collect other data you have provided while contacting us, especially using the contact, download or signup forms on our website.
- We collect anonymous information sent by your browser when you visit our websites, including IP address, operating system, and browser version. If you identify yourself by filling out a form, some data (such as what pages you view on our websites) could may be connected to your Personal Data.
- We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others.
- On our websites, we include a number of scripts from third-party vendors. These scripts may gather data for web statistics, they may be used for interest-based advertising on other services (such as Google, Facebook or LinkedIn), and the may offer additional functionality to the websites (such as chat).
- We cannot tell who you are unless you willingly identify yourself on our website.
- If you at some point have identified yourself by filling out a form on our websites, pages you view on our websites may be connected to your Personal Data. We do this to understand the effectiveness of our website.’
- For certain parts of our websites, for instance pages that require a login, cookies are required for the website to work properly. Otherwise, cookies are generally not required for the operation of the website.
- We set a cookie and use local storage in your browser that contains information that we use to identify you between visits. In particular we set an identifier that identifies you for functional site features.
3.3 Information we collect when you fill out a form on our websites
- When you submit a form on our websites, we collect the information that is listed in the form, typically your name, email address, company name, phone number, and survey questions about the nature of your company. You also get the option to opt in to our email newsletter.
- If you have filled out a form on our websites, we may collect the URLs of any pages viewed or links clicked on our websites and connect them to your profile. We do this to better understand your needs.
- If you open or click a link in an email we have sent to you in response to you filling out a form, including email newsletter, that information may be connected to your profile. We do this to either verify your email address to prevent spam and misuse, or to follow up on the usefulness of our email marketing.
- If you use any of our discussion forums, the information you enter will be stored for the purpose of publishing it to the discussion forum.
3.4 Vendors that may collect/store Personal Data on our behalf
We use web analytics to analyze the performance of our websites and follow up on the effectiveness of our marketing efforts, and to improve the user experience on our websites. Please contact us if you wish to know more about our specific vendors.
We use a chat widget to allow you to access support or otherwise be helped or to book a meeting with a sales representative. As part of your conversation using the chat widget, you may enter Personal Data such as your email address. This information may be stored with the vendor. Please contact us if you wish to know more about our chat widged provider.
Customer relation ship management system
We use CRM systems to allow us to better store our customers contact information and optimize our sales process. Please contact us for more information about our CRM systems and what Personal Data we manage.
Information about the consent to Albacross processing of personal data
We obtain your consent to the processing of personal data on the behalf of Albacross Nordic AB (“Albacross”).
Information collected from cookies set in your device that qualify as personal data will be processed by Albacross, a company offering lead identification and ad targeting services with offices in Stockholm and Krakow. Please see below for full contact details.
The purpose for the processing of the personal data is that it enables Albacross to improve a service rendered to us and our website (e.g “Lead Generation” service), by adding data to their database about companies.
The data that is collected and used by Albacross to achieve this purpose is information about the IP-address from which you visited our website, and technical information that enables Albacross to tell apart different visitors from the same IP-address. Albacross stores the domain from form input in order to correlate the IP-address with your employer.
You may at any time withdraw your consent to this processing. Such withdrawal may be made either by contacting us, or by contacting Albacross directly.
Albacross Nordic AB
Companyreg. no 556942-7338
111 35 Stockholm, Sweden
www.albacross.com – email@example.com
We use a vendor for our newsletter and email lists to provide InfraSight Labs’ customers and Data Subjects, who have chosen to receive these, with marketing material and/or information regarding the Licensed Program and our company. Please contact us for more information.
Please contact us for more information about the advertising services we use.
5. How we use information
- We never sell or rent your Personal Data to third parties. We may share your Personal Data to select Authorized Partners. We always make clear when we share that information.
- If you are an individual based in the EU and you have requested to be added to one of our newsletters, we may use your address to send you marketing communications. If you are an individual not based in the EU and you have registered to access one of our content marketing assets, we may use your address to send you marketing communications. You always have the option to opt out of the email marketing.
- If you are a customer or Authorized Partner of ours, we may use your contact information to send you product or services updates and information that is relevant to your use of the products and services.
6. Protection of your information
- We take care to protect your Personal Data against abuse or loss. As an example, we store it in secure environments. We also provide training to our employees on data protection best practices and require them to enter into a confidentiality agreement.
- InfraSight Labs do not store any Personal Data outside the European Union. We ensure that vendors that may store Data on our behalf are compliant with the General Data Protection Regulation. Please see point 3.3 for more information about our vendors.
- We cannot guarantee absolute security. If you would like to learn more about what we do to protect your data, please contact us at firstname.lastname@example.org.
7. How long we keep information
7.1 If you are an InfraSight Labs customer or partner
- If you are an InfraSight labs customer or partner, we may keep your Personal Data for the duration of our contract between your organization and us. If not required by law or regulation to keep your information beyond that term, we will remove it within 12 months of the contract ending.
- If you have signed or entered into a contract with us, we typically archive and store that contract and associated documentation such as, but not limited to, invoices, for an extended period of time, depending on jurisdiction.
- If you have asked to receive one of our newsletters or other communication from us, we will keep your Personal Data to maintain your subscription, even if you would no longer be a customer of partner of ours.
- If you have signed up to take part in our discussion community, your Personal Data will remain unless you explicitly tell us to remove it.
7.2 If you are not an InfraSight Labs customer or partner
- If you have opted in to any of our content marketing initiatives or have opted in to our newsletters, your Personal Data will be kept for us as long as you seem to be an active subscriber.
- If you have been in touch with us with a question, asked for a quote, or have engaged with a sales representative, your information may be stored for up to 12 months after the last recorded activity, and will then be removed or anonymized.
- If you have signed up to take part in our discussion forums, your Personal Data will remain unless you explicitly tell us to remove it.
- If you have submitted a valid GDPR Data Subject access request to exercise your right to be forgotten we will delete your data within 30 days of the request.
8. vScope and associated services
- We provide a Licensed Program and associated services to our customers. This Software allows our customers to audit their IT infrastructure, and it could potentially be used to inventory systems containing Personal Data.
- In these cases, it is our customers that control the Processing of Personal Data and act as the Data Controller.
- If you have a question about how your information is processed or have any other requests relating to your Personal Data please contact the licensee of the licensed program.
- Information processed in vScope
- Our customers use vScope to audit their IT environment which may include Personal Data.
- We do not control the information that our customers may choose to inventory or manage using our Software.
- Local Licensed Program user accounts created within the licensed program may contain Personal Data such as name and email address.
- InfraSight Labs may in some specific cases act as a Data Processor on behalf of the licensee of the Licensed Program. Please contact the licensee of the Licensed Program with inquiries regarding Personal Data stored in the Licensed Program.
9. Opting out
9.1 How you can opt out of marketing
- If you don’t want to receive marketing communications from us, you can at any time use the “Unsubscribe” link present in all marketing emails from us or contact email@example.com
- Please note that opting out of email marketing typically doesn’t mean that you won’t see ads from us, please see the section below on how you can opt out of web tracking, although it doesn’t mean that you will opt out of ads altogether.
9.2 How you can opt out of web tracking
- Most browsers allow you to block third-party scripts. This will limit the cookies that can be set by third-party scripts. However, this will not completely eliminate tracking by some third-party services as they may use first-party cookies.
- Most browsers also allow you to ask not to be tracked (it sends the “Do Not Track” request header). If you have enabled this feature, we will not track the pages you visit in a way that may enable us to connect them to your Personal Data. However, our page views may still be collected anonymously. Many of the third-party services we use for collecting anonymous data also respect the Do Not Track setting.
- You can opt out of interest-based advertising on these two pages: NAI consumer opt-out page and DAA opt-out page. This will not remove ads, but will for example remove the possibility for us to display ads to people that have visited our website. Note that these services themselves require cookies.
- You can also opt out of the individual services we use:
- Facebook: You can turn off interest-based ads in your Facebook settings – please see this page: https://www.facebook.com/help/568137493302217
- Google Ads, including Google Adwords and Doubleclick: You can turn of personalization for Google’s display and search ads – please see this page: You can edit your settings for ad personalization here. There is more information on ad personalization on Google and through their ad networks here.
- Google Analytics: You can use Google’s opt-out browser add-on to prevent tracking in Google Analytics, see https://tools.google.com/dlpage/gaoptout.
- Hotjar: You can turn off Hotjar recording by following the steps on this page: https://www.hotjar.com/opt-out
- Microsoft (including Bing): You can turn off interest based ads here: https://choice.microsoft.com/
- LinkedIn: You can manage your advertising preferences here: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=en
10. If you wish to submit a complaint
- We have appointed a Data Protection Officer. If you are a European Union resident who requires assistance in exercising your privacy rights, please write to our Data Protection Officer at firstname.lastname@example.org
- We always want to resolve all complaints about how we handle Personal Data without undue delay. If you are an EU resident, you also have the right to lodge a complaint with the Swedish Data Protection Authority (Datainspektionen). You can reach Datainspektionen using one of the following methods:Postal Address:
SE-104 20 Stockholm
Drottninggatan 29, 5th floor
104 20 StockholmE-mail: email@example.com
Telephone: +46 8 657 61 00
11. How to contact us
- You can contact our Data Protection Officer at firstname.lastname@example.org
- You can write to:
InfraSight Labs AB
211 19 Malmö, SWEDEN