Effective Date:16 September 2021, Version: 1.0
1. INITIAL PROVISIONS
means the account to which each customer receives access as part of the Service;
means the California Consumer Privacy Act, California Civil Code §§1798.100 et seq., including any amendments and implementing regulations that become effective on or after the effective date of this Data Processing Addendum;
means, as applicable to a party and its processing of Personal Data: (i)UK Data Protection Law, (ii) EU Data Protection Law, (iii) CCPA and any national data protection laws made under the CCPA, and (iv) any other law applicable for the provision of the Service;
means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (the "GDPR"), (ii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iii) any applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), or (ii); in each case, as may be amended or superseded from time to time;
means any information relating to an identified or identifiable natural person as defined in the applicable Data Protection Laws;
means the access to the Velaris Platform and its use by the customers;
means the United Kingdom;
means: (i) the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (the"UK GDPR"); (ii) the EU e-Privacy Directive (Directive2002/58/EC); and (iii) all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i) or (ii); in each case, as may be amended or superseded from time to time;
means a specific person that each customer authorises to receive access to the Account;
means MANANTIAL LTD, doing business as Velaris, a company incorporated under the laws of England and Wales with company number 13088838 and its affiliates; Velaris shall also be referred to as "we" or"us";
means the software as a service (SaaS) platform owned and maintained by Velaris, including all modifications and enhancements; and
the terms "Controller", "Processor","Process", "Processing", and "Data Subject" shall have the same meanings given to them under the UK GDPR or GDPR, as applicable.
3. PERSONAL DATA WE PROCESS
When you create the Account and use the Velaris Platform, we may collect and process the following Personal Data about you:
payment data and information about your subscription;
information about your use of the Service;
information we collect automatically – IP address, device type, browser type, broad geographic location; and
any further information that you decide to share with us.
Whenever you visit our website and interact with it, such as contact us via our contact form, book a demo with us, or sign up for a newsletter, we may collect the following Personal Data about you:
email or other contact details such as an address or phone number;
newsletters you signed up for (if applicable);
information we collect automatically – IP address, device type, browser type, broad geographic location;
any further information that you decide to share with us.
When you apply for a job at Velaris, we may collect and process the following categories of Personal Data:
email or other contact details such as an address or phone number;
information from your CV and cover letter;
criminal record; and
any further information that you decide to share with us during the recruitment process.
4. REASONS FOR PROCESSING
To provide you with the Service when you create the Account, we need to process Personal Data necessary for its creation (e.g. name, surname, company name, email).
Legal Basis: The legal basis for the processing of such Personal Data is the performance of a contract or precontractual relations.
When you contact us via the contact form on our website, we process your Personal Data to respond to your requests or provide you with the information requested by you. Legal Basis:
The legal ground for the processing of such Personal Data is your consent. You can withdraw your consent at any by sending a message to email@example.com
If you apply for a job position at Velaris through our Jobs page, contact us regarding the job position directly, or we receive your Personal Data from a recruiter, we will process the Personal Data provided to us to handle your job application. For particular positions, you may be asked to provide us with your criminal record. We may as well conduct pre-employment screening to verify the truthfulness of provided information.
Legal Basis: The legal ground for processing this Personal Data is the performance of contract or pre-contractual relations or your consent (as applicable).
We may keep your CV in our internal database for further purposes, such as possible future collaboration with you. Legal Basis: The legal ground for the processing of such Personal Data is your consent. You can withdraw your consent at any time by sending a message to firstname.lastname@example.org
We may share your PersonalData with relevant government authorities to comply with applicable legal requirements and to respond, prevent any potential or actual claims, liabilities, and criminal activity.
The legal basis for the processing of such Personal Data is our legal obligation.
Additionally, cookies help us deliver online advertising that we believe is most relevant to you.Cookies are also used for profiling. Cookies can help us to understand how our website is being used, for example, by telling us if you get an error message as you browse.
At the moment, we also use third party cookies, namely:
Google Analytics, where information about your use of the website is transmitted and stored by Google on servers in the United States. Google then uses this information to evaluate your use of our website to generate reports on website activity that we can further use to improve our website. You can find out more about how Google processes Personal Data on https://policies.google.com/technologies/partner-sites
Hotjar, where information about your device and your use of our website is collected to better understand where users like you spend time on our website (i.e., website heat maps) and how this differs across different devices and screen sizes to evaluate further and improve the experience users have. You can find out more about how Hotjar processes Personal Data on https://www.hotjar.com/legal/policies/privacy/.
If you do not wish for cookies to be collected, you may restrict, block, or delete the cookies by modifying your browser configuration. Although each browser works differently, cookie configuration is usually located in the "Preferences" or "Tools"menu. If you turn off cookies, the functionality of our website may be limited(in the case of essential cookies, you may not be able to access our website).
If you wish to prevent new cookies from being installed or delete existing cookies, you can find the instructions on the links below. The exact procedure depends on the browser you are using:
6. DATA RETENTION
Velaris shall not keep your Personal Data longer than necessary for the purpose for which they are processed. For how long Velaris holds your PersonalData depends on what legal basis is used:
legitimate interest: we will process your Personal Data for as long the given legitimate interest is in place;
legal obligation: the retention period is prescribed by applicable legal regulations;
performance of a contract:Personal Data will be processed for the duration of the contractual relationship and applicable limitation period;
consent: Personal Data will be processed only after the consent is given, if you withdraw your consent, your Personal Data shall be erased. You can withdraw your consent to PersonalData processing anytime at email@example.com
Velaris shall not store Personal Data provided by you or collected automatically during any phone calls, or during another form of communication (such as emails or messages) for a longer period than what is necessary, given the purposes for which they were provided or collected. Moreover, you can withdraw your consent to process your Personal Data at any time by sending the message to firstname.lastname@example.org, in which case we will remove your Personal Data from our systems.
7. DATA SHARING AND TRANSFERS TO THIRD COUNTRIES
We do not share your Personal Data with any third party except for the following situations and categories of recipients:
our third party service providers and partners (such as hosting or analytical tools), which is necessary to ensure better provision of the Velaris Platform;
relevant governmental agencies, law enforcement bodies, or other third parties when disclosure is necessary to ensure compliance with applicable laws or regulations (such as legal, tax, accounting and audit services);
our marketing partners who may contact you on our behalf if you register to receive information about marketing and promotional events; or
any other third party based on your explicit consent.
Your Personal Data will be stored within the Territory unless Velaris needs to transfer your Personal Data. In case of such transfer, Velaris will ensure compliance with the applicable Data Protection Laws.
If third party providers are located outside the Territory, and such data transfer includes Personal Data of Data Subjects residing in the Territory, Velaris shall ensure that such transfer will happen only if the country of origin of third party provider can provide adequate levels of protection based on the adequacy decision of the respective supervisory authority, alternatively, Velaris will enter into agreements with the corresponding Standard Contractual Clauses or binding corporate rules that will apply to such transfer.
8. PROTECTING AND SECURING YOUR PERSONAL DATA
We have adopted several administrative, physical, and technical safeguards to ensure the appropriate level of protection for the Personal Data we collect about you.
Our aim is to eliminate unlawful access, use, transfer, processing, transmitting, loss, or damage to your Personal Data. Despite all efforts, we cannot guarantee that electronic transmission over the Internet or information storage technology is perfectly secure.
Velaris protects your Personal Data by measures such as:
using passwords and other access management and restricting access to your Personal Data (using multiple levels of internal system logs, enforcing strong password policy);
using strong securityIT tools (such as firewalls, antivirus, anti-malware software);
implementing appropriate physical security of premises where the Personal Data is stored, such as implementing controls on-premise entry;
education of personnel in privacy and data protection measures;
Measures adopted by Velaris do not deprive its Users of their duties to undertake appropriate steps to ensure the security of their Personal Data. We highly recommend that our Users regularly change their passwords, not choose an obvious or very predictable password, and not disclose their passwords to others.
9. RIGHTS OF THE UK AND EU USERS
If you are a resident of the United Kingdom or the European Union, the UK GDPR or the GDPR (as applicable) provide you with the following rights:
RIGHT OF ACCESS
We will inform you about the collection and use of your Personal Data, including the purposes for its processing, retention periods, and who is thePersonal Data shared with (privacy information). If you would like to get such information, please contact us at email@example.com
. If we process your PersonalData, we will provide you with the following information:
name and contact details of our organisation and, if applicable, contact details of our representative;
purposes of the processing;
the lawful basis for the processing;
the legitimate interests for the processing (if applicable);
the categories of Personal Data obtained;
the recipients or categories of recipients of Personal Data;
the details of transfers (if applicable);
information about your rights;
the sources of your Personal Data; and
the details of the existence of automated decision-making, including profiling, including profiling under Article 22 (1) and (4) UK GDPR or GDPR (as applicable).
RIGHT TO RECTIFICATION
You have the right to request that anything inaccurate in your Personal Data is corrected immediately. If you would like to exercise this right, please contact us at firstname.lastname@example.org
RIGHT TO ERASURE
You are also entitled to have your Personal Data erased; this right is commonly known as the "right to be forgotten". Bear in mind that this right is not absolute and applies only in certain circumstances, and we might be allowed or even obliged to keep some of your Personal Data despite your deletion request. If you wish to exercise this right, please contact us at email@example.com
RIGHT TO RESTRICT PROCESSING
RIGHT TO DATA PORTABILITY
You have the right to receive Personal Data that you have provided to us in structured, commonly used and machine-readable format. As part of your right, we shall also transmit such Personal Data directly to another controller if you wish so. If you would like to obtain your Personal Data in such form, please contact us at firstname.lastname@example.org
RIGHT TO OBJECT
You have the right to object to the processing of your Personal Data in certain circumstances, such as direct marketing, this also includes the profiling of Personal Data that is also related to direct marketing or when processing is based upon public tasks or legitimate interests.
The exercise of your right may be limited, as we might be obliged to keep any of your Personal Data for compliance with legal obligations, for the establishment, exercise or defence of legal claims or any other compelling reasons as provided by the Data Protection Laws. If you would like to exercise this right, contact us at email@example.com
RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION MAKING AND PROFILING
RIGHT TO FILE A COMPLAINT
10. CCPA NOTICE
Consumers residing in California have some additional rights in respect to their Personal Data under the CCPA. If you are a California resident, this section applies to you and supplements the above policy.
YOUR CALIFORNIAN CONSUMER RIGHTS
11. THIRD PARTY INTEGRATIONS
You may connect third-party integrations to your Velaris account, which may ask for certain permissions to access data or send information to your Velaris account. It is your responsibility to review any third-party integrations you authorize. We may collect information about what types of integrations you use in your Velaris account.
Any permission(s) granted by you, grants these third parties access to your data, which may include (but is not limited to) granting third-party applications access to view, store, and modify your Velaris account data. We are not responsible for the practices of third-party integrations, so please carefully review the permissions you grant to third-party applications.
If you use the Gmail integration or choose to integrate any other Google Workspace application with Velaris, you will be asked to give us access to information from your Gmail or Google account.
By using the Gmail integration with Velaris, you will grant Velaris access to information associated with your account, including contacts, emails, calendar, distribution lists, subject lines, and URLs of tracked links from your email, if you use the email tracking functionality. In addition, Velaris will be able to read, modify, create, and send emails from your connected Gmail account. Velaris will scan the content of your emails to identify which emails you have elected to track in order to provide you with the notifications feature. Velaris will store replies, outgoing mail, email headers, subject line, distribution lists, aliases, time sent, and email bodies. Your email may contain sensitive information, such as names of your contacts, your private communications, or financial or medical information. You understand that the correspondences you track will be visible to other users on your Subscription team.
If you connect your Gmail account via IMAP (or Generic Inbox Connection), Velaris will have access only to email address, password, server information, email metadata, and message bodies.
Additional Limits on the Use of Your Google User Data
Velaris's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Google Calendar Integration
The Subscription Service will have access to both your Google Calendar and any other calendar you access via Google in order to power our Meetings tool, and allow you to associate events with contacts in your Velaris account. The Subscription Service will have the ability to: create or change your calendars, and update individual calendar events.
12. CHILDREN'S PRIVACY
Our Service is not designed for or intentionally targeted at children 16years of age or younger. We do not collect or maintain Personal Data of anyone under the age of 16.