The https://www.yodeck.com website (the “Website”) is provided by Flipnode LLC, a Delaware-based partnership, based in Corporation Trust Center, 1209 Orange St, Wilmington, DE 19801 (“Flipnode”). Flipnode offers a complete online, cloud based digital signage platform that allows you to display a composition of videos, images, documents, online web pages and widgets (the “Yodeck Software”).
By accessing and using this Website, you confirm that you have read and fully understood this Policy, that you agree to the collection and the usage of your own and others’ personal data in accordance with the Policy and that you have the authority to provide Flipnode with all information submitted by you via the Website and Flipnode Software, including but not limited to the personal data of third parties.
General Principles of the Processing
Flipnode (referred to as “we”, “us”, “our”, or “Flipnode” in this Policy) collects and processes personal data in a transparent manner, to the extent necessary for specified, explicit and legitimate purposes, and does not process it further in a manner incompatible with those purposes. We take care that the data we collect are accurate and, when necessary, updated. We take all reasonable steps to immediately delete or rectify personal data, if inaccurate, or, we assist our Customers in deleting or rectifying personal data stored or otherwise processed in the Yodeck Software. We process data in a way that guarantees their security, including their protection against unauthorized or unlawful processing and accidental loss, destruction or degradation, using appropriate technical or organizational measures. We are ready to prove at any moment how we adhere to the above principles. We take the appropriate technical and organizational measures for the security, confidentiality, integrity and availability of the data. We expressly declare that these measures ensure that, by definition, personal data are not made accessible without the intervention of the natural person to an indeterminate number of natural persons. We respect your rights under the GDPR, where applicable, and other applicable data protection laws and regulations. When we have to share personal data with a third party, we inform you about such data sharing and take appropriate steps to ensure an adequate level of data protection by the third party.
Flipnode as Data Controller
1. Data Collected Through the Website
“Flipnode” is the “Data Controller” of all Personal Data collected through the Website. This means that Flipnode determines the means and the purposes of the processing and is responsible to reply to data subjects’ requests. A visitor of our Website is the person simply visiting our Website, as well as the person interacting with our Website by filling in and sending the contact form, or ordering our Newsletter (referred to as “you”, “your” or “Visitor” in this Policy).
A cookie is a small data file stored by your browser at your device’s hard disk for record-keeping purposes, namely it records information about the use and activity on the Website. This information may include, but is not limited to, your Internet Protocol address, browser type, but also user’s web browsing history before visiting the Website, our Website’s search history.
Some cookies are “first party cookies”, which means that they are set by us. Cookies set by parties other than us are called “third party cookies”.
Cookies are used for different reasons.
There are the necessary cookies, which are required for technical reasons in order for a website to operate.
Some cookies are used to enhance the performance and functionality of a website, but are non-essential to their use. However, if you decide not to accept such cookies, certain functionality may become unavailable. Such cookies are called preferences cookies.
Some cookies collect information that is used in aggregate form to help a website owner understand how its website is being used. Such cookies are called statistic cookies and they are either first party or third-party cookies. A third party, for example Google, stores a Google Analytics cookie in order to be able to differentiate between users and be able to show to the website owner how many times people visit a website on average (not individually) and information on what pages they’ve seen, how long the duration was, and so on.
Some cookies are used for marketing purposes. These are the marketing cookies and are third-party cookies. Third-party cookies are placed by providers (e.g., by Google, Facebook), who a website owner may have engaged to provide advertising services on its behalf. If, from the analysis of information collected by third-party cookies, visitors of a webpage are interested in one of the services, then advertising material would be projected on third party websites. To see how data is collected and analyzed by third party cookies, you can also visit the websites of the third parties.
Additionally, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
If you wish to receive our Newsletter, for example announcements about new offers and actions of Flipnode, you may enter your e-mail address on this Website. Your email address is solely used for the purpose of sending our Newsletter and you are removed from the Newsletter recipient list, once you choose to unsubscribe. You may be removed from this list, easily and without cost, by selecting the “unsubscribe” link within the e-mail content. You can also call at +30 211 800 1709 or send an email at firstname.lastname@example.org.
If you wish to communicate with us by using the Contact Form, you may enter your name, e-mail address, your telephone number, the matter you would like to discuss about with us and write your message in the dedicated space. Such personal data is used solely for the purpose of responding to you, and we keep your data only as long as it is necessary to respond to your request.
2. Data Collected through Customer’s Purchasing and Use of the Services
With regard to our Customers, we process following categories of personal data (Customer’s Data):
Name & Surname (optional)
Email and Password
Last IP Address of the Customer
Billing/Shipping Address and Phone Number [if an order has been made]
Traffic Data in the Yodeck Application
Processing of Email and Password for the performance of the Digital Signage SaaS Agreement
We process Customer’s Email and Password to identify our Customers & Accounts, and allow them to log into their Account. Our Customers may authorize the use of the Services to other Users (“Authorized Users”) and/or their Affiliates (“Authorized Affiliates”), both referred as “Designated Users” in this Policy. For the same purpose (identification and log in) we process the Email and password of Designated Users.
We process Emails to send out automated system notifications, like notifications about screens being offline and errors with the Account. You can disable the offline screen notifications through the system, but all other error notifications are too important for the well-being of the Account, so they cannot be suppressed. We send out two non-marketing automated emails to try and help new Customers and Designated Users with any questions they may have, the first one generated 2 hours after the creation of the Account is created, and the second one 2 days after. No other automated emails like that are ever sent. These two emails are purely to assist, and to trigger user response in case they have feedback, and do not promote our services/products or any 3rd party.
We process Emails to send billing-related emails, if the Account is on a paid subscription, and only to the Customers or the Designated Users that, at the choice of the Customer, have access to the Subscription section of the Account.
The legal basis of these processing activities is the performance of the contractual obligations. Therefore, we retain relevant personal data for the duration of the Digital Signage SaaS Agreement (the “Agreement”). After termination or expiry of the Agreement we retain billing data as long as it is required by law for accounting and tax purposes, and in case of a judicial challenge to defend our claims.
Processing of Emails to send Newsletter
Upon Customer’s or Designated User’s written and explicit consent, we process Emails to send to them new offers or announcements about Flipnode’s actions. We release updates every 6 weeks and, after each release, we send out an email with the new release announcement. In each mail an easy and free of charge way (“unsubscribe” button) to unsubscribe is offered.
The legal basis of this processing activity is your consent, and you may withdraw your consent freely at any time. If you withdraw your consent, we delete you from the mailing list; however, we retain a record of those that have unsubscribed from our mailing list, as this is required by applicable law provisions.
Processing of Name and Surname
The Name & Surname are used to easily identify and communicate with our Customers and Designated Users. This information is also used by other Designated Users within a single Yodeck Account, so that they can easily identify other Users through our “User Management” section.
We use the Name & Surname in some automated system notifications and emails.
Name & Surname are optional information for better communication and account management).
Customer and Designated Users can skip providing their Name and Surname. In case a Customer or a Designated User tries to proceed with making an order, we will request to fill out their Name and Surname in order to complete the order. Subsequently they can choose to remove this information from their profile.
Processing of Last IP Address
We process the Last IP Address of the Customer and Designated Users to acquire geolocation data, namely the city location from which the Account was accessed. We then use this information to derive the Country and the timezone. This allows us to pre-fill the Timezone settings for the Account, so that the Customer, and Designated Users do not have to set a Timezone, or pre-select the Country, if they make an order.
Additionally, in cases of violation of our Terms of Services,, we use this IP Address as an element to confirm the violation, e.g., using multiple Free Accounts which is prohibited. The Last IP Address is not relayed to any 3rd party service providers.
This processing activity is based legally on the overriding legitimate interest of Flipnode. In that respect you may object to this processing activity based on your special circumstances; however, we may not satisfy your request, in case of compelling reasons that supersede your interests.
Processing of Billing/Shipping Address and Phone Number
We use Billing/Shipping Address and Phone Number solely for the purpose of invoicing. If no order has been made, this information is not requested.
The legal basis for this processing activity is the performance of our contractual obligations and we retain this information for the duration of the contract. However, Customers and Designated Users can at any time remove their billing/shipping details stored in our database. However, we retain the phone number and may use the phone number in a future incident, only to prevent service downtime.
Also, your phone number may be used after duration of contract to facilitate returning Customers, and make future purchases easier. For example, we might use the phone in an effort to help our Customers reinstate a recently cancelled Yodeck Account. You may object to this processing of your contact details after duration of contract. We may not satisfy your request only if retention is required by applicable law at the time or retention is necessary for the defense of legal claims.
Processing of Analytics
We process data produced, while you are using the Services, such as these traffic and behavioral data in aggregated and anonymous form for statistics and analysis. In this way, we understand how easy and quick it is for you to use the Services, whether some tools are more popular than others, whether some tools are not easy to handle or whether you need some assistance from us. You may see the associates we have engaged to assist us with collecting and analyzing such data in the YODECK sub-processors page.
Processing of Logging Data
We may process logging data from time to time to perform an audit whether copyright of the Services is respected.
This processing activity is based legally on the obligations undertaken by the Agreement and their monitoring.
Flipnode as Data Processor
Personal Data Processed on instructions by the Customer
Flipnode is the “Data Processor” for all personal data processed in relation to the provision of the Services under the Digital Signage Subscription Services Agreement. This means that such Personal Data is collected on the Customer’s/Account Owner’s behalf for his/her own purposes, that Customer/Account Owner is solely responsible i) for the legality, reliability, accuracy and quality of such Personal Data ii) for the legality of the processing purposes and iii) for the necessity of the processing to serve these purposes, and that the Customer/Account Owner is the Data Controller of Personal Data processed, while using the Services. Therefore, the Customer/Account Owner is responsible to satisfy the requests of the data subjects, whose Personal Data is processed through the Yodeck Software. Additionally, the Customer/Account Owner is responsible to inform the data subjects (any person whose personal data is processed by usage of the Yodeck Software) about the scope, the purpose, the duration and the means of the processing, and to acquire the consent of the data subjects, whose personal data is being processed through the Yodeck Software, where required. Flipnode executes a Data Processing Addendum with the Customer/Account Owner as an integral part of the Digital Signage Subscription Services Agreement, whereby also the security measures are described.
How the Services accommodate Your Rights
Based on a Data Processing Addendum (DPA) we conclude with our Customers (Data Controllers) we undertake the responsibility to assist by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights. Additionally following technical and organizational measures are accommodated in the Services:
Consent and Notice
Access, Rectification and Deletion
A Customer, to create an Account, has to insert an access code. Following security measures are accommodated: a) authentication of users before access; ii) encryption of passwords iii) activation of secure password policy by Customer in the Enterprise Plan; iv) change of passwords every six months; and iv) prevention of access after suspicious access attempts. Customer manages each user’s access to and use of the Services by assigning to each user a credential and user type that controls the level of access to and use of the Services. Customer is responsible for protecting the confidentiality of its own and each user’s login and password and managing each user’s access to the Services. The Services enable the Customer to assign specific rights (of view, access, modification, and deletion) based on the tasks and responsibilities of the Designated User. Customer and Designated Users may extract, rectify and delete personal data uploaded, depending on the rights given to them by the Customer by selection of a user type.
Deletion of the Account
Customer and any Designated User with Admin Rights can request deletion of the Account through one of the following ways:
- In-app option, in the Account settings
- by sending an email,
- or through our contact form on our Website.
We reply to the request through email, asking for a confirmation, and informing the Customer and all Designated Users with Admin rights. This is required to verify that the requester has indeed legitimate access to the associated email Account, and that all administrative Designated Users are aware. In case the request seems suspicious, we might investigate further before proceeding with complete deletion of the Account.
Upon confirmation, we initiate following process:
All information related to the Account is removed from our Database.
All files on our cloud storage that are related to the Account are marked for deletion.
All information regarding the Account is explicitly deleted from all Service Providers. If the Service Provider has a special procedure to be followed in this case, we will use that procedure instead of standard API calls.
In the event of Subscription Term non-renewal by the Parties, are downgraded to Standard Free Plan. If Customer does not log into Account for more than 365 days, Account is permanently deleted and the content of the Account is either deleted or returned, as requested by Customer. After 6 months of inactivity, Flipnode shall provide bimonthly (every 60 days) reminder notifications, before deleting the Account giving you the opportunity to retain your Standard Free Plan active or upgrade your account with a paid subscription.
Either we process personal data as Data Controllers or Data Processors we take appropriate technical and organizational security measures to protect the integrity, accessibility and confidentiality of your data. These measures are physical and environmental security measures, as well as IT security measures, including but not limited to the use of updated anti-virus and firewalls, safe protocols, user authentication processes, encryption, data separation, vulnerability and penetration tests etc. We also have in place specific procedures for incident management and a Data Breach Policy.
Sharing your Data – International Data Transfer
We do not share personal data with any third party, unless required to do so by law; in such a case, we shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, e.g., to protect confidentiality of a criminal investigation.
Sharing your Data with affiliate(s) and associates
To see our full list of Sub-processors, their tasks, locations, and contact details, see here.
Data transfers outside the EEA are subject to the latest versions of the Standard Contractual Clauses approved by the European Commission from time to time, as published in the Official Journal of the European Union.
On June 4, 2021 the European Commission published new Standard Contractual Clauses (SCCs) for international data transfers.
The updated SCCs utilized by Flipnode are available here.
We respect your rights as a data subject under the GDPR and other applicable data protection laws and regulations. Bear in mind that we are entitled to answer to your requests as a data subject, when acting as Data Controllers, if you contact us at this email address: email@example.com. When we are acting as Data Processors the Data Controller, our Customer, is responsible to address your requests. However, we shall provide any reasonable assistance to the Data Controller for the satisfaction of your rights.
If you are a resident of California, the California Consumer Privacy Act (“CCPA”) provides you with certain rights over your personal information. We only process your personal information at the direction of, and to the extent allowed by, our Customers and never for our own purposes. We will work at our Customer’s direction to ensure that your rights provided by the CCPA are respected.
You should know that you, as a data subject, have the following rights under the GDPR.
Information and Transparency
You have the right to be informed about any processing of your personal data (the purpose, scope, duration and means, as well of data sharing). We adhere to the principle of transparency in processing. For any question regarding this Policy, you may contact us at firstname.lastname@example.org. We will respond without delay and in any case within one month upon receipt of the request.
You have the right to receive confirmation on whether your personal data are processed and in case this happens, all required information thereof (processing means, goal, records etc.). This enables you to receive a copy of the personal information the data controller holds about you and to check that your data are lawfully processed. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, you may be charged with a reasonable fee, if your request for access is clearly unfounded or excessive. Alternatively, the data controller may refuse to comply with the request in such circumstances.
You have the right to require the rectification of incomplete or inaccurate data relating to you without undue delay, as well as to fill in incomplete data, if necessary for processing. If you are an Account Owner or, if you have a Sub-account as a User of the Services you can update Personal Data submitted in the Account or Sub-account through your profile by selecting “My information” from the options menu at the top of the screen.
You have the right to ask for the erasure of personal data concerning you without undue delay. We, if we are the data controllers, shall erase the data, when one of the following grounds applies: a) personal data is no longer necessary in relation to the purposes of processing; or b) the person requesting the erasure withdraws consent on which the processing is based and there is no other legal ground for the processing; or c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing or the data subject objects to processing for direct marketing; or d) the personal data have to be erased in compliance with a legal obligation. We shall not proceed to the erasure of personal data, if the data must be maintained in compliance with a legal obligation or in case the processing is required for the establishment, exercise or defense of legal claims.
Restriction of processing
You have the right to request restriction of processing, if the accuracy of personal data is disputed, for that period of time that allows the data controller to verify the accuracy of personal data or based on any other legitimate reason specified in applicable data protection laws. For example, you may ask suspension of the processing of your personal data, if you want the data controller to establish its accuracy or the reason for processing it.
You have the right to receive your personal data in a structured, commonly used and machine-readable format as well as the right to request the direct transmission of personal data by another to another (controller or processor), if this is technically feasible.
Right to Object
You may oppose the processing of personal data, which takes place based on overriding legitimate interest without your consent. In this case, data controller may no longer process your personal data, unless it demonstrates imperative and legitimate reasons for the processing that outweigh the interests, rights and freedoms of you as a data subject or for the establishment, exercise or defense of legal claims.
No automated individual decision-making
We fully respect your right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to object to such automated individual decision-making.
In case you have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In this case we will notify you.
Our services are not directed to children. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will immediately delete such information. If you become aware that a child has provided Us with his/her personal data, please contact Us at the contact information below.
Complaint to a Supervisory Authority
You have the right to lodge a complaint with a Supervisory Authority, meaning an independent public authority which is established by an EU Member State, pursuant to the GDPR, if you consider that the processing of your personal data infringes the GDPR and other applicable European Union or member state data privacy laws.
Last Updated: November 2021