Effective October 25, 2019
At Corporate Armor, we respect the privacy of our website visitors and users who use our products and services. The purpose of this Privacy Policy is to make our activities related to the processing of your personal data as transparent as possible and to give you control over your personal information. We will always strive to collect and process your personal data in a fair way and to keep it secure and confidential.
1. Introduction
Corporate Armor Headquarters (“we”, “us”, “our”) has prepared this policy to provide information about the collection and processing of personal data when using the “Corporate Armor Connect & Fix” products and services offered on the official website corporatearmor.com. The main purpose of the Corporate Armor Connect and Fix software is to allow IT professionals and helpdesk technicians (“Operator”) to establish remote desktop sessions over the Internet for their business purposes, i.e. to provide technical support to their customers (“Client”) remotely. We address the personal data protection in accordance with the General Data Protection Regulation (EU) 2016/679, which is a European regulation on data protection and privacy (GDPR).
2. Personal Data
Personal data is any information that relates to an identifiable natural person. Examples of personal data are a name and surname, an address, an email address such as [email protected], location data, an Internet Protocol (IP) address, a cookie ID, etc. Personal data is any data that can personally reference you. The words “you” and “your” in this privacy policy may refer to the following types of users:
a) Website visitor: Any individual visiting our official websites or social media sites for informative purposes only.
b) Operator: Registered user with Corporate Armor Connect and Fix account (typically IT professional or helpdesk technician).
c) Client: End-User, who may join remote desktop sessions without any credentials to receive technical support from Operators.
d) Administrator: A privileged Operator who has permission to manage Corporate Armor Connect & Fix licenses and Operators’ accounts within an organization. This Privacy Policy describes which personal data we collect at different levels of your engagement with us.
This Privacy Policy also describes where your personal data is stored and the security measures we use to protect it.
3. Controller and Processors
Corporate Armor Connect & Fix products and services are developed by XLAB d.o.o., which is a software engineering company headquartered in the European Union. Since 2003, they have been providing the ISL Online (Corporate Armor Connect & Fix) products and services to our users all around the world. The legal person who solely determines the purposes and means of the processing of personal data when using the ISL Online (Corporate Armor Connect & Fix) products and services (“Controller”) is:
ISL Online Headquarters
XLAB d.o.o.
Pot za Brdom 100
SI-1000 Ljubljana Slovenia, European Union
VAT ID: SI15779092
Reg. Number: 1639714
Email: [email protected]
Phone: +386 1 244 77 60
The processor of personal data may be:
a) the controller,
b) companies affiliated with us – subsidiaries whose controlling interest is owned by us thus shall not be regarded as third parties:
i. ISL Online Limited, 22 Basepoint Business Centre, Rivermead Drive, Westlea, Swindon, Wiltshire, SN5 7EX, United Kingdom
ii. ISL Online DACH GmbH, Aargauerstrasse 250, 8048 Zürich, Switzerland
c) Third parties:
i. Authorized Partners (our distributors and resellers who assist us in performing certain customer care functions such as marketing activities, sales, customer support and similar business activities on our behalf)
ii. external contractual service providers who we use in connection with the specific functions of our business process, e.g. Google Analytics
4. Consent and Limits to Use
By giving us your consent and providing your personal data to Corporate Armor you indicate that we may collect, process, store or use the provided personal information for the legitimate purpose of enabling you to access our products and services and for related business activities, which may include contacting you, processing your requests and orders, answering your sales or technical support inquiries, or promoting Corporate Armor’s products and services. Your personal data will not be used for any other purpose. You may withdraw your consent anytime.
5. Obtaining Information and Rectification
You have the right to request a report about and/or containing your personal data we store. Should you require a report on your session details, this shall be provided in a machine-readable format. Such requests or other inquiries related to your personal data should be sent by email to [email protected]. To ensure secure handling of your request, we will need to authenticate your identity before processing your request. We will use reasonable technical and administrative efforts to provide you with an individual personal data report within 30 days after receiving a valid request.
6. Children
It is our belief that children have no requirements for our software and we do not verify age or obtain parental or guardian consent for any data processing activity and we will not knowingly store any data regarding a child under the age of 16. The software has no age sensitive material nor should pose any risk to children.
7. Data Protection
ISL Online Headquarters (XLAB d.o.o.) holds the ISO/IEC 27001:2013 certificate, which proves our commitment to information security. We use globally recognized ISO 27001 standard as a framework for implementing the information security management systems (ISMS), which helps us keep information assets secure.
We use the latest technologies and administrative procedures to safeguard your personal data. ISL Online servers are hosted by professional, industry-proven data centers with modern facilities and equipment such as redundant or backup power supplies, redundant data communication connections, environmental controls (e.g. air conditioning, fire suppression) and security devices. ISL Online’s master servers are located within the European Union in ISO 27001-certified data centers.
All our servers have disk encryption and are solely managed by the controller’s OPS team (system administrators and other privileged access users). We have physical and logical access procedures and controls in place and we conduct training for our employees and contractors in order to enforce conformity with our data protection and privacy policies.
8. Website Visitors
When you visit our website, we collect a limited scope of personal data transmitted to us by your browser. This enables you to access our website and helps us to create the best user experience for you. The data transmitted by your browser include your personal data such as your IP address and meta data such as time stamp, technology used (operating system, browser, network etc.), referrals (website from which the request comes), language and the country of origin.
Our website also contains cookies – small text files that are placed on your computer upon your visit. Cookies are widely used in order to make websites work, or work more efficiently. Please refer to our cookies policy for details.
9. Social Media Sites
Our official websites feature social media plugins like Facebook, Twitter and LinkedIn, to enable you to share information with others. If you are logged into a social media site while visiting our website, the social plugins may allow that social media website to receive information that you have visited our website and to share information about your activities on our website with other users of their social media website. We do not control any of the content from the social media plugins. We recommend you contact those sites directly for their privacy and data sharing policies.
10. Integrated Third-Party Website Services
In order to provide the services and improve our official websites, we may engage the services of third-party vendors (such as Vimeo, YouTube and Google Maps). In the process of supplying such website services through our official website, these third-party vendors need to collect your IP address provided by your web browser.
11. Links to Other Websites
Our official websites contain links to other websites. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation to that third party. We do not exercise control over third party websites. We recommend you contact those sites directly for their privacy and data sharing policies.
12. Registration
If you decide to sign up for Corporate Armor Connect & Fix software, we will ask you to provide the following personal information:
• email address
• full name.
You are only required to provide your email address during the registration process. For billing purposes, we also ask you to provide the name of the company, address, phone number and similar information which will be needed if you decide to buy a license. You are able to review and change this information at any time (log in My Account > License > Change Information).
Your account information may only be processed by the Corporate Armor Headquarters and ISL Online Headquarters. These processors have access to the personal data needed only to perform their customer care functions related to Corporate Armor’s products and services and may not use it for any other purpose.
13. Notifications and Newsletter
We use internal systems to deliver important system messages and news about the Corporate Armor products and services to you. Once you sign up for the Corporate Armor Connect & Fix software, we advise you to subscribe to the following two notification types:
• Automatic Email Notifications (AEN): These are automatic notifications related to your Corporate Armor account status. For example, our systems will automatically send a message to your email address to notify you when your account expires.
• Newsletter: Approximately once a month, we send out a newsletter to notify you of important product or service enhancements, security announcements or other information we consider relevant to our users.
When you subscribe to Automatic Email Notifications or Newsletter, we will be sending out notifications to the email address specified in your account. You are able to change your subscription preference at any time (log in My Account > My Profile > Change Subscription).
14. Product Use
When you register for a free license, your account will be activated for the product use. Upon the registration and all subsequent successful log in attempts we will collect your IP and MAC addresses, due to auditing and licensing reasons.
Once logged in to your account, Corporate Armor Connect & Fix allows you to establish a remote desktop session with a remote computer or mobile device. The session may include different services such as text-chat, screen sharing, video call and file transfer.
All remote desktop sessions are encrypted using symmetrical AES 256-bit keys. A secure SSL end-to-end tunnel is established between a local and a remote computer or device. This means that even the ISL Online servers cannot decrypt the content of the sessions but only transfer packets from one side to another. This means that we do not collect any personal data transmitted during remote desktop sessions.
However, we do collect and store metadata of remote desktop sessions. This is needed for the legitimate purpose of enabling access to the Corporate Armor products and services explicitly requested by you. The list of metadata stored on ISL Online’s servers may include your personal data:
• User name
• Email address
• IP address
• MAC address
A detailed list of basic session parameters (metadata) is available in our Security Statement. The metadata is stored on ISL Online servers, which are located worldwide, mostly in the European Union, Japan and the United States. A distributed data allocation allows us to guarantee 24/7 availability and reliability of the remote desktop software as a service all around the world.
We use proprietary geoDNS algorithms to distribute sessions to the nearest servers available. This means that users from a particular country will be almost certainly connected through one of our servers hosted in that country (if any of our servers is located in that country). For example, the UK users will be almost certainly connected through our UK servers, the German users will be almost certainly connected through our German servers etc.
While we prioritize remote desktop connections to be established through the server located closest to you, some service and product features require that data is transferred to servers located outside of your country for technical reasons. The collection, encrypted transfer and storage of this data on the encrypted disks is managed according to the ISO/IEC 27001:2013 information security standards.
15. Text Messages
Some organizations may decide to enable optional features provided by Corporate Armor Connect & Fix in order to enhance their remote desktop sessions, for example:
• End-of-Session dialogs, which pop up to Operators or Clients once the remote desktop session is finished for the purpose of collecting the users’ feedback.
• Integration into third-party solutions such as service desk or ticketing products, CRMs, ERPs and other enterprise systems.
Enabling such optional features may result in collecting text messages (the transcript of the chat between the Operator and the Client) related to a remote desktop session and storing this data on ISL Online servers beside the metadata. Chat transcripts are available to Operators and Administrators of the respective organizations. You are advised not to enter any sensitive or personal information into a chat window.
In the case of the integration of Corporate Armor Connect & Fix software into third-party solutions, the chat transcript may be transferred to service desk or ticketing products, CRMs, ERPs or other enterprise systems. We do not control the personal data collected and managed by these enterprise systems. We recommend that you contact enterprise system providers directly for their privacy and data sharing policies.
16. Anonymization and Pseudonymization
We strive to minimize the collection of your personal data. A vast majority of data collected by Corporate Armor Connect & Fix is anonymized, stripped of any identifiable information, making it impossible to derive insights into a discrete individual. On the other hand, the personal data we do collect and store may be pseudonymized:
• upon your explicit request, or
• according to the set retention periods.
You have the right to be forgotten. Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately. Your personal data will be rendered in such a way that it should be nearly impossible to reidentify you.
We use reasonable efforts and deidentification techniques to pseudonymize your personal data.
17. Buying Licenses
When the organization decides to upgrade from Corporate Armor Connect & Fix and purchase the ISL Online licenses, those licenses are assigned to a specific ISL Online account. These accounts are normally managed by Administrators (license owners). During the purchasing process we will collect information needed for billing and order processing purposes, which may include your personal data such as your name, company’s name and address, email address, and telephone number. We will keep purchase orders and invoice records as long as requested by tax authorities. Please refer to the terms of service for details.
18. Customer Support
When you contact our service desk via live chat, email or phone, we may collect your email address, your name, and your telephone number, in order to respond to your inquiry. Your message will also be stored.
19. Data Transfer to Third Parties
This Privacy Policy describes how your personal information is shared with third parties according to your level of engagement with us. We strive to be as transparent as possible regarding the transmission of your personal data. You will be asked for consent before your personal data is shared with third party processors.
20. Updating Privacy Policy We reserve the right to change or supplement this Privacy Policy at any time. Any changes will be posted on this website along with the date when they become effective. We urge you to monitor this website to stay abreast of any changes. In the event that the modifications materially alter your rights or obligations thereunder, we will make our best efforts to notify you of the change. Your continued use of our products and services after the revised Privacy Policy has become effective indicates that you have read, understood and agreed to the current version of this Privacy Policy.