WHO ARE WE AND WHAT DO WE DO?
Visionect LLC., Cesta v Gorice 30, 1000 Ljubljana, Slovenia is a B2B company founded in 2007. Visionect is the premier designer and developer of ultra-low-power digital display solutions created on electronic paper technology. Visionect’s mission is to empower people in public spaces to make better decisions by delivering more relevant, timely information, supported by digital displays easily installed in locations impossible before.The company is known for its JOAN room scheduler and the Place & Play product line.
sign up to our newsletter (and download any resource or content from the website),
purchase and/or distribute a product and/or service,
contact us by filling up the contact form,
do other corresponding activities.
WHICH DATA OF YOURS (YOUR COMPANY’S) DO WE PROCESS?
Personal data, or personal information, means any information about an individual from which that person can be identified (please also see a more detailed definition of personal data as defined by the GDPR). It does not include data where the identity has been removed and by which we (or any other person) are not able to identify specific individual (anonymous data).
We may collect, use, store and transfer different kinds of personal and/or other related data about you or your company (hereinafter together referred to as the: “data”) which we have grouped together as follows:
Identity Data includes yours and/or your company’s first and last name / firm and/or similar identifier;
Contact Data includes your company’s billing address, delivery address, e-mail address and telephone numbers;
Financial Data includes your company’s bank account details; We do not collect your company’s credit cards and/or PAYPAL information, as this services are ensured by third parties to which you provide the information voluntarily;
Transaction Data includes details about payments to and from you (your company) and other details of products and services you (your company) have purchased from us;
Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the website.
Usage Data includes information about how you use our website, products and services.
Calendar User Data as specified in the following below.
We do not collect or otherwise process any so-called “special categories of personal data”, which according to the GDPR include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.
Also, the website is not intended to be used children or minors (person under 18) and we do not knowingly collect data relating to children or minors.
HOW IS YOUR (COMPANY’S) DATA COLLECTED?
We use different methods to collect data from and about you (your company) including through:
Direct interactions. You may provide us your [Identity, Contact and Financial Data] by:
filling in contacting forms or by contacting us and/or corresponding with us by e-mail, phone or otherwise,
purchasing our products or services;
creating an account to use our products or services by creating a user account in the “Joan Portal”;
subscribing to our newsletter;
requesting marketing material to be sent to you;
entering a prize competition, promotion, referral program or survey;
Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data and/or Aggregated Data about your equipment, browsing actions and patterns. We collect this data by using cookies and other similar technologies as explained below in the “Cookies” section.
IN WHICH CASES WILL WE NEED TO USE SOME OF YOUR USER CALENDAR DATA?
To facilitate the use of our room scheduling solution product called »Joan« (hereinafter referred to as: “Joan”) for users of G Suite (Google apps), Office 365 and Microsoft Exchange, we will require certain permissions in your calendar account:
Access to basic user account information and email.
Read only access to your resources to enable automatic room resource scan.
No user calendar data is shared with any third parties.
WHY WILL WE USE OR OTHERWISE PROCESS YOUR (COMPANY’S) DATA?
We have set out below, in a table format, a description of all the ways we plan to use your (company’s) data, including personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at email@example.com if you need more detail.
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer (creating an account on Joan portal) and providing supported services, including updates, etc. by e-mail
Performance of a contract – order (executed purchase of product / service) concluded with you;
To process and deliver your order including: Manage payments, fees and charges Delivery of products and services purchased / requested Collect and recover money owed to us
Identity Contact Financial Transaction
Performance of a contract (executed purchase of product / service) with you; Necessary for our legitimate interests (to recover debts due to us);
To manage our relationship with you which will include: To provide you with e-mail news, updates, etc. on our products and services (in case of newsletter subscription, etc.) Asking you to leave a review, let us know your customer experience, etc. after you made purchase of products and services; To deliver you information about its own similar products or services already purchased;
Performance of a contract (executed purchase of product / service) with you; Necessary to comply with a legal obligation; Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services):
To administer and protect our business and this website and products and services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
Identity Contact Technical
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligations (reporting of breaches);
To use data analytics to improve our website, products and services, marketing, customer relationships and experiences;
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy);
We use the following cookies:
Strictly necessary (essential) cookies. These cookies are required for the operation of our website. They include, for example, the use a shopping cart or e-billing services.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users find what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Advertising (Targeting) cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Some of the cookies we use are internal, some of them external (third party) cookies. You can find more about the individual cookies we use here:
Used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.
Used to display different content to users in different countries.
Used to distinguish users across browsing sessions for Google Analytics, but cannot identify unique users across different browsers or devices. Has an expiration of 2 years.
Used to distinguish users and has an expiration of 24 hours.
Used to throttle requests and has an expiration of 10 minutes.
Used to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.
Used for LinkedIn Ad analytics.
Used for Twitter integration and sharing capabilities for social media.
Used to talk to customers in real time.
Used to automatically discover detailed device information to troubleshoot user issues.
Used to track opted-out Facebook users for advertising purposes.
HOW CAN YOU UPDATE, REMOVE OR EXERCISE OTHER RIGHTS WITH REGARDS TO YOUR PERSONAL DATA?
You can update, remove and/or exercise other rights related to your personal data (as specified in detail below) at any time by contacting us at firstname.lastname@example.org We will respond as soon as we can and will follow up on your request within 14 days at most.
Also, if you do not like to receive our newsletter or other content e-mail, including updates or marketing material e-mails, you may at any time unsubscribe any time with the “unsubscribe” link within any e-mail you receive from us. We will be sad to see you go, but we respect your privacy.
The rights you may exercise with regards to your personal data:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction – update of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure – deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes (as mentioned you will also get an option to stop such e-mail contacting in each e-mail we will send it to you). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms.
Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
Request transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Other rights established with GDPR.
Please keep in mind that certain personal data:
we are required to process for certain period according to applicable legislation (for example due to accounting reasons),
we may be required to process in order to provide you (your company) with our products and services. We will properly inform you if this is the case after we receive your request.
HOW DO WE PROCESS YOUR PERSONAL DATA?
We would never sell, share, or otherwise unlawfully use your personal data by disclosing them to any third party controller unless you provide us with your explicit consent as required by law, or we have a legal basis and/or obligation to do so.
Your personal data (and other data as well) is processed by our highly qualified employees and internal subcontractors that are required to execute confidentiality and data processing agreements and must at all time comply with our personal and confidential information policy. We ensure they are provided with proper data security training during the onboarding process. Each of them receives an account (secured by a strong password) which allows them to access the corporate e-mailing system, other software systems and selected databases.
We also use external subcontractors, third-party service providers (data processors), for processing your personal data (for example e-cloud hosting services for storage, etc.). The ones established in the EU operate in compliance with GDPR. Nevertheless, many of our external third parties’ service providers are based outside the European Economic Area (EEA) so their processing of your personal data involves a transfer of data outside the EEA. Whenever this happens, we enforce a similar degree of protection by ensuring at least one of the following safeguards is implemented:
your personal data is processed by third party service providers (data processors) established and operating in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
your personal data is processed by third party service providers (data processors) with which we have specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Nevertheless, this website or web-platform for use of our products and services may include links to third-party websites, plug-ins and applications (for example, PAYPAL and/or credit card payment service providers, etc.). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party data processing activities and are not responsible for their privacy policies.
HOW LONG WILL YOU USE OR OTHERWISE PROCESS MY PERSONAL DATA?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
HOW DO WE SECURE YOUR PERSONAL DATA?
We take security of your personal data (and your or your company’s other data) very seriously!
We store majority of our data using e-cloud based solutions. Numerous studies have established that data stored in the cloud is less likely to be lost, deleted or leaked than data stored on a personal computers and/or other type of personal hardware. We make sure all our data we collect and process is fully encrypted at rest and in transit, by employing state-of-the art firewall and backup technology.
We also make sure our business premises are located in adequately secured buildings, which conform to established security standards. Physical access is controlled and monitored with the following safety measures: transponder card controlled interior door, limited access to on premise server rooms, surveillance systems (alarm, motion detectors, etc.), etc.
We established security measures presented above based on our best knowledge and experience in the field of data security. Notwithstanding, in case of any legislative and/or business requirements changes, we are ready to implement additional measures as soon as possible.
ARE WE ABLE TO NOTIFY ALL THE PARTIES CONCERNED IN CASE OF ANY DATA BREACH?
Yes. Any such data reach will be notified in accordance with Article 33 of the GDPR without undue delay (where feasible, not later than 72 hours after having become aware of it) to the parties concerned as well as to the supervisory authority competent in accordance with Article 55 of the GDPR.
WHICH PERSONAL DATA REGULATION DO WE COMPLY WITH?