- overview of basic data protection principles,
- the information we collect,
- the ways and purposes we use your data for and grounds for data processing,
- situations when the information may be disclosed,
- your rights, data security, changes to the policy & other matters,
- recourse and arbitration,
- UXPin is the controller of all the personal data you provide when you use the UXPin software-as-a-service (the “Service”) website located at https://www.uxpin.com (the “Site”), UXPin means UXPin Inc., a Delaware corporation with a business address at 1134 W El Camino Real, Mountain View, CA 94040, United States, you may contact us at email@example.com;
- whenever you sign up to any functionalities of the Site, in particular to the trial period, newletter, download e-books, enrol a webinar or e-course etc. we may collect in particular your e-mail address and other given data such as: first name, last name, job position, company name, phone number or other submitted data; you provide all of your personal data voluntarily but we may point some of them to be obligatory to supply you at least with basic functions of the Service or other functionalities accessible via the Site; UXPin minimizes the scope of gathered data so we don’t collect data we believe to be unnecessary to achieve purposes they are collected for;
- we may also use the collected data for marketing purposes of our product and to let you know on the UX design conferences due to our legitimate interests and/or upon your consent which may be withdrawn any time; we won’t send you any other third party marketing messages; you may unsubscribe any time or explicitly object to be addressed any marketing communication by contacting us;
- we encourage you to test and subscribe to the UXPin Service; if you do so, please mind that we may need to process further personal data (such as evidential numbers (tax identity number, registration number in relevant court, administrative or commercial registers – in case of corporate entities), billing address and credit card information) – we will use them to supply our services and to process payments i.e. to perform the contract in accordance with the Terms of Service;
- your data may be disclosed to the trusted third-party recipients who supply UXPin with auxiliary payment processing or marketing services, etc. (listed here), and to our subsidiary – UXPin Sp. z o.o. a Polish (EU) company with business address at Aleja Grunwaldzka 186, 80-266 Gdańsk, Poland, TAX ID NO: PL5862274376, KRS: 0000400136;
- in order to secure high standards of data protection we won’t transfer your personal data to any third-party entities other than the ones located in United States and listed within the Privacy Shield Framework Principles or those located in European Union and which are subject to GDPR – EU Regulation 2016/679 of 27 April 2016 or other entities securing adequate data protection standards, unless you expressly consent or demand to do so;
- we will store your personal information only for the necessary period required due to the purpose of their processing, depending on the circumstances, i.e. for instance until full settlement of payments for your subscription or until you decide to unsubscribe from our mailing lists;
- we may practice profiling to assess if you have already subscribed to our Service and target you with relevant advertisements of UXPin products or the Services features but we don’t make material decisions upon the profiling results;
- shall you have any privacy related complaints or suggestions, you may contact us at firstname.lastname@example.org; it’s best to contact UXPin as the first step; you also have the right to lodge a complaint with a supervisory authority relevant for your country (for EU individuals see this link);
- please be informed that UXPin and its controlled subsidiaries do comply with the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from Individual Customers in the European Union member states or Switzerland to the United States, as stipulated in the “UXPin Privacy Shield Framework Policy”, accessible via Site at https://www.uxpin.com/privacy-shield.
- To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.
- You can also verify yourself our participation in the Privacy Shield program and validity of our entry by searching us on the Privacy Shield List that you can find here: https://www.privacyshield.gov/list.
- The Federal Trade Commission (FTC) has jurisdiction over UXPin’s compliance with the Privacy Shield and the UXPin shall be subjected to the investigatory and enforcement powers of the FTC.
The information we collect
When You use the UXPin Site and Service we may collect various information necessary to provide You the best experience and UXPin app features, such as:
When registering for an account on UXPin, we will collect the following information: (i) your e-mail address and (ii) a unique password. We may also collect information regarding your name and surname or company name, your team size, your role in a team, and telephone number. You submit all the data voluntarily but some of them may be obligatory to use certain functionalities of the Site.
When paying to use the Site, we may collect further information from you including: evidential numbers (tax identity number, registration number in relevant court, administrative or commercial registers – in case of corporate entities), billing address and credit card information. If you submit payment information, we do not store credit card numbers you may use to make payments on the Site. Payment information is passed on to, and may be stored by, our third-party payment processors (listed here).
It is your responsibility to give us current, complete, truthful and accurate information, and to keep such information up to date. UXPin will not be responsible for any problems or liability related to inaccurate or incomplete personal information, whether due to your failure to update such personal information or otherwise.
Nevertheless please note that UXPin does not gather sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual). Please refrain from supplying any of such information to UXPin in any communications.
Automatically Collected Information.
When you use the Site, we gather certain non-personally identifiable information from you, and this information can be associated with your Site account. This includes, but is not limited to, usage information, such as information on when, how often and for how long you use the Site, records of the way you use the Site as well as server log data such as a computer’s IP address, browser type, device information or the webpage you were visiting before you came to our Site.
Tracking and Third-Party Cookies.
Like many websites, the Site does not respond to “do not track” browser headers. But you can take steps to limit tracking by erasing cookies from your computer’s hard drive and by setting your browser to block all cookies or warn you before a cookie is stored.
The ways and purposes we use your data for and grounds for data processing
Performance of services.
We need the data you submit to supply you with the UXPin Service and fully enable you to take advantage of all the Site’s features hence the reason to process this information is to fulfil the contract and our legitimate interests such as performing our legal and contractual duties and commercial interest to provide you with a good service. We may also need this data to verify your identity to protect against fraud, comply with respective laws and to confirm your eligibility to use our products and services – minding in particular that UXPin Service is aimed solely for business purposes (as a B2B service).
We may use the collected information for the purposes for which you provided the information including, for example, to create and maintain a Site account for you or to respond to a question that you e-mail to us. The collected information may also be used, whenever necessary, to help us better understand your ways of using the UXPin products and behaviour so that we may make decisions about how we manage your account, offer discounts and provide the features and functionality of the Site to you.
Updates and Troubleshooting.
We may also use the collected information to contact you regarding updates or modifications to the Site, to help troubleshoot problems, for data analysis, testing, research, statistical and survey purposes or to alert you to changes in our policies or agreements that may affect your use of the Site.
Personalized Content and Enhancing UXPin Product.
Based on personal characteristics or preferences, we may use the collected information to personalize the content that you and others see in order to allow you to participate in interactive features of our Service at your personal convenience. We may also analyze collected information relating to your use of the Site in order to help us improve the Site and develop and improve UXPin's other products and services, i.e. to help market and provide new products and services that you might find interesting.
Promotional Offers and Other Design Related Communication.
We may use the collected information to provide you with promotional materials, personalize advertisements and offers or information that we feel may be of interest to you, especially but not limited to design news, conferences, webinars, etc. or other projects that UXPin is engaged in.
However, we will give you the ability to opt out of receiving such e-mails in accordance with applicable law. If you no longer wish to receive e-mail or other mail from us, please notify us by e-mail at email@example.com and include sufficient information for us to identify your account, including your name, e-mail address and the specifics of your request, or you can use the “unsubscribe” or “change your email preferences” link at the bottom of an e-mail message. However, after you unsubscribe to cease receiving e-mails, depending on the chosen setting or continuation of your subscription to the Service, we may still contact you via e-mail for administrative or informational purposes, including messages regarding the administration of your account (if you have one). We never provide your personally identifiable information to third parties for their own marketing purposes without your consent, which shall be voluntary – the absence of such consent shall in no way limit your ability to use the Service.
Third-Party Web Analytics.
UXPin may use third-party analytics providers and products to obtain, compile and analyze Information about how users are using and interacting with UXPin and/or the Services and about devices used. These analytics providers may use a variety of established or new tracking technologies or tools (including, without limitation, cookies, pixels, web beacons, HTTP cache, local shared objects and persistent identifiers) to recognize your computer or device and/or to collect or compile this information. We may use these information to improve your experience of using the UXPin Service and to improve the overall quality of our Service, as well for our own marketing purposes and practices such as to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you. We may also use this data to make suggestions and recommendations to you about UXPin services of features of Service or Site that may interest you as well as for other purposes described in sec. 3.1.-3.5. above. UXPin has no control over the technologies, tools or practices of the third parties that providing analytics products and services to UXPin.
Legal grounds for data processing
The legal grounds to process the information is mostly to provide you with the Services (fulfil the contract), enable you to use the Site and its features as well our legitimate commercial interests such as performing our legal and contractual duties (i.e. supplying you with UXPin services via the Site) and commercial interest to provide you with a good service and enable the marketing communication so that we can stay in touch. Therefore your data may be processed on more than one legal ground such as your explicit consent, contract fulfilment or our legitimate interest. Please note that in some cases we don’t need explicit consent to process the other data than those you submit to supply you with our services via the Site. We may also process your data on the grounds of our legitimate interest like to conduct and manage UXPin, to ensure our systems security. When we don’t process your data upon your consent or to supply you services via the Site (to fulfil contract) before we process such data we always consider and balance any positive or negative potential impact on you and your rights before we process your personal data for such legitimate interests and if the negatives would prevail – we would never process such data (unless we have your consent or are otherwise required or permitted by law).
Therefore – please find the reasons and legal ground for processing your data listed below:
- when we use your information or third-party web analytics to provide the UXPin Service or functionalities of the Site, manage your account, for updates and troubleshooting or for personalizing the content we use information submitted by you to fulfil the contract, for our legitimate interest to provide you with a best quality service and market our products or design-related events and based on our legal obligations,
- when we use your information to protect against frauds such as information submitted by you and from third-party web analytics – we do it for our legitimate interest to develop and improve how we deal with unwanted situations such doubling accounts, using one account by many users and starting many free trial periods by single user,
- when we use submitted information and third-party web analytics to provide you personalized advertisements, promotional offers, other design related communication or to improve UXPin product, we do it do perform our obligation to provide you a newsletter or contents of the Site or on the grounds of our legitimate commercial interest to develop our products and services, prepare new offers for customers, to define types of customers for future services or functionalities and to fulfil our legal and contractual duties efficiently,
- when we use your information, device data or third-party web analytics to manage your account, for updates and troubleshooting and to keep UXPin services running we do it to fulfil the contract and for our legitimate interest – to provide you with a good service, to fulfil our legal and contractual duties efficiently.
Disclosure of information
We share and disclose the information we collect about you as follows:
Third-Party Service Providers
We use contractors and third-party service providers who may collaborate with us on development or maintenance of the Site or Service and such third-party contractors or service providers may obtain access to the information you provide, including personally identifiable information. The third-party contractors or service providers are required to protect this information and must not use the information for any purpose other than to carry out the services they are performing for us, in a way described in their privacy policies.
As you can see we are really into transparency of data processing here at UXPin. Therefore, please find the categories of service providers we may share your data with:
- Payment services providers. Please note processing of payments will be subject to the terms, conditions and privacy policies of such third-party payment processor.
- E-mail services providers - we may disclose your e-mail address to third-party e-mail services providers for purposes of managing our e-mail communications with you.
- Advertising services providers - for instance, we may use third-party services to serve you ads across the web after you leave the Site. These are common advertising practices often called tracking or retargeting. As such, when you visit the Site, you may receive a cookie from a service provider so that these services can recognize your browser on third party websites for purposes of showing you an advertisement that we have selected. We may also learn more publicly available information on you from third-party service providers.
- Customer Support and general services providers - we use customer support platforms in connection with your submitted information to help you troubleshoot problems relating to UXPin, facilitate our communication via diverse means and other suppliers of general services like accountants, consultants, etc.
- Hosting and cloud computing services providers.
The actual list of Third-Party Service Providers and their Privacy Policies is available here.
We may disclose non-personally identifiable information to third-party partners in furtherance of our business arrangements with them, including without limitation to jointly offer a product or service to you or create interoperability between our products and services and the products and services of such partners.
Legal or Contractual Requirement.
We will use and disclose information where we, in good faith, believe that the law or legal process (such as a court order, search warrant, subpoena or other lawful requests by public authorities) requires us to do so, including to meet national security or law enforcement requirements. We will use and disclose information in other circumstances where we believe it is necessary to protect the rights or property of UXPin, our customers and/or third parties.
We may also disclose the information enforce or apply the Terms of Service and/or any other agreements between you and us or to investigate potential breaches and to protect the rights, property or safety of UXPin, our customers or others.
We may disclose this information to our affiliates for use as described in this Policy nevertheless such affiliates never determine the purposes and means of the processing of personal data but may solely supply auxiliary services to UXPin Inc. In the event of a merger, sale of capital stock or assets, reorganization, consolidation or similar transaction involving UXPin, the information we possess, including personally identifiable information, shall be transferred as a corporate asset to the acquiring entity, provided that such entity will continue to handle such information in accordance with this Policy.
In any case, UXPin maintains contracts with the aforementioned affiliates and service providers, restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations. UXPin may be liable if such parties fail to meet those obligations and we are responsible for the event giving rise to the damage.
Your rights, data security, changes to the policy & other matters
You may be entitled to benefit from protection deriving from the applicable laws of State of California and the “GDPR” – The EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation). Therefore, notwithstanding the particular information pointed out particularly in the Overview above, please be advised as follows.
Please note once again that UXPin Inc. shall be the administrator of any personal data that you may share with us or UXPin gathers when you use the Site. Please be informed that if you fail to provide that data when requested, we may not be able to supply you with our services via the Site. In this case, we may have to cancel your use of UXPin account but we will notify you if this is the case at the time.
We shall cease to process your personal data after your subscription to use the Services elapses or is terminated. After your subscription to use the Services elapses or is terminated, we may only process your personal data as required for: i) calculation of the Service and submitting any possible claims for payments for the Service that may be due to us; ii) determinations regarding any forbidden or unlawful use of the Service; iii) fulfill any particular obligations or entitlements deriving from applicable laws; iv) marketing, promotion and market or consumer preference research or for business or Service development – in this last example – with your separate consent (unless such consent is withdrawn) or until you explicitly opt out, which you are entitled to do at any time.
You can log into your account and view or amend your account information at any time. To the extent you decline to share certain information with us, we may not be able to provide some of the features and functionalities found on the Site. Please note that while changes to your profile information are reflected promptly in active customer databases, we may retain all of your information.
You are fully entitled to access, modify and even delete any personal data you have provided us with – in order to do so please communicate your request with an email sent to: firstname.lastname@example.org or send us a letter to the business address of our Company indicated above.
When you want to receive a copy of the personal data we hold about you or when you want to have any incomplete or inaccurate data we hold about you corrected or wish to delete or remove personal data where there is no good reason for us continuing to process it (object to processing) please contact us at email@example.com. Please note however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Please note that some legitimate interests such as full settlement of remuneration, UXPin security reasons or other legal retention requirements may supersede any right to erasure requests under data protection laws.
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. If you wish to exercise this right please contact us at firstname.lastname@example.org.
Withdraw consent at any time where we are relying on consent to process your personal data. Please note however that it does not affect the lawfulness of any processing carried out before you withdraw your consent. You may exercise this right by using in-app functionalities, unsubscribe link or other similar features we provide you with and – as always – by contacting us at email@example.com.
Please note that when you withdraw consent, any requests in relation to the modification, deletion or restriction of the processing of your data means that we may not be able to fulfil the agreement to supply Service or other Sites functionalities. In such case we may have to cancel your use of the UXPin services but at the time we will notify you if this is the case.
You have the right to transfer of your personal data to you or to a third party. If you wish to exercise the right we will provide to you your personal data in a structured, commonly used, machine-readable format, which you can then transfer to an applicable third party. Please consider that that this right only applies to automatically processed information which you initially provided consent for us to use or where we used the information to perform a contract with you. If you require this then please contact us at firstname.lastname@example.org.
Minding the above, at any time, you also have an opportunity to choose whether your personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you – using settings accessible to you via the Site or by contacting us by e-mail at email@example.com and including sufficient information for us to identify your account, including your name, email address and the specifics of your request.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Sometimes we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We do our best to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In such case you will be notified and we will keep you updated.
You have the right to file a complaint regarding the processing of your personal data at firstname.lastname@example.org. When we receive formal complaints, we will contact the person who made the complaint to follow up. We may work with the appropriate regulatory authorities, including local data protection authorities or Privacy Shield dispute resolution panels, to resolve any complaints regarding the processing and transfer of personal data that we cannot resolve with our users directly. If you’re willing to file a Privacy Shield claim - please find your relevant data protection authority here - if you are a EU citizen or please contact the Swiss Federal Data Protection and Information Commissioner.
Security of information
The information we collect about you is stored in limited access servers. We will maintain reasonable safeguards to protect the security of these servers and your personally identifiable information. We have implemented and continue to ensure that any personal data that you may share with us is secured with Secure Socket Layers (“SSL”) encryption, which aim to prevent any unauthorized third party from obtaining or modifying any electronically transmitted personal data. We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems. We restrict access to personal information to UXPin employees, affiliates, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
However, no security measures are 100% effective and we cannot guarantee the absolute security of your personal data or other personally identifiable information. We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission is at your own risk. Therefore we must expressly disclaim any representation or warranty, whether express or implied, with respect to ensuring, guaranteeing or otherwise offering any definitive promise of security in connection with the transmissions made when you use the Site but once we have received your information, we will use strict procedures and security features to try to secure your data.
Transfer to the U.S. or Other Countries.
UXPin uses facilities in the United States and Poland. Your information will be stored and processed in the United States, Poland or other countries where UXPin has facilities. When you use the Site, you consent to the transfer of information outside of your country, even if your country has more rigorous data protection standards. In particular, UXPin may transfer and process such personal data to the U.S. or other countries in accordance with the Privacy Shield Principles, as stipulated in our EU-U.S. or Swiss-U.S. Privacy Shield Framework Policy.
Children Under 13.
We do not knowingly collect information from children under 13 and the Site is not directed at children under 18. If you are a parent and believe your child under the age of 13 has used the Site and provided personally identifiable information to us through the Site, please contact us at email@example.com and we will work to delete that Site account.
How to contact us
If you have any questions about this Policy, please contact us at firstname.lastname@example.org or at the business address of our Company indicated above in the Overview part.
Recourse and arbitration
In compliance with the EU-U.S. Privacy Shield, we strive to investigate and resolve any and all complaints about the privacy and the collection or use of customer information outlined in this Policy. We maintain security incident management policies and procedures. We shall notify Customer and appropriate data protection agencies, in accordance with applicable data protection laws of any breach relating to Personal Data of which we become aware and which may require a notification to be made.
If you have questions about our participation in the Privacy Shield or have a complaint, please contact our Privacy Team at email@example.com.
UXPin will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy.
If you do not receive timely acknowledgment of your complaint, that is in 45 days, or if your complaint is not satisfactorily addressed, any unresolved privacy complaint can be referred to an independent recourse mechanism.
UXPin has committed to cooperate with the EU Data Protection Authorities (DPAs) and the Swiss Data Protection and Information Commissioner (FDPIC) as the Independent Recourse Mechanism (IRMs). UXPin will cooperate with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield.
UXPin shall comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.
UXPIN has agreed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities to resolve disputes pursuant to the Principles. A resident of the European Union (EU) whose inquiry has not been satisfactorily addressed may contact either the EU DPAs panel at firstname.lastname@example.org or individual EU DPAs using the information provided at https://edpb.europa.eu/about-edpb/board/members_en
Under certain conditions, and consistent with our IRM cooperation, you may also invoke a binding arbitration pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield. For additional information relating to your right to invoke binding arbitration, please view the information available at the following link: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
What Are Cookies.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the the Site. Therefore it is recommended that you do not disable cookies.
The Cookies We Set.
The Site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
The Site offers e-commerce or payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.
When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
In order to provide you with a great experience on the Site we provide the functionality to set your preferences for how the Site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Third Party Cookies.
The Site uses third-party analytics services for helping us to understand how you use the Site and ways that we can improve your experience. The actual list of Third-Party Service Providers and their privacy policies is available here. These third-party cookies may track things such as how long you spend on the Site and the pages that you visit so we can continue to produce engaging content and we can better understand how we can improve the Site for you. From time to time we test new features and make subtle changes to the way that the Site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the Site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell products it's important for us to understand statistics about how many of the visitors to our Site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
In some cases we may provide you with custom content based on what you tell us about yourself either directly or indirectly by linking a social media account. These types of cookies simply allow us to provide you with content that we feel may be of interest to you.
We also use social media buttons and/or plugins on the Site that allow you to connect with your social network in various ways. For these to work the following social media Sites including; Facebook, Twitter, will set cookies through our Site which may be used to enhance your profile on their Site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our Site. However if you are still looking for more information, you can always contact us at: email@example.com