Privacy Policy

Nonlinear Soft SRL (“We”, “Us”, “Our”) has developed “The Drill” Web Application (“Application”) and thedrill.io (“Website”) to enable users to create and publish procedures templates, with the goal of that information being consulted, downloaded, or used by other people.

Features of the Application can be used as a Guest User (without creating an account), and the Application can be used to its full extent as a Registered User (creating an account).

In order for us to provide our services we need to process some of your personal data.

We care about your privacy and the protection of your personal data, which is why we have drafted this privacy policy for you. This document aims to inform you what we do with your personal data and your rights regarding your data.

By using our services you consent that you understand and agree to the terms laid down in this privacy policy.

This Privacy Policy covers:

Definitions
Types of Personal Data We Collect
How We Use Your Information
Data Privacy and Security
Transfer to Third Parties
Lawful Basis of Data Processing
Your Rights
How Long We Retain Your Data
Children’s Data
Erasing Your Personal Data
Further Information
Contact

Definitions

All capitalized terms seen below shall have the meaning as given in this section:

PERSONAL DATA: any information relating to an identified or identifiable individual, to the extent that such information is protected as personal data under Applicable Data Protection Law.

DATA CONTROLLER: the entity which determines the purposes and means of the Processing of Personal Data.

DATA PROCESSOR: the entity which Processes Personal Data on behalf of the Data Controller.

DATA SUBJECT: an identified or identifiable individual, who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an ID number, location data, an online ID or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

PERSONAL DATA: any information relating to an identified or identifiable individual, to the extent that such information is protected as personal data under Applicable Data Protection Law.

PERSONAL DATA BREACH: any unauthorized or unlawful breach of security leading to, or reasonably believed to have led to, the unauthorized or accidental destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

PROCESS OR PROCESSING: any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Types of Personal Data We Collect

In order for us to provide our service to you, we collect and process some personal data. We collect the following categories of data:

  1. Non-identifying information, such as the date and duration of your visit to our website, device and session data, and
  2. Personally identifying information, such as your name and email address.

We collect information in these two forms:

  1. Information you have provided us with: are data you have willingly provided, and
  2. Information automatically collected about you, this includes information that is automatically stored by cookies, information required for the proper functioning of the Application, and other session tools.

Aggregated Data

Aggregated data is information gathered and expressed in a summary form for purposes such as statistical analysis, and so is not personal data for the purposes of data protection law. Aggregated data are data such as: total number of installs or visitors in a given month; the date and duration of the visit etc. This data is evaluated anonymously for statistical purposes in order to optimize our services. This data is not used to identify you, thus it does not violate any privacy laws.

Cookies

Our website may use cookies to analyze user behavior and gather demographic information about our user base in general.

Internet Cookies are small pieces of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. The aim of the Cookie is to remember the user and record their activity so that the website can offer tailored services to its users, making for a better browsing experience.

The type of information includes the device type and browser you are using, network connection, IP address, information about the cookies installed on your device, support queries, and web analytics data.

These cookies will last for one year.

You can disable cookies in your browser settings. In order to do this, follow the instructions provided by your browser (usually located under “settings,” “help”, “tools” or “edit”). Many browsers are set to accept cookies until you change your settings. Refusing cookies may impact your browsing experience. For further information on the use of cookies, please visit www.allaboutcookies.org.

Payment method information

We (including our employees or contractors) do not have access to your payment information.

At the moment of payment, you are transferred to a https secure page on the website of Stripe.com or some other reputable payment service provider. That page may be branded to look like a page on our website, but it is not controlled by us.

Google Analytics

Our website uses Google Analytics, a web analytics service designed by Google, Inc. Google Analytics software uses cookies to analyze user behavior on our website. This is done anonymously. All data is gathered by cookies and stored on Google servers. For more information please check Google’s privacy policy at: https://policies.google.com/privacy

Data collected when you create an account

When creating an account you will need to provide the following data: name, email address. You may optionally provide data about your gender or workplace.

Third Party Data

We do not use data from third-party sources, such as opt-in lists or purchased lists. We only process your data after receiving your express consent.

How We Use Your Information

To provide and improve our Services: this may include sharing your information with third parties in order to provide and support our Services; to make certain features of the Service are available to you; to improve your overall user experience.

To provide customer support and contact you: reply to your questions, inform you in case there has been a change to our services.

For remarketing. Remarketing involves placing a cookie on your computer when you browse our website in order to be able to serve you an advertisement of our product or service when you visit other websites.

We may use a third party to provide us with remarketing services, such as Facebook or Google pixel. If so, then if you have consented to our use of cookies, you may see advertisements for our products and services on other websites.

Analyse statistical data: we analyse this data so that we can improve our services, this data is non-identifiable data.

To meet legal requirements: this includes complying with court orders, valid discovery requests, valid subpoenas, to prosecute and defend a court, arbitration, or similar legal proceeding, to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements and other appropriate legal mechanisms.

Data Privacy and Security

The security of your personal information is very important to us. We take all the necessary technical and organizational measures to adequately protect the data as a Data Controller by meeting the requirements of Art. 32 of the GDPR.

We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising, pseudonymisation and encryption wherever suitable. We monitor our systems for possible vulnerabilities and attacks. No unauthorized access to Processing systems is provided. Data is stored in a highly secure data centre offered by:

Amazon Web Services Ireland Limited

One Burlington Plaza, Burlington Road,

Dublin 4, Ireland

Since Internet-based data transmissions may have security gaps, absolute protection is not guaranteed. In the event that your personal information is acquired, or is reasonably believed to have been acquired, by an unauthorized person, or there is a threat to your rights or interests and applicable law requires notification, we will notify you of the breach by email. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

Transfer to Third Parties

We do not sell or share your Personal Data with strangers or other parties.

Lawful Basis of Data Processing

We process your data on the basis of Article 6(a) of the GDPR, which states:

“(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;”. If we use personal information for a purpose, which by provisions of law requires your consent, we will always ask for your explicit agreement and record your consent.

To process your personal data for a different purpose than that specified in the current Agreement, which by provisions of law requires your consent, we will always ask for your explicit agreement and record your consent.

Your Rights

As a Data Subject you have the following rights:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

How Long We Retain Your Data

Aggregated Data: We may store aggregated data for as long as deemed necessary in order to improve the performance and the quality of our services, and for a period of at least 2 years.

Session Cookies: 1 month

Data Gathered as a “Guest User”: Indefinitely

Data Gathered as a “Registered User”: We may store your data for an indefinite period of time as long as you are using our service, and for a period of 1 year after you closed your account, or until you make a request to remove your data from our database.

Children’s Data

Our services are not aimed at children, we do not collect data of children. In case we identify that data we have collected belong to children, we will automatically delete such data.

Erasing Your Personal Data

You have the right to have your data deleted from our systems if the personal data is no longer necessary for the purpose which we originally collected or processed it for, or if you object to the processing of your data and there is no overriding legitimate interest to continue this processing and the performance of our service isn’t affected by the erasure.

To have your data permanently removed from our database, you may submit your request by email at ana@thedrill.io, specifying the data and timeframe for which you want your information deleted.

We will respond to your request within 30 days from receipt, to the best of our abilities. In certain cases, this period may be extended by 2 months.

Further Information

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at admin@thedrill.io.

Please note that this Privacy Policy may change from time to time. If any major changes should happen to this Privacy Policy we will inform our registered members.

Date Published and Last Updated: February 24, 2020.

Get in touch

Company headquarters:

Nonlinear Soft SRL

Email address: admin@thedrill.io

Lecturii 38B, Parter, 022694 - Sect. 2, Bucuresti

Romania