Privacy Statement for Personally Identifiable Information of Akeeba Ltd
Updated: June 25th, 2019
Akeeba Ltd (referred to as "we", "us", "Akeeba" or "Company") is committed to protecting your privacy and processing your personally identifiable information (referred to as "PII" or "personal data" or "personal information") with transparency. The PII we collect and process depends on the purpose of your visit and the service or services you have purchased or otherwise agreed to receive from us.
This privacy statement for personally indentifiable information:
For the purposes of this statement, personal information is understood to be any information which is relevant to you, with which your identity is or can be identified and which include, for example, your name, email address, physical address, VAT number, IP address (only when we have collected it in conjunction with directly identifying information) or the information you submit in your private tickets.
Akeeba Ltd is a limited company registered in the Republic of Cyprus with the purpose of providing software and services related to it, with registration number HE307966 and registered address Metochiou 51, IONIA building, flat 303, Egkomi, 1101 Nicosia, CYPRUS.
If you have any questions about your use of personal information you can contact the Data Protection Officer through the Contact Us form of our site or by emailing nicholas αt akeeba dοt cοm.
If you want a copy of your personal information kept on file ("data portability right") or delete the personal information we keep on file for you ("right to be forgotten") please log into our site and use the Data Rights menu item.
We collect personal information of our current and prospective clients through our web site. We never collect information in person, through any other means or using a third party representative.
User account information. At a bare minimum we need to collect your email address and your name (which could be a pseudonym / alias) to create a user account for you on our site. The email address must be real so we can contact you for matters regarding your account on our site and verify your identity in the event you want to exercise your data rights and / or request an operation which could have a security or privacy implication such as resetting your password.
Subscription related information. During the purchase of a subscription we will collect your IP address, the country based on your IP address and the User Agent string of the web browser you used when subscribing. This information is used to prove the legitimacy of the transaction should it be required, e.g. if there's a dispute over the charge. Moreover, the country and user agent information are used in aggregate form for internal reporting and taxation purposes.
IP address. Your IP address is temporarily collected whenever you are accessing our site in our web server's logs, our security software's logs and our download system's logs (only when downloading through our site or when downloading updates to our for-a-fee a.k.a. Professional editions of our software). This information is used to ensure the security of our web site and to prevent abuse. IP address information is not directly identifiable information but if it's stored in conjunction with your user account ID it might be an indirect identifier.
Support ticket information. Any identifiable information you provide when requesting support through our ticket system's private tickets feature including but limited to connection information to your site(s) and any other personally identifiable information you may volunteer. We use that information to provide you with technical and account support and, generally, to answer your questions and address your requests. Please note that when filing a public ticket or when you are providing your ticket system signature you have no reasonable expectation of privacy and as such any information volunteered in a public ticket is not subject to our privacy statement.
Contact form information. Any information you volunteer by submitting a contact form through this web site's Contact Us page. We use this information to respond to your requests.
Two Step Verification / account security. Information provided or generated in the course of setting up and using the Two Step Verification system for securing your account's log in. We use this information only for providing the Two Step Verification functionality of our site. Two Step Verification information is not directly identifiable information but if it's stored in conjunction with your user account ID it might be an indirect identified.
We do not allow minors (persons under the age of 13) to use our site. Any accounts found in violation of this term will be terminated without a refund and all information pertaining to that user account will be erased.
Providing an email address is mandatory for us to be able to communicate with you on matters pertaining to your account and verify that any requests made for your account come from you and not from an impersonator or other unauthorised person. You can opt-in to giving us your real name but it's not legally required; a pseudonym is adequate. However, in this case, we may not be able to provide assistance with your account if you get locked out since we'd have to verify your name with a valid identification document.
Your IP address in the context of taxation, security and abuse prevention is specifically exempt from requiring your consent per the European Union's GDPR. We are legally required to ensure the security of your personal information through any appropriate technical means and that includes collecting your IP address in that context.
Any other personal information is volunteered by you in order for us to be able to provide our services to you. You are not legally required to provide it but unless you do we won't be able to provide you the services agreed upon. Simply put, if you don't tell us what the problem is and give us the means to reproduce and troubleshoot it we can't do anything for you except tell you to read our documentation.
As we mentioned already, we process your personal information with transparency and as such we process your personal information per the GDPR and the local data protection laws for one of the following reasons:
We process your personally identifiable information (PII) to provide the software download and support services we have agreed upon when you subscribed to our services.
When logging in we automatically process your PII to protect you against unauthorized access to your account and ensure your account safety. We also display you parts of your PII for reasons of personalization of our site's pages and ensuring that it's clear who is the currently logged in user.
When you ask for a username reminder or password reset we automatically process your PII to provide the service requested.
When downloading our software we are automatically processing your PII to make sure that you have purchased access to the software you are trying to download and ensure that your account is not being abused.
When using our support ticket system we process your PII to reply to your request. We also automatically process your PII to send you automated email notifications about the handling of your request.
When using our contact form we process your PII to reply to your request. We also automatically process your PII to send you automated email notifications about the handling of your request.
When you are a subscriber we automatically process your PII send you automated transactional emails, i.e. reminders about your subscription expiration and any changes in your subscription's status with us.
There are certain obligations in accordance to local and international laws, as well as Directives and Regulations issued by the European Union. These legal obligations require the processing of your personal information. In other cases we may receive a court order or otherwise be legally obliged to process or convey your personal information to third parties.
When you are subscribing we are forwarded your PII from the Merchant of Record (Paddle Ltd and its subsidiaries). We send this information to our Accountants and Auditors to comply with local tax regulations.
We process your personal information to protect the legal interests of us and others.A legal interest exists when we have a business or commercial reason to use your information. Even then it must not be against what is fair to you and your best interests. Examples of such processing are as follows:
In case of a suspected abuse or an attempt to compromise, deteriorate, disrupt or otherwise interfere with of our services we may process PII to identify the perpetrator and pursue redress. Such steps may for example (not an inclusive list) include contacting the suspected offender or pursuing the matter legally.
In rare occasions we may send you a personal, manual email to address a concern regarding your subscription e.g. if there is an unexpected problem with your payment as we are notified by the company processing the payment.
In case of a serious security issue in our software where a public announcement is deemed inadequate we may send you an email informing you of the situation, the risks and what you can do.
If you have explicitly provided your consent the processing of your personally identifiable information draws its legality upon your explicit consent. You have the right to withdraw your consent at any time. However, any processing which took place before your consent's withdrawal is not affected.
While fulfilling our contractual or legal obligations your your personally identifiable information may be conveyed to our partners and subcontractors. These providers and suppliers are in contract with Akeeba with which they are obliged to uphold the confidentiality and protection of your personal information in accordance to the local data protection laws and the GDPR.
The recipients of your personal information are as follows.
Please note that when subscribing you are sending your personally identifiable information to Paddle Ltd and its subsidiaries for transaction processing purposes. This information is subject to the Privacy Policy of Paddle Ltd, a link to which is presented to you when you start the payment process with them.
Your personal information may be conveyed to third countries (countries outside the European Economic Area) in certain cases, e.g. when we use personnel or subcontractors outside of EU and EEA to provision support, or whenever this is mandated by law or if you have explicitly consented. All the Processors are obliged to comply and conform to the European Union's data protection norms and provide appropriate assurances regarding the remittance of of your personal information according to Article 46 of the GDPR.
In general, in the course of the creation and carrying out a business relationship we do not use automated decision making. The only automated actions are as follows:
In general, we do not perform any kind of automated profiling of our clients and web site visitors. We provide the same service to everybody. In case of an abnormally high number of downloads, support tickets or other signs of potential abuse we may manually process your PII on file to create a profile of your usual behaviour to determine if there is a potential problem with your account.
In general, we do not base our marketing activites on the personal information we have collected from our clients. We do not perform personalized marketing and we do not make use of profiling for marketing purposes.
Aggregate information such as the amount of income from each country or Operating System may be used to influence our marketing activities. However, no personally identifiable information or pseudonymized information will be used for these activities.
If we want to make a marketing campaign which includes your personally identifiable information, e.g. naming you as the recipient of a raffle, we will seek your explicit consent. In this case you have the right to withdraw your consent at any time. Any processing taking place or marketing campaigns launched before your consent withdrawal shall not be affected.
We retain your personal information for as long as we have a business relationship with you as evidenced by the existence of an active subscription or a log in to your account.
We are legally required to retain your invoicing information, both as an off-line backup and in the custody of our auditors, for a period of up to TEN (10) years after your purchase. This also applies to invoicing information you submitted to us before the current revision of this Privacy Statement took effect.
After SIX (6) months after the termination of our business relationship (explicitly: the expiration of your last subscription with us or your last log in to our site, whichever comes later) the following actions will be taken:
Other logs which may contain personal infomration such as server access logs and security logs are kept for up to FOURTEEN (14) months.
We may retain your personal information longer than that for regulatory, technical or legal reasons.
Your information may be stored longer than that in encrypted backups. However, we have technical means in place to remove your PII upon restoring those backups unless otherwise legally required, e.g. in assisting a criminal investigation.
You have the following rights with regards to the personally identifiable information we keep on file for you:
To exercise any of your rights we kindly ask you to use the tools offered on our site after logging in. Alternatively, or if you have questions about the use of your personal information from us, you can contact us through the Contact Form and use the appropriate contact category. Or you can contact our Data Protection Officer directly as explained earlier in this document.
According to the law, we will reply to your requests promptly and within 30 business days. If you have not received a reply from us for over three weeks (21 days) please retry contacting us with alternate means; most likely your request never reached us. Kindly note that we reserve the right to direct you to our site's tools and / or this Privacy Statement if your concern is readily addressed by it. Per the law, we reserve the right to not reply to your requests if they are too often or are otherwise in abuse of the provisions of the law.
Right to file a complaint
If you have exercised some or all of your rights to data protection and you still feel that your concerns about the way we use your personal data have not been addressed satisfactorily by us, you have the right to file a complaint by filling in the Contact Us form on our site. You also have the right to file a complaint with the Office of the Personal Data Protection Commissioner. On the relevant website you will find information on how to file complaints.
We may periodically modify or amend this privacy statement.
When this happens we will change the date on the top of the page and keep a change log at the end of this page. We do not have the technical means to notify our clients about any changes. We recommend that you re-examine this statement periodically so that you are always updated on the way we process and protect your personal information.
Our site uses small text files, known as Cookies, to enhance your experience and work better.
To learn more about the use of cookies on our site please consult our Cookies Policy. Links to this statement, our Cookies Policy and our Terms of Service can be found at the bottom of every page of our public (meaning: no user logged in yet) site.
NOTICE: The European Union's General Data Protection Regulation 2016/679 is in effect on May 25th 2018. Until then the Laws for Processing Personal Data Information (Protection of the Individual) from 2001 to 2012 are still in effect.