Privacy Policy

Effective May 4, 2020
Last updated on May 4, 2020

Welcome to the Privacy Policy for the ReportNest Web Application, developed Saturized d.o.o. Novi Sad, Serbia. Thank you for choosing our ReportNest Web Application.

This Privacy Policy applies to all personal data collected through the ReportNest Web Application, that is collected and processed by SATURIZED D.O.O. NOVI SAD, having its registered seat at Josifa Marinkovića 20, 21000 Novi Sad, Republic of Serbia, registration number: 20700297.

Saturized, as a data controller, collects and processes personal data relating to interactions on the Website and use of the tools and features of the ReportNest Application (as defined in Section 2). When you choose to create a user account on our ReportNest Web Application and use our Services, you will need to provide us with some of your personal information.

Since we take your privacy very seriously, we are committed to ensure that your privacy is protected. This Privacy Policy describes the type of information Saturized collects, what is the purpose of collection and process of your personal data, how we store them and what rights you have in relation to it. Therefore, we strongly urge you to read this Privacy Policy very carefully and make sure that you fully understand and agree with it. If there are any terms in this Privacy Policy you do not agree with, please discontinue to use the ReportNest Web Application and our Services.

We believe in full transparency, which is why we keep our Privacy Policy simple and easy to understand. However, if you have any concerns, please contact us at support@reportnest.com.

01

Terminology

The following terminology applies to these Use of Terms:

"Client", “User”, “You”, “Your” or “Data Subject” refers to any natural person that shares personal data with us;

Cookies” refers to small pieces of data stored on your device (computer, mobile or any other device). This information is used to track your use of the ReportNest Website and to compile statistical reports on website activity. For further information about the use of cookies and how you can manage them, please read our Cookie Policy, available here.

Consent” refers to your explicit, freely given, informed and unambiguous consent on the processing of personal data. Persons who are 15 years of age or older may give free consent to the processing of their personal data.

Controller” or “Data Controller” refers to the Saturized d.o.o. Novi Sad, that determines the purposes and means of the processing of personal data;

EEA” refers to the European Economic Area;

EU” refers to the European Union;

GDPR” refers to the EU General Data Protection Regulation available at https://eur-lex.europa.eu/eli/reg/2016/679/oj;

Personal Data Protection Act” and “PDPA” refers to the Act on Personal Data Protection of the Republic of Serbia (“Official Gazette of Republic of Serbia”; no. 87/2018);

Privacy Policy” refers to this Privacy Policy;

Saturized“, “We”, “Us”, or “Our” refers to Saturized d.o.o. Novi Sad and any of its affiliates;

Personal Data”, “Personal information” or “Data” refers to information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, either directly or indirectly (such as name, identification number, location data, URL address, or any other identifier to physical, physiological, genetic, mental, economic, cultural or social identity of that natural person). Therefore, data about a company or any legal entity is not considered to be personal data but registering on behalf of a legal entity may include sharing personal data. For example, the information in relation to one-person companies may constitute personal data where it allows the identification of a natural person. The rules also apply to all personal data relating to natural persons in the course of professional activity, such as the employees of a company or organization, business e-mail addresses like firstname.surname@company.com

Processor”, “Data Processors” refers to any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various service providers in order to process your data more effectively.

Processing” or “Data processing” refers to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

ReportNest”, “Web Application”, “Application” or “App” refers to the ReportNest Application made by Us and available at https://reportnest.com/;

Service” refers to ReportNest web application, services, features, software;

Supervisory authority” refers to an independent public authority that is authorized for the protection of your personal data in your country;

Third party” refers to a natural or legal person, other than you and us, who is authorized to process personal data;

USA” refers to the United States of America.

Any use of the above terminology or other words in the singular, plural, capitalization and/or he/she or they, are taken as interchangeable and therefore as referring to the same.

02

Controller

Saturized is a company registered and existing under the laws of the Republic of Serbia, having its seat at Josifa Marinkovića 20, 21000 Novi Sad, Republic of Serbia, registration number: 20700297 which, as a controller, determines the purposes and means of the processing of your personal data. Controller is responsible for your personal data.

03

What personal data do we collect?

  • Information you provide through creating the user account on ReportNest;

  • Information you decide to provide through getting in touch with us via e-mail;

  • Information we collect through the use of cookies in accordance with our Cookie Policy;

  • Information automatically collected; and

  • Information collected by using the company’s account on ReportNest.

A

Information you provide

We collect your personal data that you provide to us when registering at ReportNest and opening a user account, expressing the interest in ReportNest features and tools useful to you and your company.

Name, E-mail address. In order to register on ReportNest, you are required to provide your name and surname, and e-mail address.

Date of birth. You voluntarily provide to us your date of birth in order to be able to use some of the ReportNest features.

Business Information. In order to register for ReportNest and access your company’s ReportNest account, you are required to provide the name of the company and your position in the company.

Credentials. We collect passwords, password hints and similar security information used for authentication and account access.

b

Information you decide to provide through getting in touch with us via email

Additional Information. If you contact us directly via support@reportnest.com or we may receive additional data about you, such as your phone number, the content of the messages and/or attachments you may send us, and any other information you may choose to provide.

c

Information we collect through the use of cookies in accordance with our Cookie Policy

By using the cookies you agreed with, we may collect some of your personal data. Please read our Cookies Policy to see how we use them. We use analytic tools to help us measure traffic and usage trends for the Service. These tools collect information sent by your device or our Service, including the web pages you visit, add-ons, and other information that assists us in improving the Service. We collect and use this analytics information with analytics information from other users so that it cannot reasonably be used to identify any particular individual user.

D

Information we collect automatically

Technical Data. The information we collect automatically may include information like your IP address, device type, unique device identification number, browser type, broad geographic location (e.g. country or city-level location) and other technical information. We automatically collect that information when you visit, use or navigate the ReportNest website. This information does not reveal your specific identity (like your name or contact information), and is primarily needed to maintain the security and operation of our ReportNest website, and for our internal analytics and reporting purposes.

Your Usage Data. We collect and record data and sessions about how you are accessing and using the ReportNest web application. Such information may include personal data.

Mobile Device Access. We may request access or permission to some of the features from your mobile device (such as microphone, calendar, camera, contacts, reminders, SMS messages, storage etc.). If you wish to change our access or permissions, you may do so in your mobile device’s settings.

Mobile Device Data. We collect limited data from your mobile device in order to provide the Service and analyze our performance when you access ReportNest web app through your mobile device. Such data includes your mobile device type, mobile device id, operating system, version information, IP address and the date and time stamps of Service use. In addition, we deploy tracking technologies to help us gather aggregate, non-personal statistics.

e

Information collected by using the company’s account on ReportNest

By using ReportNest application and by communicating with the team members within the company’s user account, Saturized collects all information you enter, including your personal information. We do collect and store this information on MongoDB Database, that is secured by the password and firewall, but we shall in no way process that information.

All personal information that you provide to us must be true, accurate and complete, and you must notify us of any change to such personal information.

The ReportNest is solely intended for those who are at least 18 years old. By using the Service, you represent that you are of that age. If you are not at the required age, please stop using the ReportNest immediately. If you believe we have processed data of a person who is younger than 18, please contact us at support@reportnest.com.

04

Why do we collect personal data?

Saturized is a company registered and existing under the laws of the Republic of Serbia, having its seat at Josifa Marinkovića 20, 21000 Novi Sad, Republic of Serbia, registration number: 20700297 which, as a controller, determines the purposes and means of the processing of your personal data. Controller is responsible for your personal data.

Data we collect

Purpose

Legal Basis

Data we collect

Name and E-mail

Purpose

To be able to identify you on ReportNest and to open your user account.

Legal Basis

Processing is necessary for the performance of the Agreement.

Data we collect

Date of birth

Purpose

To share your date of birth with other team members within the company’s user account.

Legal Basis

Your consent - If you decided not to tick the opt-out box at the page on the Website where your personal data was collected, you may withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal. You can also contact us directly and request to withdraw your consent.

Data we collect

Additional Information

Purpose

If you send us an inquiry, we will collect data you decide to share with us.

Legal Basis

Your consent - unless providing personal data is necessary to provide a Service or part thereof, the provision of your personal data is not a statutory or a contractual requirement and you may refuse to disclose any data. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal.

Data we collect

Business Information

Purpose

To be able to create a user account and to access your company’s ReportNest

Legal Basis

Processing is necessary for the performance of the Agreement.

Data we collect

Personal Data collected through use of Cookies

Purpose

By using the cookies we collect some of your personal data to help us measure traffic and usage trends for the Service, to enable proper functionalities of features and tools at the Website, and to improve our Services.

Legal Basis

Processing is based on your consent you explicitly gave by accepting our Cookies Policy and allowing the usage of cookies. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal. You may block or opt-out any of the cookies used, in accordance with our Cookies Policy.

Data we collect

Technical Data

Your Usage data

Mobile Access Data

Mobile Device Data

Purpose

To manage and operate the ReportNest Application and Website keeping them updated and relevant, to measure your interest and improve our Services, to ensure that content on the Website is presented most effectively for you and your computer or mobile device.

Legal Basis

Your consent - unless providing personal data is necessary to provide a Service or part thereof, the provision of your personal data is not a statutory or a contractual requirement and you may refuse to disclose any data. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal.

05

What we do not do?

Saturized will never:

  • Sell any kind of personal information or data;

  • Disclose this information;

  • Process your personal data and information in any way other than stated in this Privacy Policy.

06

Processing the personal data

Saturized is the only processor of your data. We do not engage any natural or legal person to process your data on our behalf and for our account.

07

Personal data security

We take administrative, technical, organizational and other measures to ensure the appropriate level of security of personal data we process. Upon assessing whether a measure is adequate and which level of security is appropriate, we consider the nature of the personal data we are processing and the nature of the processing operations we perform, the risks to which you are exposed by our processing activities, the costs of the implementation of security measures and other relevant matters in the particular circumstances.

Some of the measures we apply include access authorization control, information classification (and handling thereof), protection of integrity and confidentiality, data backup, firewalls, data encryption and other appropriate measures. We equip our staff with the appropriate knowledge and understanding of the importance and confidentiality of your personal data security.

Your personal data is entered into the ReportNest application by using HTTPS encrypted protocol, that ensures that unauthorized persons will not access your personal data and information. We store your personal data and information on MongoDB Database, which is secured with a strong password and firewall. The access to this database is limited to only two authorized persons and the server allows them the access by recognizing their IP addresses and private keys. Furthermore, your username password is encrypted and cannot be returned.

08

With whom do we share your personal data?

Saturized utilizes external processors for certain processing activities. We use information audits to identify, categorize and record all personal data that is processed outside the company, so that the information, processing activity, processor and legal basis are all recorded, reviewed and easily accessible.

We have strict due diligence procedures and measures in place and review, assess and background check all processors prior to forming a business relationship. We obtain company documents, certifications, references and ensure that the processor is adequate, appropriate and effective for the task we are employing them for.

We audit their processes and activities prior to contract and during the contract period to ensure compliance with the data protection regulations and review any codes of conduct that oblige them to confirm compliance.

This is the list of processors with whom we share your personal data:

Processor

Role

Seat

Processor

Google, Inc.

Role

Analytics and Website Management

Seat

USA

Processor

Vimeo, LLC

Role

Analytics and Website Management

Seat

USA

Processor

Intercom, Inc.

Role

Website Functionalities and Preferences

Seat

USA

Processor

The Rocket Science Group, LLC (MailChimp)

Role

E-mail marketing services based on Cloud

Seat

USA

09

International transfer of your personal data and information

We collect your personal data in the Republic of Serbia and afterwards we store them on our servers located in Northern Ireland.

In the event that we transfer your personal data to other countries, we will transfer your personal data only:

  • To the countries within the EEA;

  • To the countries which do not form the EEA but are considered to ensure an adequate level of protection;

  • To the countries which do not belong to those specified under item 1 and 2, but only by applying the appropriate safeguard measure in accordance with the GDPR.

If we are to transfer personal data to the recipient in the USA, we will make sure that the recipient participates in the EU/US Privacy Shield Framework.

10

How long do we keep your personal data?

We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless otherwise required or permitted by law.

The period for which we store your personal data depends on a particular purpose for the processing of personal data within the use of ReportNest application. We retain personal data for as long as we reasonably require it for proper functionalities of all features and tools and our Services you and your company use on the ReportNest application. In determining data retention periods, we take into consideration local laws, contractual obligations, and the expectations and requirements of our customers and suppliers. We securely delete or destroy it when we no longer need your personal information, or when you request us to delete your information.

We keep the personal data we collect to provide our Service only until you have the active user account on the ReportNest Application. In the event that you and your company delete your user accounts, or if we block or delete them due to violation of our Terms of Use or other policies, we will immediately destroy or delete your information, unless otherwise prescribed by the applicable laws.

11

Your rights relating the personal data protection

11.01

Right of Access (Article 15 GDPR; Article 26 PDPA)

You can send us a request for a copy of the personal data we hold about you.

We have ensured that appropriate measures have been taken to provide such in a concise, transparent, intelligible and easily accessible form, using clear and plain language. Such information is provided in writing free of charge. It may be provided by other means when authorized by the Data Subject and with prior verification as to the subject’s identity.

We will provide you with the information about what type of personal data we collect, what is the purpose of collecting and processing, how we store them and for how long, with whom we share it, about your right to complain to the supervisory authority.

Information is provided to the Data Subject at the earliest convenience, but at a maximum of 30 days from the date the request was received. Where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months where necessary.

11.02

Right to Correction of Your Personal Data (Article 16 GDPR; Article 29 PDPA)

If the personal data we have about you is incorrect, you have the right to request that we correct those data. Where notified of inaccurate data by the Data Subject, we will rectify the error within 30 days and inform any third party of the rectification if we have disclosed the personal data in question to them.

11.03

Right to Be Forgotten or Right to Erasure (Article 17 GDPR; Article 30 PDPA)

You have the right to request from us that your personal data is deleted in certain circumstances including:

  • The personal data are no longer needed for the purpose for which they were collected;

  • You withdraw your consent (where the processing was based on consent);

  • You object to the processing and no overriding legitimate grounds are justifying us processing the personal data;

  • The personal data have been unlawfully processed; or

  • To comply with a legal obligation.

However, this right does not apply where, for example, the processing is necessary:

  • To comply with a legal obligation; or

  • For the establishment, exercise or defense of legal claims.

11.04

Right to Restriction of Processing (Article 18 GDPR; Article 31 PDPA)

If the accuracy of the personal data is contested, you consider the processing is unlawful but you do not want it erased, we no longer need the personal data but you require it for the establishment, exercise or defense of legal claims or you have objected to the processing and verification, you can exercise your right to the restriction of processing.

11.05

Controller’s obligation related to the rectification, erasure of personal data or restriction of processing (Article 19 GDPR; Article 33 and 34 PDPA)

We will communicate that we have done any rectification or erasure of personal data or restriction of processing to all recipients to whom we have disclosed your personal data, unless this proves impossible or involves disproportionate effort.

We will also notify you about those recipients, if you request that.

11.06

Right to Withdraw the Consent (Article 13(2)c GDPR; Article 15(3) PDPA)

If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented, unless there is another legal ground for the processing and unless otherwise we are obliged by the applicable law.

11.07

Right to Lodge a Complaint (Article 13(2)d GDPR; Article 21, 37 PDPA)

If you have any concerns or requests in relation to your personal data and its protection, please contact us at support@reportnest.com and we will respond within 30 days.

If you are unsatisfied with how we process your data, you may contact the competent supervisory authority.

In case you believe that we are processing your personal data contrary to the applicable law, you have the right to lodge a complaint with the supervisory authority located where you reside or work or where the alleged infringement took place.

11.08

Right to block or opt-out the Cookies

By using the cookies you agreed with, we are allowed to collect some of your personal data. Processing is based on your consent you explicitly gave by accepting our Cookies Policy and allowing the usage of cookies. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal. You may block or opt-out any of the cookies used, in accordance with our Cookies Policy. If you choose to remove or to reject cookies, this could affect certain features, tools or services of our Website.

12

Changes to privacy policy

We reserve the right to change Privacy Policy from time to time at our sole discretion. If we make any changes, we will publish the new Privacy Policy on our ReportNest website.

Where you have previously consented to our Privacy Policy, your continued use of the ReportNest after we make changes is deemed to be acceptance of the updated rules.

13

Contact us

If you have any questions or comments regarding our Privacy Policy and/or rights related to the personal data protection, please get in touch with us at support@reportnest.com.