Privacy Policy

Version: 2.0

Last updated: 30 May 2024

Version 1.0 is available here.

Thank you for choosing to use Vaultree and great to e-meet you ☺ Vaultree is owned and operated by Vaultree Ltd. having a registered business address at 12 South Mall, Centre, Cork, County Cork, T12 RD43, Ireland, and the company registration number 679570 (“we", “us”, and "our"). We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about this privacy policy or our practices with regards to your personal data, please contact us by using the contact details available at the end of the privacy policy.

When you use this website or any of our related products or services (collectively, the "Services"), we collect certain information from you. But you can relax: We take your privacy very seriously! In this privacy policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy policy that are not clear to you, please contact us - we will be happy to assist you. 

TABLE OF CONTENTS

  1. OUR ROLE AS A DATA CONTROLLER AND DATA PROCESSOR
  2. WHAT PERSONAL DATA DO WE COLLECT?
  3. WILL YOUR PERSONAL DATA BE SHARED WITH ANYONE?
  4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
  6. IS YOUR PERSONAL DATA TRANSFERRED INTERNATIONALLY?
  7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
  8. DO WE COLLECT PERSONAL DATA FROM MINORS?
  9. WHAT ARE YOUR PRIVACY RIGHTS?
  10. CONTROLS FOR DO-NOT-TRACK FEATURES
  11. HOW DO WE PROTECT PERSONAL IDATA?
  12. DO WE MAKE UPDATES TO THIS PRIVACY POLICY?
  13. HOW CAN YOU CONTACT US?
1. OUR ROLE AS A DATA CONTROLLER AND DATA PROCESSOR

We act in the capacity of a data processor in situations when you provide us with data for Services provision purposes and that data contains personal data (the “Service Data”). We do not own, control, make decisions about, or intentionally access the Service Data and such Service Data is processed only in accordance with your instructions. You act as data controller with regard to the Service Data and you are responsible for deciding what personal data should be collected from data subjects and how such data should be processed. In order to ensure that the Service Data is processed in accordance with the strictest data protection standards, we offer for conclusion a data processing agreement (the “DPA”). You can request a pre-signed copy of the DPA for consultation or conclusion purposes by contacting us (our contact details are available at the end of this privacy policy).

2. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal data that you provide to us.

We respect data minimisation principles. This means that we collect only a minimal amount of personal data that is necessary to ensure the proper provision of the Services as described below. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this privacy policy. We do not use your personal data for any purposes that are different from the purposes for which it was provided. When processing personal data, we make sure that we do so by relying on one of the available legal bases. You can find more information about the legal bases below.

We collect personal data that you voluntarily provide to us when:

  • You subscribe to our newsletter. When you subscribe to our newsletter, we collect your email address. We use your email address to send you updates regarding the Services.. The legal basis on which we rely is ‘your consent’. We keep your email address until you unsubscribe from our mailing list.
  • You request a demo of our Services.  When you subscribe to our newsletter, we collect your email address, first name, last name, country/region and areas of interest. We use such data to provide you with the requested information, and schedule and deliver the requested demo. The legal basis on which we rely is ‘your consent’. We keep such data for 1 month after the delivery of the requested demo.
  • You contact us by e-mail. When you contact us by e-mail, we collect your name, e-mail address, and any information that you decide to include in your message. We use such data to respond to your enquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (grow and promote our business) and ‘your consent’ (for optional personal data). We store such data until you stop communicating with us.
  • You conclude a contract with us. When you conclude a contract with us for the Services, we collect your business information, such as your name, title, email address, physical address, and tax information. We use such data to deliver the requested Services, perform our contractual obligations, and maintain our business records. The legal bases on which we rely are “performing our contractual obligations,” “complying with the applicable laws,” and “pursuing our legitimate interests.” We will keep such data for at least 7 years, as required by the applicable laws, unless your contract lasts longer. 

All personal data that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal data.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — are collected automatically when you visit our website.

We automatically collect certain information when you visit, use or navigate the website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our and other technical information. This information is primarily needed to maintain the security and operation of our website, and for our internal analytics and reporting purposes. The legal basis on which we rely is ‘pursuing our legitimate business interests’ (i.e. to operate, analyse and protect our website). We store such data as long as it is necessary for analysing and protecting our website, but no longer than 2 years.

Sensitive data

We do not directly collect from you or have access to any special categories of your personal information, unless you decide, at your own discretion, to provide such information to us (e.g., through the Service Data). Sensitive data is information that relates to, for example, your finances, health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, sex life, or sexual orientation.

Personal data provided through the Services

During the scope of the Services commissioned by you from us, the materials that you provide us with may contain personal data. We process such data on behalf of our clients for providing the requested Services. The legal bases on which we rely are ‘performing our contractual obligations’. We store this data as long as it is relevant to the specific service agreement with our clients. All data that you provide through the Services is encrypted and, therefore, not accessible to us. We do not intentionally access, use, or disclose the Service Data, unless you request us to do so. 

Refusal to provide personal information

If you refuse to provide us with your personal information when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of our website or get our updates. Please contact us immediately if you think that any personal information that we collect is excessive or not necessary for the intended purpose.

3. WILL YOUR PERSONAL DATA BE SHARED WITH ANYONE?

In Short: We only share personal data with your consent, to comply with laws, to provide you with the Services, or to fulfil business obligations.

We may need to process your personal data in the following situations:

Disclosure to data processors. From time to time, your personal information is disclosed to our service providers with whom we cooperate (our data processors). For example, we share your personal and non-personal information with entities that provide certain technical support services to us, such as hosting and e-mail distribution services. We do not sell your personal information to third parties. The disclosure is limited to the situations when your personal information is required for the following purposes:

  • Ensuring the proper operation of the Services;
  • Ensuring the delivery of the Services ordered by you;
  • Providing you with the requested information;
  • Pursuing our legitimate business interests;
  • Enforcing our rights, preventing fraud, and security purposes;
  • Carrying out our contractual obligations; or
  • If you provide your prior consent to such a disclosure.

List of our data processors. We use a limited number of data processors. We choose them only if they agree to ensure an adequate level of protection of your personal information that is consistent with this privacy policy and the applicable data protection laws. The data processors that have access to your personal information are:

  • Our hosting and cloud storage service provide Amazon Web Services (AWS) located in the United States of America;
  • Our cloud storage service provider Google located in the United States;
  • Our analytics, marketing, and newsletter service provider HubSpot located in the United States;
  • Our technical support and live chat service provider Atlassian located in Australia;
  • and
  • Our independent contractors and consultants.

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

Other Users. When you share personal information or otherwise interact with public areas of the website, such personal information may be viewed by all users and may be publicly made available outside the website in perpetuity. If you interact with other users of our website and register for our Services through a social network (such as Facebook), your contacts on the social network will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our website, and view your profile.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information. For more information on our use of cookies, please refer to our cookie policy.

5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

You may have the ability to register and login by using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, e-mail address, friends list, profile picture as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this privacy policy or that are otherwise made clear to you on the relevant page where your personal data is collected. Please note that we do not control and are not responsible for other uses of your personal data by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.

6. IS YOUR PERSONAL DATA TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own.

Some of our data processors listed above are located outside the country in which you reside. For example, if you reside in a country belonging to the European Economic Area (EEA), your personal information may be transferred outside the EEA (for example, to the United States, where our hosting provider AWS is based). In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located, guarantees an adequate level of protection for your personal data or we conclude a data processing agreement with the respective third party that ensures such protection. We will not transfer your personal data internationally if no appropriate level of protection can be granted.

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy policy, unless otherwise required by law.

We will only keep your personal data for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

8. DO WE COLLECT PERSONAL DATA FROM MINORS?

In Short: We do not knowingly collect data from or market our Services to children under 18 years of age.

The Services are not marketed and should not be used by persons under the age of 18. Therefore, we do not knowingly collect personal data from children under 18 years of age. If we learn that personal data from users less than 18 years of age has been collected, we will take reasonable measures to promptly delete such information from our records. If you become aware of any data we may have collected from children under age 18, please contact us at legal@vaultree.com.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may control how your personal data is processed by us.

You have the right to exercise the rights listed below (unless, in very limited cases, the applicable law provides otherwise):

  • Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
  • Right to rectification: you can rectify inaccurate personal data that we hold about you;
  • Right to erasure (‘right to be forgotten’): you can ask us to erase your personal information from our systems;
  • Right to restriction: you can ask us to restrict the processing of your personal data;
  • Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal information to another processor;
  • Right to object: you can ask us to stop processing your personal data;
  • Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
  • Right to complaint: you can submit your complaint regarding our processing of your personal data.

How to exercise your rights? If you would like to exercise any of your rights, please contact us by e-mail at legal@vaultree.com or by post (you can find our postal address at the end of this privacy policy) and explain your request in detail. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to identify you in our system. We will answer your request within a reasonable time frame but no later than 30 days. If we refuse your request, we will provide you with an explanation about the legal basis that allows us to do so.

Requests regarding the Service Data. Please note that we act a s a data processor with regard to the Service Data and, therefore, your rights listed above do not apply to the Service Data. We do not accommodate your requests pertaining to the Service Data. If you have any questions or comments regarding your personal data included in the Service Data, you will need to contact the respective data controller. 

Complaints. If you would like to launch a complaint about the way in which we process your personal data, we kindly ask you to contact us first and express your concerns. If we receive your complaint, we will investigate it and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority. If you are a resident in the European Economic Area, you can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Non-discrimination. We do not discriminate against you if you decide to exercise your rights. It means that we will not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with lower quality Services.

Opting out of e-mail marketing. You can unsubscribe from our marketing e-mail list at any time by clicking on the unsubscribe link in the e-mails that we send or by contacting us using the details provided below. You will then be removed from the marketing e-mail list — however, we may still communicate with you, for example to send you service-related e-mails that are necessary for administration purposes.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

11. HOW DO WE PROTECT PERSONAL DATA?

We implement organisational and technical information security measures to protect your personal data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include: encryption, access control, secured networks, SSL protocol, strong passwords, anonymisation of personal data (when possible), and carefully selected data processors.

Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal information that was caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

12. DO WE MAKE UPDATES TO THIS PRIVACY POLICY?

In Short: Yes, we will update this privacy policy as necessary to stay compliant with relevant laws.

We may update this privacy policy from time to time. We will alert you about any changes by updating the “Last updated” date of this privacy policy. If we have your e-mail address, we will/may send you a notice by e-mail as well. The updated version will be effective as soon as it is accessible. We encourage you to review this privacy policy frequently to be informed of how we are protecting your personal information.

13. HOW CAN YOU CONTACT US?

If you have questions or comments about this privacy policy or our data protection practices, you may e-mail us at legal@vaultree.com. Our postal address is Vaultree Ltd., 12 South Mall, Centre, Cork, County Cork, T12 RD43, Ireland.