Privacy Policy

Effective: 25 May 2018

The MI DIGITAL privacy policy forms part of MI DIGITAL's Terms of Service.

GDPR Privacy Policy is a new version of our Privacy Policy. If you service users in the European Economic Area or are otherwise subject to the GDPR, please review this Privacy Policy and provide related contact information.

1. Introduction

MI DIGITAL incorporates a proactive product development effort, also known as ‘privacy and security by design practice.'

Please read our full document below to understand details of where we are:

  1. Data Controller who determines the purposes and means of the processing of personal data

(your MI DIGITAL account data, company information, etc.),

  1. Data Processor who processes personal data on behalf of the controller (when we process your data through our systems into Google Data Studio, Microsoft Excel, Google Spreadsheets, etc.)

1.1 Privacy and security as a data processor

As a data processor, we never store your data permanently on our systems. In most of the cases, we process your data in real time without saving it on our systems. To improve performance, we may cache your query results on our servers as needed for the success of your query (e.g., for faster data processing).

Any time we cache query results we actively encrypt the data. Systems delete caches once they are unnecessary or when you stop using our products.

Our staff has training in handling data, and access to your data as needed. We monitor our systems regularly. Your data is extremely restricted, and we will only access it at your written request or cases where we need to debug and solve problems. In each case, we audit all such access.
We do not share the data you process with us with any party.

In some instances, you may be given the option and have chosen the selection to have your data processed in a specific region(s) or particular data centre(s), as needed. In such events, we will give you the guarantee such processing will happen in a specified manner, and any changes we will communicate to you.

MI DIGITAL's tools only use official APIs or APIs you provide us for accessing data. Data transfers are done using encrypted connections.

For logging into most of the data sources, our products and tools use OAuth. OAuth is a secure authentication method, which means that you never have to type your password into our products or tools, as the authentication happens on a webpage hosted by the data source and data provider (e.g., Google, Facebook or Microsoft).

With Google services, our products and tools will only have rights to access your Google Analytics/AdWords or other Google platform data (depending on which service you are logging in to), nothing else on your Google account. You can revoke MI DIGITAL's right to access your data at any point from your Google account control panel.

Most other services we connect to also work with OAuth (Facebook, LinkedIn, etc.), and provide their interface for revoking access rights.

Some services require you to type your username and password, or API key, into our tools. We store any tokens, keys or passwords encrypted in our systems.

Our data processing and storage happens in monitored and highly scalable, best-in-class data centres managed by Amazon, Microsoft and Google.

1.2 Processing personal data as a data controller

On the instructions of our customers, we may also process personal data to provide marketing data analysis and other services to our customers/clients. Such processing of personal data is administered by a data processing agreement entered into between us as the data processor, and our customer as the data controller. We process such data only on the instructions of our customer. If you have any questions relating to such data processing, please contact the relevant data controller (our customers/clients) directly.

2. Analytics, UX, Online Advertising, and Remarketing

MI DIGITAL DON'T USE GOOGLE ADWORDS REMARKETING CAMPAIGNS or other similar services (e.g., retargeting ads) to advertise MI DIGITAL company across the Internet. Even if we have remarketing functionality opted-in Google Analytics and Google AdWords, we don't have any Remarketing campaigns active on any digital advertising network.

2.1 How does MI DIGITAL use cookies for advertising?

MI DIGITAL use cookies for non-personalised online advertising. This non-personalised online advertising means that by serving our own branded and product-related ads, we would actively avoid marketing practice that incorporates the conscious:

  1. invasion of your privacy, not having the power to be left alone or not to obtain control over your personal information,
  2. irritation, displeasure or impatience,
  3. threat to your freedom.

2.2 How does MI DIGITAL partner with third-party cookies and/or web beacons?

In the course of serving MI DIGITAL's advertisements to you, a unique third-party cookie and/or web beacons may be placed or recognized on your browser. These third-party cookies and/or web beacons help us:

  1. gather information regarding the general traffic on MI DIGITAL websites and apps, including pages viewed and the actions taken when visiting midigital.eu and other MI DIGITAL's web properties (e.g., datastudiobridge.com);
  2. serve branded and product related ads on other websites and elsewhere online
  3. manage and optimize our online advertising so we could learn which banner ads bring users to our website and improve our sales
  4. analyze traffic on our site and customer behavior to make the user experience on our website and apps better.

These third-party cookies do not in any way identify you or provide access to your computer. We do not store passwords or any other information about a visitor in a cookie that could identify them or their financial activity. It helps us to understand our visitors better and improve the user experience on our products.

2.3 How to find and control your cookies?

You can read here how Google is using your data when you are visiting MI DIGITAL websites. You can set up your browser to decline cookies, should you wish to do so:

If you're using Internet Explorer 6.0 or 7.0 :

  • Choose Tools, then
  • Internet Options
  • Click the Privacy tab
  • Click on the ‘Advanced' button
  • Check the ‘Override automatic cookie handing' box and select Accept, Block or Prompt for action as appropriate

If you're using Mozilla Firefox :

  • Choose Tools, then
  • Options
  • Privacy
  • Cookies
  • Set your options as required

If you're using Opera 8+ :

  • Choose Tools, then
  • Preferences
  • Advanced
  • Select Cookies
  • Select your settings using the available options

If you're using Safari:

  • Choose Safari, then
  • Preferences
  • Advanced
  • Security
  • Select options by Accept Cookies as required

2.4. How do you know which of the sites you've visited use cookies?

If you're using Internet Explorer:

  • Choose Tools, then
  • Internet Options
  • Click the General tab
  • Click Settings
  • View Files

If you're using Mozilla Firefox :

  • Choose Tools, then
  • Options…
  • Privacy
  • Cookies
  • Click the Show Cookies button

If you're using Opera 8+ :

  • Choose Tools, then
  • Advanced
  • Click Cookies

If you're using Safari:

  • Choose Safari, then
  • Preferences
  • Security
  • Click Show Cookies button

Please note that some parts of our Paid Services may not function properly if the use of cookies is declined.

3. List of Trackers that Store Cookies

We store the cookies from the following trackers (tags) when you use MI DIGITAL properties:

3.1. Advertising Tags:

  1. DoubleClick
  2. LinkedIn Marketing Solutions
  3. Facebook Custom Audience

3.2 Essential Tags:

  1. Google Tag Manager

3.3. Site Analytics:

  1. Google Analytics
  2. FullStory

3.4. Social Media

  1. Facebook Connect
  2. Google Plus Platform

4. The controller of the processing of your private data

If you enter a contest or another promotion, we will use the data so that we can administer the contest and notify winners.
When you sign up for our services, we may collect and process the following personal data about you: Your name/Name of the company; Address details; E-mail address;

We collect the above mentioned personal data directly from you when you sign up for the Paid Service. If you do not provide us with your above personal details, we may not be able to enter into an agreement with you and provide you with the service. Besides, we may collect technical data such as IP address, operating system, web browser, and browsing history on midigital.eu and other MI DIGITAL web properties, before entring into the agreement. This data may be combined with your private data so that we may create optimized and efficient workflows and provide further analysis to improve sales, quality, and delivery of our apps and products.

5. Purposes of data processing

We may process personal data for the following purposes:

  1. concluding the agreement with you or the legal entity you represent;
  2. maintaining a contractual relationship with you or the legal entity you represent, including invoicing;
  3. providing you with support for the services under the agreement, troubleshooting;
  4. Sending you or the legal entity you represent necessary updates regarding the paid services under the agreement, changes in our Terms of Service or this Privacy Policy.

6. Statistical and analytical purposes of data processing

We use the personal data to generate reports and statistics regarding the use of our services. Where possible, we use anonymized data or non-personal data in these activities.

7. Legal grounds for the data processing

If you are a natural person and have entered into an agreement with MI DIGITAL, we process personal data to the extent it is necessary for the performance of the agreement between you and MI DIGITAL as well as for the legitimate interests pursued by us as the data controller.

If you represent a legal person who has entered into an agreement with MI DIGITAL, the legal grounds for the processing of personal data is that processing is necessary for the authentic interests pursued by us as the data controller.

To the extent we process the personal data (as defined in section 2) in connection of performance of the agreement between a legal person and MI DIGITAL, the legitimate interest pursued by us is the conclusion and performance of the agreement between your legal entity and MI DIGITAL. In such case, we will process your private data as necessary towards the mutual interest of concluding and maintaining a contractual relationship with the legal entity you represent.

To the degree, we process the personal data with the aim to improve our services the legitimate interest pursued by us is the development of our business and processes. We strive to limit the use of personal data in this context to the minimum and will process your private data (as defined in section 2) as necessary towards the mutual benefit of improving and optimizing our products.

8. Recipients of personal data

When processing your private data for the purposes described above, we may transfer the personal data to the following third parties:

  • Google Cloud Platform, servers, and infrastructure
  • Microsoft Azure, servers and infrastructure
  • Google Analytics, customer and traffic analysis
  • Google Adwords, advertising, and marketing
  • LinkedIn Ads, advertising, and marketing
  • Facebook Ads, advertising, and marketing
  • Slack, customer support
  • Mailgun, transactional email
  • Heroku, servers, and infrastructure
  • Amazon Web Services, servers, and infrastructure

In extreme cases, we may also transfer your private data to the relevant authorities in Croatia or elsewhere where such authorities have a legal right to collect the information.

9. Transfer of your personal data to the outside of the EU/EEA

We may transfer your personal data outside the EU or the European Economic Area in connection with the purposes stated in this Privacy Policy. Your personal data may be transferred to the United States, and/or other non-EU jurisdictions, as applicable.

If personal data is transferred outside the EU/EEA, we ensure that the personal data is transferred in accordance with the applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) or by ensuring that the recipient of the data participates certification schemes (including the EU-US Privacy Shield).

10. How long do we store your personal data?

Your personal data will be stored only as long as it is necessary for the performance of the agreement with you and for the purposes set out in section 3 above. We will delete the information once it is no longer needed for those purposes.

11. Your Consent

By disclosing your personal information to MI DIGITAL, you consent to the collection and processing of your personal information in the manner set out in this Privacy Policy.

12. Your Rights

12.1 Right of access

You may contact us, and we will inform what personal data we have collected and processed regarding you, and for the purposes, such data are used. You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed.

12.2 Right to object

You may object to the particular use of personal data if such data are processed for other purposes than purposes set out above. If you oppose the further processing of personal data, we may not be able to provide you with the services under the agreement.

12.3 Restriction of processing

You may request us to restrict the processing of your personal data. In such case, we may not be able to provide you with the services under the agreement.

12.4 Right to withdraw consent

If the processing of your personal data is based on your approval, you have the right to withdraw the consent at any time. If you wish to practice the right to withdraw the consent, you may contact us at the contact details set out in section 3 above.

12.5 Right to data portability

You have the right to receive your personal data from us in a structured and commonly used format and to independently transmit those data to a third party.

13. Exercising Your Rights

You may reach us by mail or e-mail using the contact details set out in section 3 above with a request to use any of the above rights. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

14. Lodging a complaint

CROATIAN PERSONAL DATA PROTECTION AGENCY
Fra Grge Martića 14

HR - 10 000 Zagreb

Tel: 00385 (0)1 4609-000

E-mail: azop@azop.hr

Web: http://www.azop.hr

Agency's working hours

Monday - Friday 08:00 - 16:00 h

Legal questions

Tel: 00385 (0)1 4609-080 (every working day 13:30 - 15:30 h)
E-mail: azop@azop.hr

If you have any questions, contact us at martin@midigital.eu.