Last revised: October 25, 2018
i. The website located at https://www.bigleaf.net (the “Website”), including any services, features and content accessible or downloadable from the Website
ii. The web application located at https://app.bigleaf.net (the “Dashboard”)
iii. (i) and (ii), collectively (the “Sites”)
iv. The Bigleaf SD-WAN internet optimization service (“SD-WAN”)
v. any other Bigleaf application, service or product licensed, downloaded or otherwise accessed by such users through third party websites or sources
vi. (iii), (iv), and (v), collectively, (the “Service” or “Services”).
By “Personal Data”, we refer to data that relates to you as an identified or identifiable natural person. Personal data include your name, your address, your telephone number, your email address, your age, your gender, or a part of your credit card number, for instance.
Anonymous information, which we are not in a position to relate to you or to your business, does not qualify as Personal Data or Company Data and is not subject to the provisions of this policy.
1. Controller’s name and contact details
Controller in the sense of the General Data Protection Regulation (GDPR) and other data protection or data privacy laws in the Member States of the European Union or the European Economic Area and other guidelines with a data protection nature regarding the Services is:
Bigleaf Networks, Inc.
2850 SW Cedar Hills Blvd, Suite 130, Beaverton, OR 97005
The Controller is called “Bigleaf”, “we”, “our” and “us” in this Policy.
2. Contact details of the Data Protection Officer (DPO)
The Data Protection Officer of Bigleaf is:
2850 SW Cedar Hills Blvd, Suite 130, Beaverton, OR 97005
3. General information on data processing
We process Personal Data only when necessary for the performance of delivering the Service, when processing is necessary for compliance with a legal obligation we are subject to, or based on our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require the protection of your Personal Data.
3.1 Information Security
We and our employees understand the need for user privacy, and we maintain reasonable and appropriate security procedures to protect your information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data. Access to user data is strictly limited to specific individuals who are trained to respect user privacy. The access given to these employees is restricted to their need for such information for business purposes.
3.2 Third-party information storage
We may share Personal Data with vendors or agents working on our behalf for the purposes described in this Policy. For example, we may hire companies to assist with protecting and securing our systems or services. Any vendor or agent that we retain must comply with our data privacy and security requirements and are not allowed to use Personal Data they receive from us for any other purpose. Like us, they will never barter, trade, or sell access to your Personal Data. We remain responsible and liable under data protection laws if third-party agents we engage to process Personal Data on our behalf do so in a manner inconsistent with the applicable data protection laws, unless we prove that we are not responsible for the event giving rise to the damage.
You may find a list of third parties in section 11 below.
We recognise that we have a special obligation to protect personal information obtained from children. We will not knowingly collect personal information from any child, or process such information, without parental consent. For the purpose of this Policy, a child means any individual who is under the age of 16 (or the minimum legal age to consent to the collection and processing of personal information where this is different under applicable law).
We may share Personal Data with certain service providers in order to provide our Services to you. We use service providers for hosting, network connectivity, customer support, marketing, and advertising.
The transfer to such recipients is based on the respective legal basis set out in this Policy, and is limited to what is necessary for the described purpose.
We closely monitor our service providers in regard to data protection law compliance in order to keep your Personal Data safe.
3.5 Third country transfers
We transfer Personal Data to the following third countries: USA
To receive a copy of the respective safeguards, please contact us at firstname.lastname@example.org.
3.6 Retention periods
We will retain your Personal Data only as long as it is necessary to fulfil the respective purpose, unless we are required by law to store your Personal Data longer.
3.7 Automated Decision-Making
We do not use automated-decision making with regards to Personal Data, including profiling.
3.8 Company Data
In delivering the Services we may process “Company Data”, meaning data that relates to your business that is a customer of Bigleaf. Company Data includes your business name, business address, business telephone number, business email address, and detailed network traffic that your business generates. While Company Data is not subject to the same regulations as Personal Data, we will still treat your Company Data with care.
We process Company Data only when necessary for the performance of delivering the Service, when processing is necessary for compliance with a legal obligation we are subject to, or based on our legitimate interests, except where we believe such interests may be damaging to your business.
4. Use of our Sites
On our Sites, and through other documentation, we gather information you work with).
4.1. Information collected indirectly
We indirectly collect a variety of information through our sales partners and through your interaction with and use of our Sites. This information may include, browser settings, data collected through automated electronic interactions, application usage data, demographic information, geographic or geo-location information, statistical and aggregated information (“Other Information”). The processing is necessary for the purpose of our legitimate interests in accordance with Article 6(1)(f) of the GDPR, as we need this information to keep user data safe by detecting certain threats, and to provide you with the best possible experience.
Statistical or aggregated information does not directly identify a specific person, but it may be derived from Personal Data. For example, we may aggregate Personal Data to calculate the percentage of users in a particular country.
If we combine Other Information with Personal Data, we will treat the combined information as Personal Data.
4.1.1 Tracking Data
Traffic volume and patterns to the Sites, such as the number of visitors to a given website or page on a daily basis is typically referred to as “Tracking Data”. This type of indirectly collected information is gathered through various means, such as an IP address, which is a number that is automatically assigned to your computer whenever you are surfing the Web. Web servers, the computers that “serve up” web pages, automatically identify your computer by its IP address. When you visit any of our Sites, our servers may log your computer’s IP address.
To obtain these Tracking Data, we sometimes use third party analytics providers. The Third Party Analytics Providers and our Sites use “Cookies”, which are text files placed on your computer, to help us analyse how users use our Sites and to store information needed to deliver the Services. The information generated by the Cookie about your use of our Sites, including your IP address, will be transmitted to and stored by Third Party Analytics Providers’ servers. On our behalf, the Third Party Analytics Providers will use this information for the purpose of evaluating your use of our Sites, compiling reports on website activity, and providing other services relating to website activity. The Third Party Analytics Providers will not associate your IP address with any other data held by them.
You may find a list of our Third Party Analytics Providers in section 11 below
4.1.2 Third-party Cookies
You may find a list of the cookies used in section 11 below.
4.2. Information collected directly
We also collect Personal Data and other information that you voluntarily provide. It is entirely your decision to provide the requested information. However, we may not be able to deliver the Services and certain features of our Sites may not be available if you don’t provide some required information.
We keep all Personal Data collected directly confidential, and will only use the Personal Data for the particular purpose it is collected for. We will seek your specific permission for any additional use. We will never barter, trade, or sell access to your Personal Data without your specific consent.
4.2.1 User Accounts
When setting up an account on one of our Sites (“User Account”), you may be asked to provide Personal Data including, but not limited to, your name, email address, and your phone number. If you or your company choose to purchase any products, services, or other items for sale by us, you will be asked to provide payment details and the relevant full address for billing purposes.
As a user of our Sites, we may obtain your Personal Data when you register to use one of our Sites or Services, or other items for sale by us, or when you provide feedback about our products or services. The processing is necessary to perform the contract with you according to Article 6(1)(b) of the GDPR. As a user, we will use your Personal Data, unless otherwise prohibited by law, for the following purposes:
· To provide you with the products and services you request, including the Services.
· To communicate with you about your account or transactions with us and send you information about features of our Sites or Services or changes to our policies.
· To provide support including, but not limited to, troubleshooting, product or Service updates, patches and fixes, and other similar communications.
Furthermore, we will use your Personal Data for our legitimate interests according to Article 6(1)(f) of the GDPR to notify you about information about features of our Sites or Services, new releases and service developments, and to advertise our products and services in accordance with this Policy.
Any User Account data will only be stored until you decide to terminate your User Account. In case we are obliged to further store your Personal Data due to statutory retention requirements, your Personal Data will be barred for further use by us and only stored until such retention periods expire.
4.2.1 Personal Data provided by other means
Personal Data provided by you on our Sites by other means, e.g., via contact forms, will be stored in our service database and retained for the period necessary to fulfil our contractual obligations to you in accordance with Art. 6(1)(b) of the GDPR, unless a longer retention period is required by law.
5. Use of our SD-WAN Service
Our Services include our SD-WAN internet optimization service that routes and prioritizes network traffic.
5.1 Personal Data we Process
We don’t routinely process your Personal Data while transporting network traffic through the SD-WAN service. However, we may process your Personal Data or Company Data in certain situations, including:
I. To provide you with technical support, we may capture and store some of your detailed network traffic, which may contain Personal Data or Company Data. We will only use and retain these captures as needed to provide you with the relevant support and any needed product improvements.
II. In order to effectively manage the SD-WAN service we collect limited network traffic samples or headers that may contain basic Company Data, such as IP addresses. We may share this data with third parties such as data visualization providers as needed for the purposes of delivering the Services.
In the cases above, it is not technically feasible for us to deliver the Services without possible processing of your Personal Data. Without such processing we would be unable to provide you with our Services. The legal basis for our processing of your Personal Data is your contractual relationship with us (Art. 6(1)(b) of the GDPR).
6. Personal Data of Vendors
In order to provide our Services, we use vendors which provide their services to us. If you are a vendor or an employee of a vendor, we might collect your contact details. We do this to fulfil our contracts with our vendors or in order to enter into such a contract (Art. 6(1)(b) of the GDPR).
7. Your rights
You have the right to access your Personal Data that we hold about you and to correct, update, amend, suppress, delete or otherwise modify any Personal Data where it is inaccurate, or has been processed in violation of the applicable data protection regulations, unless we have to keep the Personal Data for legitimate business or legal purposes. When updating your Personal Data, we may ask you to verify your identity before we can act upon your request.
You may object to the use or processing of your Personal Data or withdraw consent to use your Personal Data at any time.
You have the following rights:
· The right to require free of charge (i) information whether your Personal Data is retained and (ii) access to and/or (iii) duplicates of the Personal Data retained. However, if the request affects the rights and freedoms of others or is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request;
· The right to request proper rectification, removal or restriction of your Personal Data;
· Where processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR, the right to object on grounds relating to your particular situation at any time. If you object we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds for the processing or the data is necessary for the establishment, exercise or defence of legal claims;
· Where processing of Personal Data you provided to us is either based on your consent or necessary for the performance of a contract with you and processing is carried out by automated means, the right to receive the Personal Data concerning you in a structured, commonly used and machine-readable format or to have your Personal Data transmitted directly to another company, where technically feasible (data portability);
· Where the processing of your Personal Data is based on your consent, the right to withdraw your consent at any time without impact to data processing activities that have taken place before such withdrawal or to any other existing legal justification of the processing activity in question; and
· The right not to be subject to any automatic individual decisions which produces legal effects on you or similarly significantly affects you.
To exercise the rights referred to above, please contact us email@example.com. You have the right to take legal actions in relation to any breach of your rights regarding the processing of the Personal Data, as well as to lodge complaints before the competent supervisory authority.
8. Changes to this Policy
We may change this Policy from time to time for various reasons such as changes to reflect in law and regulation, changes in industry practices and technological developments.
9. Third Parties
As described in section 3.2 above, third parties that we may share Personal Data with include:
As described in section 4.1.1 above, third party analytics providers include:
· Google Analytics
As described in section 4.1.2 above, third party cookie providers include:
· None currently