Last Modified: May 24th 2018
1. Information about Data Collection and Use
While using our Site or the Service, we may ask you to provide us with certain personally identifiable information (“Personal Data”) that can be used to contact or identify you or your company. Personally identifiable information may include: your name, email address, postal address, phone number.
We collect the above mentioned personal data directly from you when you sign up for the service. If you do not provide us with your above mentioned personal details, we may not be able to enter into an agreement with you.
In addition, we may collect technical data such as IP address, operating system, web browser, and browsing history on madtrix.io and other Madtrix web properties, prior to entry into the agreement. This data may be combined with your personal data so that we may create optimized and efficient services and provide further analysis to improve sales, delivery and customer experience of our Services.
2. Your Personal Data Processor
Avarea Analytics Oy (“Madtrix” or “We”)
Company ID: 2889943-3
VAT Number: FI28899433
Address: Rautatieläisenkatu 6, 00520 Helsinki
Contact person in case of matters relating to the processing of personal data: Jouni Leskinen, CTO, firstname.lastname@example.org
3. Data Processing Purposes
We may process your personal data for the following purposes:
- Identification and authentication
- Concluding the agreement with you or the legal entity you represent
- Maintaining a contractual relationship with you or the legal entity you represent, including: invoicing, providing you with support for the services under the agreement, Troubleshooting
- Statistical and analytical purposes
- Services improvement
We use the personal data to generate reports and statistics regarding the use of our services. Where possible, we use anonymized data or non-personal data in these activities.
To the extent, we process the personal data with the aim to improve our services the legitimate interest pursued by us is the development of our business and processes. We strive to limit the use of personal data in this context to the minimum and will process your personal data as necessary towards the mutual benefit of improving and optimizing our Services.
4. Data Processing and Data Storing
We may process personal data to provide data analytics and other services to our customers. “Customer data is stored on our systems.” The data stored on our systems is strongly encrypted both in motion and at rest. Any stored data is deleted permanently once the data is unnecessary or when you cease use of our systems.
Madtrix is constantly monitoring the Service security and pays attention to absolute privacy of Customer Personal data:
- Our staff is trained regularly for handling data and our systems are monitored constantly.
- Our staff have access as needed.
- For any data we process, your data is extremely restricted.
- We will never sell your Personal Information to any third party.
- In some cases you may be given the option and/or have chosen the option to have your data processed in specific region(s) or in specific data center(s). In such cases we will ensure such processing will happen in the specified manner and any changes will be communicated to you.
- Madtrix uses official APIs (Application Programming Interfaces) for accessing data whenever possible. Data transfers are done using SSL encrypted HTTPS connections.
- For logging into most of the data sources (eg. Google, Facebook, Microsoft, Salesforce or Hubspot), our tools use OAuth.
- With Social/Digital Media services, our tools will only have rights to access the data you have enabled and nothing else on your account on those services. Only your public profile will be available to us. You can revoke Madtrix’s right to access your data at any point from your account control panel in specified Digital/Social Media service.
- There may be services that still require you to type your username and password, or API key, into our tools. Any tokens, keys or passwords are stored encrypted in our systems.
- Our data processing and storage happens in monitored and highly scalable, best-in-class data centers managed by Microsoft Azure.
If Avarea Analytics Oy or its assets are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Madtrix on the Website and the Service. In this event, you will be notified via email or a notice on our website, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information.
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
5. Recipients of Personal Data
When processing your personal data for the purposes described above, we may transfer the personal data to the following third parties:
- Intercom, customer data analysis
- Google Analytics, customer and traffic analysis
- Google Adwords, advertising and marketing
- LinkedIn Ads, advertising and marketing
- Facebook Ads, advertising and marketing
- Hubspot, customer relationship management
- Stripe, payments processing
- Paypal, payments processing
- Braintree, payments processing
- Freshdesk, customer support
- Slack, customer support
- Sendgrid, transactional email
- Breezy HR, job applicants tracking system
- Amazon Web Services, servers and infrastructure
- Google Cloud Platform, servers and infrastructure
- Microsoft Azure, servers and infrastructure
We may also transfer personal data to the relevant authorities in Finland or abroad where such authorities have a legal right to receive the information.
6. Safeguarding Personal Information
We take the data protection seriously. We use various technical measures to prevent unauthorised access to the information you submit us through our website or the Service, and also any wrongful use of this information.
Personal Data is collected to databases that are protected by firewalls, authentication and other technical means. Databases and backups thereof are located in secure premises and only certain persons, designated beforehand, may access the data.
When especially confidential information is being collected or transferred, e.g. credit card information, we use TSL/SSL (Transport Layer Security/Secure Sockets Layer) encryption technology. TSL/SSL makes the information transferred between us unreadable to outsiders. This security precaution is operational whenever a key or a lock icon is visible on the bottom corner of your browser window (the icon you see depends on the browser you use).
7. Transferring Personal Data to Outside of the EU/EEA
If personal data is transferred outside the EU/EEA, we ensure that the personal data is transferred in accordance with the applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) or by ensuring that the recipient of the data participates certification schemes, including the EU-US Privacy Shield.
8. Your Access to Your Personal Data
You have the following data protection rights:
- You can request access, correction, updates or deletion of your personal information.
- You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
To exercise any of these rights, please contact us at email@example.com. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
9. Retention of Personal Information
We retain Personal Information that you provide to us where we have an ongoing legitimate business need to do so (for example, as long as is required in order to contact you about the Subscription Service or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements).
When we have no ongoing legitimate business need to process your Personal Information, we securely delete the information or anonymise it or, if this is not possible, then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. We will delete this information from the servers at an earlier date if you so request.
We store the following cookies on the madtrix.io web-site and Services when you use our properties.
- Session cookie used by the application to store state between page views (such as your current logged in information)
- Google Analytics and AdWords tracking cookies for tracking page views
- WordPress Cookies for settings while browsing the main madtrix.io site
- Bing Ads tracking
The security of your Personal Information is very important to us. Our data processing and storage is on Microsoft Azure. Madtrix is built on Miscrosoft Azure and uses Microsoft’s security, privacy and compliance tools to protect all customer data and meeting compliance requirements. More detailed information about Azure platforms security can be found from Microsoft Azure Trust center at https://www.microsoft.com/en-us/trustcenter
The data on the Madtrix data platform is encrypted in transit (over the network) and at rest (nonvolatile storage), giving you end-to-end encryption. Encryption at rest is a phrase that commonly refers to the encryption of data on nonvolatile storage devices, such as solid state drives (SSDs) and hard disk drives (HDDs). Madtrix stores its primary databases on SSDs. Its media attachments and backups are stored in Azure Blob storage, which is generally backed up by HDDs. With the release of encryption at rest all databases, media attachments, and backups are encrypted.
Encryption in transit is a mechanism of protecting data when it is transmitted across networks. On Madtrix data platform data in transit uses industry-standard secure transport protocols, such as TLS/SSL
All client-to-service interactions are SSL/TLS 1.2 enforced. Also, all intra datacenter and cross datacenter replication is SSL/TLS 1.2 enforced.
All Madtrix passwords area encrypted and stored in an encrypted database. Database encryption keys are encrypted and protected by the transparent data encryption protector. The protector is either a service-managed certificate (service-managed transparent data encryption) or an asymmetric key stored in Azure Key Vault (Bring Your Own Key).
For the authentication of data sources using OAuth2 (facebook ads, google analytics etc.) the users authentication credentials are not stored on Madtrix. The connection is based on token that Madtrix receives from the data source OAuth2 service during the authentication of the data source API.
12. Links To Other Sites
13. Madtrix Website Analytics
Madtrix works with 3rd party providers to obtain the information regarding traffic on Madtrix websites, including pages viewed and the actions taken when visiting madtrix.io and other Madtrix web properties; to serve our advertisements on other websites and elsewhere online; to provide us with information regarding the use of our websites and the effectiveness of our marketing efforts.
Above mentioned partners may collect certain information about your visits to and activity on Madtrix websites, they may set and access their own tracking technologies on your device (including cookies and web beacons), and use that information to show you targeted advertisements.
We use Google AdWords Remarketing and other similar services (e.g. retargeting) to advertise Madtrix across the Internet.
These services will display relevant ads tailored to you based on what parts of Madtrix websites you have viewed by placing a cookie on your device. This cookie does not in any way identify you or give access to your computer. It helps us to customize our marketing to better suit your needs and only display ads that are relevant to you.
14. Privacy of Children and Dependants
Madtrix does not consciously request personal information from users under 18 years old, and Madtrix’s websites and Services are not intended for users below this age. Minors may not make purchases or other purchasing actions via this website without the consent of their parents or legal guardians, unless the relevant legislation so permits. If you believe that we have collected information about a child under 18, please contact us at firstname.lastname@example.org, so that we may delete the information.
16. Contact Information and Submitting Requests
You can request information from Madtrix at any time about which Personal Data Madtrix processes about you and the correction or deletion of such Personal Data. We aim always to find a solution directly with you in case of possible disagreement. You can also make a complaint to the data protection authority, if your consider that your personal data is being processed unlawfully.