Aptien Policies

Privacy Policy

This Privacy Policy describes how Aptien address the security of your data, what personal data we process, our duties and processes. Find more details about security in our Security Policy. For more information, please refer to our general Terms of Service.

Aptien Labs s.r.o. (hereinafter referred to as "Aptien" or "we") provides services and products ("Products", "Services" or "Platform") intended for professionals, businesses and other organisations. Therefore, you make use of our products and services for business purposes and for storing different business and personal information.

Our Privacy Statement 

  1. As a platform provider, we recognize the security and privacy of yourself and your data as of paramount importance. That is why privacy and security are of utmost importance to us and we feel obliged to protect them.
  2. We keep your data safe and protected against various security threads.
  3. Your privacy is our priority. We only store personal data necessary to perform the contract and to ensure the security of all our users.
  4. We treat your data and that of other users in an ethical manner, that is, we do not trade your data, neither do we share it with any third parties as this would conflict our privacy policy.  

Aptien as a provider of information society services

  1. We provide a platform that you use as a client. You decide on users' rights and are responsible for their behavior.
  2. All data and information that you enter into the platform are yours, Aptien does not interfere with it in any way. We respect your privacy.
  3. Your data is securely stored on the platform. Access is restricted to authorized users who can also carry out operations. Only you can manage users and define, in the role of administrator, their permissions.
  4. Only you and your users are responsible for the data entered into our products. It is your responsibility to ensure that the data entered into the Platform is not inconsistent with the law. This responsibility of yours covers the behavior of all the users of your user environment as well as other data processors who can (in the role of users) process the data on your request.
  5. As an administrator or personal data processor, you are the solely responsible person for the fact that the entered data is in compliance with the GDPR regulation or other legislation related to personal data protection.
  6. The following datasheets are designed to keep records containing personal data: employees, contacts, and job applicants. The platform allows you to modify, archive or delete the data and to create reports. Also, the platform allows you to manage the capability of individual users to export the data.
  7. The system automatically logs all changes made to the data and all changes made by users. The history of logins into the platform is also available. 
  8. Since neither Aptien nor the Aptien system functions interfere with the data and data processing (unless initiated or planned by the user), Aptien considers itself as a provider of information society services and refuses the role of data processor (Article 1(1) (b) of Directive (EU) 2015/1535 referred to by the General Data Protection Regulation (GDPR) (EU) 2016/679).
  9. Data stored in our products is secured by several tiers of protection.
  10. Aptien is a web application built on three-tier architecture. Therefore, all data is stored on servers (as opposed to user devices). No data is stored on user devices. If you lose your laptop or smartphone, you will not lose anything but technical data and technical cookies.
  11. You must protect your user login information against abuse or misappropriation on your user devices.
  12. Communication between the server and the users’ devices is protected by encrypted connections (https).
  13. The application source code is protected by encryption, which does not allow any third-party access.
  14. The database is protected by encryption.
  15. Data is regularly backed up.
  16. Each client has its own separate database isolated from other clients, ensuring privacy and data security.
  17. Your data can be accessed strictly by yourself and the users of your user environment who have been granted the appropriate permissions. We do not have access to your data, neither do other infrastructure providers. 
  18. Permissions to access data, including personal data, are governed by user roles. The scope of role permissions is defined by administrator (you) through role settings.
  19. User role can only be managed by the application administrator.
  20. Data is stored in secure storage facilities, data centers, or on your infrastructure (on-premise mode)
  21. Data is stored only in professional data centers that provide a high level of security (both physical security and accident and natural disaster protection).
  22. Due to the product architecture, no data center operator can access your data, that is, the data of the Client.
  23. Aptien offers its services in different "data regions". A data region is a data center or a set of data centers in a specific geographic region where client data is stored. Data of our clients from Europe, Africa, and certain parts of West Asia is located in data centers within the European Economic Area, whereas data of our clients from the USA as well as from Pacific and the rest of Asia is located in the American storage sites.
  24. For more details, please refer to our Security Policy.

Aptien as data controller

What personal data we collect and why
  1. Data on potential clients. Potential clients enter their details when registering a user account.
  2. Name and surname
  3. Email (as a username)
  4. Telephone number
  5. Client data. We store the contact details needed for registration and operation of the user account of the client's representative, billing information and data needed to perform the contract, to protect our Clients against misuse and to avert security threats. Contact details are also used to inform about system changes, outages, important deadlines such as license expiration, non-payment, and so on. Without providing this information, it is not possible to use paid services. The client himself / herself (and other administrators appointed by the client) enters his or her details to the platform during the process of registration, with the possibility of editing this information later on. Billing information is stored within your user environment and we use it for business purposes and to create invoices that may contain personal data of individuals (in case of natural persons). All the issued accounting and tax documents are protected by strong security measures and kept in safe storage facilities.
  6. Email of the client‘s representative (required to be able to use a user account, to log into the application)
  7. Name and surname
  8. Telephone number
  9. IDN, VAT ID (personal data only for natural persons)
  10. Additional billing information
  11. We do not store credit card information, we use secure Stripe services
  12. We do not actively collect data about users, but for security reasons and for reasons of protection against abuse, user names (emails) are logged. User contact information is also used to inform users of system changes, outages, and so forth.
  13. Email (as a username)
  14. Name and surname of the user
  15. In case the client deletes his or her account
  16. When a client account is canceled, we retain personal data for account recovery purposes and for protection against abuse, for the necessary period of time.
  17. Clients and users may withdraw from their agreement to the Terms of Service and Privacy Statement. This act would result in denying access to our services and products to the client and their users. The client can delete their user environment themselves which is automatically taken as an act of withdrawing from the agreement.
  18. When we share your personal data and with whom
  19. We do not trade or share personal data of our potential clients, clients, and users with any third parties unless required by law or business interests of the data subjects. 
  20. An example of a third party to whom we share the necessary personal information, is a regional sales representative or an expert partner who is located in the client’s geographic reach or has another expertise that is important to the client.
  21. Data on potential clients or users can be shared with business partners as long as the business partner is the client's contact person. This contact person is already familiar to the client since this person has either mediated the purchase of user licenses by the client, or he or she has been providing expert services to the client. The official list of business partners who have signed a partnership agreement with us is listed here.

Privacy protection processes

  1. Our employees are aware of the necessity to ensure data security and are trained in this respect.
  2. We have set security processes in line with ISO 27000 and we regularly review our processes, suppliers and partners.
  3. Access to data is restricted to selected employees with the appropriate authorization.
  4. All business and personal data is protected by strong security measures. The data is stored in secure data storage facilities provided by professional data centers, we use only encrypted connections via https. With all our partners, we have valid contracts, there is a set process of their selection and quality assurance.
  5. Leakage of personal data
  6. We are required to report serious violations within 72 hours to the Surveillance Authority.
  7. Any significant data leakage will be reported to those users whose data has been affected, by appropriate methods (via email, on Aptien website, by an Aptien message)

Definitions

In terms of this policy, terms are defined as follows:

  1. "Client", "Customer" or "You" is the entity that has agreed to the terms and conditions and uses our services. It is you who defines users' permissions and who is responsible for their behavior within our products.
  2. "User" is a specific person who uses a customer account as a specific user of the platform, products, or services.
  3. "Potential client" is an entity that has shown interest in any of our services or products.
  4. "Visitor" is the person who visited the website of any of our products or services.
  5. "Administrator" is the user of who has the highest privileges in the product. He or she can, for example, add new user and manage users' permissions.
  6. "Data" means any data, information, or other content that users enter into the products.