Hometoll (referred to as “we”, “us”, or “Company”) is committed to protecting your privacy and processing your personally identifiable information (referred to as “PII” or “personal data” or “personal information”) with transparency. The PII we collect and process depends on the purpose of your visit and the service or services you have purchased or otherwise agreed to receive from us.
This privacy statement for personally identifiable information:
- provides an overview of how we collect and processes your personal information and informs you about your rights according to the local laws for the protection of personal information and the European Union’s General Data Protection Regulation (GDPR).
- is addressed to natural persons who are either existing or prospective clients of the Company or are authorized representatives/assignees, or the beneficial owners of legal or natural persons who are existing or potential clients of the Company
- is addressed to natural persons who had a business relationship of this nature with the Company in the past
- contains information regarding when your PII will be conveyed to / exchanged with other companies or subcontractors of the Company and other third parties
For the purposes of this statement, personal information is understood to be any information which is relevant to you, with which your identity is or can be identified and which include, for example, your name, email address, physical address, VAT number, IP address (only when we have collected it in conjunction with directly identifying information) or the information you submit in your private tickets.
Who we are
Hometoll is a limited company registered in Denmark with the purpose of providing software and services related to it open source software.
Our address is:
What personal data we collect and why we collect it
We collect personal information of our current and prospective clients through our website.
Invoicing information. In accordance to the local tax laws and the European Union’s VAT and invoicing directives we collect the following personal information: your name, email address, physical address, company name (if applicable), company activity (if applicable), VAT number (if applicable), IP address, country based on your IP address and the User Agent string of the web browser you used when subscribing. This information is used to generate the legally stipulated invoice upon successful payment of your purchase and for proving your country of origin should it be required in accordance to the European Union’s VAT directives.
IP address. Your IP address is temporarily collected whenever you are accessing our site in our web server’s logs, our security software’s logs and our download system’s logs (only when downloading through our site or when downloading updates of our software). This information is used to ensure the security of our website and to prevent abuse. IP address information is not directly identifiable information but if it’s stored in conjunction with your user account ID it might be an indirect identifier.
Support ticket information. Any identifiable information you provide when requesting support through our ticket system, including connection information to your site(s) and any other personally identifiable information you may volunteer. We use that information to provide you with technical and account support and, generally, to answer your questions and address your requests. Please note that when filing a public ticket or when you are providing your ticket system signature you have no reasonable expectation of privacy and as such any information volunteered in a public ticket is not subject to our privacy statement.
Contact form information. Any information you volunteer by submitting a contact form through this web site’s Contact Us page. We use this information to respond to your requests.
Two Step Verification/account security. Information provided or generated in the course of setting up and using the Two Step Verification system for securing your account’s login. We use this information only for providing the Two-Step Verification functionality of our site. Two Step Verification information is not directly identifiable information but if it’s stored in conjunction with your user account ID it might be an indirect identified.
Who we share your data with
While fulfilling our contractual or legal obligations your personally identifiable information may be conveyed to our partners and subcontractors. These providers and suppliers are in contract with us with which they are obliged to uphold the confidentiality and protection of your personal information in accordance to the local data protection laws and the GDPR.
How we deal with your personal information for marketing purposes and whether we use profiling for such activities
In general, we do not base our marketing activities on the personal information we have collected from our clients. We do not perform personalized marketing and we do not make use of profiling for marketing purposes. Aggregate information, such as the amount of income from each country, may be used to influence our marketing activities. However, no personally identifiable information or pseudonymous information will be used for these activities. If we want to make a marketing campaign which includes your personally identifiable information, e.g. naming you as the recipient of a raffle, we will seek your explicit consent. In this case, you have the right to withdraw your consent at any time. Any processing taking place or marketing campaigns launched before your consent
To which extent is there automated decision making, including profiling
In general, in the course of the creation and carrying out a business relationship we do not use automated decision making. The only automated actions are as follows:
- Application of the correct VAT rate. This is legally mandated and it’s based on your country of origin. This does use your personal information (IP address and country kept in your user profile)
- Application of early renewal discounts. If you are renewing an existing subscription before it expires we will apply a discount automatically. However, this does not use your personal information, just the fact that you have an active subscription with us.
In general, we do not perform any kind of automated profiling of our clients and website visitors. We provide the same service to everybody. In case of an abnormally high number of downloads, support tickets or other signs of potential abuse we may process your PII on file to create a profile of your usual behavior to determine if there is a potential problem with your account.
How long do we keep your personal information
We retain your personal information for as long as we have a business relationship with you as evidenced by the existence of an active subscription or a login to your account.
We are legally required to retain your invoicing information, both as an off-line backup and in the custody of our auditors, for a period of up to FIVE (5) years after your purchase.
After SIX (6) months after the termination of our business relationship (explicitly: the expiration of your last subscription with us or your last login to our site, whichever comes later) the following actions will be taken:
- Your user account will be locked to make logging in impossible.
- Your private tickets will be permanently removed and you will forever lose access to them. Please note that your public tickets remain intact.
We may retain your personal information longer than that for regulatory, technical or legal reasons.
Your information may be stored longer than that in encrypted backups. However, we have technical means in place to remove your PII upon restoring those backups unless otherwise legally required, e.g. in assisting a criminal investigation.
If you leave a comment on our site you may opt-in to save your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Your data protection rights
You have the following rights with regards to the personally identifiable information we keep on file for you:
- Access your personal information. This lets you, for example, get a copy of the personal data we keep on file for you and confirm that we are processing it legally.
- Request the correction of the personal information we keep on you. This allows you to correct incomplete or inaccurate information we keep on file for you. Please note that correcting your invoicing information is only possible when purchasing a subscription and the correction is only applied to newly issued invoices only. This is a legal requirement.
- Ask for the deletion of your personal information (a.k.a. “right to be forgotten”). This lets you request that we delete your personal information when there is no real reason for us to process it. Kindly note that this is impossible for 5 years from your last purchase for taxation reporting reasons.
- Object to processing your personal information (a.k.a. “right to objection”) when we base our processing on protecting our interests but there is something special in your situation which makes you want to object to the processing for this reason. If you object we will no longer process your personal information unless we can prove pressing legal reasons for the processing which trump your interests, rights, and freedoms. Please note that this is largely inapplicable to our business relationship since our processing is done either on a legal basis, your explicit consent or is exempt from the GDPR protections (e.g. keeping an IP log for security reasons).
- You have the right to object in cases where we process your personal information for reasons of direct marketing. This also includes profiling, to the extent that this is used for direct marketing.
- Ask the limitation of the processing of your personal information. This allows you to ask us to limit the processing of your personal information, that is to use it only for specific cases, if:
- they are inaccurate;
- they have been used illegally but you do not wish us to delete them;
- they are no longer necessary but you want us to retain them for their use in potential legal demands;
- you have asked us to stop using your personal information but you are waiting for us to confirm if we have legal reasons to use them.
- Ask for a copy of the personal information pertaining to you in a structured, commonly used and machine-readable format, to convey this information to other organizations. You may also request that we directly convey that file to another organization of your choice. This is also known as “data portability right”.
- Withdraw your consent regarding the processing of your personal information at any time. Please note that withdrawal of your consent at any time does not invalidate the legality of the processing based on your consent before that was revoked or withdrawn by you.
To exercise any of your rights we kindly ask you to contact us directly as explained earlier in this document. Alternatively, or if you have questions about the use of your personal information from us, you can contact us through the Contact Form.
According to the law, we will reply to your requests promptly and within 30 business days. If you have not received a reply from us for over three weeks (21 days) please retry contacting us with alternate means; most likely your request never reached us. Kindly note that we reserve the right to direct you to our site’s tools and/or this Privacy Statement if your concern is readily addressed by it. Per the law, we reserve the right to not reply to your requests if they are too often or are otherwise an abuse of the provisions of the law.
Right to file a complaint
If you have exercised some or all of your rights to data protection and you still feel that your concerns about the way we use your personal data have not been addressed satisfactorily by us, you have the right to file a complaint by filling in the Contact Us form on our site. You also have the right to file a complaint with the Office of the Personal Data Protection Commissione,
Changes in this Privacy Statement
We may periodically modify or amend this privacy statement.
When this happens we will change the date on the button of this page. We do not have the technical means to notify our clients of any changes. We recommend that you re-examine this statement periodically so that you are always updated on the way we process and protect your personal information.