Platform Privacy Policy
Effective date: 20 January 2020
Layerise ApS (”Layerise,” “we”, “us,” or “our”) provides a SaaS after-sales management platform that optimizes the post-sales communications and interactions of our business customers (Customers) with the customers/end-users of their products (“Individual Users”). This Product Privacy Policy explains how Layerise collects, uses, discloses, and otherwise processes Individual Users’ personal data on behalf of our Customers in connection with our Customers use of our products and services (collectively, the “Platform”).
Scope
Personal data refers to any data or information that can be used to identify a natural person, and are subject to applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR”). We use the term “Personal Data” throughout this Platform Privacy Policy to mean, as applicable, “personal data” (under the GDPR).
With respect to cases in which Layerise collects or receives Personal Data under and/or pursuant to the direction of our Customers, Layerise is acting as a data processor (under GDPR), and our Customers are the data controllers (under GDPR). To this end, if not stated otherwise in this Platform Privacy Policy or in a separate disclosure, we process such Personal Data as a processor/service provider on behalf of our Customers (and their affiliates) who are the controller that have collected the Personal Data.
Layerises’ processing of Personal Data in connection with the Platform is governed by this Platform Privacy Policy and our agreements with each Customer, including our Terms and Conditions and our Data Processing Addendum (in each case, a “Customer Agreement”). In the event of any conflict between this Platform Privacy Policy and the corresponding Customer Agreement, the Customer Agreement will control to the extent permitted by applicable law.
For detailed privacy information related to a Customer who uses our Platform to process Personal Data, please contact our Customers directly. We are not responsible for and have no control over the privacy or data security practices of our Customers, which may differ from those explained in this Platform Privacy Policy. This Platform Privacy Policy is also not a substitute for any privacy notice that our Customer are required to provide to their Individual Users, employees and other personnel authorized to use the Platform (“End Users”), or other users. An Individual User who seeks access, or who seeks to correct, amend, or delete Personal Data that is stored in our Platform on behalf of our Customers, in each case as permitted by applicable data protection laws, should direct their query to our Customers (the data controller).
This Platform Privacy Policy does not apply to any personal information collected by Layerise on our websites or through other channels for marketing purposes. For more information, please visit the Website Visitor Privacy Policy.
Collected and Received Personal Data through the Platform
Layerise might receive or collect Personal Data which is stored in or transmitted via the Platform by, or on behalf of, our Customers. This may include Personal Data such as contact information of our Customers Individual Users (first and last name, email or physical address, telephone number), purchase history, correspondence between End Users and their Individual Users. This Personal Data may be provided to us directly by our Customers or through third-party services such as connections and/or links to third party websites and/or services that Layerise enables Customers to integrate with and access through the Platform, including, without limitation, via application programming interfaces, workflows or webhooks (“Third-Party Applications”).
We also collect Personal Data from Customer Individual Users such as name, email address, phone number, address, profile image and data about Customer Individual Users use of our Platform. This Personal Data may be received or collected by us directly from our Customers and Customer Individual Users, through Third-Party Applications or by automated means, such as cookies (e.g. essential cookies) and web beacons through our use of sub-processors.
Our Use of the Personal Data
We use the data we collect in accordance with our Customer Agreements, to operate and provide the Platform and for related internal purposes, including: (a) enabling Customer Individual Users to access and use the Platform; (b) providing information about the Platform, responding to inquiries, complaints, and requests for support; (c) as we believe necessary or appropriate to comply with applicable law, enforce the terms and conditions that govern the Platform, protect our rights, privacy, safety or property, and/or that of you or others, and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity; and (d) improving our Platform, including by using aggregated and/or de-identified data.
Personal Data Sharing
We share the Personal Data we collect with (a) our Customers and End Users, to the extent the Personal Data pertains to End Users and Customer’s Individual Users; (b) sub-processors that help us provide, manage, secure and improve the Platform (you can see our list of third party sub-processors in our Data Processing Addendum); and (c) Third-Party Applications that you have set up for integration.
End Users that install or access any Third Party Applications may be required to accept privacy notices provided by those Third Party Applications. Please review those notices carefully, as Layerise does not control and cannot be responsible for these Third Party Applications’ privacy or information security practices.
We may also share Personal Data with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (a) comply with applicable law; (b) enforce the terms and conditions that govern the Platform; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, in the event of active or prospective litigation or arbitration, for regulatory compliance efforts and/or audit.
The Process We Use to Secure and Protect Personal Data
The security of Personal Data is important to us. Layerise uses generally accepted physical, electronic, and procedural safeguards to protect Personal Data submitted to us (both during transmission and once it is received) from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with applicable law to protect the Personal Data.
Customers must prevent unauthorized access to End users’ account and Personal Data stored in the Platform by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. We also recommend that our Customers take steps to protect against unauthorized access to any devices, networks and applications (including Third Party Applications) connected to, or integrated with, the Platform.
We endeavor to protect the privacy of End User accounts and the Personal Data we store in the Platform. Unfortunately, we cannot guarantee that any safeguards or security measures will be sufficient to prevent a security problem. See the data security section on our website and the Customer Agreements for additional information regarding Layerise’s information security practices.
Data Retention
We retain Personal Data so long as Layerise’s contractual obligations remain with our Customers. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in aggregated and/or de-identified data but not in a way that would identify Customer, End User or Individual Users.
Privacy Policy Regarding Processing Personal Data under the General Data Protection Regulation (GDPR)
Customers are the data controllers of Individual Users’ Personal Data. As such, Customers are responsible for receiving and responding to requests from their Individual Users and other individuals to exercise any rights afforded to them under applicable data protection laws. If requested to remove Personal Data by a Customer, we will respond within a reasonable timeframe and in accordance with the Customer Agreements.
Because we may only access a Customers’s data upon their instructions, if Layerise receives a data subject request directly from a Customer Individual User using our data subject access request page, Layerise will inform the Customer Individual User to contact the Customer directly about any request relating to his/her Personal Data such as access or deletion, and to the extent that the applicable data protection law does not prohibit Layerise from doing so, we will refer their request to the Customer they specify in their request. Layerise will not further respond to a data subject request without Customer’s prior consent and will assist Customers in responding to such requests as set forth in the Customer Agreement.
Legal Grounds
We only use your Personal Data as permitted by law. Our legal grounds for our collection and processing of the types of Personal Data is based on one or more of the following: (a) Consent: the consent you provide to us when you share or submit your Personal Data with or to us; (b) Legitimate Interest: our “legitimate interest,” as defined by GDPR, or the legitimate interest of a third party, including you. For example, we may use your Personal Data to administer and conduct our business with you, and to respond to your requests, inquiries and complaints; (c) Contract: our performance of a contract; and (d) Legal Obligation: our compliance with a legal obligation that we are or may be subject to.
| Category of data | Source of data | Purpose of processing | Grounds for processing | Retention period or criteria |
|---|---|---|---|---|
| End Users | From the Platform and Third-Party Applications | To provide the Platform, communicate with the Customer & comply with an applicable law | Contractual, legal obligation, legitimate interest & consent | 5 years or until no longer applicable, whichever occurs first |
| Individual Users | The Platform | To provide the Platform & comply with an applicable law | Contractual, legal obligation, legitimate interest & consent | 5 years or until no longer applicable, whichever occurs first |
Changes to This Platform Privacy Policy
We may update our Platform Privacy Policy from time to time. We will notify you of any changes by posting the new Platform Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Platform, prior to the change becoming effective and update the "effective date" at the top of this Platform Privacy Policy.
You are advised to review this Platform Privacy Policy periodically for any changes. Changes to this Platform Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Platform Privacy Policy, you can contact through our contact options here. You can also make requests for certain information as described in this Platform Privacy Policy using our data subject access request page located here.
