1. INTRODUCTION
Maintaining your trust for Favro AB and our affiliates (“Favro”, “we”, “us”, “our”) is our top priority. This document, Favro’s Privacy Policy, explains how we process your personal information when you, for example, visit our homepage, use our software services or ask us for help through support requests. Personal information is information that can be traced back directly or indirectly to and identifies you as an individual, such as your name, address, email, physical location, or phone number (“Personal Information”).
We process your Personal Information in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679), the GDPR, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”), including its respective amendments, and all other legal acts applicable to Favro.
We may change this Privacy Policy from time to time and we reserve the right to do so. Any changes we may make to our Privacy Policy in the future will be posted on our website so please revisit it periodically.
If you have any concern about providing information to us or having such information used in any manner permitted in this Privacy Policy, you should not provide us with any Personal Information and you should not visit our website or use our services.
2. SCOPE OF PRIVACY POLICY
Favro AB is the data controller of the information monitored, collected, used, stored or otherwise processed in accordance with this Privacy Policy. Please note that this Privacy Policy only concerns the processing of Personal Information for which Favro is the data controller, i.e. where we have decided the means and purposes of the processing of Personal Information. For information concerning processing of Personal Information for which Favro is the data processor, please see Favro’s Data Processing Addendum.
For the avoidance of doubt, this Privacy Policy does not concern any processing of Personal Information that we may conduct as a data processor as a result of your and your organization’s use of our services. This includes, but is not limited to, Personal Information that you and/or other members of your organization provide when using Favro’s project planning services.
For more information about how Favro's services may be used to facilitate your processing of personal data, and Favro’s responsibility and undertakings in relation thereto, please refer to our Terms of Service.
3. THE KIND OF INFORMATION WE COLLECT AND THE LEGAL BASIS FOR IT
We may collect both Personal Information (as defined above) and Non-Personal Information (that is information, which is not Personal).
If we have collected information, which consists of both Personal and Non-Personal (“Combined Information”), we will treat the Combined Information as Personal Information.
We will handle your Personal Information in order to comply with the contractual obligations we have under the agreement with you. We may also rely on our legitimate interest to handle your Personal Information (e.g. when necessary for internal administrative purposes, service improvement or to maintain a high level of security) or as required by law. See further below in section 4.
Personal Information will be requested when you engage in the following activities:
• When you subscribe to Favro
When you subscribe to Favro we will collect personal information about you, e.g. your name, title, email and physical location, and we will also have our payment services subcontractor collect your credit card information.
• When you visit our homepage
We gather information from your browser when you access our homepage in order to measure the number of visitors and from where you are accessing the homepage, including your IP address. You can read more about cookies later in this document.
• When you request our help
Personal information may be stored in our internal systems when a request is sent to support and/or requests are sent for training and demos. The information provided during such communication would be name and email address; however additional information could be requested depending on the type of support needed.
• When you send us data to troubleshoot an issue
Sometimes a request to our support results in that we may ask you for a crash dump, a copy of your database or other information that might be sensitive for various reasons and that may include Personal Information. This information may also be submitted to us through a dialog that appears if you encounter a crash. This information will solely be used for troubleshooting and we will delete the information after we are done with the troubleshooting.
• Other Submissions
If you participate in a survey, contest, promotion, events, communicate with us via social media, post a comment to one of our blog posts or otherwise communicate with us where Personal Information is included we may collect this. This could be for example Personal Information you include if you post something to our Twitter account about an issue you are experiencing. Note that if this information is not posted in a secure area, it may be visible to the public.
4. HOW WE USE YOUR PERSONAL INFORMATION
The main purpose of processing your Personal Information is to provide you with information, products, and/or services that you request from us or to carry out our obligations arising from any agreements entered into between us.
We use the Personal Information to communicate with you through email and other means available including telephone. Examples of these messages include: (1) trial period messages – when you are on a trial period we will follow up on what you think about our services; (2) service messages – these will cover service availability, security, updates, and other matters relating to your use of our services; (3) promotional messages – these include for example meeting requests, news and other information we believe may be of interest to you; (4) messages regarding payment for services and renewal of agreement. This processing is necessary for the performance of the agreement we have with you, as well as to serve our legitimate interest to inform you about our services and obtain your feedback in order to improve them. You can at any time opt out of promotional and other messages you receive from us, by replying to the person who sent you the message, clicking the ‘Unsubscribe’ link (usually found at the bottom of such messages) and/or adjusting your cookie preferences (see Favro’s Cookie Policy for more information).
We may monitor, use and store the Personal Information you provide to us to improve and develop our products and services and improve your user experience, for customizing content of messages, our website and other means of communicating with you. This processing is necessary to serve our legitimate interest to facilitate such improvements of our products and services.
Customer specific Personal Information is occasionally given to us to resolve and troubleshoot issues customers may be experiencing. If such data is provided, you grant Favro the right to access such data for the purpose of identifying and resolve the issue within your organization. Upon request, we can provide a confidentiality agreement as well as providing safe methods to transfer data. This processing is necessary for the performance of the agreement we have with you, as well as to serve our legitimate interest to ensure your best experience and resolve any potential issues related to our products and services.
We may also use Personal Information for preventing misuse of the software, and to keep our service secure and to prevent abuse or fraud. This processing is necessary to serve our legitimate interest to ensure security and integrity of our services and products.
4.1 SHARING WITH THIRD PARTIES
We do not rent, share or sell Personal Information about you to a third party without your prior consent, unless it is reasonably necessary in order to: (1) comply with a legal requirement or process, including, but not limited to, civil and criminal subpoenas, court orders or other disclosures in accordance with mandatory law; (2) enforce this Privacy Policy or any agreement you and Favro have entered into; (3) respond to claims of a violation of the rights of third parties; (4) respond to customer service inquiries; (5) protect the rights, property, or safety of Favro, our customers, or the public; (6) facilitate the merger or sale of any of our business or assets, in which case we may disclose your Personal Information to the prospective buyer of such business or asset; (7) work with trusted partners, agents and service providers who work on behalf of or with Favro under confidentiality and data processing agreements (see 4.2 below).
We may share aggregated and non-personally identifiable information with our partners or others for business or research purposes.
Favro, in our capacity as the data controller, will at all times remain responsible for your Personal Information being processed in accordance with this Privacy Policy and any other agreement in place between you and us from time to time.
4.2. OUR TRUSTED PARTNERS
We collaborate with third parties, agents and service providers to be able to offer our services and fulfill our obligations to our customers. For example, we may share billing information with our service providers for the purposes of processing invoices, or share data with a security consultant to help us get better at preventing unauthorized access, or with an email vendor to send messages on our behalf. We may also share data with hosting providers, payment processors, marketing vendors, and other consultants who work on our behalf and under contractual promises of confidentiality.
4.3. WHERE WE PROCESS YOUR PERSONAL INFORMATION
The information we collect from you may be transferred to, and stored at, various locations depending on where our company’s systems are hosted. The data may be processed by employees who work for us or by our suppliers who may be situated in a country outside of EU/EEA or UK, as applicable. If there is no decision from the competent authority that the country which the personal data will be transferred to provides adequate data protection legislation to ensure the safety of the personal data, we will use relevant safeguards to ensure the safety of the personal data. If you want to know more about the safeguards we use, please contact us for more information. You will find our contact information in section 6 below.
We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with applicable privacy laws and this Privacy Policy.
4.4. HOW LONG WE KEEP PERSONAL INFORMATION
We maintain information about you for as long as we provide services to you, and as long as it is required for us to perform any related business activities. After your information is no longer necessary for our business purposes, we will destroy the information unless we have agreed with you that we should keep the information, or a court or administrative order is made to preserve the information, or if it is otherwise stipulated by law.
4.5. SECURITY
We will take all reasonable technical and organization actions to protect your personal data from loss, misuse, and unauthorized access or disclosure. If a reportable security breach should occur, which relates to your Personal Information, we will inform you of this as soon as practicable.
4.6 DO NOT TRACK
We do not respond to Do Not Track requests.
5. COOKIES
Information about cookies and how we use them can be found in our Cookie Policy.
6. YOUR CHOICES
You have the right to access your Personal Information processed by Favro and may request a copy. If you have any questions regarding the Privacy Policy or the information we process, or any complaints regarding the way we are handling your data, please contact us at privacy@favro.com or write to us at Favro AB, Drottninggatan 2, SE-753 10 Uppsala, Sweden. We will provide you with information about the Personal Information we control and process about you free of charge once per calendar year (provided that you have asked for the information in a written request signed by you or that you have otherwise given proof of identity).
We will on our own initiative, or upon the request of you, rectify, delete, or complete any Personal Information in the register which we find is incorrect, unnecessary, inadequate, or outdated. You have the right to have incorrect details revised under certain circumstances. Please send such requests to privacy@favro.com specifying what you would like to modify.
We will respond and/or implement your preferences within 30 days of receiving your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. In order to provide any Personal Information to you, we will verify your identity and authenticate your access right before doing so.
You can also object to certain Personal Information about you being processed and request that processing of your Personal Information be limited. Please note that the limitation or deletion of your Personal Information may mean we will be unable to provide you with our Services. You also have the right to receive your Personal Information in a machine-readable format and have the data transferred to another party responsible for data processing.
Favro is committed to handle any request, complaint or concern that you may have about our use of your personal information in a fair and transparent way. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to file a complaint with the data protection authority in your country (if one exists in your country) or supervisory authority.
If you are located in the UK, please note that Favro has appointed a UK representative in accordance with the UK GDPR. You may contact our UK representative Rickert Services Ltd UK via e-mail art-27-rep-favro@rickert-services.uk.
Our site and services may contain links to and from the websites of third parties such as our partner network. If you follow the link to any of these websites, please note that these websites may have their own privacy policies and we do not accept any responsibility or liability for the websites or these policies.