What type of information do we collect on our website (Website only and not product)?
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.
How do we collect information?
When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
Why do we collect such personal information?
We collect such Non-personal and Personal Information for the following purposes:
To provide and operate the Services;
To provide our Users with ongoing customer assistance and technical support;
To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;
To comply with any applicable laws and regulations.
How do we store, use, share and disclose your personal information?
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
How do we communicate with our site visitors?
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.
How can our site visitors withdraw their consent?
If you don’t want us to process your data anymore, please contact us at firstname.lastname@example.org
Questions and your contact information
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at email@example.com
gipsy Products Privacy
Gipsy offers data security products and services. Our goal is to ensure information and network security by providing quality products and services in these areas while also respecting privacy and personal data of customers, Internet users and business partners.
For this purpose, we collect only that personal data absolutely necessary for the specified purposes, on a best efforts basis. For the collected information and data, we strive to apply adequate solutions to anonymize them, or at least to pseudonimyze them.
Our main principle applied to the data we collect is anonymization of all technical data that can be used by Gipsy only for the specified purposes below. In cases where perfect anonymization of technical data is not possible, the potential identification of a user could be possible only in very limited cases and only by highly skilled IT specialists.
Personal data according to the European legislation definition (GDPR - Regulation 2016/679) means:
any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
In this context, Gipsy processes personal data for the following main purposes:
To ensure network and information security by:
assuring correct and efficient operation of its products and services, according to the technical specifications, and for their improvement, including analyzing the reported IT security issues, delivering and customizing the related services to the users needs and developing new technologies;
support or counseling services for its users of gipsy;
To make statistical analysis and market studies;
To perform marketing activities for Gipsy's own needs.
Personal data collected
Gipsy may collect personal information from its users from its Solutions in three different ways:
directly provided by a user or a Gipsy Partner;
indirectly provided by its products or other sources, such as:
technical data sent by the Gipsy products installed by users
publicly available information from data leaks.
Personal data directly provided by a user/partner
When you create an account or login in Gipsy (which is mandatory to activate and manage your services), we might ask your name, surname and/or email address for management of your Gipsy products or services and so we can contact you with updates, notices, feedback messages and other types or transactional communications or for improvement of the information security of your devices, or to provide support.
In certain cases, when you download a trial version of our products, we will collect your email address, in order to have a contact method with you, to receive information such as updates, notices, feedback messages and other types or transactional communications or for improvement of the information security of your devices, or to provide support. We reserve the right to verify the existence of that email address, as a security check and to prevent fraud.
Also, when you access the Support, we may ask for a valid email address or a phone number to communicate with you in providing support.. All these data are being used for contacting you, for contractual purposes, providing a specific user with a license to use our products, for solving a request or complaint you addressed to us or for offering technical support. Gipsy may also ask for other data that could be considered personal data, if those are necessary for solving the information security problem you sought help on.
The legal basis for processing these data is performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The minimum data for entering into a contract or creating an account with Gipsy are a name and email address, without them it would be impossible for us to offer you our products and services.
The data used for licensing information is kept for the duration of the contract, plus five years after its expiration to be able to prove or defend any legal complaints on contractual issues.
The data used for support services is kept for different periods of time, depending especially if the problem has been solved and the exact method of communication with the support services, but in no case the data will be kept for more than five years after the last communication took place. This period is necessary for Gipsy to be able to defend any legal complaints on contractual issues that may arise.
Whenever we note that we use legitimate interest as a legal basis for a specific situation, we rely on internal legal analysis on how in these specific cases we have balanced out the legitimate interest to the interests or fundamental rights and freedoms of the data subject. The analysis is updated if we decide to collect more data, for another purpose or there are new developments that require a new assessment.
We may use these data for marketing purpose for a maximum period of contractual duration, plus five years after the contract is terminated, except if the data subject has opted out from these communications at any moment in time. After this time frame expires the data will be deleted or anonymized.
Technical data sent by Gipsy product
when you use Gipsy products it is possible to share with us some technical details, such as data for identifying the device (UUID), the infected URL you reported or an IP addresses. If you use a Gipsy product that integrates with your email server, some technical data of the infected files could be send to us, including data such as sender, recipient, subject or attachment. In most cases, these technical data may not lead to your direct or indirect identification, but in some very specific cases computer specialists might be able to identify a specific user. Therefore, we treat all such information as personal data and protect it as such.
This information is solely used for the purpose of information and network security by correct and efficient operation of the products and services, according to the technical specifications, and their improvement, including by analyzing the reported security issues. This includes delivering and customizing related services. Also, we may use this information for statistical purposes and improving the quality of our products.
The legal basis for processing these data is performance of a contract to which the data subject is part of.
These data are is being stored for a limited period, depending on its usefulness for the current information security needs. Based on the current speed of technology, we will not need them for over 10 years from the day of the collection.
Collecting Data from publicly available information (data leaks).
In the recent years, an increasing number of companies' databases have been involved in incidents leading to user details becoming publicly available. We are constantly analyzing these situations and the public data leaks in order to identify if the exposed records can be used to improve the information security of our users.
We use this information exclusively for the purpose of ensuring information security by notifying our users that their emails, passwords or other data might have been hacked in the past, so it is not safe to use them anymore.
The legal basis for this collection is legitimate interest of our users, of Gipsy and of any third party to ensure network and information security, by not using credentials that have already been hacked. We do this based on Art 6 (1) f of GDPR and explanations on legitimate interest for information security in Recital 49 of GDPR. These data are is being stored for a limited period, depending on its usefulness for the current information security needs. The data subject may always ask us not to collect data about him from data leaks. Based on the current speed of technology, we will not need them for over 10 years from the day of the collection.
Protecting the Personal data
As a leader in information security services, confidentiality and data protection are of vital importance for us. Access to the collected personal data is restricted only to Gipsy employees and data processors that need access to this information. All Gipsy information security policies are ISO 27001 certified.
Gipsy may use other IT companies to process the collected personal data. These companies are considered data processors and have strict contractual obligations to keep the confidentiality of the processed data and to offer at least the same level of security as Gipsy. Data processors have the obligation not to allow third parties to process personal data on behalf of Gipsy and to access, use and/or keep the data secure and confidential.
Gipsy may host personal data in the UK Ireland, as well as in European Union or any other jurisdiction which offers adequate level of personal data protection according to European Union standards, including companies that are certified under the US-EU Privacy Shield program.
Due to confidentiality obligations and security requirements the specific information regarding the name and details for each processor used will be provided only to competent authorities.
The following types of data processor are being used:
hosting services in the UK, Ireland and US;
support channel communications in UK, Ireland and US;
marketing services (including email marketing) in UK and Ireland.
All our data processors in US are certified in the US-EU Privacy Shield program.
Access to certain sections of Gipsy websites is protected by a username and password. We recommend not to reveal this password. Gipsy will never ask for your account's password via any kind of messages or phone calls. We advise not to disclose your password to anyone asking you to do so. If possible, we also recommend to log out of your online services account after each session. We also advice to close the browser window after navigating or using Gipsy services.
Unfortunately, transferring data over the Internet cannot be 100% secure. Consequently, despite our efforts to protect personal data, Gipsy cannot assure or guarantee the security of the information transmitted by the user until the information is on our servers. Any information you transmit is done on your own risk.
Who has access to personal data
In principle, Gipsy will not reveal any personal data about its users to third parties without the exceptions mentioned above.
Exceptionally, Gipsy may reveal personal data to:
4.1. Competent authorities, upon their legal request according to the applicable laws or when this is necessary to protect the rights and interests of our clients and Gipsy.
4.2. Gipsy may allow limited access to its Partners, which are presented on Gipsy's Partners webpage. Access will be allowed only to certain data related to its referred clients and just for the purpose of fulfilling the contractual obligations between Gipsy and its Partner for selling or for support of Gipsy products. All Partners have strict contractual obligations to keep the confidentiality of data and to offer at least the same level of security as Gipsy. These Partners have the obligation not to allow third parties to access personal data processed on behalf of Gipsy.
4.3. Gipsy subsidiaries in your country may send some personal information to its main company
Also, when you use Gipsy or access Gipsy support and you are asked to give information about yourself, you will reveal this information only to Gipsy. The only exception is when the information is offered in partnership with another service (such as Facebook login, Google+ login or Microsoft Live login).
Each time when such a service is offered in partnership with another provider you will be properly notified. If you wish this data not to be accessed or used you can choose not to allow data transfer via this particular service.
If you choose to accept data sharing, it is important to mention that the service partners may have separate data collection and privacy policies. Gipsy has no control and cannot offer guarantees regarding all the legal aspects that these independent confidentiality practices entail.
How to correct personal data related errors
When you create an account on Gipsy websites or for one of our services, a confirmation email with your account details will be sent. The confirmation email will be sent to the email you supplied and it may describe the ways in which you can modify or delete the account you created. We advise you to keep this confirmation email since it contains useful information regarding access to our services. Any requested modification will be solved in maximum 15 days from when the written request of the user has been received.
Your personal data rights
According to European Union applicable data protection legislation (GDPR), data subjects shall have the right to access to data, rectification, erasure, restriction on processing, objection to processing and right to data portability.
For exercising these rights, you may send a written request, dated and signed and send it to the above mentioned Gipsy headquarters or via email to Data Protection Officer at firstname.lastname@example.org.
You also have the right to lodge a complaint with a competent supervisory authority on data protection.
Additional information regarding personal data collection of certain Gipsy services and products
Parental control services
Some Gipsy products include a parental control option. If you buy such products or activate this option you have the possibility to monitor your children's activity and to restrict access to certain applications, websites or Internet services. This is only possible on supported devices (for example computers or phones) for which you have installed and activated Gipsy.
The parental control services option settings are managed from the web interface through which you access your Gipsy account. More details regarding the functionalities of this product are available on our dedicated webpage.
Before you can activate the parental control services, Gipsy will ask certain data for creating a profile – name, age and sex of the person. The name will be used exclusively for device identification purposes and you do not have to give your child's full name. Age and sex are necessary only for determining the default level of online protection offered by this product, which can be also later changed or configured by the account administrator.
Where this Gipsy parental control product is installed and an active profile is associated with the device, Gipsy may collect, exclusively for the purpose of providing parental control services, including for display in the parent’s account, detailed information about the use of the device such as: visited websites, search engine keywords, used applications and software, phone contacts, social media monitoring and geo-localization information.
Some Gipsy parental control products – such as ones that include cyberbullying-prevention features - may check social media text and images in conversations of your children and may collect stored images and videos. We do that only to inform the parents that some activities are suspected to be dangerous, without sharing your children’s conversations with the parents. We employ privacy-enhancing technologies, so that we do not receive full images from the conversations, and we delete or anonymize private text conversations in a maximum of 2 hours after a conversation has ended. In certain jurisdictions, including the United States, we collect data for cyberbullying-prevention research from parental control products with or without an active cyberbullying-prevention subscription; parents may opt out from such data collection in the product control panel. We are constantly researching how to improve our technologies in order to meet the scope of the technology (flag suspicious content), and to reduce any kind of information being sent to us, by including all detection technologies in the device of the user.
The collected information depends on the settings configured by the parent in Gipsy. The only purpose of collecting this data is reporting to you, the parent. We do not use children information for their identification or monitoring Internet access by us.
We do not transmit to third parties the above mentioned information for marketing purposes or any other information which could lead to identifying your children.
When processing this data from your children's device, Gipsy acts as a technical intermediary. Therefore, the responsibility of a notice to your children regarding the installation of this software and the way the personal data is processed is exclusively up to you. You are the only one who may activate this option and specify which type of personal information you wish to be collected.
The Gipsy account owner has administration rights for Gipsy products and services which includes parental control services. As such, he/she has full responsibility in assuring that he/she can undertake the surveillance activity from a legal point of view and that he/she has the right to know the location, to block the content or applications from that device. Therefore, we recommend to activate the parental control service exclusively on your minor children's devices or where you have the legal right to do so, based on the applicable law. We inform you that any illegal monitoring of online behavior or communications may be a crime. We do not recommend activating parental control services on devices used by persons who are over 16 years old, or otherwise in circumstances in which use of the parental control services is illegal.
If you use Gipsy, the device will scan all the traffic in your network for malicious activity. This means that we will collect detailed technical data from all your smart devices that are connected to your network that will be used only for the purposes specified in Chapter 2.2. above.
In most cases, these technical data may not lead to your direct or indirect identification, but in some very specific cases computer specialists might be able to identify a specific user. Therefore, we treat all such information as personal data and protect it as such.
If a new device from other users is connected to your network, Gipsy will also analyze network traffic from that device. As a network owner, it is your responsibility to inform the other users of your network that you use Gipsy for the protection of the network traffic and therefore their traffic will also be analyzed, as described above.