Effective September 30, 2020
1. Data Controller
Its purpose is to define the rules, how to process and use data and information from users of websites administered by Moicon AS, including clients of Moicon AS and also contains information about the rights of natural persons with regard to personal data they have provided.
Moicon AS has appointed a data protection officer (DPO) who can be contacted via email at: firstname.lastname@example.org in any matter regarding the processing of personal data
In these Privacy, the terms starting with a capital letter shall have the following meaning:
- Administrator: Moicon AS based in Kapp, 2849, Fabrikkvegen 52, Norway;
- User: A natural person, legal person and organizational unit without legal personality, visiting the Website or using the services of the Website;
- Consumer: A User who is a natural person making a purchase in the Store not directly related to his professional or business activity;
- Website: Websites and websites maintained by the Administrator on stationary and mobile terminal devices, through which the Administrator provides Users with content, digital or electronic files, and provides other services specified in each case in the Website Regulations;
- Store: A separate part of the Services, through which the Administrator conducts the Sale of Files on the principles specified each time in the Store’s Regulations;
- File: An electronic or digital file in which the content is contained (in particular an application, electronic library, plugin, e-book, audiobook, e-press, multimedia applications) intended for use, reading, listening or other reproduction (as described in in the Store) using an Electronic Device;
- Electronic Device: The device is designed to include for downloading and saving digital files (e.g. personal computer, smartphone, tablet, reader);
- File Sale: a paid access to the File by the Administrator on the User’s order carried out through the Store, enabling unlimited use of the File only with the use of Electronic Devices – on the terms set out each time in the Store’s Regulations;
- Additional services: Services provided by the Administrator to Users registered on the Website (i.e. having an Account);
- Account: Individual website of the User registered on the Website, through which the registered User may use Additional Services – on the terms specified each time in the Website Regulations;
- Payment operator: payment institutions within the meaning of Art. 2 points 10A) of the Act of 19 August 2011 on payment services (consolidated text, Journal of Laws of 2017, item 2003) with which the Website cooperates;
- Order Payment: debiting the User’s bank account or payment card confirmed by the Payment Operator with the amount specified in the order;
- GDPR: Regulation of the European Parliament and of the Council of Europe 2016/679 of 27 April 2016 on the protection of individuals with regard to processing and on the free movement of such data.
What info we collect?
3. Processing and Protection of Personal Data
3.1. Collection and processing of data in connection with the use of the Website
In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide individual services offered on the Website, as well as information about the User’s activity on the Website.
By collecting any personal data, the Administrator saves where they were obtained.
Personal data is obtained directly from the User through:
- forms filled out online – information is collected through forms available on the Administrator’s websites for contact purposes, submitting questions, submitting applications, submitting files and expressing comments;
- contact outside the website – on the Administrator’s websites there are telephone and fax numbers as well as email addresses at which you can contact him;
- telephone contact – conversations with the Administrator’s representatives at the numbers indicated on the Administrator’s websites may be recorded. If such a situation arises, the User will be informed about it each time;
- data on network traffic and statistics on the frequency of visits to the Administrator’s websites – a record of information on traffic data is kept, which is automatically recorded by our server, such as the user’s IP address, URL visited before visiting our website, URL visited after visiting our site and pages visited. Statistics on the number of visits to the site and page views are also collected. The administrator is not able to directly determine the user’s identity based on traffic data and statistics about the use of the site.
- when using the resources of websites managed by the Administrator – information about users is collected through files such as “cookies”.
The detailed rules and purposes of processing personal data collected during the User’s use of the Website are presented below.
3.2. The purposes and legal grounds for data processing on the Website
3.2.1 Use of the website
Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies), and who are not registered Users (i.e. persons without an Account) are processed by the Administrator:
- in order to provide services electronically in the scope of presenting and selling Files in the Store and maintaining content posted by Users on the Website (e.g. entries, comments) – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 paragraph 1 letter b) ) GDPR),
- for analytical and statistical purposes – then the legal basis for processing is the justified interest of the Administrator (art.6 par.1 lit.f) RODO), consisting in conducting analyzes of Users’ activity, as well as their preferences, in order to improve the functionalities and services provided;
- in order to possibly determine, investigate or defend against claims – the legal basis for processing is the Controller’s legitimate interest (Article 6 (1) (f) of the GDPR) consisting in the protection of his rights;
- for marketing purposes of the Administrator and other entities, in particular related to the presentation of behavioral advertising – the rules for processing personal data for marketing purposes are described in section III.2.5. Marketing.
The User’s activity on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The administrator also processes this data for technical and administrative purposes, for the purposes of ensuring IT system security and management, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the administrator (Article 6 (1) (f) ) GDPR).
3.2.2 Keeping your data secure
How we keep your data secure?
- At Moicon we value your privacy and the confidential nature of your information, so we take the following precautions
- We don't keep a backup of uploaded files for more than 30 days and are automatically deleted after 30 days
- Your files are encrypted both at rest and in transit.
- Files are kept in an encrypted disk. Separate from the main server.
Our service is built on several cloud service providers, including Amazon Web Services (AWS), Linode. Those providers come up with robust security mechanisms to protect our infrastructure.
All communications are performed through end-to-end HTTPS encryption. We frequently and consistently review our SSL configuration and make appropriate updates in the unlikely case new SSL vulnerabilities are discovered.
Our inbound and outbound traffic is monitored and controlled using web application firewalls Cloudflare which also protected us form Distributed Denial of Service (DDoS) attacks.
Our servers are secure using Fail2Ban, Firewalls, and port blocking software.
We use separate environments for testing and production.
Your data are hosted in Europe (Germany) and your files are store in Ireland.
All our user data is encrypted at rest using AES 256-bit encryption algorithm.
We are anonymizing, or we do not transmit sensitive data to our sub-processors.
If you wish us not to store your files for 30 days. Please send us an email directly to email@example.com.
Moicon does not share your data with anyone.
Redundant Protection Against Data Loss
We regularly make backups of Moicon's databases and full-disk image of Moicon’s servers. (Excluding the uploads). These backups are saved and encrypted on storage services off-site, then systematically tested for integrity. Sensitive data like passwords or credit card numbers are never logged.
Your Credit Card Data is Safe
Moicon does not transmit or store your credit card information on our servers. This means your credit card data is securely submitted directly from your browser (without touching our servers) to a leading, fully PCI-compliant (PCI Service Provider Level 1) payment provider. Your credit card data is never stored on our servers.
Please send urgent and/or sensitive security reports directly to firstname.lastname@example.org. Please let us know how we can securely contact you.