Privacy Policy

This Privacy Policy constitutes a part of the Terms & Conditions of using “NetFocus” (hereinafter referred to as the “Product”). Any terms in this Privacy Policy starting with a capital letter and not defined herein shall have the meaning assigned to them in Terms & Conditions.

Who is the administrator of User’s personal data? 

1. The administrator of the User’s personal data is NetFocus.io Coompany Limited with its registered office in 71/120 Mu 4, Rawai Sub-district, Mueang Phuket District, Phuket Province, Thailand, with Business Registration Number 0835567034469 (hereinafter referred to as the “Administrator”, “Provider”, or “We”).

What is the legal basis of processing personal data and for what purpose personal data is processed? 

1. The basis for processing personal information by the Data Administrator is the necessity to perform the contract of rendering the Service within the Product, a party of which is the User, and the necessity to process data for legally justified purposes fulfilled by the Administrator. In European Union the legal basis for processing the User’s personal data is Article 6(1) of the GDPR (General Data Protection Regulation 2016/679).

2. The Administrator shall process the personal information of the User in order to provide Services within the Product and for settlement purposes, issuing invoices, as well as statistical and marketing purposes.

3. By legally justified purposes fulfilled by the Administrator, mentioned in point 2 above, We mean marketing of Administrator’s services, sending notices of payments or notices of necessity to complete the registration process, notifying the User of new functionalities within the Product, or any updates regarding the Service being rendered.

What kind of data is processed?

1. In connection with rendering the Service, the Administrator processes the following personal information of the User: name, e-mail, IMEI number and serial number of the User’s Device, payment information (e.g. credit card number, credit card expiry date, CVV number), current location data of the User’s Device, websites viewed on the User’s Device, names of application installed on the User’s Device and the usage time of these applications (in the case of devices with the Android operating system) or the usage time of applications connected to the internet (in the case of devices with the iOS operating system), and the list of files stored on the User’s Device (in the case of devices with the Android operating system).

2. Entering personal information during the registration process is required to operate the Service (without it, We are not be able to create a User Account, rendering the Service undelivarable). In particular, We require the User’s e-mail address, which acts as the login for User Account and is used for sending the User notifications related to the Product. We also collect information about devices that the User connects to the Service for monitoring and protection. This information is used for identifying these devices and in order to check whether the User is using the number of devices allotted to them according to the relevant subscription plan. We may take automated decisions on:

   1. extending the Service subscription for another period (in accordance with the Terms & Conditions),
   2. blocking the access to certain web pages and applications on the User’s Device in accordance with the settings the User makes in the Service. If the User does not agree with the automatic decisions, the User should inform the Administrator by sending an e-mail at contact@netfocus.io. At any time, the User can view and modify their personal information at https://console.netfocus.io/user.

What are cookies and why does the Administrator use them?

1. Cookies are small text files that are placed into the User’s device by websites and/or applications that the User visits. Websites use cookies and other technologies to function effectively. These technologies record information about the use of Website and the NetFocus Mobile App, including:

   1. browser and device data such as IP address, type of device, type of the operating system and Internet browser, screen resolution, name and version of the operating system, device manufacturer and model, language, installed plug-ins, installed add-ons;
   2. usage data such as time spent on the Website and in the NetFocus Mobile App, pages visited, links clicked, language preferences, the pages that led or referred the User to the Website, User’s behaviour on the Website and in the NetFocus Mobile App. We use Google Analytics on the Website and within the NetFocus Mobile App in order to help us analyse User’s usage of our Website and the NetFocus Mobile App as well as to diagnose technical issues with the Website or the NetFocus Mobile App;

2. We use the following categories of cookies:

   1. Necessary cookies

   • This type of cookies enables the User to use the Website and the NetFocus Mobile App and all their features, such as enabling access to the secure area of the Website and the NetFocus Mobile App. Without these cookies, the User may not be able to use all the features of the Website and the NetFocus Mobile App;

   2. Performance cookies

   • This type of cookies collects information about how the User uses the Website or the NetFocus Mobile App so that We can improve them in the future. For example, these cookies collect information on which pages the User visits most often and any error messages the User may encounter. The information collected by these cookies is anonymous. They do not collect any information that can identify the User personally. Based on this category of cookies, We use Google Analytics to monitor the Website’s and the NetFocus Mobile App’s performances and check the User’s activities to improve our services.

3. Functionality cookies

   • This type of cookies enables us to provide the User with the more personalized services. Thanks to them, the User can save their settings, username, language etc. on the Website or in the NetFocus Mobile App. The information that these cookies collect is anonymous.

4. Marketing cookies

   • We and our service providers may use marketing cookies (Google Adwords remarketing cookies) to display our advertisements to the User on other websites, which are affiliated with the Google Network. Whenever the User visits the Website for more than 10 seconds, performs more than three activities (clicks) and scrolls more than 50% of page, a marketing cookies file is saved on the User’s Device, which allows for the Provider’s advertisements to be displayed in the aforementioned websites, applications and online services. If the User does not want the cookies to be placed on the User’s Device, they can opt out by changing their cookie preferences. We use also Google Analytics remarketing features in combination with Google AdWords and DoubleClick features on various devices. The provider of these features is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
     
   • This functionality allows for the linking of targeted advertising groups drawn up by Google Analytics remarketing features with Google AdWords and Google DoubleClick functionalities between different devices. In this way, personalized advertising messages that have been tailored based on previous online behavior on one device (e.g., mobile device) can be displayed on another (e.g., tablet or desktop).
     
   • If the User has given consent, Google will link the User’s browsing history of websites and applications to the User’s Google account for this purpose. In this way, the same personalized advertising messages can appear on every device the User logs into using their Google account. The User can permanently opt out of remarketing/targeting by turning off personalized ads in their Google account after entering the following link: https://www.google.com/settings/ads/onweb/ .
     
   • Further information and data protection provisions can be found in Google’s Privacy Policy at: https://www.google.com/policies/technologies/ads/ .

Does the Administrator share User’s personal data with any third party?

1. The Administrator does not sell or rent the User’s personal data and to any third party. The User’s personal data may be provided to entities authorized to receive them under applicable law, including the competent judicial authorities. User’s personal data may also be shared with trusted entities, as outlined below:
   1. payment operators – currently the payment operator is Stripe. When the User makes payments, Stripe receives and processes the User’s transaction information such as credit or debit card number, expiration date of credit or debit card, CVV code, bank account information, purchase amount, date of purchase, payment method and the User’s e-mail address;
   2. location service providers – in order to render the Service of tracking the User’s Device location, We cooperate with entities that provide location services. We provide them information about the current latitude and longitude of the User’s Device as well as the IP address of User’s Device to provide the User with the approximate address of the User’s Device location and a map with the User’s Device approximate location;
   3. service providers – We can share User’s personal data and with our service providers such as website hosting providers, technical services providers (concerning the Product), marketing services providers, tax and accounting services providers, advisor’s services providers. User’s personal data shall be shared with such service providers on the basis of contracts between the Administrator and the service provider and only for the purpose of the contract implementation and execution.

How long does the Administrator store User’s personal data?

1. The User’s personal data are stored by the Administrator for the time of the contract and after the termination of the contract – for the the time necessary to service the User in the process of complaints, securing or pursuing claims, and fulfilling the Administrator’s legal obligations (e.g., resulting from tax obligations).

How to contact the Administrator?

1. The User can contact the Administrator in any cases concerning the User’s personal data processing and storage by e-mail: contact@netfocus.io

Does the User have to submit personal data?

1. Submitting personal information is voluntary, but it is indispensable for providing Services within the Product.

What are the User’s obligations and rights?

1. The User represents and guarantees that they are authorised to provide the Administrator with personal information for the purposes of processing necessary for the provision of the Service, and that the User was given necessary consents of persons whose personal information and other information pertaining them are submitted for processing, and that above actions do not infringe on personal rights of third persons.

2. The User shall have the right to:

   1. access their personal information at any time,
   2. modify it (complete it, update it);
   3. restrict the use of personal data;
   4. delete personal data in certain circumstances provided by the law;
   5. request confirmation whether the Administrator processes the User’s personal data, and if so, to request a copy of that data;
   6. request to transfer personal data, if it is technically feasible. Changes/additions of certain personal information may be done after logging in to the User Account.
   7. The User from the European Union has the right to submit a complaint to the Personal Data Protection Office, reachable at https://www.uodo.gov.pl/pl/p/kontakt

What are the conditions of data safety?

1. The Administrator shall use the most secure mechanisms for transferring data (personal information and information on the mode of payment) available on the market. The transmission protocol used by the Administrator, which ensures safe transfer of data via the internet shall be the SSL protocol (Secure Socket Layer v3). It is a type of protection which consists of encrypting data before they are sent from the User’s browser and decrypted them after they are safely received by the Product server. The information sent from the server to the User is also encrypted, and decrypted after it reaches its destination.

2. SSL encrypts, verifies, and ensures the integrity of messages. Upon establishing a connection with a safe (SSL protected) website, encryption keys are exchanged, which are then used for transferring data between the browser on the User’s Device and the Product server. Both the key exchange and the transmission are very difficult to decrypt. After connecting to a safe website, the User is informed of that fact in the following ways:

   1. in Internet Explorer, on the right side of the status bar a padlock is displayed. When clicked, the website’s security certificate (digital signature) is shown;
   2. in Google Chrome, Mozilla Firefox, Opera, Safari, and Microsoft Edge, the padlock is shown on the address bar. Clicking on it displays the website’s security certificate.

3. In SSL, identity certificates are used in order to verify the servers’ and users’ authorisations. These certificates are issued and signed by one of the trusted certificate issuers.

4. When entering a server holding a certificate issued by one of the renown certificate issuers, the User is guaranteed that the server is really the one it purports to be – the server’s identity is automatically verified and confirmed upon connection. Another element ensuring safety of transferred information is the organization of personal and payment mode data storage, including credit card data. They are stored on a server to which there is no access from the Internet – on an individual account with controlled access for a limited number of people.

5. For their own safety, the User should remember to log out from the Website upon finishing the session. To that end, the User should click the “Logout” button located in the top right corner of the page. Closing the browser is not the same as ending a session.