1.1. In this Policy “We”, “Us”, “Our” or “DIGI Consulting” means DIGI Consulting Limited. registered in England, with a registered office at 21 Regis Place, 10 Llanvanor Road, London, NW2 2AP, United Kingdom and with company number 10749352. Our official website is www.digieva.net .
1.2. We develop and own various software products hosted and operated on hardware under our control or installable on our customers’ hardware; and we provide various software services to our customers via Internet. One of our main products is a Digital Hotel Receptionist (EVA) software using it to provide services to the hospitality industry and other business entities. In our General Terms and Conditions and further in this Policy our customers are named “End Users”.
1.4. The use of our product requires us to process personal data of our End Users and their customers, for and on behalf of our End Users. Our responsibility as a “data processor” is set in our standard Data Processing Agreement. It can be accessed and reviewed on our website www.digieva.net.
1.5. This Policy is intended to set our responsibility of “data controller” of the personal data of any individuals who may contact us directly, regardless of whether they have any contractual relationship with us or with our End User.
1.6. It must be noted that should you elect to use, or should you be interested in using our products and services for management of your commercial activity, you will be considered business entity, even if you are an individual. In such cases your relationship with us will be governed by our General Terms and Conditions for End Users of EVA Hotel Receptionist – Labelled Software and by our Data Processing Agreement, both available on our website.
1.7. Given that our products and services are designed for the hospitality industry, your contact with us will be considered as a business contact, unless you clearly advise that you act as an individual.
- DIGI Consulting as a Data Controller
We are the “data controller” of all personal data you disclose to us when you contact us either by visiting or using our website; or by emails, letters or other types of written communication; or by personally contacting a representative of ours; or by any other communication. We do not need and therefore will not process any sensitive data pertaining to your health, sexual orientation, cultural identity, political orientation, etc. We are committed to minimising the personal data we use in our communication with you.
- Collection and Use of Personal Data
Categories of Data We Collect
Personal data means any information relating to you which allows us to identify you. Specifically, we may collect from you the following categories of data: name, ID number, nationality, profession, possibility, company name, address, telephone number, email, location IP address, etc.
Your personal data will help us manage our communication with you. In particular, we may use your personal data for one or more of the following purposes: replying to the queries you have sent us; providing information about our products and services;; making marketing analyses and other marketing research; providing products and services requested by you; sending you our marketing materials; updating and improving our products and services; managing our legitimate business as a software services provider. We may profile your personal data for our marketing analysis purposes. We may also process your personal data if required by the applicable legislation.
Tracking and “cookies”
We may use Google Analytics and/or other tracking methods. Some of those methods use “cookies”. A cookie is a small file, which asks for permission to be placed on the hard drive of your computer. Once you agree, the file is added, and the cookie assists the web traffic analysis or your visits to a website. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about the webpage traffic and improve our products and services in order to tailor them to our customers’ needs. We only use this information for statistical analysis purposes. In no manner cookies give us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies and you will modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our products. A relevant Google policy applies towards the use of Google Analytics;
Retention of Your Personal Data
If there is no agreement between you and us, we will consider upon the period of retention of your personal data, which period will not be unreasonably extended. We will safely delete and destroy your data as soon as the purpose it has been processed for is achieved. If the period of retention of your data is not set in an agreement between you and us, you are entitled to require deletion of your data by explicit instructions in writing. Upon the receipt of such instructions we will safely delete and destroy your data without unreasonable delay and will notify you in writing. If, however the applicable legislation requires a longer period of retention, we will delete and destroy your data after expiry of the said period.
- Our Non-Disclosure Commitment
The purpose of collecting your personal data, as set out in section 3 above, normally does not require disclosure or transfer of your data to third persons. We will therefore not disclose or transfer your data to third persons, with the following exceptions:
- we may disclose data to regulatory bodies or other competent authorities if the applicable legislation so requires.
- Our Security Measures
DIGI Consulting will implement and maintain security measures to protect Customer Personal Data against unauthorised disclosure or access, accidental or unlawful destruction, loss, alteration. DIGI Consulting will continuously be monitoring the performance and the adequacy of the security measures and may from time to time modify and update the security measures.
Our staff control
We have implemented and maintain a data security policy for our staff and provide security training as part of the training package for our staff. Our employees and partners are required to conduct themselves in a manner consistent with DIGI Consulting’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Only our authorised staff will have access to your data and only in relation to the execution of their direct duties of operating and supporting our business activity. Each member of the staff has signed a special data security addendum to their agreements and undergoes periodic instructions and trainings about data security. DIGI Consulting’s staff will not process Personal Data without authorisation. Our security staff is responsible for the ongoing monitoring of DIGI Consulting’s security infrastructure, the review of the Software and Services, and responding to security incidents.
We maintain your data on our own servers and on servers of your trusted processors. The list of our processors is available at Appendix 1 to this Policy. We monitor our servers to ensure that there is no unauthorised access to any data stored thereon. We implement various methods and technologies to prevent and detect any intrusion or intrusion attempt.
We control and restrict the access to our premises, hardware, and documentation. Our premises require electronic code key access and are monitored by CCTV cameras. Only authorised employees and contractors have access to these premises. Entrants are required to identify themselves.
Our administrators are required to authenticate themselves through an authentication system in order to process personal data. Our software checks the credentials to allow the display of data to an authorized administrator.
All data records in our databases are protected with credentials, so that it is only readable through the graphical user interface (“GUI”) or the application programming interface (“API”) and only after a successful submission of valid credentials – e.g. username, password, etc.
- Data related Incidents
If we become aware of a data incident, we will inform you promptly and without unreasonable delay; and will promptly take reasonable steps to minimise harm and secure your personal data. Our notification of or response to a data incident will not be construed as an acknowledgement of any fault or liability with respect to the data incident.
- Your Rights
As a “data subject” you are entitled to request from us information about the personal data we hold about you and the purposes we are using it for. If we hold personal information about you, you can request:
- access to your personal data, including to request a copy of your personal data that we hold;
- rectification of your personal data that we hold about you if you find it to be incomplete or inaccurate;
- change of the way of processing, restriction or termination of processing of your personal data;
- transfer of your personal data in an electronic form to you or to a third party nominated by you.
- erasure of your personal information.
You can object to our processing of your data for direct marketing purposes by unsubscribing our mailing list or updating the settings for your app. You can address your requests to via email at email@example.com. Requests to unsubscribe our mailing list can be made by clicking on the “unsubscribe” link in any of our marketing emails addressed to you or via email request to firstname.lastname@example.org. To unsubscribe electronic communications, you must update your app settings. Should you withdraw your consent to the processing of your personal data, we will terminate the processing once we have received your withdrawal. You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your access request is clearly unfounded or excessive, or alternatively, we may refuse to comply with the request in such cases.
We may from time to time change this Policy. Any such changes will be communicated to you by way of an e-mail or a notice on our website.
- List of Data Processors:
- SendGrid – for sending emails
- Stripe, BlueSnap & PayPal – for handling payments
- DigitalOcean – hosting provider
- Google – reCaptcha