Data Controller and Owner
Vital Enterprises Software, Inc. 1355 Market St #488, San Francisco, CA 94103
Last Updated: 24th May 2018
We at Vital Enterprises have always held user data privacy as a priority. This policy outlines the measures taken to use personal data only in manners that are intentional, private, and secure.
Vital Enterprises has taken steps to ensure compliance with the EU’s General Data Protection Regulation, as well as other previous data regulation policy.
Who is Vital EnterprisesWe are a software development company creating enterprise software that enables Virtual Presence for remote assistance, and Workflow authoring, viewing, and logging.
What User Data do we Collect
Vital Enterprises acts as a data controller as defined by the GDPR. What this means is that we control how your data is being used and who uses it, and use it ourselves to provide functionality to our end users. We utilize the following data:
- First Name and Last Name
- Email Address
- Phone Number
- Organization - Company, Employer, or Affiliation
- User ID (generated by Vital Enterprises)
- Call logs with other users (**if enabled by your administrator)
System and Application Data
- Device IDs (on Android)
- Device Serial # (on Android)
- Installation UUIDs (on Android)
- IP address for devices running the software applications
- System, application, and crash logs
What is Personal Data Used For
Personal data is used for providing a method of logging into our software, providing you access to the features available to your organization, determining which of our users are having issues so we can improve their customer experience, and giving the appropriate peers in your organization a way to identify and contact you. If you are our point of contact in your organization, we will also use it to reach you if there are issues with our software or agreement, updates to our software that we believe you should be aware of, or opportunities to improve your customer experience. We may store additional identification data of our contacts at organizations (such as title or archived emails).
Application data is used to identify you in our software and to provide your organization’s administrators the capability to track how the software is being used, should they enable such features.
System data is used primarily to track our usage metrics and to identify and diagnose problems in our software. If our users are having problems using our software, we need to know so we can get them resolved as soon as possible. We also use some of this usage data to better understand how our product is being used.
Who Receives your Data
We will never sell your data and we do not use it for advertising. Some personal data, such as user id, name, and organization, may be shared with other users within your organization so that they are able to establish contact with you or manage you as appropriate. Users outside your organization or team will not have access or authorization to see any of your personal data.
Some of your data is sent to sub-processors for processing. We utilize the following subprocessors:
- Okta acts as our user store and authorization validation agent.
- MLab manages our database for tracking call logs.
- Fabric provides us with crash reporting and usage metrics.
- Bugfender provides remote logging when enabled explicitly so that we can help our users diagnose specific issues.
- Google provides us with server hosting, as well as providing server logs through Stackdriver.
- Pipedrive assists us in managing our customer relations.
- Zendesk provides us with infrastructure for managing customer support tickets.
- MailChimp manages our subscription email system.
- Stripe manages payment for our software on our website.
All of these sub-processors have their own data policies designed to achieve GDPR Compliance. Vital Enterprises will periodically review the data policies of our vendors to ensure compliance with GDPR and privacy laws.
How do we Secure your Data
At the moment, Vital Enterprises is not required to hold any regulated security certifications. It is likely Vital Enterprises will be working towards obtaining security certifications in the future. In the meantime, Vital Enterprises internal security practices include the following:
- Application users on both the native and web clients only have access to their own identification information, and a limited amount of other identification data about users in their organization required for usage or administration. This is all protected by an OAuth encryption provided by Okta.
- All network messaging is done over SSL encryption to protect it from being intercepted in transit.
- All of our data stores and data processors are accessible only by internal team members who have been provided accounts and strong passwords.
- Ensure that all of our data processors have taken measures to secure the data that we are sending them.
How Long is Data Retained
Personal data is retained indefinitely, as is your application user ID. These are critical to your usage of the application. We also store point of contact data in our CRM indefinitely so we can maintain communication.
If your administrator has enabled call logging, call logs are retained for a maximum of 90 days before automatic erasure.
System data is retained for a maximum of 180 days according to the policies of our sub-processors that handle diagnostics and usage metrics. Remote system logs from Bugfender are stored for a maximum of 30 days.
Your Rights as a Data Subject
As a data subject, you hold certain rights with respect to your identification data. We will work hard to respond to any incoming requests within 30 days. Compliance will be in accordance with Article 23 of the GDPR listing the limitations of these rights.
Right to Request Information
A data subject may request what of their identification data we currently possess and what it is being used for.
Right to Request Rectification or Amendment
A data subject may request that a piece of identification data that we possess be rectified or amended.
Right to Request Complete Erasure
A data subject may request that all of their identification data that we possess be erased completely.
Right to Request Data Export
A data subject may request that all of their identification data that we possess be exported in a machine readable format.
Right to Withdraw Consent
A data subject may withdraw consent to our data policy at any point.
Right to Report Violations to a Supervisory Authority
Should a data subject feel we have violated their rights in accordance with the GDPR, they may report us to a supervisory authority.
This is just a basic outline of subject rights under the GDPR. For a more comprehensive list of subject rights, refer to Chapter 3 of the GDPR. All requests should be made by emailing our Data Protection Officer, whose information is listed below.
Cookies and Session Storage on the Web
Cookies and session storage are critical to providing a personal, private, and smooth interaction with both our web application (https://www.vital.vu) and website (https://www.vital.enterprises).
Our web application uses session storage for authorization purposes. All user data used in authorization is encrypted.
It also utilizes cookies that send anonymous usage data to third party analytics services.
HOW DATA IS USED FOR AUTOMATED DECISION MAKING
We do not use data for automated decision making at Vital Enterprises. If we do choose to do this in the future, we will update this policy document.
INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS
These services allow interaction with social networks or other external platforms directly from the pages of this website. The interaction and information obtained by this website are always subject to the user’s privacy settings for each social network.
Data Protection Officer