Introduction
The https://www.yodeck.com website (the “Website”) is provided by Flipnode LLC, a Delaware-based partnership, based in Corporation Trust Center, 1209 Orange St, Wilmington, DE 19801 (“Flipnode”). Flipnode offers a complete online, cloud based digital signage platform that allows you to display a composition of videos, images, documents, online web pages and widgets (the “Yodeck Software”).
Flipnode is committed to respect your privacy and applicable data protection laws and regulations. You should know that we are committed to the GDPR (the General Data Protection Regulation) and the UK GDPR, the CCPA (the California Consumer Privacy Act). Flipnode also adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom. To find out more about Flipnode’s adherence to the EU-US DPF Principles, please click here. This Privacy Policy (the “Policy”) intends to inform you about the way we use your personal data (i.e. any data related to an identifiable natural person, either directly or indirectly), either we collect them, when you visit our Website or when ordering and using our Services through the Yodeck Software.
By accessing and using this Website, you confirm that you have read and fully understood this Policy, that you agree to the collection and the usage of your own and others’ personal data in accordance with the Policy and that you have the authority to provide Flipnode with all information submitted by you via the Website and Flipnode Software, including but not limited to the personal data of third parties.
General Principles of the Processing
Flipnode (referred to as “we”, “us”, “our”, or “Flipnode” in this Policy) collects and processes personal data in a transparent manner, to the extent necessary for specified, explicit and legitimate purposes, and does not process it further in a manner incompatible with those purposes. We take care that the data we collect are accurate and, when necessary, updated. We take all reasonable steps to immediately delete or rectify personal data, if inaccurate, or, we assist our Customers in deleting or rectifying personal data stored or otherwise processed in the Yodeck Software. We process data in a way that guarantees their security, including their protection against unauthorized or unlawful processing and accidental loss, destruction or degradation, using appropriate technical or organizational measures. We are ready to prove at any moment how we adhere to the above principles. We take the appropriate technical and organizational measures for the security, confidentiality, integrity and availability of the data. We expressly declare that these measures ensure that, by definition, personal data are not made accessible without the intervention of the natural person to an indeterminate number of natural persons. We respect your rights under the GDPR, the CCPA, and the DPF where applicable, and other applicable data protection laws and regulations. When we have to share personal data with a third party, we inform you about such data sharing and take appropriate steps to ensure an adequate level of data protection by the third party.
Flipnode as Data Controller
1. Data Collected Through the Website
“Flipnode” is the “Data Controller” of all Personal Data collected through the Website. This means that Flipnode determines the means and the purposes of the processing and is responsible to reply to data subjects’ requests. A visitor of our Website is the person simply visiting our Website, as well as the person interacting with our Website by filling in and sending the contact form, or ordering our Newsletter (referred to as “you”, “your” or “Visitor” in this Policy).
Cookies
A cookie is a small data file stored by your browser at your device’s hard disk for record-keeping purposes, namely it records information about the use and activity on the Website. This information may include, but is not limited to, your Internet Protocol address, browser type, but also user’s web browsing history before visiting the Website, our Website’s search history.
Some cookies are “first party cookies”, which means that they are set by us. Cookies set by parties other than us are called “third party cookies”.
Cookies are used for different reasons.
There are the necessary cookies, which are required for technical reasons in order for a website to operate.
Some cookies are used to enhance the performance and functionality of a website, but are non-essential to their use. However, if you decide not to accept such cookies, certain functionality may become unavailable. Such cookies are called preferences cookies.
Some cookies collect information that is used in aggregate form to help a website owner understand how its website is being used. Such cookies are called statistic cookies and they are either first party or third-party cookies. A third party, for example Google, stores a Google Analytics cookie in order to be able to differentiate between users and be able to show to the website owner how many times people visit a website on average (not individually) and information on what pages they’ve seen, how long the duration was, and so on.
Some cookies are used for marketing purposes. These are the marketing cookies and are third-party cookies. Third-party cookies are placed by providers (e.g., by Google, Facebook), who a website owner may have engaged to provide advertising services on its behalf. If, from the analysis of information collected by third-party cookies, visitors of a webpage are interested in one of the services, then advertising material would be projected on third party websites. To see how data is collected and analyzed by third party cookies, you can also visit the websites of the third parties.
When you visit our Website, you are asked to consent to the use of cookies. You may choose to consent to none, one or more of the above cookies. You may withdraw your consent to the use of cookies any time during your visit to our Website freely and easily by clicking on the Cookies Manager button and setting your preferences.
Additionally, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
Newsletter
If you wish to receive our Newsletter, for example announcements about new offers and actions of Flipnode, you may enter your e-mail address on this Website. Your email address is solely used for the purpose of sending our Newsletter and you are removed from the Newsletter recipient list, once you choose to unsubscribe. You may be removed from this list, easily and without cost, by selecting the “unsubscribe” link within the e-mail content. You can also call at +30 211 800 1709 or send an email at support@yodeck.com.
To send the Newsletter, we use Hubspot (https://legal.hubspot.com/privacy-policy) and, for a transitional period until full migration to Hubspot, mailchimp. (https://mailchimp.com/legal/privacy/).
Contact Forms
If you wish to communicate with us by using the Contact Form, you may enter your name, e-mail address, your telephone number, the matter you would like to discuss about with us and write your message in the dedicated space. Such personal data is used solely for the purpose of responding to you, and we keep your data only as long as it is necessary to respond to your request.
Support
For Support, you can either turn to the Yodeck team (support@yodeck.com) or use the Yodeck bot, an AI-enabled customer service feature available both on the Website and in the Services. Yodeck bot has been trained – using public data – to answer questions about Yodeck services. Make sure you do not provide personal or confidential information to Yodeck bot.
2. Data Collected through Customer’s Purchasing and Use of the Services
A Customer is a Visitor of our Website that has either purchased or signed up for free and is using the Services offered through Yodeck Software (referred to as “Services” in this Privacy Policy).
With regard to our Customers, we process following categories of personal data (Customer’s Data):
Name & Surname (optional)
Email and Password
Last IP Address of the Customer
Billing/Shipping Address and Phone Number [if an order has been made]
Traffic Data in the Yodeck Application
Processing of Email and Password for the performance of the Digital Signage SaaS Agreement
We process Customer’s Email and Password to identify our Customers & Accounts, and allow them to log into their Account. Our Customers may authorize the use of the Services to other Users (“Authorized Users”) and/or their Affiliates (“Authorized Affiliates”), both referred as “Designated Users” in this Policy. For the same purpose (identification and log in) we process the Email and password of Designated Users.
We process Emails to send out non-marketing, onboarding automated emails to try and help new Customers and Designated Users with any questions they may have concerning their onboarding.
We process Emails to send billing-related emails, if the Account is on a paid subscription, and only to the Customers or the Designated Users that, at the choice of the Customer, have access to the Subscription section of the Account.
The legal basis of these processing activities is the performance of the contractual obligations. Therefore, we retain relevant personal data for the duration of the Digital Signage SaaS Agreement (the “Agreement”). After termination or expiry of the Agreement we retain billing data as long as it is required by law for accounting and tax purposes, and in case of a judicial challenge to defend our claims.
Processing of Emails to send Newsletter
Upon Customer’s or Designated User’s written and explicit consent, we process Emails to send to them new offers or announcements about Flipnode’s actions. In each mail an easy and free of charge way (“unsubscribe” button) to unsubscribe is offered.
The legal basis of this processing activity is your consent, and you may withdraw your consent freely at any time. If you withdraw your consent, we delete you from the mailing list; however, we retain a record of those that have unsubscribed from our mailing list, as this is required by applicable law provisions.
Processing of Name and Surname
The Name & Surname are used to easily identify and communicate with our Customers and Designated Users. This information is also used by other Designated Users within a single Yodeck Account, so that they can easily identify other Users through our “User Management” section.
We use the Name & Surname in some automated system notifications and emails.
(Name & Surname are optional information for better communication and account management).
Customer and Designated Users can skip providing their Name and Surname. In case a Customer or a Designated User tries to proceed with making an order, we will request to fill out their Name and Surname in order to complete the order. Subsequently they can choose to remove this information from their profile.
Processing of Last IP Address
We process the Last IP Address of the Customer and Designated Users to acquire geolocation data, namely the city location from which the Account was accessed. We then use this information to derive the Country and the timezone. This allows us to pre-fill the Timezone settings for the Account, so that the Customer, and Designated Users do not have to set a Timezone, or pre-select the Country, if they make an order.
Additionally, in cases of violation of our Terms of Services, we use this IP Address as an element to confirm the violation, e.g., using multiple Free Accounts which is prohibited. The Last IP Address is not relayed to any 3rd party service providers.
This processing activity is based legally on the overriding legitimate interest of Flipnode. In that respect you may object to this processing activity based on your special circumstances; however, we may not satisfy your request, in case of compelling reasons that supersede your interests.
Processing of Billing/Shipping Address and Phone Number
We use Billing/Shipping Address and Phone Number solely for the purpose of invoicing. If no order has been made, this information is not requested.
The legal basis for this processing activity is the performance of our contractual obligations and we retain this information for the duration of the contract. However, Customers and Designated Users can at any time remove their billing/shipping details stored in our database. However, we retain the phone number and may use the phone number in a future incident, only to prevent service downtime.
Also, your phone number may be used after duration of contract to facilitate returning Customers, and make future purchases easier. For example, we might use the phone in an effort to help our Customers reinstate a recently cancelled Yodeck Account. You may object to this processing of your contact details after duration of contract. We may not satisfy your request only if retention is required by applicable law at the time or retention is necessary for the defense of legal claims.
You should know that we do not store credit card details. All credit card transactions are processed using secure encryption – the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely at gateways on a PCI-compliant network.
For billing and payments we engage Stripe (Privacy Policy (stripe.com)), Chartmogul for Subscription Analytics (Privacy and Cookies Policy | ChartMogul, Security Policy | ChartMogul), Hubspot as our CRM (https://legal.hubspot.com/privacy-policy ) and, for a transitional period, until full migration to Hubspot, Zoho (https://www.zoho.com/privacy.html). We use Avalara for sales tax management (Avalara Legal Center).
We have made sure, by means of a written contract or assignment, that our agents provide at least the same level of data protection as we do, for example that they follow reliable technical and organizational security measures. You should know that Flipnode LLC is liable for onward transfers.
Processing of Analytics
We process data produced, while you and your Authorized users are using the Services, such as these traffic and behavioral data in aggregated and anonymous form for statistics, analysis and benchmarking. In this way, we understand how easy and quick it is for you to use the Services, whether some tools are more popular than others, whether some tools are not easy to handle or whether you need some assistance from us.
To do this, we use Heap for user behavior analysis (Heap Privacy Policy | Heap), Hotjar for user behavior analysis only for restricted number of users for problem solving (Hotjar – Privacy Policy), Google for analytics (Privacy Policy – Privacy & Terms – Google), Snowflake for data analysis (Privacy Notice | Snowflake).
Processing of Logging Data
We may process logging data from time to time to perform an audit whether copyright of the Services is respected.
This processing activity is based legally on the obligations undertaken by the Agreement and their monitoring.
Flipnode as Data Processor
Personal Data Processed on instructions by the Customer
Flipnode is the “Data Processor” for all personal data processed in relation to the provision of the Services under the Digital Signage Subscription Services Agreement. This means that such Personal Data is collected on the Customer’s/Account Owner’s behalf for his/her own purposes, that Customer/Account Owner is solely responsible i) for the legality, reliability, accuracy and quality of such Personal Data ii) for the legality of the processing purposes and iii) for the necessity of the processing to serve these purposes, and that the Customer/Account Owner is the Data Controller of Personal Data processed, while using the Services. Therefore, the Customer/Account Owner is responsible to satisfy the requests of the data subjects, whose Personal Data is processed through the Yodeck Software. Additionally, the Customer/Account Owner is responsible to inform the data subjects (any person whose personal data is processed by usage of the Yodeck Software) about the scope, the purpose, the duration and the means of the processing, and to acquire the consent of the data subjects, whose personal data is being processed through the Yodeck Software, where required. Flipnode executes a Data Processing Addendum with the Customer/Account Owner as an integral part of the Digital Signage Subscription Services Agreement, whereby also the security measures are described.
We share personal data with our agents (sub-contractors and sub-processors), solely for the provision of the Services. We have made sure, by means of a written contract or assignment that our sub-processors comply with the DPA, and provide at least the same level of data protection as we do, for example that they follow reliable technical and organizational security measures. You should know that Flipnode LLC is liable for onward transfers.
Our full list of sub-processors, including their tasks, and contact details, as well as their privacy policy is available on this Website as part of the DPA, Attachment 3, and on Sub-processors page .
How the Services accommodate Your Rights
Based on a Data Processing Addendum (DPA) we conclude with our Customers (Data Controllers) we undertake the responsibility to assist by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights. Additionally following technical and organizational measures are accommodated in the Services.
Consent and Notice
A Customer, before creating an Account, has to accept the Terms of Services and the DPA including the instructions by the Customer about how personal data uploaded to Yodeck Software are going to be processed. Every Designated User is informed about our Privacy Policy, the Terms of Services, accompanied by the DPA before signing up in the Account for the first time. Customer and the Designated User may at all times access and review the Terms of Services, the DPA, and our Privacy Policy on our website.
Access, Rectification and Deletion
A Customer, to create an Account, has to insert an access code. Following security measures are accommodated: a) authentication of users before access; ii) encryption of passwords iii) activation of secure password policy by Customer in the Enterprise Plan; iv) prevention of access after suspicious access attempts. Customer manages each user’s access to and use of the Services by assigning to each user a credential and user type that controls the level of access to and use of the Services. Customer is responsible for protecting the confidentiality of its own and each user’s login and password and managing each user’s access to the Services. The Services enable the Customer to assign specific rights (of view, access, modification, and deletion) based on the tasks and responsibilities of the Designated User. Customer and Designated Users may extract, rectify and delete personal data uploaded, depending on the rights given to them by the Customer by selection of a user type.
Deletion of the Account
Customer and any Designated User with Admin Rights can request deletion of the Account through one of the following ways:
- In-app option, in the Account settings
- by sending an email,
- or through our contact form on our Website.
We reply to the request through email, asking for a confirmation, and informing the Customer and all Designated Users with Admin rights. This is required to verify that the requester has indeed legitimate access to the associated email Account, and that all administrative Designated Users are aware. In case the request seems suspicious, we might investigate further before proceeding with complete deletion of the Account.
Upon confirmation, we initiate following process:
All information related to the Account is removed from our Database.
All files on our cloud storage that are related to the Account are marked for deletion.
All information regarding the Account is explicitly deleted from all Service Providers. If the Service Provider has a special procedure to be followed in this case, we will use that procedure instead of standard API calls.
In the event of Subscription Term non-renewal by the Parties, are downgraded to Standard Free Plan. If Customer does not log into Account for more than 365 days, Account is permanently deleted and the content of the Account is either deleted or returned, as requested by Customer. After 6 months of inactivity, Flipnode shall provide bimonthly (every 60 days) reminder notifications, before deleting the Account giving you the opportunity to retain your Standard Free Plan active or upgrade your account with a paid subscription.
Security
Either we process personal data as Data Controllers or Data Processors we take appropriate technical and organizational security measures to protect the integrity, accessibility and confidentiality of your data. These measures are physical and environmental security measures, as well as IT security measures, including but not limited to the use of updated anti-virus and firewalls, safe protocols, user authentication processes, encryption, data separation, vulnerability and penetration tests etc. We also have in place specific procedures for incident management and a Data Breach Policy.
Sharing your Data – International Data Transfer
We do not share personal data with any third party, unless required to do so by law; in such a case, we shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest, e.g., to protect confidentiality of a criminal investigation.
Flipnode has self-certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In case an Adequacy Decision is not in place, the transfers are subject to the latest versions of the appropriate form of the Standard Contractual Clauses, as released by the European Commission and are in force from time to time.
Sharing your Data with affiliate(s) and associates
However, we do share personal data Flipnode Single Member Ltd (1, Lykourgou Str. GR 10551Athens – Greece), who is engaged in the operation, maintenance and support of the Services, including acting as super-administrator of the accounts in Yodeck Software, as well as our associates (sub-contractors and sub-processors), solely for the provision of the Services and the provision of this Website. We have made sure, by means of a written contract or assignment that our processors and sub-processors comply with this Privacy Policy, and provide at least the same level of data protection as we do, for example that they follow reliable technical and organizational security measures.
Social media
You may be able to access third party social media services through our Website by using social media plugins on our Website. In that case URL data may be transferred to this third party, based on this party’s Privacy Policy. Make sure you read the Privacy Policy of this third party, before you proceed to the plugin.
Your Rights
We respect your rights as a data subject under the GDPR and other applicable data protection laws and regulations. Bear in mind that we are entitled to answer to your requests as a data subject, when acting as Data Controllers, if you contact us at this email address: privacy@yodeck.com. When we are acting as Data Processors the Data Controller, our Customer, is responsible to address your requests. However, we shall provide any reasonable assistance to the Data Controller for the satisfaction of your rights.
If you are a resident of California, the California Consumer Privacy Act (“CCPA”) provides you with certain rights over your personal information. We only process your personal information at the direction of, and to the extent allowed by, our Customers and never for our own purposes. We will work at our Customer’s direction to ensure that your rights provided by the CCPA are respected.
For your rights under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, you may refer to the DPF page .
For all matters concerning your Rights under this Policy, you may also contact our DPO at dpo@yodeck.com
To find out more about the recourse mechanisms and the Alternative Dispute Resolution Provider available in adherence to the Principles of the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF, please visit the DPF page .
If you are a UK resident, you may also contact our UK Representative at yodeck@lionheartsquared.co.uk.
You should know that you, as a data subject, have the following rights under the GDPR and the UK GDPR.
Information and Transparency
You have the right to be informed about any processing of your personal data (the purpose, scope, duration and means, as well of data sharing). We adhere to the principle of transparency in processing. For any question regarding this Policy, you may contact us at privacy@yodeck.com. We will respond without delay and in any case within one month upon receipt of the request.
Access
You have the right to receive confirmation on whether your personal data are processed and in case this happens, all required information thereof (processing means, goal, records etc.). This enables you to receive a copy of the personal information the data controller holds about you and to check that your data are lawfully processed. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, you may be charged with a reasonable fee, if your request for access is clearly unfounded or excessive. Alternatively, the data controller may refuse to comply with the request in such circumstances.
Rectification
You have the right to require the rectification of incomplete or inaccurate data relating to you without undue delay, as well as to fill in incomplete data, if necessary for processing. If you are an Account Owner or, if you have a Sub-account as a User of the Services you can update Personal Data submitted in the Account or Sub-account through your profile by selecting “My information” from the options menu at the top of the screen.
Erasure
You have the right to ask for the erasure of personal data concerning you without undue delay. We, if we are the data controllers, shall erase the data, when one of the following grounds applies: a) personal data is no longer necessary in relation to the purposes of processing; or b) the person requesting the erasure withdraws consent on which the processing is based and there is no other legal ground for the processing; or c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing or the data subject objects to processing for direct marketing; or d) the personal data have to be erased in compliance with a legal obligation. We shall not proceed to the erasure of personal data, if the data must be maintained in compliance with a legal obligation or in case the processing is required for the establishment, exercise or defense of legal claims.
Restriction of processing
You have the right to request restriction of processing, if the accuracy of personal data is disputed, for that period of time that allows the data controller to verify the accuracy of personal data or based on any other legitimate reason specified in applicable data protection laws. For example, you may ask suspension of the processing of your personal data, if you want the data controller to establish its accuracy or the reason for processing it.
Data Portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format as well as the right to request the direct transmission of personal data by another to another (controller or processor), if this is technically feasible.
Right to Object
You may oppose the processing of personal data, which takes place based on overriding legitimate interest without your consent. In this case, data controller may no longer process your personal data, unless it demonstrates imperative and legitimate reasons for the processing that outweigh the interests, rights and freedoms of you as a data subject or for the establishment, exercise or defense of legal claims.
No automated individual decision-making
We fully respect your right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to object to such automated individual decision-making.
Consent Withdrawal
In case you have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In this case we will notify you.
For example, you may withdraw your consent to the use of cookies by clicking on the button “Manage Cookies Settings” or choose not to accept cookies by your browser settings.
Children
Our services are not directed to children. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will immediately delete such information. If you become aware that a child has provided Us with his/her personal data, please contact Us at the contact information below.
Complaint to a Supervisory Authority
You have the right to lodge a complaint with a Supervisory Authority, meaning an independent public authority which is established by an EU Member State, pursuant to the GDPR, if you consider that the processing of your personal data infringes the GDPR and other applicable European Union or member state data privacy laws.
Changes to this Privacy Policy
Our Privacy Policy may change from time to time and any changes to this Policy will be updated so as to describe these changes. You are expected to check our website from time to time to take notice of any changes in this Policy. If you have any further questions about this Policy or how we handle your personal data, which are eventually not dealt with here, please get in touch with us by writing to privacy@yodeck.com or calling at +30 211 800 1709.
Last Updated: May 2024