Product Privacy Policy
Last updated: May 30, 2021
Our Product Privacy Policy describes our collection, use, disclosure, retention, and protection of your personal information as well as what your responsibility entails when using our services.
deBroome’s collection, storage, and use of personal data will continually be governed to comply to the GDPR as set forth by the European Parliament and PUL according to Swedish law. Clients are encouraged to take the same measures when using deBroome services.
If you have a question or request concerning the policy, please contact us at gdpr@deBroome.com.
1. Third parties
deBroome and our partners that we work with on a regular basis have agreed on how we treat personal information. The partners we choose are entrusted that they have full competence to treat personal information in the right manner to fulfil the purposes which are enlisted in this Product Privacy Policy.
When we feel you will benefit from our partner’s services, we may get in touch with them about your company's needs. We do not sell, trade, or rent users personal identification information to others.
2. deBroome’s treatment of client’s personal data
2.1. Contact info
The information of the client’s main contact, including name, phone number, email address, corporation, and corporation’s address, are collected to maintain communication between parties. Mainly, information is collected to respond to questions and concerns to help our clients improve their experience and the development of deBroome’s services. In addition, billing information may be collected to meet contractual obligations.
2.2. Feedback and testimonials
Clients may also receive a request to fill out a survey to let us know about their experience with our services. The responses may be used for client testimonials.
2.3. Publications
deBroome likes to showcase our services in the form of blogs and on social media, mainly LinkedIn. We always ask permission from our clients before publishing articles or interviews which will be published on our website and social media channels. These publishings are not only to promote deBroome services, but also to promote our client’s accomplishments. Our clients have the right to decline all these requests by deBroome. We may also present our services to potential clients in a closed setting.
3. deBroome’s treatment of user’s personal data
3.1. Google Analytics and Google Fonts
deBroome services collect information on the users within our brand portals including website visits, location, pageviews, and other general information collected by Google Analytics. deBroome uses this information for general statistical purposes. In sum, deBroome tracks engagement on our brand portals.
Furthermore, deBroome uses Google Fonts in it's platform, which may send telemetry data from your browser to Google.
3.2. Support
When users register on our brand portals, we do not address user’s personal information unless a client has a request. As a result, deBroome uses personal information on deBroome’s services to assist with customer support when needed.
4. Client’s treatment of personal data
4.1. Registration form
All brand portals are customized to the client’s needs. Therefore, some clients may choose to conceal their brand portals from the public. To protect a brand portal’s information, a client will decide what to include on a registration form to confirm identity of individuals.
4.2. Brand Portal Privacy Policy
Clients take responsibility for the processing of personal data according to their own personal Privacy Policy. Our clients have the possibility to include their Privacy Policy which then requires approval from each registered user upon logging in.
4.3. Responsibility
The client takes responsibility of a user’s personal information within a brand portal. Thus, the client is accountable for who has access to user information within their organization and outside sources in which they share the information.
4.4. User requests
Clients will process any requests from registrants including but not limited to providing, updating, and deleting personal information.
5. Sharing information
5.1. Clients sharing info
- User’s info: Clients take responsibility for the sharing of user’s information on deBroome’s platforms.
- Other’s info: If you provide personal information about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protection laws. Therefore, you need to confirm you have explicit consent to supply this information before doing so. In return, it is your responsibility to explain to them how we collect, use, disclose, and retain their personal information or direct them to read our Privacy Policy.
5.2. deBroome sharing info
Personally identifiable information: deBroome will not sell client’s identifiable information to others.
Non-personally identifiable information: deBroome shares non-personally identifiable information (such as anonymous number of sessions/pageviews, visit duration, and top countries) on our services to clients. This is to measure the engagement of their own brand portal. Our clients have the right to share this information. Non-personally identifiable information is stored for 38 months.
6. Storage of personal data
6.1. Location of server – Sweden
deBroome’s servers are located in Sweden.
6.2. Storage and processing
deBroome’s clients: Clients’ information collected through deBroome will be stored and processed in deBroome’s server location.
deBroome’s Brand Portals: Clients have the right to collect information within their local servers.
6.3. Deletion of data
deBroome retains personal information for the duration of our business relationship and afterwards for as long as it is necessary and relevant for our legitimate business purposes.
When information is deleted from our services, some information will remain in our backups until it automatically deletes at its scheduled time. Therefore, personal information is not completely deleted from deBroome’s services at the time of the request.
It is important to note that deBroome has its own backups that automatically deletes information periodically. Thus, if a client deletes personal information from a Brand Portal, it is not completely deleted from deBroome’s services until our backups are deleted.
7. Personal data security
7.1. Data protection – deBroome
deBroome will keep your information secure by taking appropriate technical and organizational measures. We are concerned with protecting your privacy and data, but we cannot guarantee that your information will not be accessed, disclosed, altered, or destroyed by a breach within our database.
deBroome takes responsibility of providing a platform that abides by the law of GDPR. This meaning that deBroome gives the client the ability to easily show and edit their Brand Portal’s Privacy Policy on deBroome’s services. Moreover, clients can filter out inactive users and delete user information.
7.2. Data protection – clients
When creating brand portals for clients, we apply secure socket layer technology (SSL). The certificate assures that information is kept private between the web server and the clients web browsers.
If you use a password to access our services, we advise you to keep your password safe and use discretion when sharing passwords with those in need of access to your Brand Portal. We do not share passwords with anyone without given permission.
7.3. Routine for a security breach
If a security breach should occur, deBroome will take the following actions:
- If the intrusion is successful, deBroome cuts the internet connection to avoid loss or destruction of data
- Analyze and reconfigure the firewall
- Increased preparedness and supervision
- Report to all clients, partners, and users in the database
8. Responsibility for damage
- deBroome’s responsibility: deBroome assures to take security measures to protect our services from vulnerability. Moreover, deBroome provides a platform to perform actions in accordance to the GDPR requirements. Therefore, we do not take responsibility if any damage happens to a user. deBroome is not accountable for any damage to our clients that is inflicted by our partners.
- deBroome client’s responsibility: deBroome clients take responsibility of any damage inflicted on a user.
9. Your rights
9.1. Right to stay informed
deBroome is completely transparent to our partners and clients on how personal data is treated and stored. If there occurs a breach in deBroome’s database, deBroome will inform our clients as soon as we have knowledge of this event. We will also inform on the measures we take to secure the system.
9.2. Right to delete information
At anytime, you can revoke the use of your personal data. While we will delete any personal information about you on our active database instantly within a reasonable period of time, we may retain information in our backups, analytics, to the satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
9.3. Request to access information
You can contact us at any time to request to access information that deBroome has about you. However, we will first take measures to verify your identity. deBroome will then ensure that you will be provided with a copy of the data we process about you. You can use this information for your own use.
9.4. Request to correct information
You can contact us at any time to correct any information that deBroome has about you.
9.5. Complying to your rights
deBroome will comply to any requests you may have in accordance to the law. deBroome has the right to refuse a request if deBroome believes it is outside of the GDPR laws. However, deBroome must supply a sufficient reason why. If you believe deBroome’s reasoning is unjust, you have the freedom to contact Information Commissioner's Office (ICO).
9.6. Privacy Policy updates
To abide by the law, deBroome will update this Privacy Policy occasionally. Therefore, we encourage our clients to stay updated by visiting this policy frequently.
Contact us
If you have any questions about deBroome’s collection and/or storage of data, or want to make a complaint, or want to be forgotten, please contact us at gdpr@debroome.com.
You also have the right to make a complaint with the Swedish Data Protection Authority also known as Datainspektionen, or your local data protection authority.