Effective Date: April 1, 2019
BUILTON provides pre-built digital business modules with machine learning capabilities to software developers via APIs or as complete applications to organizations.
We understand that as the provider of your organization’s digital business modules, you are placing your trust in us to handle your data responsibly, including your and your end users’ personal information. As our company is built by developers, we know the importance of data protection. And as end users of myriad applications, like anyone using our products or services, we value our rights to privacy.
On the off chance you read everything here and still have more questions or concerns about how we’re processing personal information, you can contact us by emailing email@example.com.
BUILTON processes two broad categories of personal information when you use our products and services:
Your personal information as a customer (or potential developer) of BUILTON - information that we refer to as Customer Account Data, and
The personal information of your end users, who use or interact with your application that you’ve built with our modules - this category contains both your End User Information (e.g. name, address, phone number, etc.) and End User Content (e.g. order data).
We process these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end users.
How We Process Personal Information When do we collect and process personal information?
When you visit our public-facing websites, such as www.builton.dev, make a request to receive information about BUILTON or our products, like a whitepaper or a newsletter;
When you contact our Sales Team or Customer Support Team; and
When you sign up for a BUILTON account and use our products and services.
We call this personal information Customer Account Data.
Data protection (aka privacy) laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of a controller based on the controller’s instructions. When we use your Customer Account Data, we’re acting as a controller; we’re deciding what information to collect and what to do with it. When we’re simply processing your end user’s data in the execution of your usage of our system, we are acting as a processor.
Basically, we use Customer Account Data to help us:
understand who our customers and potential customers are and their interests in our product and services,
manage our relationship with you and other customers,
carry out core business operations such as accounting and filing taxes, and
help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.
What Customer Account Data We Process When You Visit Our Website or Make a Request for Information and Why When you visit our website, use our chat box to talk with us, sign up for an event or request more information about us, we collect information automatically using tracking technologies, like cookies, or through web forms where you type in your information. We collect this information to provide you with what you request, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.
Information You Share Directly: In some places on BUILTON’s public-facing websites, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a newsletter or other interaction, or talk to our Sales or Customer Support Teams through our website chat. The specific personal information requested will vary based on the purpose of the interaction. We will ask you for information necessary for us to provide you with what you request (e.g., your email address if you want to sign up for a newsletter or your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer, like your particular use case, your company name, or your role at your company. If you sign up to receive ongoing marketing communications from BUILTON, like a newsletter, you can always choose to opt-out of further communications through a preferences page which will be linked from any marketing email you receive from us. Or, you can contact our Customer Support Team to communicate your choice to opt-out.
Note: We may collect information about you, as our customer or potential customer, from publicly-available sources so we can understand you better. We may use publicly-available information about you through services like LinkedIn, or we may obtain information about your company from third party providers, such as your industry, the size of your company and your company’s website URL.
What Customer Account Data We Process When You Communicate with Our Sales or Customer Support Teams and Why You may share personal information, like your contact information, with a member of our Sales or Customer Support Team when you communicate with them. We keep a record of this interaction. When you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. While we will take appropriate measures to protect any sensitive information you share with us, it is best to avoid sharing any personal or other sensitive information in these communications not necessary for these teams to assist you.
What Customer Account Data We Process When You Sign Up for and Log Into a BUILTON Account and Why
When you sign up for a BUILTON Account, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We gather this so we can bill you for your use of our products and services. Your billing address may also be used for tax calculation and audit purposes. We also collect some information automatically, like your IP address, when you log in to your account or when your software application makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
Information You Share Directly: When you sign up for a BUILTON account, you’ll be asked to give us your name, email address, your company name, organization and VAT number, and to create a password. We collect this information so we know who you are, how we can communicate with you about your account(s), and recognize you when you communicate with us through the dashboard or otherwise. We also use your email address to send you information about other products, services or events in which we think you may be interested. You can opt out of further marketing communications through your marketing preferences page linked from any marketing email you receive from BUILTON. Or, you can contact our Customer Support Team to communicate your choice to opt-out. Note: As a customer, you can not opt out from technical updates, e.g., notifications regarding predicted maintenance.
Information We Generate or Collect Automatically: When you sign up for an account with BUILTON, we’ll automatically assign you and your account(s) unique IDs and we’ll automatically generate API keys for each of your accounts. These are used like a username and password to make API requests. Instead of using these API keys, you can provide your own API Keys, and use them for authentication when making requests to our APIs. We keep a record of these credentials so we know it is you making the requests when your application uses them when making requests to our API.
Note that we also collect the IP address of your devices or servers when you make requests to our APIs. We also collect and process the information contained in the interactions when you use our APIs. For more information about how personal information is processed in that context, see the section below on “How We Process End Users’ Personal Information.”
All information we collect when you sign up for a BUILTON account and interact with your dashboard or our products or services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our APIs and services.
How Long We Store Your Customer Account Data BUILTON will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask us to delete specific personal information from your Customer Account Data (see "How To Make Choices About Your Customer Account Data" below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes or conducting required audits.
Here is an overview of how long we hold on to Customer Account Data in a form that can be used to identify you, unless there is a specific need or obligation to retain your information longer (like in the case of an open investigation, audit or other legal matter):
Customer Account Data stored in our customer relationship management system(s) is generally stored up to 7 years following closure of your account, notwithstanding any limitation periods and records retention obligations that are imposed by applicable law. Invoice records, including their digital equivalent, may be retained in identifying form by BUILTON for longer periods for accounting, tax and audit purposes depending on and in accordance with applicable tax law.
Your communications with BUILTON’s Customer Support Teams may be retained for up to 3 years after your account is closed.
Apart from the above, within 60 days following closure of your account, we will either delete other Customer Account Data or transform it such that it can no longer be used to identify you.
How To Make Choices About Your Customer Account Data Any requests about your data can be made by emailing firstname.lastname@example.org or contacting Customer Support.
Closing Your Account and Deletion: To request closure or deletion of your BUILTON account, you can email us at email@example.com or contact our Customer Support Team. You should know that closure and/or deletion of your account will result in you permanently losing access to your account and data in the account. Please note that certain information associated with your account may nonetheless remain on BUILTON’s servers in an aggregated form that does not identify you or your end users. Similarly, data, including personal information, associated with your account we are required to maintain for legal purposes or for necessary business operations (see “How Long We Store Your Customer Account Data” section above) will be retained after account closure until no longer needed.
Promotional Communications: You can choose not to receive promotional emails from BUILTON by following the unsubscribe or opt-out instructions in those emails. You can also opt-out by contacting our Customer Support Team. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts and other notices relating to your access to or use of our products and services.
Cookies and Tracking Technologies: How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies, please check out our Cookie Notice.
Other Choices About Your Customer Account Data: In addition, you can express other choices about your Customer Account Data (i.e., accessing, updating, deleting, porting, restricting its use or withdrawing consent for its use) by contacting firstname.lastname@example.org.
How BUILTON Processes Your End Users’ Personal Information Your end users’ personal information typically shows up on BUILTON in a variety of ways:
Your end users’ personal information - name, phone number, email - is stored only whenever you as a Customer require it for any further BUILTON APIs' usage, for example if you require an email address for login.
Communications-related personal information about your end users, like phone numbers for phone-based communications, IP addresses for IP-based communications or device tokens for push notifications, show up in our systems when you use or intend to use this information to contact your end user through use of our products and services.
Your end users’ personal information may also be contained in the content of normal usage of your products and services, for example, an Order associated with a particular end user. By sending and receiving this data using BUILTON, any personal data contained within is stored in our systems.
We call the information in the first two bullets above End User Information. The information in the third bullet is what we refer to as End User Content.
Data protection (aka privacy) law in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When we processes End User Content, we generally act as a processor. When we process End User Information, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain End User Information in the context of troubleshooting and detecting problems with the network.
What End User Information and End User Content We Process and Why We use End User Information and End User Content to carry out the necessary functions that enable us to provide pre-built digital business modules with machine learning capabilities to our customers. We do not sell your end users’ personal information with third parties for those third parties’ own business interests.
The particular end user personal information BUILTON processes when you, our customer, use our products and services and the reason we process it depends on how you use our products and services and which ones you use.
In many cases, you can store records of your activities on BUILTON, which may include your end users’ personal information. You may also have the option to use additional features or tools within our products or services that allow you to do things such as analyze the records, including end user personal information, in your BUILTON account. In those cases, we will process this information to provide you with the service you request.
In addition, records containing end user personal information may, from time to time, also be used in debugging or troubleshooting or in connection with investigations of security incidents, as well as for the purposes of detecting and preventing spam or fraudulent activity, and detecting and preventing network exploits and abuse.
How Long Do We Store End User Information and End User Content and Exercising Choices About End User Personal Information Details regarding how long your end user personal information may be stored on BUILTON systems and how to delete, access or exercise other choices about end user data will depend on which products and services you are using and how you are using them. Contact us at email@example.com for more information.
As a BUILTON customer, if the BUILTON product or service you use enables you to store records of your usage on our systems, including personal information contained within those records, and you choose to do so, then we will retain these records for as long you instruct. In some cases, use of extended storage may cost more. If you later instruct us to delete those records, we will do so. Please note it may take up to 30 days for the data to be completely removed. In some cases, a copy of those records, including the personal information contained in them, may nonetheless be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain End User Information transformed such that your end user cannot be identified.
When and Why We Share Your Personal Information Or Your End Users’ Personal Information We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent to do this. Further, we do not sell your end users’ personal information (whether contained in End User Information or End User Content). And, we do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so.
Below are the different scenarios under which we may share your data with third parties.
Third-party service providers or consultants: BUILTON engages certain third-party service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data. We may share End User Content with sub-processors who assist in providing our services, or as necessary to provide optional functionality like transcriptions. An up-to-date list of our sub-processors will be located here.
Compliance with Legal Obligations: We may disclose your or your end users’ personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If BUILTON is required by law to disclose any personal information of you or your end user, we will notify you of the disclosure requirement, unless prohibited by law. Further, we object to requests we do not believe were issued properly.
Affiliates: We may share your personal information or your end users’ personal information with an affiliate company, like a subsidiary of BUILTON AS. We and our subsidiaries will only use the information as described in this notice.
Business transfers: If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of BUILTON may continue to process data consistent with this notice.
Aggregated, pseudonymized or de-identified data: We might also share data with third parties if the data has been pseudonymized, de-identified or aggregated in a way so it cannot be used to identify you or your end users.
Automated Decision Making BUILTON may use automated decision making using a variety of signals derived from account activity to help Customers improve their organizations. This decision making is only enabled per Customer request and, in agreement with GDPR laws, it does not damage or produce any legal effects concerning the end user.
Handling Disputes Relating To Our Data Protection Practices We hope we can resolve any disputes relating to our data protection practices between us. You can raise your concern or dispute by emailing our Privacy Team at firstname.lastname@example.org or by writing to us at:
BUILTON AS Tordenskioldsgate 3 0160 Oslo Norway
How We Secure Personal Information We use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.
Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
To protect the confidentiality of your account and protect from unauthorized use of your account, you must keep your account password and API Keys confidential and not disclose them publicly or to unauthorized individuals - this includes accidentally distributing them in a binary or checking them into source control. Please let us know right away if you think your password or Auth Token was compromised or misused. For instructions on changing your password, follow the "Forgot password" flow from our Dashboard. For instructions on changing your API Key, go to the "API Keys" section under "Configurations -> Settings" on our Dashboard.
Other Information You May Find Useful Here’s some other information about our privacy practices, such as how we handle certain types of data like children’s data, what to expect if we make changes to our notice and the legal bases for processing personal information.
Information from Children We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for a BUILTON account. If we discover someone who is underage has signed up for a BUILTON account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for a BUILTON account, please contact us at email@example.com.
Changes to Our Privacy Statement We may change our Privacy Statement from time to time. If we make changes, we’ll revise the “Effective” date at the top of this statement, and we may provide additional notice such as on the BUILTON website homepage, dashboard sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.
Legal Basis for Processing Personal Information (EEA only) If you are from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org.