In short

We do store personal data about website visitors.

Some of these are shared with third-party providers such as Google, Facebook, HubSpot, and HotJar. However, this is only done if you accept us to do so. Using these third-party services helps us to understand what kind of visitors we have and how visitors behave on our site in order to improve the user’s experience.

We are asking visitors to accept the terms before setting any tracking cookies.

The only persistent cookie set without such confirmation is a cookie from CloudFlare which is required to protect against certain kinds of attacks. For more information see our cookie page.

We do use contact forms for providing a way for visitors to contact us, or to comment on blog posts. In these cases we send personal data to our mail server in India and requests are also stored on our server and at HubSpot which we use for CRM.

When filling in a form, you will always be presented with a checkbox where you have to accept our privacy policy before any data about you is stored or processed. For more details, please check our roadmap towards full GDPR compliance.

If you send us an email, or if you call us, we may store personal data about you.

At any time you can request for what personal data we have stored about you., request changes or request deletion of data.

By filling in a form or send us an email you consent us to export the data outside of EU/EEA and to reply to you in a suitable form.

We only retain personal data as long as is needed. This may vary based on the kind of personal data or purpose of your enquiry.

We do allow employees to use the corporate mail for personal emails. Hence if you send a personal mail to an individual in the company some parts of this policy may not apply

We are using the best industry practices to ensure the integrity of your data. This includes encryption, anti-virus and general state-of-the art infrastructure.

You can request us to stop tracking information using cookies by clicking the button below. Please note that if you want us to delete any data which you have provided using a form on this site, you must still contact us using the GDPR request form. In case you request deletion we are, based on GDPR requirements, required to retain your request to be deleted even though any other data will be deleted or completely anonymised unless there are legal requirements to retain information. In such case, we will inform you about that.

Our Data Protection Representative is our fully owned Swedish Subsidiary Gislen Software AB

Cookies are enabled

A bit longer

EU/EEA and Data Export to Third Country

If you are in the EU/EEA you should take notice that even though Gislen Software Private Limited is located in India which is outside the EU/EEA, all aspects of the GDPR applies to the company since the company is selling services to the EU and in the process collects and process personal data. When you send an email to us the email you consent to that it will be stored and processed in India.

However, as an EU/EEA citizen you have based on the GDPR, certain rights to your personal data and if you have questions or want to request deletion please contact us using our GDPR-form.

When and how do we collect personal data?

Your personal data is collected when you;

  • Send us an email or
  • When you speak to us over the telephone.
  • Give any of our staff your visiting card
  • Connect to any of our staff via LinkedIn or other social media
  • Visit our websites
  • If you fill in a form on our websites

What data do we collect?

Any or all of the following data may be collected (for visitors to our website more information may be collected which is described further down in this page):

  • Name
  • Address
  • Email address
  • Telephone number
  • IP-address
  • Country
  • Other information which you provide

How do we use the data?

If you send an email to inquire about something, we normally reply to your email. If we enter into a business relationship we may add your data to our CRM system and accounting system. Since our business is a B2B company it is hard to explain any action we may take based on your personal data but we will use it in a responsible way and in line with your intentions to the best of our understanding.

Name and any contact details are only used for contacting you (such as reply to your email or communicate with you as part of our business legitimate interest)

IP-address, Cookie-information, the page you came from, which browser you used will be used to improve our services

IP-address, Country and the page you came from may be used to know that you are filling in a form from within EU/EEA. We intend to apply this policy more or less in the same way independent of where you are from, but since each country in the EU/EEA may apply different additional regulations to the GDPR we currently assess that it may be useful to know which country you sent the mail from or where you filled in the form.

We follow standard industry standards to protect any information submitted to us, both during transmission and once we receive it. Our mail server is configured to use Transport Layer Security which means as long as your server supports this, emails will be sent in encrypted forms. Any data you provide us via any of the forms on our website will also be sent to our office in a similar manner. However no method of digital transmission over the Internet is 100% secure, therefore we cannot guarantee that the information is secure, but we will do the best we can to ensure that your information is safe.

How do we ensure that you consent to our policy?

Any form on our websites includes a checkbox where we list what you accept.

However, when you send us an email, we assume that you accept this policy. Due to the nature of emails, we have no way of verifying that you have read this policy. If you after getting a response from us to your mail and the footer of the email which states our short policy and which gives a link to this page would object to anything we do, we request you to contact us and request us to delete your correspondence. By sending us an email we also expect that you consent us to reply to your email and that we can store the correspondence as long as our retention policy would allow.

How long do we store your data?

We will only store your data as long as we think is necessary. This may vary based on the type of communication. If an employee would leave the company the mailbox and all the emails in it will be deleted. For ongoing customer relationship, emails may need to be stored for many years. Some emails and data may be required by laws to retain.

Cookies and logging of data on our website

When you visit our websites (www.gislen.com and www.gislen.se) you will be asked to accept our cookie policy.

Information about how this website handles information of visitors:

  • When a user accesses our website we ask permission before setting any tracking cookies.
  • We may use cookies set by WordPress, Google Analytics, HubSpot, HotJar and CloudFlare and we may from time to time use other tools to improve the content of our website, user experiences or SEO ranking. However, we never analyse individual user data.
  • With the exception of the “__cfduid” cookie from CloudFlare, no persistent cookies are set until the user has accepted the request shown when arriving at our site. The CloudFlare cookie is not used for tracking of personal data and is required to ensure the quality of the communication and to protect against certain security threats.
  • With respect to Ad Servers: We do not partner with or have special relationships with any ad server companies.
  • We do use forms where visitors can enter information. In these cases, we inform the user what we will do with the data and ask for permission before the data can be sent.

Cookies are small text files stored on your computer. Some cookies are just information which cannot be used for tracking. Certain cookies include a unique numerical id which is used to track how you and others use the website. If such cookies are stored over a long time, and if it is not necessary to set it, then GDPR demands that you give us permission to set them. There is no requirement to ask your permission to set a cookie which is only used during the session to track your route through the website. Note that we never set any cookies which include your personal information. The cookies get a random number and we cannot through such a number understand who the visitor was who this number relate to. But we can count if people return to our website and we can understand how people use the website. Even if you have once accepted that we use cookies, you can at any time revert this and we would stop to track you. However, the cookies themselves will not be removed but we will not track them any longer.

We do gather certain information about our visitors. This includes IP-number, browser, referring/exit pages, operating system, date/time stamp and other data. We only use this data in an aggregated form and only to understand who our visitors are, what they do on our website and what problems they have.

Technology Partners

The following is as far as we are aware a complete list of the technologies and the processing partners which may in any way be involved in processing your personal information which either may be stored on our website, in the processing partners system or be transferred to our servers in India. Note that we don’t set cookies for all of the below-mentioned technologies. However, since we do use them in one way or another we mention them here. If you want to contact us without any risk of any information about you being stored in our website or reaching any of our partners below, we recommend that you make a direct phone call to +91-2262 7541 during Indian office hours.

WordPress

This is a site built using WordPress. WordPress is a basic website tool but it also includes various plugins. Some of these plugins collect data themselves. We do use JetPack for Analytics. Jetpack and WordPress are working with GDPR compliance. For more information see WordPress privacy policy and JetPack’s. A guide for how to make a WordPress site compliant is found here.

A WordPress website collects personal information through the following means:

  • user registrations
  • comments
  • contact form entries
  • analytics and traffic log solutions
  • any other logging tools and plugins
  • security tools and plugins

Here are some other WordPress plugins we use which do collect data and we describe how we are working to be GDPR compliant.

Contact Form 7

Visitors can fill in a few forms on our page. The information is sent to our official email system via email and routed to the right person. The information is also stored in a table on the website. We have added a checkbox where you have to accept our terms and conditions before you can provide any information.

Very Simple Contact Form

We use this form to collect certain feedback. We have provided a GDPR compliance checkbox where you have to accept the terms before you can post anything.

HotJar

We do at times use Hotjar for finding out how users use our website for example via heat maps. This helps us to see where users click and how they scroll or navigate the page. The purpose for us is to improve the user experience on our webpage. This is a cookie we may use. We have signed a GDPR processing addendum (DPA) with HotJar.

For more information on what cookies Hotjar may use check their Cookie page. Hotjar has a GDPR-compliance page.

JetPack

We do use Facebook JetPack for analytics about the visitors of our site and for automatic updating of plugins. JetPack is taking steps towards GDPR compliance. We are monitoring their progress.

Cloud Flare

We use Cloud Flare as our CDN (Content Delivery Network), which helps in improving the performance of distribution the content across the globe. Cloud Flare also provides some analytics and protects against DoS attacks. Cloud Flare has clearly stated on their GDPR page that they will be fully compliant when GDPR comes into effect on May 25, 2018. We have signed a GDPR processing addendum (DPA) with Cloud Flare.

Facebook

We use Facebook in various ways to keep in touch with clients, employees, potential recruits, friends and prospects in order to engage with our community. We post on Facebook and occasionally we give links to our webpage. On this web page, we also use Facebook cookies to track and analyse our user’s behaviour. Facebook explains what they do with cookies here.

Facebook seems to be aware of GDPR but as far as we understand from reading their page they are not yet (March 29, 2018) fully compliant. Their cookie policy is found here. Their intentions and terms are listed on this page, but since for cookies set by our site we are the controller and they are the processor we will have to verify their compliance before the GDPR comes into place on May 25, 2018. In case we assess that they are not compliant by May 25, 2018, we will remove the Facebook Pixel cookie by then.

Google Analytics

We use Google Analytics to understand what kind of visitors have, where they come from and how they navigate on our site. The following cookies are used by Google: _ga Google is providing a general processor agreement to cover GDPR compliance. Google is providing a general processor agreement to cover GDPR compliance. We use a setting Google provides wherein the last part of the IP-address is not stored.

Hubspot

In order to show a pop-up form when visitors look at our page and to assist us in marketing, we use Hubspot. All information you entered in the form in the site may also be captured by Hubspot. For detailed information about HubSpot’s GDPR readiness please visit their GDPR-readiness page.

Twitter

We do communicate using Twitter at times. It does not seem that Twitter at the moment (29/3/2018) is GDPR compliant or have given any clear information on their site on their roadmap towards GDPR compliance. We don’t use any cookie from Twitter and we are not data controller in any way.

Deleting Information

According to the GDPR, you have the right to request removal of any data we store about you unless we are required by law to retain any such data. Please note that to delete any data stored about you by Google Analytics, HubSpot, Twitter or Facebook you may need to approach them directly (by clicking on the button below we will delete the cookie which should satisfy the requirements of the GDPR).

To block intrusion attempts, we store IP addresses when users try to login with wrong credentials. These IP addresses will not be removed unless you contact us.

If you feel that this site is not following its stated information policy, you may contact us using any of the channels mentioned on our contact page.

What if any of the plugins or providers are not compliant?

If we find that any plugin or service provider is not compliant to the GDPR we will remove it and not use it again unless we have established that it is compliant.