Privacy policy for WiseMo A/S

Version 2.0 - 2018-05-25

0. Preface

Your privacy is important to us. As a provider of secure communications software and services, we know the importance of protecting your information. Thus, we have established this strong privacy policy to assure you that we will not misuse any information we receive about you. This policy applies whether you are a company, an organization, a government entity, an individual or any group of individuals.

0.1 Links to specific situations

Using our myCloud service (#myCloud)
Using our standalone products (#Standalone)
Using our Android Host App (#AndHost)
Using our Android Guest App (#AndGuest)
Requesting free trials for our perpetually licensed products (#ptrial)
Buying licenses and subscriptions in our web shops (#shops)
Buying 3^rd party products from us (#s3rdProd)
Signing up for our news mails (#newsmail)
Contacting support (#support)
Browsing our websites (#web)
Receiving a myCloud account invitation e-mail (#invitemail)
Receiving an e-mail with a preconfigured product (#configmail)
Receiving an SMS with a preconfigured product (#configsms)

0.2 Changes from previous versions

0.2.1 Changes from version 1.0

We are not asking for more permissions
The fundamental principles are not changed
There are now details sections for each of the situations where you give us information
Various formalities have been added or changed to comply with the EU GDPR
Because these changes are entirely to your benefit, they take effect without a 30 day delay.

1. Categories of information (General principles)

Our treatment of your information depends on the nature of the information and how we got it. These are the general rules behind our specific situation policies; we will follow the most restrictive of the situation and general policies, so you only need to read either part.

1.1 Anonymous statistics

Statistical data, which has been reduced, so it contains no information about any single customer, entity or person and cannot be linked back to one either, may be used and even published.

1.2 Generic access logs

Logs of accesses to our web sites and servers are available only to trusted staff of WiseMo A/S and our subcontractors. We may use this information to manage and improve our web sites and services, to support you and to extract one of the other types of information (which is then subject to those rules).

1.3 User Registrations

Information you provide about yourself and the products and services you have licensed from us may be used to support and maintain the delivery of those products and services to you, to inform you about things we believe may be of interest, to send you newsletters (electronic newsletters only if you subscribe to them), and to support and maintain the general workings of our products. We will not sell this information to 3^rd parties. We may share some of this information with our channel partner servicing your area. If the product or service you acquire from us is clearly labeled as being from another vendor than WiseMo, we may also share some of this information with the vendor of that product or service.

1.4 Accounting information

Orders, invoices, bills, receipts for payments etc. will be retained as part of our accounting records for at least 5 years. In addition to the uses permitted for User Registrations, accounting information may be available to auditors, tax authorities and others with the legal authority to inspect such records.

1.5 Credit card details

The details of credit cards and credit card authentication codes (such as the CVC code) used when paying us are handled by a professional 3^rd party payment gateway (DIBS, Subsidiary of Nets) which has been certified by banks /credit card companies to handle such information (VISA/MasterCard PCI certification). WiseMo does not have access to your detailed Credit Card information and we cannot and do not use it or store it. We only have access to truncated information for use on receipts and confirmations that the payment has been completed successfully.

1.6 Processed data

The data that you store on or transmit through our services, as well as any other copies of your own private data which we may gain access to (e.g. in the course of handling a support request from you) will be kept in the strictest confidence, will be used exclusively to provide the services you requested us to perform on that data and will otherwise be ignored except in some cases to compute anonymous statistics as defined above.

2. Technology, cookies etc. (General principles)

We may use any appropriate technology to protect, process, handle and obtain the information covered by this policy, including cookies, encryption, paper etc. This policy applies regardless of the methods and technology used.

2.1 Processing in other countries

The computer systems, people and subcontractors processing data under this policy may be located anywhere and in any country. By providing us with data subject to this policy, you consent to the processing of that data occurring in a country other than your own and/or in your country. All such processors and sub-processors are contractually required to only process data as we tell them to (and we are bound by this policy). Furthermore, any processors and sub-processors outside the EU (and countries ruled adequate by the EU) are required to sign standard data protection clauses as an appropriate safeguard [GDPR 46(2) (c) or (d)]

2.2 Opting out of cookies

You can opt out of the use of cookies in those WiseMo services that use them by simply using the standard cookie management features of your web browser. Beware, however, that some of our services may not function properly if you do so.

Skip to #common privacy provisions.

3. Using our myCloud service (#myCloud)

3.1 Data collected by the myCloud service

When you use the myCloud service, it obtains, uses and logs the following data from you:

The e-mail address and password of your myCloud login
Your name
(optional) Your phone number
The name of the device where the Host is running
(optional) the logged in user name on the device where the Host is running
The IP address and thus general geographic area of the device used
The Type, model, operating system and Web Browser (incl. versions) of the device used
The time and date
If and when a myCloud connection is requested to a Host
The amount of data transferred through myCloud and the duration of the connection.
The amount of usage that you paid for or are allowed to test under a Trial license
(optional) Any configuration data that you store in myCloud, for use in Web based clients.
If you want or don't want to also sign up for news e-mails, see our news e-mails privacy policy (#newsmail)

You or the administrator users in your myCloud domain can change or delete this data at any time except for the IP address, general geographic area, device information and timestamp (those can only be deleted) and the internal master log files used by WiseMo for maintenance etc. (cannot be deleted). The amount of usage paid for can only be changed via payment transactions.

All remaining myCloud customer data except the internal master log files and our internal customer records (purchase history, e-mail, name, domain name) are deleted 8 to 400 days after the myCloud subscription (paid or trial) expires. Our internal customer records are kept for at least 5 years after the last commercial transaction.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

3.2 How we use this data

We use the e-mail address for password recovery, to send you important notifications (such as subscription expiry) and to communicate with you about account changes and purchase decisions [GDPR 6(1) (b)]. We use the above data to provide the functionality of the myCloud service (for example, we use the general geographic area to route connections through a nearby server), to provide other services (such as skin downloads) and to keep the myCloud servers running well [GDPR 6(1) (b)]. We also use this data to check that you do not use more than the number of clients that you paid for and to maintain the security of the myCloud servers [GDPR 6(1) (f)]

3.3 Data you may process via myCloud

You may cause the myCloud service to process the following data on your behalf. WiseMo acts solely as a processor of this data, using it only to perform the processing you request:

Data transmitted between Host and Guest (This data is end to end encrypted by default so we cannot see it, and we encourage you to not turn encryption off)
(optional) Any configuration data that you store in myCloud for deployment to devices.
(optional) The e-mail addresses, names, (optional) phone number and assigned access roles of users you invite to join your myCloud domain.
(optional) The names and phone numbers of devices to which you deploy client software via text messages.

You or the administrator users in your domain can change or delete this information directly as long as it remains in the active part of the service. The content transmitted (in addition to being encrypted) is not stored by WiseMo.

3.4 Additional data when you purchase myCloud usage

When you purchase (additional) myCloud usage licenses, the privacy policy for our web shops (#shops) applies.

3.5 Outsourcing

The myCloud and related services are partially outsourced to processors and sub-processors inside and outside the EU.

3.6 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

4. Using our standalone products (#Standalone)

This does not apply to the Android Apps, they have their own sections.

4.1 Data collected from our standalone licensed software (perpetual or trial license)

We collect little or no data from your use of these products:

If you connect to a mobile Host device, our Guest products may provide the type, model and operating system of the mobile device along with the IP address and operating system of the Guest device to our Skin download servers in order to request download of a skin specific to the Host device. This feature can be turned off in the Guest program user interface.
If the feature to check for software updates is enabled, the IP address and operating system and software version may be provided to our web servers in order to do that check.
If you send us a support log or otherwise contact us for support, our #support privacy policy applies to that.
If you connect the product to our myCloud service, our #myCloud privacy policy applies to that

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

4.2 How we use this data

We use the skin and software update request data to provide you with the requested functionality, to identify missing skins, and to keep the servers providing skins and software updates running [GDPR 6(1) (b)]. We also use this data to maintain the security of our servers [GDPR 6(1) (f)]

4.3 Data encryption by default

By default, data transmitted between Guest and Host products is encrypted end-to-end. You can turn this off if you want to, though this is not recommended. When you are not using our myCloud service, the data is not sent through our servers at all.

4.4 Outsourcing

The skin download servers and web servers are partially outsourced to processors and sub-processors inside and outside the EU.

4.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

5. Using our Android Host App (#AndHost)

5.1 Data collected from our Android Host App (If you don't sign up for myCloud)

We collect little or no data from your use of this product:

On first run (and on later runs if it fails), the Host App may try to install an add on specific to the branding of your Android Device and its firmware, this download will be from either the App Market where you downloaded the Host App or directly from WiseMo servers. In either case, the Host App may also contact the WiseMo Servers for information about which add-on corresponds to the device. This provides us with your IP address, the device model and some technical information about the firmware version.
If the feature to check for software updates is enabled, the IP address and operating system and software version may be provided to our web servers in order to do that check, alternatively the App Market where you downloaded the Host App may do this checking itself without contacting us.
If you send us a support log or otherwise contact us for support, our #support privacy policy applies to that.
If you connect the product to our myCloud service, the myCloud section below also applies.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

5.2 How we use this data

We use the add-on selection and software update request data to provide you with the requested functionality, to identify missing add-ons and to keep the servers doing this running [GDPR 6(1) (b)]. We also use this data to maintain the security of our servers [GDPR 6(1) (f)]

5.3 Additional data collected if you add the Android Host App to a myCloud domain

When you use the myCloud service, it obtains uses and logs the following data from you:

The e-mail address and password of your myCloud login
The name of the device where the Host is running
(optional) the logged in user name on the device where the Host is running
The IP address and thus general geographic area of the device used
The Type, model, operating system and Web Browser (incl. versions) of the device used
The time and date
If and when a myCloud connection is requested to a Host
The amount of data transferred through myCloud and the duration of the connection.
The amount of usage that you paid for or are allowed to test under a Trial license
If you want or don't want to also sign up for news e-mails, see our news e-mails privacy policy #newsmail.

You or the administrator users in you myCloud domain you can change or delete this data at any time except for the IP address, general area, device information and timestamp (those can only be deleted) and the internal master log files used by WiseMo for maintenance etc. (cannot be deleted). The amount of usage paid for can only be changed via payment transactions.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

5.4 How we use this data

5.5 Data you may process via myCloud

You may cause the myCloud service to process the following data on your behalf. WiseMo acts solely as a processor of this data, using it only to perform the processing you request:

Data transmitted between Host and Guest (This data is end to end encrypted by default so we cannot see it, and we encourage you to not turn encryption off)
(optional) Any configuration data that you store in myCloud for deployment to devices.
(optional) The e-mail addresses of users you invite to join your myCloud domain.
(optional) The names and phone numbers of devices to which you deploy client software via e-mails or text messages.

5.6 Additional data when you purchase myCloud usage or purchase a license directly

When you purchase (additional) myCloud usage licenses, or perpetual licenses for standalone use of the Android Host App, the privacy policy for our web shops (#shops) applies.

5.7 Data encryption by default

5.8 Android permissions

(Google policy requires us to repeat this information here)

Internet and Wi-Fi permissions: The purpose of our Host App for Android is to let you or your authorized users control it over Internet and Wi-Fi, so it obviously needs those Android permissions to do that
In-app purchase: To allow you to make a onetime purchase of a perpetual license from inside the app.
Permissions not included elsewhere on this list: These are for things you can access remotely using our Host App for Android, subject to your own choice of in-app security settings.
Bluetooth and Phone permissions: On some devices, our Host App for Android needs these permissions to determine the name and model of the phone, so your authorized users can select it for connections and see the proper model specific “skin” when you allow them to control your phone.
Google Cloud Messaging and SMS permissions: We may use Google Cloud Messaging and SMS to reduce mobile data and battery usage for myCloud subscribers
Root permission: On devices with this ability, we may use the root permission as an alternative to a brand-specific add-on and to extend the remote file transfer, terminal access etc. available to authorized users (subject to you own choice of in-app security settings).
Device Administrator Permission: Our Host application is for remote support and management (which is explicitly described in the app description on Google Play). When the Host is running, the device can be managed remotely from a WiseMo Guest module.

On Samsung devices – and Samsung only – we are using the KNOX SDK (Samsung API) that provides additional vendor-specific functionality we find useful for our application. We are using the following permissions from the KNOX SDK:
- android.permission.sec.MDM_SECURITY – to be able to reboot device remotely
- android.permission.sec.MDM_REMOTE_CONTROL – remotely control device
In order to obtain access to these APIs on Samsung our Host App for Android needs to be assigned as device administrator, therefore it needs to include “Device Administrator” permission in the App description (which is the same for all devices) as described in the Samsung KNOX SDK to get access to the Remote Control API and to be able to reboot the device

Below are additional details about the device admin handling in our WiseMo Host app on Android:
1. If the app runs on a Samsung device with KNOX SDK support, our application asks the user to accept assigning device administrator rights to our Host app. We do not ask the user to assign device administrator rights on non-Samsung devices.
2. If the user accepts the Host app to run as device administrator, Host configures the KNOX SDK, so the device can be managed remotely. This will show some generic Samsung warnings about what other apps could do with that permission; we only use the “Allow Remote Control of device” part, which is the purpose of our WiseMo Host for Android. There will also be a second prompt about Samsung’s own privacy policy for this feature, which you may want to read as it is beyond our control.

5.9 Outsourcing

The add-on detection, update checking and myCloud services are partially outsourced to companies that operate under our command and within this policy, inside and outside the EU.

5.10 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

6. Using our Android Guest App (#AndGuest)

6.1 Data collected from our Android Guest App (If you don't sign up for myCloud)

We collect little or no data from your use of this product:

If the feature to check for software updates is enabled, the IP address and operating system and software version may be provided to our web servers in order to do that check, alternatively the App Market where you downloaded the Host App may do this checking itself without contacting us.
If you send us a support log or otherwise contact us for support, our #support privacy policy applies to that.
If you connect the product to our myCloud service, the MyCloud section below also applies.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

6.2 How we use this data

We use the software update request data to provide you with the requested functionality and to keep the servers doing this running [GDPR 6(1) (b)]. We also use this data to maintain the security of our servers [GDPR 6(1) (f)]

6.3 Additional data collected if you add the Android Guest App to a myCloud domain

When you use the myCloud service, it obtains uses and logs the following data from you:

The e-mail address and password of your myCloud login
The name of the device where the Host is running
(optional) the logged in user name on the device where the Host is running
The IP address and thus general geographic area of the device used
The Type, model, operating system and Web Browser (incl. versions) of the device used
The time and date
If and when a myCloud connection is requested to a Host
The amount of data transferred through myCloud and the duration of the connection.
The amount of usage that you paid for or are allowed to test under a Trial license
If you want or don't want to also sign up for news e-mails, see our news e-mails privacy policy (#newsmail)

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

6.4 How we use this data

6.5 Data you may process via myCloud

You may cause the myCloud service to process the following data on your behalf. WiseMo acts solely as a processor of this data, using it only to perform the processing you request:

Data transmitted between Host and Guest (This data is end to end encrypted by default so we cannot see it, and we encourage you to not turn encryption off)
(optional) Any configuration data that you store in myCloud for deployment to devices.
(optional) The e-mail addresses of users you invite to join your myCloud domain.
(optional) The names and phone numbers of devices to which you deploy client software via e-mails or text messages.

6.6 Additional data when you purchase myCloud usage

When you purchase (additional) myCloud usage licenses, the privacy policy for our web shops (#shops) applies.

6.7 Data encryption by default

6.8 Android permissions

(Google policy requires us to repeat this information here)

Internet and Wi-Fi permissions: The purpose of our Guest App for Android is to let you or your control other devices over Internet and Wi-Fi, so it obviously needs those Android permissions to do that
Files, media and "photos" permission: This is so you can use the storage to copy configuration and log files to and from other devices for backup or moving devices.
Bluetooth and Phone permissions: On some devices, our Guest App for Android needs these permissions to determine the name or model of the phone; this may be reported to the controlled host as an indication of who controlled it.

6.9 Outsourcing

The update checking and myCloud services are partially outsourced to the companies that operate under our command and within this policy, inside and outside the EU.

6.10 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

7. Requesting free trials for our perpetually licensed products (#ptrial)

This applies to requesting trial licenses for our perpetually licensed products via our web shop

7.1 Data collected by our web shop for trial of perpetually licensed products

An e-mail address for electronic delivery.
The IP address, browser and operating system you use to visit the web shop.
(optional) If you want or don't want to also sign up for news e-mails, see our news e-mails privacy policy (#newsmail)

We may keep this data indefinitely

7.2 How we use this data

We use this data to electronically deliver the product [GDPR 6(1) (b)] and to keep our servers running and secure [GDPR 6(1) (f)]. We may also use the e-mail address to contact you.

7.3 Outsourcing

The shop servers are partially outsourced to processors and sub-processors inside and outside the EU.

7.4 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

8. Buying licenses and subscriptions in our web shops (#shops)

This applies to paying for myCloud service subscriptions in the myCloud web interface and to our online shop for perpetual licenses

8.1 Data collected by our web shops

An e-mail address for electronic delivery (for myCloud, your myCloud login e-mail address is used).
(Optional) a password so you can log in to your previous shopping cart (for myCloud, your myCloud account password is used).
Your Name and Address
(Sometimes): Your phone number.
(For business customers) Your company name
(For business customers in the EU/EEA) Your company VAT registration number.
What currency you want to pay in
Your choice of product(s) to purchase.
(Optional) a coupon code for promotions etc.
A Credit or Debit card (with associated authentication data) for paying.
The IP address, browser and operating system you use to visit the web shop
(optional) If you want or don't want to also sign up for news e-mails, see our news e-mails privacy policy (#newsmail)

Our internal customer records are kept for at least 5 years after the last commercial transaction.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

8.2 How we use this data

We use this data to complete the purchase transaction, electronically deliver the product and to apply the correct VAT rate for EU/EEA customers. [GDPR 6(1) (b)], we also use it for our general accounting, which may be inspected by auditors and authorities [GDPR 6(1) (c) and (f)] and to keep the web shop servers running and secure [GDPR 6(1) (f)].

Your credit card data is collected and processed exclusively by a professional 3^rd party payment gateway (DIBS, Subsidiary of Nets) which has been certified by banks /credit card companies to handle such information (VISA/MasterCard PCI certification). WiseMo does not have access to your detailed Credit Card information and we cannot and do not use it or store it. We only have access to truncated information for use on receipts and confirmations that the payment has been completed successfully.

8.3 Outsourcing

The credit card processing is fully outsourced to the DIBS subsidiary of Nets in Denmark (EU)

The shop servers and our accounting are partially outsourced to processors and sub-processors inside and outside the EU.

8.4 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

9. Buying 3^rd party products from us (#s3rdProd)

This applies to paying for products that do not carry the WiseMo name, either directly or via our online shop

9.1 Data collected by us for such purchases

An e-mail address for electronic delivery.
(Optional) a password so you can log in to your previous shopping cart.
Your Name and Address
(Sometimes) Your phone number.
(For business customers) Your company name
(For business customers in the EU/EEA) Your company VAT registration number.
What currency you want to pay in
Your choice of product(s) to purchase.
(Optional) a coupon code for promotions etc.
(If credit card payment) A Credit or Debit card (with associated authentication data) for paying.
(If manual processing) Other payment or billing information
The IP address, browser and operating system you use to visit the online shop (if any)
(optional) If you want or don't want to also sign up for news e-mails, see our news e-mails privacy policy (#newsmail)

Our internal customer records are kept for at least 5 years after the last commercial transaction.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

9.2 How we use this data

The data may be shared with the 3^rd party supplier of the product purchased, subject to their terms of business etc.

Your credit card data (if any) is collected and processed exclusively by a professional 3^rd party payment gateway (DIBS, Subsidiary of Nets) which has been certified by banks /credit card companies to handle such information (VISA/MasterCard PCI certification). WiseMo does not have access to your detailed Credit Card information and we cannot and do not use it or store it. We only have access to truncated information for use on receipts and confirmations that the payment has been completed successfully.

9.3 Outsourcing

The credit card processing (if any) is fully outsourced to the DIBS subsidiary of Nets in Denmark (EU)

Online shop servers are partially outsourced to processors and sub-processors inside and outside the EU.

9.4 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

10. Signing up for our news mails (#newsmail)

This applies to providing your e-mail to us as a contact that we can send news and offers to

10.1 Data collected when you provide your e-mail address to our mail lists

An e-mail address
An indication if you want to receive news emails to this address. For myCloud, you will be asked about this up front and can change it in the web interface. For other sign up methods, you will have to contact us at unsubscribe@wisemo.com to change your consent.
Whether or not your consent was given via a separate option or was implied by another contact with WiseMo
(optional) Your name
(optional) Your country and maybe state
The IP address, browser and operating system you used to sign up or change this if done via a web interface.

We keep this data until you unsubscribe.

10.2 How we use this data

We use this data to send you the news e-mails with your consent [GDPR 6(1) (a)] and to keep our servers running and secure [GDPR 6(1) (f)].

If your consent was given or updated explicitly, your name and e-mail may also be shared with our channel partner serving your geographic area so they can serve you locally. They may only use this information as long as they remain our channel partner for your geographic area. [GDPR 6(1) (a)]

10.3 Unsubscribing

To stop receiving news e-mails, just tell us at unsubscribe@wisemo.com (send from the address you want unsubscribed).

10.4 Outsourcing

The mail and subscription web servers are partially outsourced to processors and sub-processors inside and outside the EU.

10.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

11. Contacting support (#support)

This applies when you contact us in any way (web form, e-mail, phone or otherwise) about a practical or technical problem with our products or how you use them.

11.1 Data you provide us with a support request

An e-mail address (preferred) or other way to reply to your request.
(Optional) Your name etc.
Which product(s) this is about.
What kind of license you have to use our products (if applicable).
The myCloud domain you use (if any).
Your description of the problem and answers to our questions.
(optional) Any technical log files, screenshots and other data you may send us.
(optional) Access to your affected device.
The IP address, browser and operating system you used to make the support request if done via a web interface.

Support cases are often kept indefinitely to help us not repeat our own mistakes.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

11.2 Information we may gather ourselves for a support request

With your request (and thus consent) to help you, we may ourselves gather some or all of the following information about you:

Any additional data we may have on file about you, such as accounts and purchase history.
Any internal or user visible logs our servers have about your (attempted) access to our servers.
Any data you have stored with us for processing if that seems relevant to your questions. This is considered part of the processing that you requested, specifically in the form of that support request.

11.3 How we use this data

We use this data to satisfy your request support, and if applicable fix any related issues in the quality of the products and services you licensed from us [GDPR 6(1) (b)]. We also use the information to keep the support request handling servers (mail servers, support web forms etc.) running and secure [GDPR 6(1) (f)]. We may also use the information to fix or prevent similar issues in products that you have not chosen to license from us, in the hope that you might do so later [GDPR 6(1) (b)].

11.4 Outsourcing

The support request handling, including personnel, web and mail servers are partially outsourced to processors and sub-processors inside and outside the EU.

11.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

12. Browsing our websites (#web)

This applies when you visit the public part of our web servers, including www.wisemo.com and download.wisemo.com

12.1 Data collected by our web servers when you browse them

The IP address, browser and operating system you use to visit the web server.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

12.2 How we use this data

We use this data to return the web contents to you [GDPR 6(1) (b)] and to keep our servers running and secure [GDPR 6(1) (f)].

12.3 Additional data collected by our contact form(s)

If you fill out one of our contact forms, we also gather the information you provide in that form, specifically

Your name
(optional) you e-mail address
Your message

12.4 How we use the contact form data

We use the contact form data to process your request, depending on what your message is [GDPR 6(1) (b)]. We may use the optional e-mail to reply to your message [GDPR 6(1) (b)]. Depending on what Your message was, we may also process your request under other relevant rules in our privacy policy, such as handling any included #support requests, selling you products (#shops, #s3rdProd), adding or removing your subscription to news mails (#newsmail) etc. [GDPR 6(1) (b)] We may also use the data to keep our servers running and secure [GDPR 6(1) (f)].

12.5 Outsourcing

The handling of our web servers and contact requests is partially outsourced to processors and sub-processors inside and outside the EU.

12.6 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

13. Receiving a myCloud account invitation e-mail (#invitemail)

This applies when you receive an e-mail from our myCloud service inviting you to join an existing Domain.

13.1 Data we have about you when sending you the mail

All of this information is controlled and provided by an existing administrator user of that existing domain.

Your e-mail address (obviously)
Your name
(Optionally as decided by the existing administrator) Your phone number
The access role (Administrator or otherwise) assigned to your potential account
The name of the myCloud domain you are being invited to join
Which WiseMo customer is responsible for that myCloud domain ("The inviting customer")

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

13.2How we use this information if you do nothing

If you do nothing about the e-mail, we used the information only to send you this e-mail and to be ready in case you accept the invitation. We do all this on behalf of the inviting customer; the inviting customer requested the sending of the invitation and can remove it again. That inviting customer might also invite you more than one time. All of this is generally between you and the inviting customer, however if you cannot contact the inviting customer directly, you may contact WiseMo support for assistance in doing so (subject to our #support privacy policy).

However we may use data about the sending of the invitation to service the inviting customer at their request [GDPR 6(1) (b)] and use related log data to keep our servers running and secure [GDPR 6(1) (f)] and to take precaution against abusive (spam like) invitations.

13.3 How we use the information if you accept the invitation

If you accept the invitation, you become a user of our myCloud service subject to our #myCloud privacy policy.

13.4 Outsourcing

The handling of myCloud invitations is partially outsourced to processors and sub-processors inside and outside the EU.

13.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

14. Receiving an e-mail with a preconfigured product (#configmail)

These messages are a suggestion that you install a version of our software preconfigured to provide access for a specific WiseMo customer ("the domain customer"). DO NOT ACCEPT OR INSTALL THE SOFTWARE IF YOU DO NOT KNOW AND TRUST THE DOMAIN CUSTOMER WHO REQUESTED THAT IT WAS SENT TO YOU, IT WILL TYPICALLY GIVE THEM FULL AND UNLIMITED ACCESS TO YOUR DEVICE OR COMPUTER!

14.1 Data we have about you when you get the mail

All of this information is controlled and provided by an existing administrator user of that existing domain.

The name of the myCloud domain you are being asked to join
The configuration included in the product sent
Which WiseMo customer is responsible for that myCloud domain ("The domain customer")

The e-mail was sent directly by the domain customer, not by WiseMo, we do not know who you are or what your e-mail address is.

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

14.2 How we use this information if you do nothing

If you do nothing about the message, we used the information only to be ready in case you (or another recipient) accept the preconfigured software. We do all this on behalf of the customer responsible for that myCloud domain ("The domain customer"); the domain customer stored the configuration, sent it to you, determined the configuration and can remove it again. That domain customer might also send you more than one preconfigured product. All of this is generally between you and the domain customer, however if you cannot contact the domain customer directly, you may contact WiseMo support for assistance in doing so (subject to our #support privacy policy).

However we may use data about the storing of configuration to service the domain customer at their request [GDPR 6(1) (b)] and use related log data to keep our servers running and secure [GDPR 6(1) (f)] and to take precautions against abusive (spam like) sending of such messages. [GDPR 6(1) (f)

14.3 How we use the information if you accept the software

If you accept the invitation, you become a user of our myCloud service subject to our #myCloud privacy policy. YOU ALSO ACCEPT THE CONFIGURATION PROVIDED BY THE DOMAIN CUSTOMER AND HOW THEY MIGHT USE THE ACCESS TO YOUR DEVICE; THIS IS BETWEEN YOU AND THE DOMAIN CUSTOMER.

14.4 Outsourcing

The storage and download of preconfigured products is partially outsourced to processors and sub-processors inside and outside the EU.

14.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

15. Receiving an SMS with a preconfigured product (#configsms)

15.1 Data we have about you when sending you the text message

All of this information is controlled and provided by an existing administrator user of that existing domain.

Your name and phone number (obviously)
The name of the myCloud domain you are being asked to join
The configuration included in the product sent
Which WiseMo customer is responsible for that myCloud domain (The domain customer)
The e-mail address of the domain customer (included in the text message)

The detailed web server log files are deleted within 5 years, but derived statistics including top requestor information is kept after that.

15.2 How we use this information if you do nothing

If you do nothing about the message, we used the information only to send you this message and to be ready in case you accept the preconfigured software. We do all this on behalf of the customer responsible for that myCloud domain ("The domain customer"); the e-mail of the domain customer is stated in the text message. The domain customer requested the sending of the configuration, determined the configuration and can remove it again. That domain customer might also send you more than one preconfigured product. All of this is generally between you and the domain customer, however if you cannot contact the domain customer directly at their stated e-mail address, you may contact WiseMo support for assistance in doing so (subject to our #support privacy policy).

However we may use data about the sending of the preconfigured product to service the domain customer at their request [GDPR 6(1) (b)] and use related log data to keep our servers running and secure [GDPR 6(1) (f)] and to take precaution against abusive (spam like) sending of such messages. [GDPR 6(1) (f)

15.3 How we use the information if you accept the software

15.4 Outsourcing

The sending of preconfigured product messages is partially outsourced to processors and sub-processors inside and outside the EU.

15.5 General

For details, disclaimers, statutory rights etc. see our #common privacy provisions.

Common part (#common)

16. General exceptions

Regardless of the rules above, the following situations are exempted:

16.1 Your requests

If you ask us to do something that requires that we access your data, we may access your data to do so.

Similarly, if you explicitly grant us additional permissions beyond those in this policy, those permissions apply to your data regardless of this policy. [GDPR 6(1) (a)]

16.2 YouTube videos and App stores

If you click to play any of the YouTube videos on our websites, your browser will connect directly to Google's YouTube service, and they will probably set cookies and otherwise collect data on your visit. This is between you and Google, and is beyond our control.
If you follow any of our links to online App stores, such as Apple's App Store or Google's Play store, you will be connecting directly to those stores and they will probably collect data on your visit. This is between you and that App store, and is beyond our control.

16.3 Law enforcement

If the applicable authorities make a valid legal request requiring us to reveal some of your data, we may comply with such requests regardless of this policy. We are not responsible for the actions of Law enforcement agencies and/or their officers. [GDPR 6(1) (c)]

16.4 Self-defense and exigent circumstances

If we believe in good faith that you are harming or threatening us or the systems and services we use, including but not limited to unreasonable overloads, sending unsolicited bulk email (“Spam”) etc., we may disregard this policy to investigate and protect ourselves. The same applies if you appear to be using our systems or services to do so to others. [GDPR 6(1) (d) and (f)]

16.5 Non-payment etc.

If you fail to pay our invoices on time or a payment bounces, we may use any information at our disposal to locate you and identify you for debt collecting purposes, regardless of this policy. The same applies if you attempt to deceive us in any way. [GDPR 6(1) (f)].

16.6 Imposters

If you or a 3^rd party pretend to be someone else, we might erroneously act in reliance on the truthfulness of such pretense, thus accessing, using or sharing data in a way that would have been permitted only if the pretense was the truth. Additionally we might use any information at our disposal to discover or prevent such a situation, but do not warrant that we will always succeed in doing so. If we discover that we have actually processed or shared your data with an imposter, or that it has otherwise been compromised, we will attempt to contact the real you as soon as practically possible. [GDPR 34]

16.7 Subcontractors

We may employ subcontractors and processors to work on our behalf, and so may you. Such subcontractors are allowed to do what their principal may do and each party is responsible for actions legitimately done on their behalf. [GDPR 28 et seq]. All processors and sub-processors working for WiseMo are contractually required to only process data as we tell them to (and we are bound by this policy). Furthermore, any processors and sub-processors working for WiseMo outside the EU (and countries ruled adequate by the EU) are required to sign standard data protection clauses as an appropriate safeguard [GDPR 46(2) (c) or (d)]

16.8 Backups

Our major system and database backups may naturally contain (partial) data that has otherwise been deleted due to being on the same storage or in the same image as non-expired data. [GDPR 32(1) (b)]

17. Your general rights

In accordance with the EU GDPR, you have at least the following statutory rights:

You have the right to a copy of the personal data we have on you. For most such data you can see the data directly in the relevant web interfaces, contact us at info@wisemo.com for copies of other personal data we have on you.
You have the right to correct any wrong data we may have on you. For most such data you can change it yourself in the relevant web interfaces, contact us at info@wisemo.com for corrections to other data.
You have the right to have much of your data deleted from our systems. For most such data you can delete it yourself in the relevant web interfaces, contact us at info@wisemo.com for deletions of other data.
In the special cases listed in GDPR article 18 you have the right to demand that we restrict processing of your data without actually deleting it. Such formal demands shall be sent to both info@wisemo.com and abuse@wisemo.com.
You have the right to object to our otherwise legal processing of your data, send you objection to info@wisemo.com
You have the right to receive your main data in a common format suitable for data interchange and to have us send that data to another company on your behalf. Send such requests to info@wisemo.com
You have the right to lodge a formal complaint with the authorities as explained under Disputes
You may have additional statutory rights that cannot be waved.

18. Disputes, choice of law etc.

18.1 In case of dispute

If you have any questions regarding this policy or believe someone is not complying with it or otherwise using your information unlawfully, you should contact us at our complaints address abuse@wisemo.com, or contact our CEO directly. Both you and we shall be prepared to negotiate a reasonable amicable solution and seek to avoid formal legal proceedings.

Additionally, you have the right under the EU GDPR to lodge a formal complaint with the Danish Data Protection Authority (Datatilsynet) at www.datatilsynet.dk or to the data protection supervisory authority in the EU/EEA country where you reside. [GDPR 77].

18.2 Choice of law

This policy shall be construed and interpreted according to the laws of the Kingdom of Denmark, except for those rules that would specify a different choice of law and/or venue. In particular, this policy is subject to the EU GDPR, the additional rules in the various data protection laws of Denmark as well as the statutory and customary limits on financial damages.

18.3 Choice of venue

If a formal legal dispute related to this policy is to be settled by formal mediation or court proceedings, such proceedings shall be brought before the courts or other legal institutions having ordinary geographical jurisdiction over the primary residence or place of business of the party against whom such proceedings are brought. Unless otherwise agreed, the primary residence or place of business of each party is the one specified in pre-dispute business communication amongst the parties or (at the other party’s choice) the place specified in pertinent official public records. This does not apply to formal complaints to the data protection supervisory authorities, where the EU GDPR Chapter VI to VIII determines the choice of venue.

18.4 Attorney's fees etc.

If a matter is settled without formal legal proceedings, neither party shall be required to pay any attorney's fees or other case handling fees of the other. If formal legal proceedings are brought, the prevailing party shall be entitled to payment of actual reasonable attorney’s fees, legal fees, actual court fees etc.

18.5 LIMITATION OF LIABILITY

LIABILITY UNDER THIS POLICY IS LIMITED TO AT MOST 1000 DANISH KRONER UNLESS A HIGHER LIMIT (OR NO LIMIT) IS REQUIRED BY APPLICABLE LAW. LIABILITY RELATED TO PAID PRODUCTS OR SERVICES IS ALSO LIMITED TO THE PRICE ACTUALLY PAID. LIABILITY IN THE UNLIKELY EVENT OF ACTUAL DEATH OR ACTUAL BODILY HARM IS ALSO SUBJECT TO THE STATUTORY LIMITS OF DANISH LAW.

19. How to contact us

Should you have other questions or concerns about these privacy policies, please contact us at info@wisemo.com .

20. Changes to this policy

Each non-draft version of this policy shall be identified by a version number and date of publication, both of which shall be increased upon any change. Changes that entirely benefit you, or merely change our location or contact address take effect immediately upon publication. Changes that go beyond that take effect 30 days after publication.