Data Security Policy – Nibity
At Nibity, transparency and privacy are part of the core of our business. We care about your privacy as much as you do and so we are committed to being upfront about our practices and how your personal data is processed. This policy explains our privacy practices for our Services. See our Terms of Service.
In order to provide you, the Service User, with the Services and run our business, we need to process your personal information (within the context of this policy, the terms “personal data” and “personal information” may be used interchangeably). By accepting our Terms of Service, you are confirming that you have read and understand this policy including how and why we use your information. If you don’t want us to collect or process your personal data in the manner described in this policy, you should not utilise the Services.
- INFORMATION COLLECTED OR RECEIVED
- CHOICE, CONTROL & CONSENT
- INFORMATION USE AND LEGAL BASIS FOR PROCESSING
- SHARING OF DATA
- RETENTION AND DELETION
- POLICY REGARDING MINORS
- POLICY CHANGES
Information Collected or Received
In order to provide you with our Services, we require a certain amount of information from you. This information may come from a variety of sources and may include:
Information Provided by You
In order to create an account, we require your full name and email address. Further to this, a billing address is required for accounting purposes. You may also provide us with a telephone number. If you upload any media for processing that contains personal data, that data will also be processed and stored by us as necessary for providing you with the Service. Credit card information is passed on to a third-party payments provider (either PayPal or PayFast, dependent upon your locale) for processing and is never directly processed by us nor stored in any way.
Information Provided from Your Use of Our Services
By accessing our website, we may gather certain information about you such as your general location and IP address to provide relevant pricing and contact channels as well as for analytics. Your operating system, version, browser and browser version, and device type may also be collected. This information is not stored by us at any time.
Information Provided by a Third Party
Information Provided About Third Parties
The personal data of third parties may be provided to us by a Service User in the course of utilising our Services, such as when uploading audio or video to us for processing. Any information obtained in this way is restricted to being stored within a transcript and is not retained in any indexable form nor further processed in any way. Policy surrounding retention and security extends to this information as well. If you, as a Service User, are providing us with media for transcription that contains the personal data of a third party, the onus is on you to obtain processing consent from that party.
Choice, Control & Consent
You have the rights of access to, rectification of or erasure of your personal data and you can request restriction of the processing concerning a data subject, object to the processing of your data and request receipt of your data for transmission to another entity, subject, of course, to our right to retain your data for billing or for any purpose required by law.
By logging in to your account, you can view all of the personal information that you supplied when registering. This same interface will allow you to alter and delete certain information as well. There are some restrictions that may apply such as the inability to change your billing country. Any requests for alterations that cannot be done through your account should be directed in writing to the Data Protection Officer at firstname.lastname@example.org.
Should you wish to have your account deleted, or if you would like a copy of the data that we have relating to you and your account, you may, similarly, file a request with the Data Protection Officer.
Information Use and Legal Basis for Processing
We use the information we collect for the purposes outlined below. Most often, our legal basis for processing your data is when it is necessary to perform a contract with you, such as our Terms of Service. Additionally, processing may occur as part of our legitimate business interests, such as in improving, personalising, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described below.
Provide, Maintain and Personalise the Services
Using the information we obtain, we are able to honour our Terms of Service contract with you as well as deliver the Services tailored specifically to you. For example, we use your approximate location to ensure you get appropriate pricing for the region you are in and display contact details for our nearest office.
Improve and Develop the Services
We also use the information we collect to troubleshoot and protect against errors, such as if you are experiencing an issue with the Services. We may also use this information to determine areas of the Services that can be improved upon or to ascertain the viability of new developments and features.
We will use your information to communicate with you and send you Service notifications such as notification of transcript completion. We also use your information to provide you with assistance should you contact us for any reason. From time to time we may communicate with you regarding Service updates or changes.
Safety and Security
We use the information we collect to promote the safety and security of the Services, our Service Users, and other parties. For example, we may use the information to authenticate Service Users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
As Nibity operates a global service, it may be necessary to transfer your data and information to other countries for processing. We rely on numerous legal bases to lawfully transfer personal information, including your consent and EU model contractual clauses, which contain certain security and privacy protections. We have made these contractual clauses available online should you wish to view them.
Sharing of Data
We share your personal data with others in the specific circumstances described below.
For External Processing
We transfer personal data to:
1) service providers such as data hosts and payments processors who process it on our behalf, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, marketing, analytics and data analysis.
2) Sub-contracted transcribers, who are contractually bound by strict confidentiality and data protection clauses. In this regard see our Data Processing Addendum.
It is important to note that while no account information is shared with our transcribers directly, some personal information may be contained within the media we process in the course of providing you with the Services.
For Legal Reasons or to Prevent Harm
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
We have taken the measures listed below to mitigate as many issues as possible when processing your data:
Data at Rest
The safety and security of your data is as important to us as if it were our own. To that end, we have taken all measures we can to keep it from prying eyes and malicious parties. Your provided identity and billing data are securely stored within one of our databases, access to which is restricted to only the least people necessary to provide the Services. All media (audio, video, transcripts, etc.) that we process in the course of providing you with our Services are stored on an encrypted partition on our server, access to which is limited to only those persons necessary to perform maintenance on the server.
Data in Transit
All of our websites and services are secured with Transport Layer Security version 1.2 (TLSv1.2) encryption using only the most secure ciphers and algorithms to protect your data as it moves between your device and our servers. Our primary website scores an A+ rating on the Qualys SSL Labs Report and is compliant with PCI-DSS, NIST, and HIPAA standards for web application security.
Please do note, however, that due to its nature email is not a particularly secure method of communication and we cannot be held liable for any leak of data resulting from the interception or forgery of email. To this end, we discourage users from opting to have their transcripts emailed to them and recommend they collect from their online account instead.
Retention and Deletion
Everything gathers dust, even our servers, so we like to give them a little dust every now and then to get rid of anything we no longer need. When it comes to your personal information, we only retain it as long as is necessary for us to provide you with our services. In terms of your contact and billing information, we retain this for up to seven (7) years as is necessary for tax and legal purposes, or as long as your account remains open with us, whichever is the longer. All media – including audio, video, and transcripts – are stored for between 90 days and 120 days from date of completion or termination of a Specific Job before being automatically deleted, unless we receive a request from you for return of the data within 30 days of that completion or termination date. Payment information such as credit card numbers is never stored by us.
In the event an account is created but no further processing occurs (i.e. no media is uploaded for transcription or payment made), the account will be deemed specious and removed from our systems between 90 and 120 days after its date of creation.
Policy Regarding Minors
In order to create an account, users must be at least eighteen (18) years of age, or any higher minimum age within the jurisdiction where the user resides. In the event we are made aware that we have collected the personal information of a minor, we will take steps to delete this information as soon as possible.
Please note that the above only extends to the creation of accounts for processing (i.e. a Service User as defined in our Terms of Service). There may be instances where data concerning a minor is provided to us by a Service User in the interests of us supplying the User with the Services. In such an instances specific consent for the use of such data is required (see Information Provided About Third Parties above).
Parents or guardians who believe that their child has submitted personal information to us and would like to have it deleted may contact the Data Protection Officer at email@example.com.
Should we find it necessary to amend or alter this policy, all changes will be posted online. In the event any changes are made that we believe impact you significantly, we will let you know by doing one (or more) of the following: (i) posting a notice on our website, or (ii) sending you an email about the changes.
If you have any concerns or questions about our policy or our use of your information, or if you are seeking to exercise any of your statutory rights, please contact our Data Protection Officer, Stuart Honour, at firstname.lastname@example.org.
Way With Words SA (Pty) Limited controls your personal data and provides you with the Services. You may contact us at:
Way With Words SA (Pty) Ltd
The Vineyards Office Estate
99 Jip de Jager Drive
De Bron, Western Cape
If you feel that your rights have been infringed in any way, you have the right to complain to your local data protection authority or with the Information Regulator (South Africa), our lead supervisory authority.
Download this policy here.
NIBITY LINKS – LEGAL (ALL)