Privacy policy Insite LMS

Privacy policy

Privacy statement

Data protection

INSITE IT takes the protection of your personal data very seriously. We treat your personal information confidentially and in accordance with the legal data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG) and this privacy policy, which applies to all Insite LMS services. 

Please note that we offer our services only to businesses and not consumers.  

As a provider of cloud-based Software as a Service (SaaS) products, in particular the Insite LMS solution, INSITE IT primarily acts as a processor for users of its products within the meaning of Article 4 (8) GDPR. 

This privacy policy concerns the processing in which INSITE IT GmbH, Blumauerstraße 3-5, 4020 Linz (Austria) registered under FN 373683 i at the Commercial Court Linz is the Controller within the meaning of Article 4 (7) GDPR (hereafter called the “we”).  

The Controller’s Data Protection Officer can be reached at the above-mentioned address and via email at privacy@insite-it.net 

We point out that in some cases the infrastructure used to operate the Insite LMS services is not operated by INSITE IT itself. If so, the data is stored and processed by using the Microsoft Windows Azure cloud computing service. Therefore, we also refer to Microsoft privacy policy. Hosting is within the EU.

By using the applications, you agree to the processing of the collected data. 

Date: 28.01.2021 

 

Information security

Our goal is to protect the security of your information. We use technical and organizational measures to ensure the security of the service. This includes a set of security technologies and procedures designed to protect your information from unauthorized access, unauthorized use, and unauthorized disclosure. 

In return, customers also meet certain obligations: 

  • INSITE IT is not responsible for the privacy practices of its customers or third parties, except as described below. 

  • When handling personal data, the customer will comply with the Data Protection Act and the Telecommunications Act regulations. The customer will take the technical and organizational measures for data protection which are required in his area of responsibility.

  • In addition, the customer takes all reasonable measures to protect the stored data and information against unauthorized access by third parties. If third parties still succeed in gaining access to the data and information in an unlawful manner, INSITE IT is not responsible. 

  • The customer may invite other users (e.g., their subcontractors) to enter their e-mail address(s) to use the software for a specific project. In this case, the customer will obtain in advance the verified approval of the respective user for the use of his personal data. 

 

Data

INSITE IT processes the following customer data for the purposes stated below and the customer expressly agrees to this processing. The customer can revoke his approval at any time.

  • Personal user data: When registering a user, we store the user´s e-mail address, first and last name and personal password for login to the applications. In addition, each user can also register for e-mail and push notifications.    

  • Customer files: Within the use of Insite LMS services, the customer can for example save logistics data, photos or documents for a specific project. The stored files will be accessible to any user the customer has activated for this project and is entitled to see this data. The customer can delete the files and data stored by him at any time. 

  • Login: If a user logs in with an e-mail address and a personal password for an application, we save the login time. If data is changed by a user, this is also logged for traceability. 

 

Use of Third Party Tools

Microsoft Application Insights

On some of our Services (API Backend, Windows Desktop Client, Web-Client), we will use Application Insights, a web analytics service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). 

We use Application Insight to improve our service and to detect issues earlier. Application Insights places a cookie in the browser of the visitor of the web pages which allows for an analysis of your use of the site. The information generated by the cookie about your use of our website are usually transferred to a server of Microsoft in the West Europe and stored there.  

The following additional information is collected: 

  • TenantId 

  • Operating System 

  • System Architectur 

  • Browser + Version 

  • Approximate location of the user (City, Country) 

  • ProjectId = Project DB ID 

  • UserId = User DB ID 

You can reject the required placing of the cookie – for example by settings in your browser which generally disable the automatic placing of cookies or adjust your browser so that cookies are blocked by Microsoft. For our API Backend this data is essential and there is no opt-out.  

We can analyze these data using various reports. More information under: https://docs.microsoft.com/en-us/azure/application-insights/app-insights-data-retention-privacy

The raw data will be deleted after 30 days. 

 

Microsoft Visual Studio App Center for Android, iOS and Windows

Our apps use a crash reporting functionality of Visual Studio App Center, a product of Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052-6399, USA (“Google”).   

With the help of Visual Studio App Center, we receive information about device country settings, device languages, device names, version of operating systems, userId, projectId as well as the version of our apps. In addition, Visual Studio App Center provides us with information about app crashes.  

Further information about privacy in Visual Studio App Center can be found here.

 

SparkPost – Email-Plattform

We offer you the opportunity to register for email-notifications. We use SparkPost, a service of Message Systems, Inc. (dba SparkPost), 9160 Guilford Rd., Columbia, Maryland 21046, USA, hereinafter referred to as “SparkPost”. 

If you register for any email-notification, your email address, will be processed by SparkPost. In addition the date and time of your registration will be saved. All the data will be deleted after 10 days and are stored only on European servers.  

The legal basis for sending the emails is Art. 6 Para. 1 lit. a) GDPR. 

You may revoke your prior consent to receive this notification under Art. 7 Para. 3 GDPR with future effect. All you have to do is to click on the unsubscribe link contained in each email. 

 

Mailchimp

If you sign up for our newsletter, we will use your e-mail address for the purpose of sending out a newsletter, provided that you have expressly consented to the sending. You can unsubscribe from the newsletter any time by using the corresponding link in the newsletter or by sending us a message.

The newsletter is sent by the shipping service provider "Mailchimp", a marketing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
Mailchimp's privacy policy can be read here: https://mailchimp.com/legal/privacy/

The email addresses of our newsletter recipients are stored on MailChimp's servers in the USA. This information is used by MailChimp to send and evaluate the newsletters on our behalf. The Rocket Science Group LLC ("MailChimp") is certified under the EU-US Privacy Shield Agreement and thus undertakes to comply with EU data protection requirements.

 

Google Play Store

Our apps are available on PlayStore, a product of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”).   

With the help of Google Play Store, we receive aggregated and anonymous information about device country settings, device languages, device names, version of operating systems, as well as the version of our apps. Google does not provide us with any personal information about our app users.  

The general data protection declaration of Google which is already accepted by our app users before they are able to download our apps can be found here.

 

Apple App Store

Our apps are available on Apple App Store, a product of Apple Inc., 1 Apple Park Way, Cupertino, California, USA, 95014.  

With the help of Apple App Store, we receive aggregated and anonymous information about device country settings, device languages, device names, version of operating systems, as well as the version of our apps. Apple does not provide us with any personal information about our app users.  

The Apple privacy policy can be found here.

 

Push notifications as part of the user experience

We require your consent if you wish to receive our push notifications on your mobile iOS device even if the app is not open. Our app only uses push notifications if you have given your explicit consent to these. You can disable push notifications in settings at any time. If you use an Android device, push notifications are permitted automatically unless you disable this in your settings. 

 

Name of provider

Provider type

Data transfer to third party country

Third party country

Guarantees in acc. with Art. 44 ff GDPR

Google Firebase

Order processor

Yes

USA

EU standard contractual clauses 
EU/US Privacy Shield

 

 

 

Data

Purpose of processing

Legal basis of processing

Storage period

Device token

Sending to your device 

Consent

Until revocation of consent

 

 

 

More information about data protection at Google can be found here.

 

Reasons we share data  

Your personal data is treated with the strictest confidence. 

We share your personal data with your consent or to complete any transaction or provide any product you have requested or authorized. We also share data with subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to maintain the security of our products; and to protect the rights and property of Insite IT and its customers.  

Recipients of your data may only use it for the purposes it was transmitted to them. 

If we commission service providers in the context of contract processing in order to fulfil our (pre-)contractual and legal duties, these are contractually obligated to adhere to our data protection instructions. 

 

Rights of the data subject 

Right of access (Article 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is processed. 

Right to rectification (Article 16 GDPR): If we process your data and this is incorrect or incomplete, you have the right to request its rectification or completion. 

Right to erasure (Article 17 GDPR): You have the right to request erasure of your personal data where one of the following grounds applies: 

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed 

  • You withdraw consent and there is no other legal ground for the processing 

  • You object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct advertising purposes 

  • The personal data has been unlawfully processed The personal data has to be erased for compliance with a legal obligation The personal data has been collected in relation to the offer of information society services from a child 

As stated above, there may be reasons that preclude immediate deletion, for example in the case of legally prescribed storage obligations. 

Right to restriction of processing (Article 18 GDPR): You have the right to request restriction of processing if: 

  • You contest the accuracy of the personal data, and for a period enabling us to verify the accuracy of the personal data 

  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead 

  • We no longer need the personal data for the purposes of the processing, but require it for the establishment, exercise or defence of legal claims 

  • You have objected to the data processing 

Right to data portability (Article 20 GDPR): You have the right to receive any personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller if we process this data on the basis of consent that you gave, or to fulfil a contract between us and this processing is carried out by automated means. 

Right to object (Article 21 GDPR): If we process your data to perform a task that is carried out in the public interest, or in the exercise of official authority vested in us or on the basis of a legitimate interest, you have the right to object to this data processing. In this case, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless this is for the establishment, exercise or defence of legal claims. You can withdraw consent to processing for marketing purposes and the creation of a user profile associated with this, at any time. 

Exercise of rights: You can exercise your rights against us at any time. To do this, you can contact us via email at privacy@insite-it.net or via one of the contact options on our websites. 

Withdrawing your consent: Insofar as we process data on the basis of your consent, you have the right to withdraw this at any time by emailing privacy@insite-it.netThe lawfulness of processing based on the consent until it is withdrawn, remains unaffected by withdrawal. 

Right to lodge a complaint: If you think that we have infringed GDPR, you have the right to lodge a complaint with the responsible supervisory authority (in Austria, this is the Data Protection Authority, www.dsb.gv.at). 

 

Changes to this privacy policy 

INSITE IT reserves the right to change the content of this privacy policy from time to time. We advise to take note to the privacy policy regularly again.

 

Contact form & support

If you send us inquiries via contact form or by e-mail to the helpdesk, your details from the inquiry form will be stored with us including the contact details you provided there for the purpose of processing the request and in case of follow-up questions.