GDPR POLICY

 

NinjaRMM is dedicated to growing its presence in the EU and doing its best to provide amazing customer service to its EU citizen members. As such, NinjaRMM takes the security and privacy of its EU citizen members very seriously. NinjaRMM is intent on complying with the European Union’s General Data Protection Regulation (GDPR) and has created the following policy and disclosures in accordance with GDPR.

0. Preamble

As a global company with customers in nearly every country in the world, protecting the personal data of our customers and their end-users continues to be a priority. GDPR represents an opportunity to continue our commitment in this area.

NinjaRMM already participates in the EU-U.S. and Swiss Privacy Shield Frameworks and is compliant with current applicable EU data protection rules. At NinjaRMM, our ongoing compliance review and actions build on our existing investments in privacy, security, and the operational processes necessary to meet the applicable requirements of GDPR by May 25, 2018.

Under the GDPR, the data protection principles set out the main responsibilities for organizations.

As an example, Article 5 of the GDPR requires that personal data shall be:

  1. a) processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes;
  3. c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  5. e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  6. f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.”

 

1. GDPR Data Processing Policy

NinjaRMM LLC (“NinjaRMM”) recognizes that the European Economic Area (the “EEA”) has established strict protections regarding the handling of EEA personally identifiable information, the EU General Data Protection Regulation (“GDPR”). In recognition of the importance of GDPR, NinjaRMM has adopted the following GDPR Data Processing Policy (the “Policy”).

This Policy is intended to ensure that you understand the following: (a) the entity that is collecting your personal data; (b) the purposes for which your personal data is collected; (c) how and why your personal data will be used; (d) the period during which your data will be retained; and (e) how you can contact NinjaRMM regarding your data.

This Policy supplements the NinjaRMM Privacy Policy located here and unless specifically defined in this Policy, defined terms in this Policy have the same meaning as they do in the Privacy Policy.

 

2. Entity/Data Controller

Any data collected through ninjarmm.com or any other website associated with (collectively the “NinjaRMM Websites”), or related to, the NinjaRMM Websites will be collected by NinjaRMM, LLC which is a limited liability company formed in San Francisco, CA USA with its principal place of business located at 111 New Montgomery Street, Suite 300, San Francisco, CA 94105.
 

3. Lead Data Protection Authority

The NinjaRMM Website’s lead data protection authority is:

NinjaRMM, LLC
111 New Montgomery Street, Suite 300
San Francisco, CA 94105 / USA
Telephone number: (+1) – (888) 542-8339
Email: dataprivacy@ninjarmm.com

You may lodge any complaints about NinjaRMM’s data processing with this Lead Data Protection Authority.
 

4. Data Processing Officer

You can contact the NinjaRMM Data Processing Officer by emailing dataprivacy@ninjarmm.com.
 

5. Categories of Data Subjects and Data Collected

NinjaRMM only collects data from users who either join, or engage with, the NinjaRMM Websites and products. NinjaRMM is committed to only collecting data that is necessary for NinjaRMM to provide the content and services of the NinjaRMM products.

The NinjaRMM Privacy Policy describes the categories of personally identifiable information that NinjaRMM may receive including: (a) name, (b) postal address, (c) e-mail address, (d) telephone number, or any other information the NinjaRMM Websites collect that is defined as personal or personally identifiable information under an applicable law or any other identifier by which you may be contacted online or offline.

Depending on which services you choose to use, NinjaRMM may require additional information, such as a company name, billing information (including billing address, phone number, credit card information), a mobile telephone number, a physical mailing address, and/or payment information. NinjaRMM may require information such as your social security number, or the equivalent, applicable tax ID, date of birth, bank account information and/or credit card information to verify your identity and provide this service to you.

You may also provide information to NinjaRMM such as the following: (a) information that you provide by filling in forms; (b) information provided at the time of registering to use NinjaRMM Websites; (c) information when you enter a promotion sponsored by NinjaRMM; (d) information when you report a problem with NinjaRMM Websites; (e) records and copies of your correspondence (including email addresses), if you contact NinjaRMM; (f) your responses to surveys that we might ask you to complete for research purposes; (g) details of transactions you carry out through the NinjaRMM Websites and of the fulfillment of your orders; (h) financial information before placing an order through the NinjaRMM Websites; and (i) your search queries on the NinjaRMM Websites.
 

6. Basis for Processing

NinjaRMM processes data based on (a) consent of the user; and (b) the necessity of the data for providing the services that users are contracting for when they become members of the NinjaRMM Websites. IF YOU DO NOT CONSENT TO THE PROCESSING OF YOUR DATA IN ORDER TO ACCESS AND USE THE NINJARMM WEBSITES, PLEASE DO NOT USE, OR ENGAGE WITH, THE NINJARMM WEBSITES.
 

7. Cross-Border Transfer

Data centers hosting NinjaRMM’s data, including user data, are located within the United States and the European Union. Accordingly, as an EU citizen, to access the services and content provided by NinjaRMM, your data may be transferred outside of the EU. By using the NinjaRMM Websites, you consent to the cross-border transfer of your data to receive access to the NinjaRMM Websites.
 

8. Potential Recipients

NinjaRMM does not provide your data to third party recipients who are not necessary to the services and content provided on the NinjaRMM Websites without your permission. Third parties who may receive your data so that NinjaRMM can provide the services and content on the NinjaRMM Websites include NinjaRMM’s cloud infrastructure provider and NinjaRMM’s third party marketing cloud and service providers.
 

9. Use of Data

Please refer to the NinjaRMM Privacy Policy located here for more information on how NinjaRMM uses your personal data.
 

10. Data Retention Period

NinjaRMM will retain your information for as long as your account is active or as needed to provide you services. If you no longer want NinjaRMM to use your information to provide you services, you may follow the “Withdrawal of Consent/Erasure” provision below. After closing your account, NinjaRMM will solely use your information as necessary to comply with any applicable legal obligations.
 

11. Security Policies for Data

NinjaRMM’s data security policy is detailed in the Privacy Policy located here. In summary, NinjaRMM has implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to NinjaRMM is stored on secure servers behind firewalls. Any payment transactions and other sensitive information will be encrypted using secure socket layer (SSL) technology. NinjaRMM follows generally accepted industry standards to protect the personal information submitted, both during transmission and once NinjaRMM receives it.

The safety and security of your information also depends on you. Where NinjaRMM has given you (or where you have chosen) a password for access to certain parts of the NinjaRMM Websites, you are responsible for keeping this password confidential. NinjaRMM asks you not to share your password with anyone.
 

12. Withdrawal of Consent/Erasure

If, at any point, you no longer wish to have your personal data processed by NinjaRMM, simply send an email to dataprivacy@ninjarmm.com with the phrase “consent withdrawn” or “erase” in the subject line. Your request should include your name, company name, email address and physical address. NinjaRMM will move expeditiously to stop the processing of your personal data and to remove your personal data from its systems. Please understand that, without access to your personal data, NinjaRMM may not be able to provide certain services. For example, NinjaRMM will not be able to send you communications, sales, offers, newsletters. Additionally, it may be impossible for NinjaRMM to fulfill purchases or sales without access to personal information.
 

13. Right to Correct, Access or Portability of Data and Associated Procedure

You have the right to have any inaccurate data corrected by a data controller. You also have the right to request access to your data or request that NinjaRMM make your data portable to another data controller. To affect any such request, you should send the request to dataprivacy@ninjarmm.com. Your request should include your name, company name, email address and physical address. NinjaRMM will endeavor to correct the data or to provide you your data in a simplistic and easily readable format as quickly as possible, but in no more than thirty (30) days.