GDPR Policy for Plugins
miniOrange ("Us", "We", "Our" or the "Company") is committed to protecting the privacy of your information while you use our miniOrange Plugins. We’ve crafted the policy below to help you understand how our plugin collects and uses personally identifiable information.
Definitions
- miniOrange Plugin: This refers to all the Plugins published by miniOrange at any marketplace like WordPress, Drupal, Joomla etc.
- Customer Support Services: It involves screen sharing sessions, meetings and support by mail.
- miniOrange Servers: This refers to miniOrange service which is stored on secure cloud service AWS. miniOrange Users data is also stored with AWS.
- Third Party: This refers to customers using miniOrange services i.e. plugin with specific service to all its users.
- Personal data: This refers to information provided by you such as name, company name, address, phone number, email address, and any other information necessary.
Introduction
We protect your personal information using industry standard safeguards. We may share your information only with your consent or as required by law as detailed in this policy, maintaining your trust is our top priority, so we adhere to the following principles to protect your privacy:
We protect your personal information and will only provide it to third parties:
- with your consent;
- where it is necessary to carry out your instructions;
- as reasonably necessary in order to provide our features and functionality to you;
- when we reasonably believe it is required by law, subpoena, or other legal processes; or
- as necessary to enforce our User Agreement or protect the rights, property, or safety of miniOrange, its Customers and Users, and the public.
Personal Data Collection
miniOrange collects data provided by you while registering with miniOrange or through any other service while contacting miniOrange. We also collect data needed to provide miniOrange services. This data may contain different information as listed below:
We protect your personal information and will only provide it to third parties:
- When you register in the plugin, you provide us with information (including your name(optional), email address, phone number(optional), company name/website and password) that we use to offer you a personalized, relevant experience on miniOrange.
- When User contacts our Customer Support, User’s personal data is shared which is necessary for us to provide support where we can assist you with the plugin configurations, setup or any other issues while using miniOrange Plugins. The Personal Data you provided is used for purposes like answering questions, improving the content of the website, customizing the content, and communicating with the customers about miniOrange’s Services, including specials and new features.
- While using miniOrange Risk Based Authentication (RBA) services, device information is collected. The information collected for RBA is mentioned below under data used by the plugin.
- When you contact us using our support form, we collect information that helps us categorize your question, respond to it, and, if applicable, investigate any breach of our User Agreement or this Privacy Policy. We also use this information to track potential problems and trends and customize our support responses to better serve you.
- We do not collect email addresses from miniOrange production service for any marketing purpose.
In the miniOrange plugin, we collect the following information from users. This information is completely optional and collected only for the purpose of providing the service and kept confidential if collected.
- Customer Details: First name, last name, username, email, Questions and Answers of Security Questions, Phone Number, Company Name.
- Device Information: Location, Browser details, IP Address, Device Type, Time, Language, Useragent details, Device fingerprint.
miniOrange only uses your data in order to provide you with the service and keeps this data available only to the user that has provided the information or the third parties that the user has agreed to grant access to. The data is also provided to the respective Authenticator Application owner which is required for verification during login.
Use of personal data
Depending on the service of the plugin, miniOrange uses the information collected from users. For an example, your phone number and email address are used to send the one time passcode for 2FA Plugin. For Risk Based Authentication information like device type, location, IP address and time is required to identify the user and grant access based on the risk.
All data provided are stored with miniOrange which can be accessed through our site https://login.xecurify.com/moas/login where the user’s account is created while using the miniOrange Plugin.
miniOrange stores the license information which is specific to each customer and based on the plans. This information is solely used to provide the services to customers/users.
The other personal information like email address, phone number, company information is used for the purpose of billing and license information only.
Access to your information
Your data is only accessed by the authorized employee of the miniOrange which is used solely for the maintenance of your service provided by miniOrange, to provide your billing / payment details, to provide you the support to serve better.
Personal Data Processing Duration
Personal data will only be processed until we have a legitimate business. When we have no legitimate business, your data is stored securely until deletion.
During this period, if you request for data stored with miniOrange, you would have to give sufficient evidence of identity before we can provide you with this information. You can request this by contacting us at info@xecurify.com. Same would apply if you request for deletion of the personal data.
- User consent: End Users will be asked for consent if they agree to the terms and conditions of your website. If they deny consent, they will not be logged in and no data will be fetched.
- Encryption: All data that is in transit because of miniOrange is encrypted.
Your Rights under GDPR
- Right to be erasure: Information collected is stored in two places – Marketplace(WordPress, Drupal, Joomla,etc) Database and miniOrange Servers. Customers can delete end-user’s information if end-user requests.
- Right to object:In certain situations, the end user has the right to object to the data being processed insofar as such data have been collected for direct marketing purposes.
- Right to rectification: You have a right for clarification of inaccurate personal data. And change the data by providing complete information.
- Right of access: You have the right to obtain from us information concerning i.e. you have the right to request and get access to that personal data.
- Right to be informed: You have the right to be informed if we make any changes in the policy or any significant changes we treat your personal information.
- Right to restrict processing: Customers have the right to restrict the access to their personal data by signing mutual NDA with the specific terms and conditions.
- Right to data portability:The right to portability only applies to data that customer has provided with his own consent for the performance.
Changes in the Policy
We will notify you when we change this policy. We may change this Policy from time to time. If we make significant changes in the way we treat your personal information, we will provide notice by posting an announcement on the Website or sending an email prior to the change becoming effective.
Contact
If you would like to contact us with questions or concerns about our privacy policy you may contact us via any of the following methods:
Email us at: info@xecurify.com
Or call us at: +1 978 658 9387
Or you can fill form with your question/concern: https://www.miniorange.com/contact