HomeHello world!Uncategorized

Category: Uncategorized

Data Controller and Owner

Data Controller and Owner
bollo.io ApS
VAT DK38531034
Asgårdsvej 1, st., 1811 Frederiksberg C, Denmark
info@bollo.io


Information we collect
Personal identifiers from your Google Account via Google OAuth 2.0 when you integrate Google Business Profile. We don’t ask for your login information.
Data generated through the use of our AWS-hosted services, such as service usage data.
Information from connected third-party services such as Facebook, TripAdvisor, and Trustpilot via their APIs, which may include data related to social media profiles, reviews, and ratings.
Any other personal information provided by you through your interaction with our services.

What is Personal Data?
Personal Data is any information about personal or factual circumstances that relate to a person. This may include name, date of birth, email address, postal address or telephone number, but also online identifiers such as IP addresses or device IDs. 

Data we collect directly
(Contact information)
The processing of Personal Data depends on the nature of your contact. In addition to your name and email address, IP address or phone number, we usually collect the context of your message, which may also contain certain Personal Data. The Personal Data collected when you contact us is used to process your request, and the legal basis is your consent.

Registration
As part of the registration process, users provide their a) Full Name; b) User Name; c) Email address; d) Password. The data provided will be used for the purposes of creating and using the account and providing and/or using our services. In the context of the use of our registration and the use of your account, the legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as consent.

Use of your Information
– To provide, maintain, and improve bollo.io’s services.
– To personalize your experience with our offerings.
– For communication about service updates and support.
– To comply with our legal obligations and protect the rights of our users.

When you use our services
We process the Personal Data that arises when you use our services in order to provide our contractual services. In particular, this includes our support, correspondence with you, invoicing, fulfilment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of the fulfilment of our contractual obligations and our legal obligations.

Also please note that when using our services, you become the data controller and we become the data processor in accordance with Chapter 4 of the GDPR. Where we process your Personal Data as data processor or in other words on behalf of you, we will process the Personal Data involved in your use of our services in accordance with your instructions and shall use it only for the purposes agreed between you and us.

We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.

Further, please be advised that:
some jurisdictions may require you to disclose your use of our services as your processor in your privacy policy and/or data processing agreement as applicable.

if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.

Administration, financial accounting, office organisation, contact management.
We process data in the context of administrative tasks and the organisation of our business and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the provision of our contractual services. The processing bases are our legal obligations and our legitimate interest. 

Each time you visit our App (SaaS), our system automatically collects the following data from the visiting device and stores it in a so-called log file: (i) name of the file accessed, (ii) date and time of the visit, (iii) amount of data transferred, (iv) notification of successful retrieval, type of browser and version used, (v) IP address (identification of the user’s device), (vi) operating system of the visiting device, (vii) Internet service provider of the visiting device, (viii) website from which you access our website, and (ix) which pages of our website you access. The legal basis for this processing is our legitimate interest.

Who receives my information?
Within bollo.io App (SaaS), those who have access to your information are those who need it to fulfil our contractual and legal obligations.

Processors used by us may also receive data for these purposes. These are companies in the areas of IT services, telecommunications, and sales and marketing. If we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of Personal Data in accordance with the relevant legal provisions.

Data is only passed on to third parties within the framework of the legal provisions. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or due to legitimate interests in the economic and effective operation of our company, or if you have consented to the transfer of data. 

How do we secure your data? 
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of content or contact requests that you send to us. In addition, we have taken numerous security measures (“technical and organisational measures”), such as encryption or access only when necessary, to ensure the most complete protection of Personal Data processed through this website. 

Nevertheless, Internet-based data transmissions can always have security vulnerabilities, so that absolute protection cannot be guaranteed. And databases or records containing Personal Data may be breached inadvertently or by unlawful intrusion. If we learn of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as soon as possible after the breach is discovered.

User Rights – GDPR provides you with the following rights
Access: You can request a copy of the personal data we hold about you.
Rectification: You have the right to have any inaccurate or incomplete data corrected.
Erasure: You can request that we delete your personal data under certain conditions.
Restriction: You may request the restriction of processing of your personal data.
Objection: You have the right to object to the processing of your personal data.
Portability: You can request that we transfer your data to another entity, or directly to you.

Data Retention and Deletion
We store personal data only as long as necessary in accordance with GDPR. If you delete your account, we commit to deleting all associated non legal required information within 5 working days.

We are subject to various retention and documentation obligations, which result, among other things, from the statutory minimum retention periods and other retention periods prescribed in this sense, e.g. retention periods under tax or commercial law. Depending on the document and the legal regulation, the periods specified there for storage and documentation are two to six years.

Data Security
We implement robust security measures on our AWS infrastructure to safeguard your personal information against unauthorized access, alteration, and destruction.

Third-Party APIs and Data Sharing
bollo.io integrates with several third-party services to enhance our platform’s capabilities and provide a seamless user experience. These services include:

– TripAdvisor API: We use this to access and display ratings, reviews, and other related data that you may manage through our platform.
– Facebook API: This allows us to connect with your Facebook business profile to manage interactions and data analytics.
– Instagram API: We use this to integrate with your Instagram business account for social media management and analytics.
– Google Business Profile API: This enables us to interact with your Google business listing, manage reviews, and update information.

Please be aware that by using our platform, you authorize us to access and manage information from these services on your behalf. We will only collect and process data necessary for the functioning of our services and in line with your permissions. Your data from these third-party services is treated with the same high standard of privacy and security as all other data on bollo.io.

For more information on how each of these platforms manages data and your rights with respect to those platforms, please refer to their respective privacy policies.

Payment Processing
We have partnered with Stripe, a leading online payment processor, to securely handle credit card transactions and subscription management. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1, ensuring the highest level of security in payment processing.


Communications: To enhance our service, we utilize:
– Twilio: For sending SMS notifications and communications related to our service.
– Amazon SES: For sending transactional and marketing emails to our users.

We only share with these services the information necessary to perform the tasks they are commissioned for, such as processing payments, sending notifications, or delivering emails.
Data Handling with Third Parties: For all third-party services we use, bollo.io ensures that data is processed in a manner compliant with GDPR and our own standards for data privacy. Each service is responsible for handling user data in accordance with their own Privacy Policy, which can be found on their respective websites.

Your Rights and Choices
As a bollo.io user, you have the right to manage your data preferences and opt out of certain communications. You can update your preferences directly in your bollo.io App Account Settings.

Under GDPR, you have rights designed to allow you to understand and control how your personal data is used:

– Access: Request a copy of the data we hold about you.
– Rectification: Correct data that is inaccurate or incomplete.
– Erasure: Request the deletion of your data under certain conditions.
– Restriction: Limit how we process your data.
– Objection: Object to how we process your data.
– Portability: Transfer your data to another service.
– Consent Withdrawal: Withdraw any consents you have previously given.

Each right is subject to certain exceptions or conditions under applicable law. Contact us at info@bollo.io to exercise any of these rights.

Changes to This Policy
We may update this Privacy Policy to reflect changes in our data handling practices. Any amendments will be posted on this page along with the updated revision date. We encourage you to review our Privacy Policy periodically.

If you have any questions or concerns about our Privacy Policy or data handling practices, please contact us at info@bollo.io.

login