As both a data controller and processor, we have taken measures to ensure our compliance with the GDPR.
Our data centers (in Amsterdam) are co-located in some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by our datacenter facilities includes but is not limited to:
DigitalOcean’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.
Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.
Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.
Systems controlling the management network at DigitalOcean log to our centralized logging environment to allow for performance and security monitoring. Our logging includes system actions as well as the logins and commands issued by our system administrators.
DigitalOcean’s Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.
The security and data integrity of customer Droplets is of the utmost importance at DigitalOcean. As a result, our technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.
Snapshots and Backups are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can directly manage the regions where their snapshots and backups exist which allows the customer to control where their data resides within our data centers for security and compliance purposes.
OUR SERVERS ARE CERTIFIED
EU-U.S. and Swiss-U.S. Privacy Shield Certification
ISO/IEC 27001:2013 Certification
More information about our servers here https://www.digitalocean.com/legal/
Here at Angage, we’ve always had comprehensive policies and procedures for ensuring we store and process personal data securely. We can assure our customers we are able to respond quickly and effectively to personal data requests – whether these are for access to personal data or destruction of it, thus fully supporting your GDPR compliance needs.
Your information is used to allow your attendance, use of our solutions, and to help us understand and improve your experience. We collect Personal Data when you voluntarily provide it, such as when you register, contact us, or use certain parts of our solutions.
Data Controller, its service providers, and suppliers (“we”, “us”, “our”) recommitted to protecting and respecting your privacy.
Our goal is to provide you with all the information you need to enjoy and learn about the event you are attending and to build new connections with other participants. To help us do that, we collect personal data when you register, contact us with inquiries, or use certain parts of our solutions.
“Personal data” means any information relating to an identified or identifiable person.
When this privacy notice uses the terms “participant”, “you”, or “your” we mean people using our solutions. If you have any questions or concerns at any time, please contact us at the address below.
We use your data:
If our solutions are configured to permit public access, some personal data that you have provided, including that shown in group discussions, the activity feed, and your participant profile (if published), will be publicly viewable.
If you ask for help with using our solutions, we may access your personal data in order to understand the problem and find a solution.
Information you may give us:
information we collect about you:
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this notice.
We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns on our solutions. We do this to find out things such as the number of people using our solutions and the popularity of content within our solutions. This information is only processed in a way which does not identify anyone. We use the anonymize feature to anonymize your IP address and limit the amount of identifiable data is collected. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Our solutions are not intended for children under the age of thirteen (13) and we do not knowingly collect data relating to children.
We collect and use your personal data because it is necessary for:
In general, we only rely on consent as a legal basis for processing in relation to distributing event announcements via push notification.
You have the right to withdraw consent at any time. If you revoke consent for a particular purpose for which you had previously provided consent, we will stop using your personal data for that purpose after consent is withdrawn.
The normal legal basis for processing participant data is that it is necessary for our legitimate interests, including:
Identifying the participants at our event managing access to our event and online services allowing users of our solutions to recognize you as the author of private messages, group discussion posts, and activity feed posts you create; letting other participants find you in the app; protecting and demonstrating the integrity of the event game, where offered; protecting participants, employees and other individuals and maintaining their safety, health and welfare; promoting, marketing and advertising our events and offerings;understanding our participants’ behaviour, activities, preferences, and needs;improving existing products and services and developing new products and services;complying with our legal and regulatory obligations;preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;handling participant contacts, queries, complaints or disputes;managing insurance claims by participants;protecting us, our employees and participants, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us;effectively handling any legal claims or regulatory enforcement actions taken against us; and fulfilling our duties to our participants, colleagues, shareholders and other stakeholders.
Our service providers and suppliers.
In order to make certain services available to you, we may need to share your personal data with some of our service partners. We only allow our service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We impose contractual obligations on service providers to ensure that they (i) process personal data only under our instructions; (ii) assist us in fulfilling our obligations under applicable data protection legislation; and (iii) safeguard personal data in compliance with applicable data protection legislation.
We will disclose personal data when we believe that the disclosure is required by law, including to comply with a judicial order served on us or when we receive a request from law enforcement authorities. We will only disclose personal data to law enforcement authorities upon demonstration of lawful authority.
Our servers are located in Europe.
Our Service is accessible via the Internet and may potentially be accessed by any user around the world. Other users may access the Service from outside the European Economic Area (EEA). This means that where you chose to upload your data to the Service, it could be accessed from anywhere around the world and therefore a transfer of your data outside of the EEA may be deemed to have occurred. You consent to such transfer of your data for and by way of this purpose.
We will not retain your personal data for longer than necessary for the purposes set out in this notice.
We are committed to data security. We protect personal data through integrated physical, technological and administrative safeguards. Personal data is protected by security safeguards appropriate to the level of sensitivity of the data through (i) physical measures, such as secure areas; (ii) technical measures, such as encryption and secure servers; and (iii) organizational measures such as access policies based on the need-to-know and employee security through vetting and supervision.
However, if a personal data breach has occurred, we will notify you of the breach after becoming aware of the breach in accordance with applicable privacy legislation.
The EU General Data Protection Regulation (GDPR) and similar privacy legislation provide for certain rights with respect to your personal data, including:
You can correct the data published in your participant profile through our solutions or self-edit link. If you wish to exercise any of the above rights, please contact us using the contact details set out below.
Requests to exercise data protection rights will be assessed on a case-by-case basis. Not all jurisdictions require us to provide you with the rights listed above. In these jurisdictions, we may not be legally required to comply with your request. There may also be circumstances where we are not legally required to comply with your request because of exemptions provided for in applicable data protection legislation.
We will respond to your request within one month, free of charge unless the volume or complexity of the request requires a long process. We will notify you if we require an extension and may charge you a reasonable fee if the administrative cost of providing the information is excessive. If we refuse the request, we will provide justification.
We reserve the right, at our sole discretion, to update or modify this privacy notice at any time (“modifications”). Modifications to this privacy notice will be posted with a change to the “Updated” date at the top of this privacy notice. In certain circumstances, we may, but need not, provide you with additional notice of such modifications, including by email.
Please review this policy periodically, and especially before you provide any personal data. This privacy notice was updated on the date indicated above. Your continued participation in the event and use of our solutions following the effectiveness of any modifications to this privacy notice constitutes acceptance of those modifications. If any modification to this privacy notice is not acceptable to you, you should cease accessing, browsing and otherwise using our solutions.
Our solutions are provided to you as-is without any guarantee and you use them at your own risk. Our solutions contain material which is owned by or licensed to us, so you should not copy them without obtaining permission from the authorized owner. Any data you submit to our solutions may be publicly viewable. You are responsible for the security of Personal Data of other participants provided to you when you use our solutions. You can find out what data we collect and how it is used in our Privacy Notice.
YOU ACKNOWLEDGE AND AGREE THAT OUR SOLUTIONS AND THEIR CONTENTS ARE PROVIDED ON AN “AS IS”, “AS AVAILABLE” BASIS AND WE DO NOT MAKE ANY, AND HEREBY SPECIFICALLY DISCLAIM ANY, REPRESENTATIONS, ENDORSEMENTS, GUARANTEES, OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING OUR SOLUTIONS OR THEIR CONTENTS, INCLUDING, WITHOUT LIMITATION, ANY REGARDING OR ARISING FROM: (I) MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS; (II) COURSE OF DEALING, COURSE OF USAGE, OR COURSE OF PERFORMANCE; OR (III) TIMELINESS, ACCURACY, RELIABILITY OR CONTENT OF OUR SOLUTIONS AND ANY INFORMATION PROVIDED THROUGH OUR SOLUTIONS UNDER THIS AGREEMENT.
WE ARE NOT LIABLE FOR DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, EXEMPLARY, OR ANY OTHER DAMAGES (COLLECTIVELY, THE “DAMAGES”), ARISING OUT OF YOUR USE OR INABILITY TO USE OUR SOLUTIONS. THIS PROVISION OF: (A) OUR NEGLIGENCE; (B) OUR GROSS NEGLIGENCE; (C) ANY FAILURE OF AN ESSENTIAL PURPOSE; AND (D) WHETHER SUCH LIABILITY ARISES IN NEGLIGENCE, CONTRACT, TORT, OR ANY OTHER THEORY OF LEGAL LIABILITY. THIS PROVISION ENTITLED “LIMITATION OF LIABILITY” APPLIES EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF OR COULD HAVE FORESEEN THE DAMAGES. IN THOSE STATES THAT DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR THE DAMAGES, OUR LIABILITY IS LIMITED TO THE FULLEST POSSIBLE EXTENT PERMITTED BY LAW.ENTITLED “LIMITATION OF LIABILITY” APPLIES REGARDLESS
WE ARE NOT RESPONSIBLE AND NOT LIABLE FOR ANY INFORMATION, PRODUCTS, OR SERVICES PROVIDED BY OTHER WEBSITES THAT LINK TO OR FROM OUR SOLUTIONS.
4.1 YOUR RIGHT TO USE OUR SOLUTIONS.
We grant you a non-exclusive, personal, and revocable right to access our solutions.
You are responsible for protecting the confidentiality of your password(s), and for the acts and omissions of any third party that accesses our solutions through use of your password, as if such acts and omissions were your own.
4.3 PROTECTION OF PERSONAL DATA.
You may be provided with Personal Data of other users when using our solutions. You are responsible for protecting any Personal Data provided to you when you use our solutions. You agree not to make copies of any Personal Data provided to you within our solutions or to make use of such Personal Data other than those uses provided by our solutions.
4.4 CHANGES TO OUR SOLUTIONS AND PREMIUM FEATURES
We shall have the right at any time to change or discontinue any aspect or feature of our solutions, including, but not limited to, content, hours of availability, and equipment needed for access or use.
We reserve the right, in our sole discretion, to update or modify these Terms at any time (“modifications”).
Modifications to these Terms will be posted with a change to the “Updated” date at the top of this page. In certain circumstances, we may, but need not, provide you with additional notice of such modifications, including by email. Modifications will be effective thirty (30) days following the “Updated” date or such other date as communicated in any other notice to you.
Please review these Terms periodically. These Terms were updated on the date indicated above.
Your continued participation in the event and use of our solutions following the effectiveness of any modifications to these Terms constitutes acceptance of those modifications. If any modification to these Terms is not acceptable to you, you should cease accessing, browsing and otherwise using our solutions.
Please note that access to premium features may be subject to a fee and additional agreement(s), which we will provide to you for your approval before charging you.
You must obtain, pay for and maintain all software, hardware and anything else needed to use our solutions.
7.1 LAWFUL PURPOSES.
You shall use our solutions for lawful purposes only.
7.2 INTELLECTUAL PROPERTY.
Our solutions contain copyrighted material, trademarks and other proprietary information, which may include, but is not limited to, text, software, photos, video, graphics, music and sound. We own a copyright in the selection, coordination, arrangement and enhancement of such content, as well as in the content original, granted or assigned to us. You may not modify, publish, transmit, participate in the transfer or sale of, create derivative works, publicly distribute, publicly display, reproduce, publicly perform, or in any way exploit in any format whatsoever (including, without limitation, print and electronic formats) any of our solutions content, without our prior written authorization. This material includes, but is not limited to, the design, layout, look, appearance and graphics. You acknowledge that you do not acquire any ownership rights by downloading copyrighted material.
7.3 WORKS AND MATERIAL YOU SUBMIT TO OUR SOLUTIONS.
You shall not upload, post or otherwise make available on our solutions any works or material protected by copyright, trademark or other proprietary right without the express written permission of the owner of the copyright, trademark or other proprietary right and the burden of determining that any works or material are not so protected rests entirely with you.
You are liable for any damage resulting from any infringement of copyrights, trademarks, or other proprietary rights, or any other harm resulting from such a submission. For all works or material submitted by you to our solutions, you automatically grant, or warrant that the owner of such material has expressly granted, us a royalty-free, perpetual, irrevocable, worldwide, fully-paid up license to use, reproduce, create derivative works, publicly distribute, publicly perform, publicly display, assume any sound recording rights or moral rights of attribution or integrity, transmit, modify, adapt, publish, translate and distribute such material (in whole or in part) worldwide and/or to incorporate it in other works in any form, media or technology now known or hereafter developed (including, without limitation, print and electronic form, media and technology) for the full term of any copyright that may exist in such works or materials. Except as limited under applicable law, and subject to any functionality on our solutions allowing you to restrict access, you also permit any other user to access, view, store or reproduce the works or materials consistent with the provision entitled “Your Right to Use our solutions”.
7.4 NO UNAUTHORIZED ACCESS AND UNAUTHORIZED ACTIVITIED ON OUR SOLUTIONS.
All trademarks appearing on our solutions are the property of their respective owners. You gain no rights of any nature whatsoever in trademarks, service marks or trade names found in our solutions through your use of our solutions.
We neither endorse nor are responsible for the accuracy or reliability of any opinion, advice or statement made on or off our solutions by anyone other than one of our authorized employee spokespersons while acting in their official capacities. It is the responsibility of you to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content available through our solutions or through our solutions user. Advice of a professional may be necessary for you regarding the evaluation of any specific information, opinion, advice or other content.
Entire Agreement and Amendments. This Agreement is the entire agreement between us and supersedes all earlier and simultaneous agreements regarding the subject matter.
No Waivers, Cumulative Remedies. Our failure to insist upon strict performance of any provision of this Agreement is not a waiver of any of our rights under this Agreement. All of our remedies under this Agreement, at Law or in equity, are cumulative and non-exclusive.
Severability: If any portion of this Agreement is held to be unenforceable, the unenforceable portion must be construed as nearly as possible to reflect our original intent, the remaining portions remain in full force and effect, and the unenforceable portion remains enforceable in all other contexts and jurisdictions.
Captions and Plural Terms: All captions are for purposes of convenience only and are not to be used in interpretation or enforcement of this Agreement. Terms defined in the singular have the same meaning in the plural and vice versa.