INVICARA PTE LTD.
PRIVACY POLICY
Revision: 28 May 2024
Invicara Pte Ltd, located at 1 North Bridge Road #11-10, High Street Centre, Singapore 179094, and its subsidiaries and affiliates (“Invicara”, “we”, “us” or “our”) are committed to protecting your privacy. This Privacy Policy describes our practices in connection with the personal information we collect through your access to and use of our products and services, including your access to our open-source program called the “DigitalTwin-Factory”.
For clarity, this Privacy Policy does not apply to the collection or use by third parties of any personal information in connection with your use of software contributed by those third parties to the DigitalTwin-Factory, or your collection or use of any personal information of third parties in connection with their use of software contributed by you to the DigitalTwin-Factory, and we are not responsible for and disclaim any liability for their or your collection or use of personal information.
GDPR COMPLIANCE
When you are using or accessing our products and services, our collection, storage, processing and transfer of your information as described in this Privacy Policy may result in our acting as a data controller or a data processor on your behalf as defined in the General Data Protection Regulation (GDPR).
Where we act as a data controller, please review this privacy notice on how we process your data. Where we act as a data processor, please refer to your company’s privacy notice where they act as a data controller.
INFORMATION WE RECEIVE AND COLLECT
We collect, use, and transfer information from and about you to provide you with the best experiences with our products and services; to improve and secure our products and services; to respond to your inquiries and contact you regarding our products and services; to manage your relationship with us; to best serve your interests by customizing your experience and interactions with us; and for the other purposes described in this Privacy Policy. The type of information we may collect from or about you includes:
Name and Contact Information
Information including your name, email address, postal address, phone number, and similar contact information when you create a user ID to access our websites or applications, create a user profile, register for an event or other offering, make a purchase, or contact us for services, support or other reasons.
Login and Authentication Credentials
Username, security and authentication credentials including security questions and answers, and any unique ID number used to identify you and your associated information.
Demographic Information
Demographic information, such as your profile picture, language preference, ZIP code, office, business unit, country, preferences, and interests.
Purchase and Transaction Information
Information associated with your purchases such as your contact information including billing address, as well as the types of software that you use. We use a third-party payment processor and do not receive credit-card or other financial information.
Websites, Servers, Browsers Data
Information collected automatically when you communicate with us, access our websites and servers through a browser, application, or other client. This includes data about your visit, including the pages you view, the links you click, and other actions taken in connection with our websites and services. We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, operating system, access times, and referring website addresses. When you receive newsletters or promotional email from Invicara, we may use Web beacons, customized links, or similar technologies to determine whether the email has been opened and which links you click in order to provide you more focused email communications or other information in the future.
Usage Data
We require you to log-in when you activate and use our software and products, including our cloud services. We monitor and collect certain usage information. For example, we track your device, products, features and content you are using, and other usage data such as the date and time of use.
Channel Partners
We receive and collect your information if you make a purchase through our channel partners or ecommerce providers.
Data Supplementation
To keep our databases accurate and current, we may combine information you give us with information from public sources and trustworthy companies. For example, we may use services from other companies to ensure that we have accurate contact information and to tell us your geographic area based on your IP address so that we can provide you with more relevant content and offerings.
Contacting Us
When you contact us to request services, support or other information, we may keep a record of the communication and your contact information.
Location Information
We collect data about your location when you enable location-based services or features such as location derived from your IP address or data.
Third Party Information
Where permitted, we may collect your name, address, telephone number, email address, your company’s name and your role within your company, and other non-personal information from third parties who typically obtain this information from publicly available sites. Where permitted, we may also receive your name, address, telephone number, email address, your company’s name and your role within your company, and other non-personal information from third parties, such as individuals known to you, tradeshow organizers, or event partners.
We utilize content delivery networks (CDNs) to store and deliver files efficiently to users. These CDNs may replicate files across multiple geographic locations to improve performance and availability. As a result, files uploaded or accessed through our products and services may be stored in and retrieved from servers located in various regions globally. We take measures to ensure that data stored in CDNs is protected in accordance with our data security practices and applicable laws and regulations.
INTERNATIONAL DATA TRANSFERS
We store the information we collect from and about you in Singapore, India, the United States, Ireland, the United Kingdom, and/or such locations from where our products and services are served to you, regardless of where you reside or where the information originates. This information is accessed by Invicara affiliates, employees, contractors, business partners and service providers located throughout the world only as necessary for the purposes described in this Privacy Policy. You agree and consent to the transfer to, and processing and use of, your information in and from such location(s) where our products and services are served to you where privacy laws may be considered less strict than those of your jurisdiction. Providing us with information or continuing to use our sites and services indicates that you are agreeing and consenting to the collection, use, disclosure, management, and storage of information collected from you as described in this Privacy Policy.
Depending on the nature of the transfer, we may rely on other lawful measures, such as standard contractual clauses and adequacy decisions to provide appropriate safeguards for the personal information we transfer.
COOKIES AND OTHER TECHNOLOGIES
Cookies are pieces of code placed in your browser by a website server. Our browser-based products and services may use first and third party cookies. We set first-party cookies, and third parties set third party cookies in order to provide features and functions such as analytics. The different types of first and third party cookies we may use are session cookies, functional cookies, and flash cookies,. We may also use other technologies, such as beacons.
You can disable cookies through your browser settings. Please note, however, that disabling certain cookies may prevent you from taking full advantage of our browser-based products and services.
SESSION COOKIES
A session cookie is required to follow your progress throughout your use of our browser-based products and services to support their functionality. If this cookie is disabled, our products and services may not function properly. This cookie does not identify you personally and is not linked to any other information we store about you.
FUNCTIONAL COOKIES
Our browser-based products and services use functional cookies in order to collect the following information through our third party analytics providers, such as Google Analytics.
- IP address of the requesting device;
- Inferred geographic location via IP address;
- Device identifier;
- Date and time of access;
- Name and URL of the retrieved file;
- Website from which access is made (referrer URL);
- The browser used; and
- If applicable, the operating system of your computer as well as the name of your access provider.
The information collected is stored on third party servers located in such locations from where our products and services are served to you. We use these cookies to provide a smooth connection to and comfortable use of our browser-based products and services, to evaluate system security and stability, and to support other purposes, such as demand-oriented design and market research.
You may be able to prevent Google Analytics from collecting data related to your use of our browser-based products and services by downloading and installing a browser add-on.
FLASH COOKIES
Our browser-based products and services may use third party flash cookies to support their functionality.
BEACONS
Beacons are images, often transparent, that are placed in web pages in order to recognize certain types of information. We may use beacons in our browser-based products and services, in association with cookies, in order to monitor activity such as how you interact with content provided through those products and services and support demand-oriented design and market research. Disabling cookies at the browser lever may prevent beacons from tracking your activity.
SENSITIVE DATA
Your use of our products and services does not require us to collect or store any sensitive data (as may be defined under privacy laws) about you and we employ a variety of safeguards to help to secure and maintain the privacy of your personal data.
COLLECTION AND USE OF CHILDREN’S INFORMATION
Invicara products and services are intended exclusively for business audiences, and we do not knowingly collect any personal information from children. We will also not knowingly ask children under the age of 13 to provide personal information to us. Invicara strongly encourages you to talk with your children about communicating with strangers and disclosing personal information online and about using the Internet safely.
HOW WE USE THE INFORMATION WE COLLECT
We do not sell or otherwise disclose information we collect to others except as described in this Privacy Policy. Invicara may share your personal information with our affiliates. We may use your data for the following purposes:
Providing, improving and personalizing our products and services (directly or through our affiliates, employees, contractors, business partners, and service providers) |
|
Communication (directly or through our affiliates, employees, contractors, business partners, and service providers) |
|
Marketing and advertising (directly or through our affiliates and employees only) |
|
Other Legitimate Purposes (directly or through our affiliates and employees only) |
|
LEGAL BASIS FOR PROCESSING UNDER GDPR
Invicara may use the information we collect from and about you in several ways. This may be based on the consent you provide to us, the contract you enter into with us or for our legitimate interests. In certain circumstances we may need to process your data to comply with legal obligations that we become subject to.
REASONS WE SHARE THE INFORMATION WE COLLECT
In some cases, Invicara may share information we collect with vendors or agents working on our behalf for any purposes described in in this Privacy Policy. For example, we may share information for purposes of data processing or storage, delivering customer support, processing credit card payments, and sending emails on our behalf. In such cases, these companies will be contractually permitted to obtain only the information they need to deliver the respective services and are not allowed to use your information for any other purpose, except where required by law. Such vendors, business partners and agents must abide by our data privacy and security requirements and they are required to maintain the confidentiality of the information, except where required by law to disclose your information.
Invicara may also share information with carefully selected strategic partners who provide services and sponsor events that may be of interest to you. These companies are obligated to protect your information and use it in accordance with their own privacy policies and practices. We will make a list of those partners available to you on request.
Some Invicara services may be co-branded and offered in conjunction with another company. If you register for or use such services, both Invicara and the other company may receive information collected in connection with the co-branded services. The other company's use of your information is subject to such other company's own privacy policies and practices, and Invicara is not responsible for the privacy practices of, or use of your information by, such other companies.
We may access and/or disclose information we collect if we believe such action is necessary to: (a) comply with the law or legal process served on Invicara or any of our affiliates; (b) protect and defend the rights or property of Invicara (including the enforcement of our agreements), our affiliates or third parties; or (c) act in urgent circumstances to protect the personal safety of users of Invicara products and services or members of the public. If we merge with another company or reorganize some part or all of our business, assets, or stock (including if we file for bankruptcy or similar proceeding), we may share information we collect from and about you in connection with the merger or reorganization or filing. You acknowledge that such transfers may occur, and that any acquirer may continue to use information we collect from and about you as set forth in this Privacy Policy.
YOUR CHOICES AND CONTROLS
You may have the ability to view or edit information we collect from and about you online. To help prevent this information from being viewed by others, you will be required to sign in with your credentials (e.g. username and password). The appropriate method(s) for accessing your information will depend on which sites or services you have used. Some Invicara products or services may collect information that you may be able to access through alternative means of access described by the service. Or you can contact us at legal@invicara.com and we will contact you within 30 days regarding your request.
When you are using or accessing our products and services, our collection, storage, processing and transfer of your information as described in this Privacy Policy may result in our acting as a processor on your behalf and we may accordingly be deemed a “data processor” as defined in the General Data Protection Regulation (GDPR).
Your use of our products and services does not require us to collect or store any sensitive data (under the GDPR) about you and we employ a variety of safeguards to help to secure and maintain the privacy of your personal data.
DE-IDENTIFIED AND AGGREGATE INFORMATION
We may use your personal information to create de-identified and aggregated data, such as de-identified demographic information, de-identified location information, de-identified information about the computer or device from which you access our websites, or other analyses we create. De-identified and aggregated data are used for a variety of purposes, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this data within our company and/or with third parties for our or their purposes in a de-identified and/or aggregated form that is designed to prevent others from identifying you. However, we do not sell personal information to any third parties.
HOW WE KEEP YOUR DATA SECURE & CONFIDENTIAL
At Invicara we are committed to ensuring the security and confidentiality of your personal data. Taking into account the nature of your personal data and the risks of processing, we have put in place appropriate technical and organizational measures as required by applicable data protection laws to ensure an appropriate level of security and to protect:
- The security, confidentiality, and integrity of personal information;
- Against anticipated threats or hazards to the security, confidentiality, and integrity of personal information;
- Against unauthorized access to or use of personal information; and
- Against unlawful processing accidental destruction or loss of personal information.
Some of these measures we take include:
- We implement a cybersecurity risk management program aligned with the requirements of ISO 27001:2022 Information security standard.
- Technical controls include security monitoring, role-based access control, encryption,
- Implementation of security in our software development lifecycle, including secure coding practices, supply chain security, and security testing.
- Independent security advisory to the business.
- Resilient deployment of key systems
- Completion of regular security assurance testing of networks and systems
- Incident response management process aligned with recognised standards and best practice.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction. All staff working for us have a legal duty to keep information about you confidential and all staff are aware of information security and confidentiality. This includes:
- The security, confidentiality, and integrity of personal information;
- Against anticipated threats or hazards to the security, confidentiality, and integrity of personal information;
- Against unauthorized access to or use of personal information; and
- Against unlawful processing accidental destruction or loss of personal information.
RIGHTS OF DATA SUBJECTS
Under various privacy laws you have the right to:
- Request access to, rectification of, and/or erasure of your personal information;
- Object to the processing of your personal information and have the processing of your personal data restricted;
- Object to the processing of your personal information for direct marketing purposes.
- Withdraw your consent at any time if processing of your personal information is based upon your consent. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent;
- Receive your personal information in a structured, commonly used, and machine-readable format; and
- The right to lodge a complaint with your local data protection authority.
Note that there may be legal conditions or limitations on these rights. If you wish to inquire about or exercise your rights, please contact us.If you are in Europe, you may have the following rights under the GDPR:
- The right to be informed – of the nature of the personal data we process, why we process it, and with whom that information may be shared.
- The right to access your personal data.
- The right to rectify errors in your personal data.
- The right to the erasure of your personal data.
- The right to restrict our processing of your personal data.
- The right to portability of your personal data.
- The right to object.
- Rights related to automated decision making and profiling – we do not utilize automated decision making or profiling in our provision of our websites or our products and services.
- The right to complain to a Supervisory Authority.
Note that there may be legal conditions or limitations on these rights. If you wish to inquire about or exercise your rights, please contact us.
INVICARA DATA PROTECTION OFFICER
Invicara has a “Data Protection Officer” or its equivalent who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at the following address: legal@invicara.com.
QUESTIONS OR COMPLAINTS
If you have questions or complaints regarding this Privacy Policy or our practices, please contact us at legal@invicara.com and provide details on your question or complaint so that we may adequately respond.
CHANGES TO THIS PRIVACY POLICY
We may modify or amend this Privacy Policy from time to time at our discretion. When we make changes to this Privacy Policy, we will amend the effective date and the modified or amended Privacy Policy will apply to you and your personal information as of that effective date. We encourage you to review this Privacy Policy periodically to be informed about how we are using your personal information.