we do not collect more information than it is necessary;
we do not keep your data if it is no longer needed;
3. What information do we collect and when?
3.1. Our websites and cookies
to improve user experience, e.g. to make it possible for you not to fill in a form each time you log in to our software, if you already did that in the past. This kind of cookies are necessary for our websites to work properly. We use Firebase, Firebase realtime database, and Firebase anonymous auth.
to collect anonymous and/or aggregated statistical data about users’ behavior on the Napkin homepage and in the app. We use this data to analyze how the software is used and to improve our software by using web traffic analytics tools.
3.2 Contacting us
Once you decide to contact us you will be asked to provide your personal details such as your name. Depending on the type of your question, we will use this data to communicate with you. If you are not our customer and decide not to become one, we will delete your data after your matter is solved and information about you is no longer needed. The processing of your personal data in all of the above cases is based on our legitimate interest, i.e. the need to respond to business queries received from current and potential customers.
4. How we use your personal information
We use your Information to:
4.1 Provide you with the services
We will use your information to perform our contractual obligation towards you to allow you to create an account and use the services. The information we process when doing so includes your registration information, information you provide to us when using the app and information you provide when communicating with us.
4.2 Improve and monitor the services
It is in our legitimate interests to improve our services for our customers. When doing so, we may collect information we automatically collect or is generated about you when you use the app, as well as non-personal information about your device such as device manufacturer, model and operating system.
4.3 Provide you with support and to respond to your requests or complaints
If you reach out to us for support, we will use your information to respond to and resolve your queries and complaints and facilitate support (e.g. retrieval of a forgotten password). When doing so, we perform our contractual obligation towards you. The information we process doing so includes your registration information, your identifiers, and any other information about you collected via our customer support channels.
4.4 Conduct analytics
It is in our legitimate interests to analyze the use of, and any other interaction or interest in our app. When doing so we will process information we automatically collect or is generated about you when you use the services to create anonymized and/or aggregated data regarding your app usage.
4.5 Send you newsletters about product news, tips and tricks, and reports that may be of interest to you
We will send you emails with reports, opt-in newsletters with product news, and tips and tricks to use our services. When doing so, we process your registration information. Your consent can be withdrawn at any time by replying "unsubscribe".
4.6 Prevent fraud, defend Napkin against legal claims or disputes, enforce our terms and to comply with our legal obligations
It is in our legitimate interest to protect our interests by (1) monitoring the use of the services to detect fraud or any other user behavior which prejudices the integrity of our services, (2) taking steps to remedy aforementioned fraud and behavior, (3) defending ourselves against legal claims or disputes, and (4) enforcing our terms and policies. When doing so, we will process the Information relevant in such a case, including information you provide us, information we automatically collect about you, and information which is provided to us by third parties.
4.7 Conduct surveys
From time to time, we may ask you to participate in surveys we conduct which are in our legitimate interest because they help us understand our user base and improve the services. If you participate, we process your registration information and any other information collected through the survey questions.
5. Where we store your information
Your information will be processed by our employees and service providers in the U.S and Europe. We take steps to ensure all transfers are protected by adequate safeguards, including the standard contractual clauses approved by the European Commission.
6. How long we store your information
Your information is kept for as long as necessary to achieve the purposes set out above. Generally, it is stored for as long as you are registered and using our services, and then for up to 6 years from the date you stop using the services, or promptly following a valid erasure request. Some information we collect will be stored for longer where we have an overriding legitimate interest to retain such information (for example, information on suspicious behavior of certain users of our Services and transaction records). When deleting information, we will take measures to make the information irrecoverable or irreproducible, and electronic files which contain Information will be deleted permanently.
7. What are your rights?
In order to comply with requests concerning your rights, sometimes we may ask you to give us some additional information that we will use to verify your identity. If you fail to provide such information and the information that you have already given to us is not sufficient to identify you, we may refuse to fulfill your request. If you wish to exercise any of the rights described below you can do this by contacting us using via email@example.com.
7.2 Access to data
You have the right to access the information that we have on you. If you choose to exercise this right, we will also make sure to provide you with a copy of the data we process about you.
We will fulfill your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you an administrative fee.
7.3 Rectification of data, erasure, and restriction of processing
If you believe that the information we have about you is incorrect, you are welcome to contact us, so we can update it and keep your data accurate. We will automatically delete information about you after it is no longer needed for the purposes it was collected for. Nonetheless, if at any point you wish for us to delete information about you, you have the right to do so. You also have the right to obtain restriction of processing of your data.
7.4 Data portability
In case the processing of your personal data is based on a contract, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You can also request us to transmit such data to another controller if it is technically feasible.
7.5 Withdrawal of consent and the right to object to processing
If the processing of your data is based on a consent, you have the right to withdraw your consent at any time. Remember that withdrawal of consent will not affect the lawfulness of processing based on this consent before its withdrawal. In case the processing of your data is based on our legitimate interest you have the right to object to such processing.
8. Disclosure of your data
We guarantee that all your personal information is protected, and that we will not make this information available to third parties in cases different than those specified below, unless you give us a permission to do so or unless such disclosure is necessary to comply with a legal obligation that is imposed on us.
We may share information that you provided us with while purchasing a license for our software, or that you defined in our software, with:
payment processors, i.e. Stripe, in order to be able to process and complete the payment process for your order;
providers of services necessary to automate and simplify the process of concluding electronic agreements with our clients (e.g. services such as DocuSign);
providers of services necessary to send transaction-related and product-related information via email and SMS to the extent that such disclosure is necessary to automate, simplify and analyze these processes, to ensure proper performance of the agreement concluded with you;
external accounting and bookkeeping services providers to the extent that such disclosure is necessary to have these services provided to us;
our legal advisors to the extent that such disclosure is necessary to obtain legal advice or protect our rights in legal proceedings;
governments and law enforcement authorities only if we are required to do so by law. We will always attempt to redirect the law enforcement agency or government to request any data directly from you. If compelled to disclose your data, we will promptly notify you and provide a copy of the demand.
9. International data transfers
Whenever possible, we will try to use processors which process personal data within the European Economic Area (“EEA”). In case there is a need for us to use processors located outside of the EEA, we will only disclose personal data to them provided that appropriate international data transfer safeguards described in the GDPR are in place.
If you have further questions about international data transfers that we make or want to obtain a copy of the safeguards that are in place to guarantee the legality of the transfer you can contact us via firstname.lastname@example.org.
11. How to contact us and seek additional help?