Effective Date: May 25, 2018
1.1 This document applies to the website www.herogami.com (the “Site”) and the Herogami On-Demand Service on the Site (“Service”) (“Site” and “Service” collectively defined as “Herogami”), owned and operated by Venticento Studio Srls (“Venticento”) and describes how Venticento collects and uses the personal information you provide us and it also describes the choices available to you regarding our use of your personal information and how you can access and update this information.
1.5 We respect your right to privacy and feel it is important for you to know how we handle the information we receive from you via the Site, from our support channels, and from tools and services offered on the Service owned and managed by Venticento acting as the entity that acts as the Controller or Processor of your information, as explained in more detail below. If you have any questions, please feel free to contact us at: email@example.com
2.1 Terms of contractual nature used in this document are explained below in alphabetical order.
“Cookies” are small text files that are stored locally on the visitor’s device (e.g. PC, smartphone, tablet PC) when a website is visited. They can contain various information about the device used and the usage behavior and are sent back to the web server setting the cookie for the purpose of recognizing the user and his or her settings when reconnecting.
“Customer” is the individual, company, organization or entity that subscribed to the Service and created a dedicated Herogami account by filling the Sign-up forms located at www.herogami.com/signup.
“Customer Data” means any data that Venticento and/or its sub-processors processes on behalf of Customer in the course of providing the Services under the Agreement.
“Data Controller” means an entity that determines the purposes and means of the processing of Personal Data.
“Data Processing Agreement” is a contractual addendum to the Terms Of Service agreement between Venticento and the Customer.
“Data Processor” means an entity that processes Personal Data on behalf of the Data Controller.
“Data Protection Officer” (“DPO”) is an appointed security role required by the GDPR. Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Sub-processor” means any Data Processor engaged by Venticento to assist in fulfilling its obligations with respect to providing the Service. Sub-processors may include third parties.
2.2 With regards to the features of the Service mentioned in this document, the explanation is reported below in alphabetical order.
“Admin Menu” is the application menu located in the top-right corner of the Herogami application workspace.
“Customer Account Area” is a page of the Service reporting details and contact information of a Customer.
“Customer Administrator” is a person within a company or organization that has subscribed to the Service and that controls the organization’s Herogami account and accesses to administrative features such as adding or deleting users, upgrading of the subscription across the available paid plans, provisioning of financial-related information for processing payments.
“Customer Member” is a person within a company or organization that, following invitation from a Customer Administrator to join the Herogami account held in name of a company or organization, operates the Service within the context of its operational, non-administrative features related to the task-management capabilities of Herogami.
“Delete User Button” is a feature of Herogami that allows Customer Administrators to de-activate a Herogami user account.
“Subscription” is a term used in the SaaS provisioning model indicating an order granting the Customer unlicensed use of software applications and services hosted on remote computers and accessed by Customer appointed staff through the use of thin-clients, a web-browser in the case of Herogami. Herogami provides recurring subscriptions governed by the Terms of Service (“TOS”).
“Unsubscribe Link“ is a feature of Herogami that allows Customer Administrators to delete the account associated with the company or organization they refer to.
3.2 If you do not agree with the terms, you should not access or use the Services, websites, or any other aspect of Herogami and its related services.
4.1 By using the Service you enter some data and information which is relevant to the activities you carry out on the Service as well as to granting the correctness of your user account. Find below the information you provide through the use of the Service.
a. Account and Profile Information: We collect information about you and your company as you register for an Instance, create or modify your user account, make purchases, as well as use, access, or interact with the Services and websites (including but not limited to when you upload, download, collaborate on, or share Content). Information we collect includes:
- Contact information such as full name, email address, mailing address, and phone number
- Billing information such as billing address (note: credit card information is processed by a third party, our Payment Processor)
- Profile information such as your login, profile picture, and job title
- Preferences information such as notification and marketing preferences
c. Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our Services or websites. Such Content includes any Personal Data that you choose to include.
d. Other submissions: We collect other data that you submit to our websites, or as you participate in any interactive features of our Services, participate in surveys, contests, promotions, activities or events, apply for a job, request customer support, communicate with us via third party social media sites, share feedback or otherwise communicate with us. For example, information regarding a problem you are experiencing with a Venticento product could be submitted to our Support Services or posted in our public forums.
e. Usage Logs: As with any website and Service delivered over the Internet, every time you access our website, we automatically process the following information:
- the IP-address of your computer or other device (e.g. tablet-PC or smartphone) and the request(s) of your browser (including dates and times)
- the amount of data transferred, the browser type and version, the screen resolution and the operating system used.
f. The IP-address and the information on your Internet browser’s enquiry(s) are technically necessary for accessing and using the website; without processing of this data, access to the Internet site cannot take place and Internet sites cannot be displayed.
h. Usage Logs have a temporary scope and are deleted after they are no longer technically necessary for monitoring usage load of the Service and assuring its security.
i. Any information on the transferred data volume, the browser type and browser version, the screen resolution and the operating system used are collected and processed in order to optimize the presentation of the contents, determine system utilization and make future adjustments and improvements to the Internet presence, possibly on the basis of statistical evaluations. Legal Basis for the processing of the full IP-address, the information on your Internet browser’s enquiry(s) and the further information mentioned above is Art. 6 (1) s. 1 lit. (f) GDPR. The legitimate interest in the processing of personal data is to technically enable you to access the website, to optimize the representation of the website’s contents and for the future improvement/optimization of the website.
m. Analytics information via Google Analytics: Herogami uses Google Analytics, a web analysis service of Google Inc. which on our behalf, Google collects certain user and usage information in order to evaluate the use of the Site and Service such as the frequency of page views, entry and exit pages, click paths, time spent on individual pages, etc. This is done to evaluate the use of the Service, to generate reports about the Site activities and to provide further internet services which are connected with the use of our website, for market research purposes and for the demand-oriented design of our internet pages. In this context, Google is creating pseudonymized user profiles as well as cookies.
n. Analytics Information Derived from Customer Data: analytics information also consists of data we collect as a result of running queries against Data across our user base for the purposes of generating Usage Data. "Usage Data" is aggregated data about a group or category of features or users that does not contain Personal Data or any Confidential Information submitted to the Service. For example, we may query Customer Data to determine the number of Projects created in Accounts or the number of Processes created in the Account.
4.2. Herogami employs various technologies to collect the information you provide through the use of the Site and Service. Please find the list below.
b. Web Beacons and Tracking Pixels: Herogami and Venticento may also collects information using web beacons (also known as "tracking pixels"). Web beacons are electronic images that may be used in our Websites or in emails that help us to deliver cookies and count visits, to understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.
4.3 As of the date this policy went into effect, Venticento and Herogami may obtain information from third parties like social media websites: Herogami and Venticento also obtain information from third parties and combine that with Information we collect through social media websites. For example, we may have access to certain information from a third party social media or authentication service if you browse our Websites. Any access that we may have to such Information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. You should check your privacy settings on these third party services to understand and change the information sent to us through these services. On our website we provide links to our company pages on some social media platforms of the following companies:
4.4. In the event that you visit sites 5.7.a, 5.7.b, 5.7.c information may be collected and processed by the respective platform provider, which may also be assigned to your respective user account and stored and used in accordance with the data protection information of the respective platform operator. Therefore, please inform yourself about how the respective platform is processing your personal data before visiting the linked pages.
5.1 Customer Data will be used by Venticento in accordance with Customer instructions, as required by applicable law. Venticento is a Processor of Customer Data, and the Customer is the Controller. Customer may, for example, use the Services to grant and remove access to an Instance, assign roles and configure settings, access, modify, export, share, and remove Customer Data, and otherwise use the Services.
5.2 We use the Information we collect about you (including Personal Data to the extent applicable) for multiple purposes, including:
a. Provide, operate, maintain, improve, prevent, or address service errors, security, or technical issues in Services.
b. Enable you to access and use Services, including uploading, downloading, collaborating on, and sharing Content.
c. Process and complete transactions, as well as send you related information, including purchase confirmations and invoices, as required by applicable law, legal process, or regulation.
d. To send emails and other communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Service, our Service offerings, and important Service-related notices, such as security and payment notices. These communications are considered part of the Service, and you may not opt out of them unless you cancel the service completely.
e. In addition, we sometimes send emails about new product features, promotional communications, or other news about Venticento Services and products. These are marketing messages so you can control whether you receive them. You have the ability to opt out of receiving any of these communications.
f. Investigate and prevent fraudulent transactions, unauthorized access to Services, and other illegal activities.
g. Personalize the Service and the Site, including by providing content, features, or advertisements that match your interests and preferences.
h. Enable you to collaborate, and share Data with users you designate.
i. For other purposes for which we specifically obtain your consent.
5.3 Notwithstanding the foregoing, we will not use the Personal Data that appears in our Analytics Data or Web logs for any purpose. The use of Information collected through our Services and websites shall be limited to the purposes disclosed in this policy.
6.1 We will not share or disclose any of your Personal Data or Other Data with third parties except as described in this Policy. We do not sell your Personal Data or other Data and, generally, Venticento is not under a statutory or contractual obligation to provide any Customer Data, Personal Data or other Data (collectively, “Data”). However, certain Information is collected automatically and, if some Information is not provided, we may be unable to provide the Service.
6.2 Below you find the conditions under which we share your Personal Data in order to provide the Service:
a. Your normal of the Service: When you use the Service, Data you have provided will be displayed back to you.
b. Third Party Service Providers and Partners (“Sub-Processors”): We may engage third party companies or individuals as service providers or business partners to process Data and support our business. These third parties may, for example, provide server hosting and storage services.
c. Third Party Services connecting to Herogami through Web-APIs, Plugins, Mashups or other tools to their instance. Typically, Third Party Services are software that integrate with Herogami, and Customer can permit its Instance Users and/or Administrators to enable and disable these integrations for their Instance. Once enabled, the provider of a Third Party Service may share certain information with Venticento. For example, Herogami provides a plug-in that allows to connect to third-party source code management (SCM) repositories and applications. When this connection is enabled, the Service will receive repository access credentials and source code along with additional information that the third-party application has made available to Herogami. Administrators and Users should check the settings and additional details for these Third Party Services to understand what data may be disclosed to Herogami and Venticento. When a Third Party Service is enabled, Herogami is authorized to connect and access data made available to the Service.
d. Corporate Affiliates: Venticento may share Other Information with its corporate affiliates, parents, and/or subsidiaries with such access governed by this Policy in any case.
e. During a change to Venticento business: if Venticento engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Venticento’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some Data may be shared or transferred, subject to standard confidentiality arrangements and this Policy’s provisions.
f. Aggregated or obfuscated Data: We may disclose or use aggregated and/or obfuscated Data for any purpose. For example, we may share aggregated or de-identified or other Information with prospects or partners for business or research purposes, such as telling a prospective Venticento customer the average size of the Instance database.
g. To comply with Law: if we receive a request for information from a Law Enforcement Agency, we may disclose Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. We will notify you about such a request immediately upon receiving it.
h. With Consent: Venticento may share Data with third parties when we have consent to do so.
7.1 To the extent prohibited by applicable law, Venticento does not allow use of our Services and websites by anyone younger than 16 years old unless there is a custom agreement in place. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us via firstname.lastname@example.org, and we will take the necessary steps to delete such information.
8.1 Venticento will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Terms of Service and as required by applicable law. Venticento may retain Personal Information for Instance Administrators and Owners after you have deactivated your account for the period of time needed for Venticento to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements — usually for no longer than 5 years. Other Instance Data submitted to the Service will be removed or obfuscated within 6 months after the Service License expiration, unless we're explicitly instructed by the Customer to remove data immediately. To deactivate an organization account, please contact us through the official support channel reported in the Terms of Service.
9.1 You may opt out of receiving marketing communications from Venticento by using the unsubscribe link within each email or emailing us to have your contact information removed from our email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving any promotional or supporting messages from us, you will continue to receive important technical transactional messages from us regarding the Service until your Instance is deactivated or removed.
10.1 Venticento takes security of data very seriously and works hard to protect Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Information we collect, process and store, and the current state of technology and aim at providing “appropriate security and confidentiality” with particular regard (but not limited to) to the compliance with GDPR recital notes R74-78, R81, R83, R90, A5, A24-25, A28, A32, A35.
10.2 The list of major security measures adopted when providing the Services is detailed in our Security Policy
10.3. In addition to the list of security measures above, additional security practices are adopted by the Service and our staff to manage our code base, secure off-line backups and more. You are welcome to request additional information about our security practices and SSL certificates via e-mail at email@example.com. Given the nature of communications and information processing technologies, Venticento cannot guarantee that Information, during transmission through the Internet or while stored on our systems and services, will be absolutely safe from any intrusion by others.
249 Arch St.
Philadelphia, PA 19106
Braintree Payments Services is the credit card and payment processor handing the financial transactions applied to the paid plans of the Service. Braintree is a service of Paypal.
Paypal (Europe) Sarl
Boulevard Royal 22-24
Google Analytics, a web analysis service of Google Inc.
1600 Amphitheatre Parkway
Mountain View CA 94043
Hotjar provides technologies that helps us better understand our users experience.
Level 2, St Julian’s Business Centre
3 Elia Zammit Street
St Julian’s STJ 1000
12.2. Regardless of your country of residence, you can accomplish this using the settings and tools provided in your Herogami user account. If you cannot use the settings and tools, contact your Herogami Administrator as mentioned above or our Customer Support via firstname.lastname@example.org for additional access and assistance which will be offered with the highest priority.
12.3. If your account on the Service is managed by a Customer Administrator, that account administrator may have control with regards to how your account information is retained and deleted.
12.4. Processing of your Personal Data by Venticento and its Services is subject to the GDPR, Venticento relies on its legitimate interests, described above, to process your data. Venticento may also process other Information that constitutes your Personal Data for direct marketing purposes. You have a right to object to Venticento use of your Personal Data for this purpose at any time by opting out; do this by contacting us via email@example.com.
12.5. In full compliance with the GDPR, Venticento provides you with the following rights:
a. Notification of Data Breach
Herogami implements data breach notifications such as repeatedly failed attempts to login using existing users credentials as well as malicious network traffic. Herogami reports breaches to the offended Data Subject and Data Controller within 72 hours of first becoming aware of a breach.
b. Right to Access
You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 (1) GDPR, unless there are no legal exceptions limiting this right. Upon request, Venticento will provide a copy of your Personal Data, free of charge, within 30 days from receiving your request.
You have the right to rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, to have incomplete personal data completed (Art. 16 GDPR). Rectification of your Personal Data can be carried out by you in Herogami by entering your User Dashboard under the Admin menu and editing your records. You can also ask your Customer Administrator to perform such operation up to a certain extent, with limitations to changing your Herogami account password which is an operation exclusively reserved to You.
c. Right to be Forgotten
Where one of the grounds set forth in Art. 17 (1) GDPR applies, you have the right to obtain from us the erasure of personal data concerning you, unless none of the exceptions specified in Art. 17 (3) GDPR applies. If you are a Customer Member you can exercise you rights by asking your Herogami Customer Administrator to delete your Herogami user by entering the Users section from the Admin Menu and clicking the Delete User Button. This operation will remove your user account and Personal Data with the exception of any data that must be maintained for the legitimate operation of the Service and that will be pseudonymized to remove any reference to your previous use of the Service as well as any collected Personal Data.
d. Data Portability
In the cases which are set forth in Art. 18 (1) GDPR, you have a right to obtain from us the restriction of processing, and where Art. 20 Abs. 1 GDPR applies, a right to data portability. Herogami implements data portability features by design since every major feature of the Service provides an export link that will download a file with the copy of your data in CSV format. Your Data is not deleted as a consequence of the export. It is your responsibility, or your Customer Administrator’s responsibility if you use the Service as Customer Member, to delete your Herogami account.
e. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based Art. 6 (1) s. 1 lit (f) or (e) GDPR, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
f. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating you infringes your rights under the GDPR regulatory statements.
12.6. Obtaining a Data Processing Agreement (DPA): if you would like to sign a Data Processing Agreement with Venticento, please contact firstname.lastname@example.org with proof of identity, full name, address and telephone number or the person in your organization authorized to sign.
Venticento Studio Srls
Via Piave 54
Attn: Data Protection Officer
12.8. When contacting the DPO, you agree to provide your full name, a valid e-mail address, mailing address and telephone number to allow the correct processing of your enquiry.