Privacy Policy

Last update:
Nov 24,2022

This Privacy Policy applies to the website https://www.privacyboard.co/ (hereinafter the “website”) published by the company Privacyboard (hereinafter “Privacyboard” or “we”) and its other services and products for which personal data is being communicated to Privacyboard.

Please read this Privacy Policy carefully as it explains how Privacyboard uses your personal data and how to exercise your rights. This Privacy Policy supplements the Terms & Conditions or any documents or notices that may refer to this Privacy Policy.

Should you have any questions, you may directly contact Privacyboard by sending an email to hello@privacyboard.co.

1. Legal context

We abide by the recommendations of the relevant authorities and have put in place an organization to ensure our compliance with the regulatory framework established by the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and any other laws or regulations relating to personal information that apply to us.

2. What is our role?

Under the GDPR, we are considered as a data controller. It means that we set the whys and hows we process your personal information. For example, when you are visiting our website, we are in charge of determining the purposes and the means that are necessary to administer, operate and manage our users’ personal information that we collect from it.
Depending on the activity we perform on your data, we may also be considered as a data processor. This means that you are our customer’s end user and that we are processing your data under the instructions of our customer considered as a data controller. In this case, the data controller sets the purposes and means of the processing activity, and we abide and deliver our service in regards to these.

3. What kind of personal information do we process?

We only collect and process personal information that is relevant and adequate. We give special attention to its accuracy and updates when needed. Personal information includes in particular:
Type of data
Examples of data
Economic and financial data
e.g. income, financial situation, tax situation, banking details, ect.
Personal data
e.g. lifestyle, family situation, ect.
Identification data
e.g. first name, last name, picture, birth date, ect.
Professional data
e.g. company name, skills, job title, diplomas, ect.
Connection data
e.g. IP address, logs, terminal and connection identifiers, timestamp, etc.
Internet data
e.g. cookies, tracers, navigation data, audience metrics, etc.
Location data
e.g. movements, GPS data, GSM, etc.

The collection of this information may at times be mandatory in order to provide our service, other times optional to enhance your experience and left to your good will. Mandatory information will be identified as such when we collect your data. Know that if you refuse to provide it, Privacyboard won’t be able to provide you with its utmost service and you will unfortunately experience inconveniences.

4. When do we collect your personal information?

We collect your personal information on various occasions.
Sources
Description
Sign up form
Individual signed up online
Online or paper form
Individual filled in a form
Social Media
We've collected users social media profiles
Website or software visit
Individual browsed our website or our solution

5. How do we use your personal information?

Your personal information will never be processed for incompatible purposes regarding why it was first collected. We only collect and process personal information for specified, explicit and legitimate purposes, like: 
Processing Activities
Purposes
Legal basis
Payment & billing management
To process transactions between you and us
Contractual duties
Creation and management of your account
To grant users access to the service, administer and manage their accounts
Contractual duties
Customer support and social communications
To provide customer care and interact with you on social platforms
Legitimate interest
Service improvement
To maintain and optimize the performance of the service and understand how you use it
Legitimate interest
Website audience measurement
To gather analytics on our website traffic
Consent
In order to comply with the principle of lawfulness, the legal bases for each data processing is determined carefully and on a case-by-case basis in accordance with the list provided by Article 6 of the GDPR.
We do not process your data or use automated decision making without your knowledge, nor do we sell or rent your personal information without your explicit consent.

6. Who can access your personal information?

Recipients to whom we disclose your personal information are carefully chosen by us. They receive data for legitimate purposes, especially when it comes to pursuing our business activity and providing a qualitative service:
Subprocessor
Service provided
Gumroad
Payment & billing management
Wized
Formagrid Inc dba Airtable
Database solution
Webflow
Website creation
Google Cloud
Cloud computing services
Hotjar
Heatmaps and visitor recordings
Simple Analytics
Certain data recipients are considered our data processors in accordance with Article 28 of the GDPR, which means we review how they handle personal information and make sure they put in place appropriate guarantees to protect it.
Other recipients are considered authorized third parties in accordance with Article 4 of the GDPR, which means we have to communicate your personal information to them to comply with applicable legal obligations, lawful requests and processes (subpoenas, requests from government or tax authorities, etc.).

7. Where do we transfer your personal information?

As far as possible, your personal information is processed within the European Union. However, some of our service providers may be located in another country of which you are a resident or pursuing their activity outside of the European Union.
When we transfer your personal information to a recipient outside the European Union, we take care of putting in place sufficient guarantees in accordance with the list provided by Articles 44 to 50 of the GDPR, whether it is having it stored in a country with an adequate privacy protection or contracting Data Protection Agreements to ensure your personal information is protected.
Subprocessor
Location
Adopted safeguard

8. How long do we store your personal information?

As a general rule when we are considered a data controller by the GDPR, retention periods of your personal information are determined according to the purposes for which we collected it and our legal obligations. 
Regarding our activities as a data processor, we retain our customers’ end users personal information as long as required by our terms and conditions and the pursuing of the service our customers’ subscribed to.
When these purposes are fulfilled or when you ask us, your personal information is archived, erased or anonymized.

9. How do we protect your personal information?

We care deeply about the safety of your personal information and that is why we put in place adequate technical and organizational security measures to preserve its confidentiality, integrity and availability.
We take into account the risks for your rights and freedoms and therefore follow with great care the recommendations of the competent authorities regarding security.

10. What are your rights and how to exercise them?

In accordance with Articles 12 to 23 of GDPR, you have rights over your personal information that we are committed to respect:

• you can request access to your personal information and a copy of it.

• you can ask us to modify your personal information if you consider it obsolete, inaccurate or incomplete.

• you can object to the processing of your personal information if based on our legitimate interest in certain circumstances.

• you can request to restrict the processing during a limited period of time, in certain circumstances.

• you can opt-out from a consent already given, without this withdrawal affecting the lawfulness of the processing operations already carried out.

• when technically feasible, you can ask us to send you the personal information you provided us or that we communicate it to a third party.

• you can ask us to delete your personal information if it meets legal grounds for which it is applicable.

These rights can be exercised directly and at any time by sending an email to hello@privacyboard.co or on our Data Requests page.

In the case you are our customer’s end user, please take into consideration that this request will be forwarded and must be answered directly by them.

11. Policy changes

This Privacy Policy may be modified in the future to keep it updated with legal jurisprudence and evolution. You'll be informed either by a special mention on this page or by a personalized warning, by email for instance.
We dont use cookies to provide our service, we prefer to eat them 🍪

Cookie Policy

Last update:
Nov 08,2022
Part of the provision of our service and this website relies on the collection of cookies. Depending on their use, they may be considered essential or subject to your explicit consent.

What is a cookie?

A cookie is a small text file that may be deposited and saved on the hard drive of your device (computer, tablet, smartphone, etc.) when you visit our website. It allows us or third parties to identify the device on which it has been saved and to keep record of certain information relating to your journey in order, for instance, to simplify your visit on our website, to secure your connection or to adapt the content of a page to your interests.

What types of cookies are collected?

Cookie
Description
Essential cookies
These cookies are strictly necessary to provide you with our website and use its functionalities. If you choose to disable these cookies via your internet browser, access and/or use of our website may be altered.
Analytics and Performance Cookies
These cookies are useful to measure the audience and performance of our website and help us understand how visitors interact with it.

How to manage cookies?

Your internet browser may allow you to manage your cookie preferences by removing or rejecting them via your browser settings (usually located in "help", “tools” or “edit” sections). Remember that if you choose to disable our cookies, you may experience some inconvenience when using our website.
A Data Processing Agreement, or DPA, is a contract necessary between an organization that provides data and the organization that receives this data to perform a service (hosting, email delivery, video conferencing, payment and billing, data analysis, etc.).
Our DPA will soon be available here.
Standard Contractual Clauses, or SCC, are standardized clauses between an organization that sends data and the organization that receives this data outside the European Union (in a third country).
Our SCC will soon be available here.
In accordance with Articles 12 to 23 of GDPR, you have control over your personal data. You can request from us to exercise any right (access, modify or delete) them under a month delay.
Request access
Receive a copy of your personal data we process.
Request rectification
Obtain the modification of your personal data if it is obsolete, inaccurate or incomplete.
Object to the processing of your personal data
You can object to the processing of your personal data for the following reasons:
Right to restriction of processing
You can request to restrict the processing during a limited period of time for the following reasons:
Withdraw consent
you can opt-out from a consent already given, without this withdrawal affecting the lawfulness of the processing operations already carried out.
Request erasure
you can ask us to delete your personal information for the following reasons:
Request the transfer of your personal data
when technically feasible, you can request the transmission of your data to a third party. It applies only if it fulfils all the following conditions: