VikingCloud Protect Privacy Notice
This Privacy Notice describes how we collect, store, use, and share your personal information and it explains the rights you have in relation to the personal information that we hold about you. In this Privacy Notice, references to “you” and “your” are references to a user of VikingCloud Protect, your compliance and security manager mobile application.
We understand the importance of your personal data and we are committed to protecting and respecting your privacy and the privacy of the users of our VikingCloud Protect app (the “App”). On behalf of your bank, payment processor or card terminal provider (“Your Service Provider”), we provide you with access to the App.
If you don’t connect your mobile account to the account Your Service Provider has set up for you, we are responsible for the information you provide when you sign up and the information we collect when you use the App. This use of your information is covered by this Privacy Notice. Once you link your App account to your merchant account, our use of your information is controlled by Your Service Provider, so please refer to their privacy notice(s). Note the section on deletion applies to everyone who has the App.
Some of the information listed in this Privacy Notice may not be personal information, as it will apply to your organization. However, where you are a sole trader or a non-limited liability partnership, your business information is classed as personal under the General Data Protection Regulation (EU) 2016/679 (“GDPR”). To ensure we’re transparent, we’ve included our use of organization-level information in this Privacy Notice.
Although the UK is no longer part of the EU, all material requirements remain the same. All references to the GDPR in this Privacy Notice relate to both the UK and EU. Our registered office is 1st Floor, Block 71a, The Plaza, Park West Business Park, Dublin 12, Ireland.
Who we are
When we say ‘VikingCloud’, ‘we’ or ‘us’ in this Privacy Notice, we are referring to Sysxnet Limited, a company registered in Ireland with company number 147176, and its affiliates.
Where do we get your information from?
We collect information from you when you:
- Install the VikingCloud Protect mobile app;
- Contact us by phone or via the form on this website; and
- Visit our website.
What kinds of information do we collect about you?
When you visit this website, we collect:
- IP address, which can be used to determine your approximate location; and
- Device information (type of device, operating system and which version of the operating system).
When you create an account, we collect:
- Work contact details – your work email address, phone number and region (EU vs US).
When you use the App, we collect:
- IP address, which can be used to determine your approximate location;
- Device information (type of device, operating system and which version of the operating system); and
- Application logs, which contains details of when you login (or attempt to log in) and which notifications you have been shown (if any).
A reminder that other information will be collected if you link the App to your merchant account. This use of your information is covered in Your Service Provider’s privacy notice(s).
Mobile Account Data Deletion:
If you wish to delete your App account, you can do so at any time. This removes the account from our systems, so you will no longer be able to log in.
There are two options available.
- Delete your account within the app
- Navigate to Settings
- Select ‘Remover User’.
- Your account will be removed within minutes.
- Request an account deletion via our Contact Us form (using the link at the bottom of every page on the website).
- Provide us with the details you registered your account with
- Work email address
- Phone number
- Region (EU or US).
- We will delete your account within 5 working days.
- Provide us with the details you registered your account with
Please note that your merchant account, i.e. the account your Service Provider set up for you, will not be deleted. Please talk to your Service Provider if you want your merchant account deleted.
If you fail to link your App account with your merchant account, we will delete your App account after 90 days.
How do we use your personal information, and what are our legal grounds?
Worldwide, a number of Data Protection laws require organizations to process personal information only where we have a ‘lawful basis’ (i.e., the legal justification for the processing of personal information as specified in your local law). This section will explain the legal basis/es applicable in your country.
Please make sure you read the ‘Use of your Information’ column below regardless of your location.
Reason for using your personal information | Legal ground |
---|---|
Servicing To use the services, you do need to give us your email, mobile number and region to allow us to set up an account for you. We will also use your contact details to send you essential notices and service notifications, such as reminding you to link your merchant account within the App. |
Necessary for a contract This relates to the necessary use of your information to allow us to deliver the services you have requested from us |
Call Recordings If you call our support team, we record the call for training and monitoring purposes, which includes our trusted advisors reviewing calls to allow us to improve our service. |
Consent In some US States and some countries in the EU, we may require your consent to record calls. |
Legal Duties We may disclose or share your personal information in order to comply with a legal obligation such as a court order. Where we do so we’ll only provide the minimum information needed to comply. |
Necessary for compliance with a legal obligation Your personal information may be processed to meet any legal obligations VikingCloud is subject to. |
Protecting Life We may disclose your information to the police or other authorities if we have serious concerns about you or another’s wellbeing. |
Necessary to protect vital interests This will usually only apply to protect someone’s life. |
Necessary for legitimate interests
We also use your information when we have a ‘legitimate interest’ as long as this doesn’t unfairly impact you or your privacy rights. Each activity is assessed, and your rights and freedoms are taken into account to make sure that we’re not being intrusive or doing anything beyond your reasonable expectations.
We’ll assess the information we need, so we only use the minimum. If you want further information about processing under legitimate interests, you can contact us using the details below.
You also have the right to object to any use of your information where we use the justification of ‘legitimate interests’. We’ll re-assess our interests and yours, considering your particular circumstances. If we have a very strong reason for the use of your information, we may still continue to use your information. We use ‘legitimate interests’ for the following:
Reason for using your personal information | Legitimate interest(s) |
---|---|
Analysis and management reporting We analyze and report on the use of the App. Google and Apple also provide us with aggregated reports on the number of downloads and the number of times the App is used per month, see Google and Apple’s privacy notices for more information on this use. |
We need to analyze and assess usage of the App, to ensure we provide a good service and to optimize our resources. |
Call Recordings Where we don’t require your consent to record calls, we will still let you know the call will be recorded. Recordings are used for training and monitoring purposes, which includes our trusted advisors reviewing calls to allow us to improve our service. |
We need to ensure quality standards are met and that we keep improving our service. |
Online Tracking
At present, we do NOT respond to Do Not Track signals your device sends. However, the app does not use any tracking technologies.
Who do we share your personal information with?
We may share your personal information with other organizations. The organizations we share personal information with are as follows:
- Platform providers
- Messaging providers
- Telephone providers
- Professional services providers and consultants, such as our bank, contractors, external auditors, and lawyers.
- As part of an actual or contemplated business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization
We only share personal information where there is a requirement to do so, and where appropriate technical, organizational, and where necessary, contractual measures are in place in order to ensure its protection.
Overseas transfers
The information that we process about you will be stored in the United States, if you are based in the US, or Europe if you are based in Europe. It may also be accessed by authorized individuals who operate in a variety of countries, or who work for us or for one of our suppliers.
If you are based in the EU or UK, we need to have specific protections in place to transfer your information to another country. We also need to let you know which methods we use.
- Some countries have been assessed by the relevant authorities as being ‘adequate’, which means their legal system offers a level of protection for your information which is equal to the level of protection in your country. This applies to some of our suppliers, as well as some of the transfers of information within VikingCloud.
- Where the country or mechanism hasn’t been assessed as ‘adequate’, the method we use most frequently is Standard Contractual Clauses (SCCs). These contract terms place EU standards onto companies in other jurisdictions. The standard contractual clauses approved by the European Commission are available via the link https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en. Please contact us if you’d like more information.
- We have SCCs in place to allow sharing between VikingCloud group entities globally.
- We have SCCs in place with some of our service providers – we make sure we have contract terms in place and carry out checks of their practices / agree additional controls to ensure that your information is treated securely and in accordance with this Privacy Notice.
How long do we keep personal information for?
Excluding your App account, which we delete after 90 days if you don’t tie it to your merchant account, all other information that we process about you, is controlled by Your Service Provider.
Your rights
There are a number of rights available under the global data protection and privacy laws. These don’t usually require any fee and we must respond within one (1) calendar month in most circumstances.
Not all rights apply in all situations and some regions have different timeframes. The easiest way to exercise any of your rights, enquire if a right is applicable in a specific circumstance, or to check what timescales apply, would be to contact our Global Data Protection Manager using the contact details below. If we need further information to comply with your request, we’ll let you know.
Right of access / right to know
You have the right to ask for access to and receive copies of your personal information. You can also ask us to provide a range of information relating to how we collect / use your information.
Right to rectification / right to correct
If you believe the personal information we hold about you is inaccurate or incomplete, you can ask us to correct that information.
Right of erasure / right to be forgotten / right to delete / right to anonymization.
In some circumstances, you have the right to ask us to delete and / or anonymize personal information we hold about you.
Right to restrict processing / right to have information preserved
In some circumstances, you are entitled to ask us to restrict the processing of your personal information. This means we will stop using your personal information, but we won’t delete it. Or you could ask us to NOT delete your information.
Data portability
You have the right to ask us to provide your personal information in a format that allows you to share your personal information with another provider.
Right to object
You are entitled to object to us processing your personal information if the processing is based on legitimate interests. You also always have the right to object to our use of your information for marketing purposes.
Changes to this Privacy Notice
Any changes we may make to the Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes.
Contact
Our Global Data Protection Manager can be contacted using the following email address: dataprotectionprivacy@vikingcloud.com or alternatively by writing to 1st Floor Block 71A, The Plaza, Park West Business Park, Dublin 12.
Questions, comments, and requests regarding the Privacy Notice are welcomed and should be addressed to dataprotectionprivacy@vikingcloud.com.
If you have any concerns about the ways in which we process your personal information, please get in contact. In many countries you have a right to make a complaint to the relevant supervisory authority, however, most regulators require that you contact us first so that we can address your concerns
Please see below for details of the relevant regulators:
European Economic Area
EU regulators, plus those from Iceland, Liechtenstein and Norway
https://edpb.europa.eu/about-edpb/about-edpb/members_en
Telephone: See details in the link above.
United Kingdom
Information Commissioner’s Office (ICO)
https://ico.org.uk/global/contact-us/contact-us-public/
Telephone: 0303 123 1113