Your privacy is important to us. It is Upscaler Limited's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website at https://www.upscaler.io and web application at https://app.upscaler.app and any other sites we own and operate.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
1. Information we collect and how it is used
When browsing our website, submitting information via our contact form, registering with us for services online, registering interest in advertised job roles through our website, logging into our online services, subscribing to application status updates, and purchasing services from us, we collect personal information about you that may be combined, reviewed, logged, stored, or accessed for the following purposes:
- Analysis of the performance of our website by monitoring usage and traffic patterns;
- To enable you to customise or personalise your experience of our website;
- Responding to requests for more information about our products and services;
- Registering an account so that we can provide you with the services you have requested;
- Processing subscription payments;
- Responding to demo and onboarding session requests;
- Facilitating login to the Upscaler application using a registered Upscaler account or third party account such as Google and Microsoft;
- Reviewing and responding to applications for advertised positions;
- Providing support to our customers by receiving, analysing, and responding to support requests;
- Facilitating the correct operation of our services by logging necessary transaction, event, and error data.
- Facilitating subscription to status updates for the Upscaler application so that we can provide you with real-time application status notifications.
- Communicating with you regarding changes and improvements to the Upscaler application which are relevant to your service subscription.
1.1 Types of data collected
The specific types of personal data that we collect are:
- Contact data consisting of name, email address, and phone number, where provided in contact request forms, demo bookings, onboarding session requests, application status subscriptions, service subscriptions or referrals.
- Authentication data such as your name and email address which is used for login to our service. A phone number may also be used to confirm your identity as a second factor of authentication (2FA).
- Where Single Sign-On (SSO) integration is used to facilitate user authentication and access to the application, email address, display names, and publicly available account profile pictures may also be collected as part of the account verification process between the SSO service provider and our application.
- Analytics data from our website consisting of device type, operating system used, unique device identifiers, device settings or preferences, and geo-location data. We currently anonymise IP address data.
- Recruitment data consisting of name, contact details, previous employment information, education and training.
- Personal data submitted via support requests which would typically contain contact data consisting of name, email address, and phone number, but may also include screenshots taken on your local devices that may inadvertently include personal data about you.
- Log data which may include technical details about devices that you used and actions performed by you either on our website, or while logged into our services. Personally identifiable data is removed from log data wherever possible, but it may be possible to combine log data to personally identify persons using our services.
2. Our legal basis for processing your personal data
The processing activities we perform are primarily carried out for our legitimate interest as a commercial company that is developing and selling software-as-a-service. We also process personal data in order to fulfil our contractual and service level obligations to you when you purchase these services from us.
When you submit personal data to us by registering your interest in an advertised position, we process this data based on our legitimate interest and your consent by you voluntarily submitting the data to us.
3. Retention of your personal data
For example, if you have provided us with personal information as part of creating an account with us, we will retain this information for the duration your account exists on our system in order to provide services to you. Where you no longer subscribe to our services, your personal data will be deleted, or anonymised to the extent possible where it may need to be retained for legal and regulatory purposes.
4. Security of your personal data
When we collect and process personal data, and for the duration that we retain and store this data, we will protect it within commercially acceptable means to prevent loss and theft, and unauthorised access, disclosure, copying, use or modification. We do this primarily by:
- Using industry standard encryption technology wherever possible to protect your data from the point of collection to the time that it is deleted;
- By implementing access control mechanisms;
- By ensuring data processing agreements are in place with relevant third parties;
- By training our employees and contractors on the correct handling of your data.
However, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security. For example, you are responsible for the safe keeping and strength of any passwords you create to log into our services, and for ensuring the security of your own information within the bounds of our services. Where your password can be easily guessed, or where you inadvertently divulge it to unauthorised users, we cannot ensure the confidentiality of the data held in your account with us.
5. Sharing of personal data with third parties
Your personal data will be shared with third parties that we use to help deliver our services to you, or where required to share it for legal or regulatory purposes. Categories of third parties would include:
- Cloud-service providers contracted by us to provide required infrastructure and data centre services, which would include services such as data storage, processing, logging and monitoring, email, web-services, networking, data backup, account authentication, feature-flag services, etc.;
- Web-hosting providers for hosting of our website and collection of contact form data and demo requests;
- Data analytics providers for analysis of web-traffic data;
- Contractors employed to carry out specific services on our behalf;
- CRM services for recording and managing customer accounts;
- Payment providers to process payment of your subscriptions;
- Legal and regulatory authorities where required in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights;
- Communication tool providers used to facilitate customer communications.
Our primary third parties are currently:
- Google Firebase
- Google Analytics
- NetHunt CRM
- Microsoft 365
- Atlassian Statuspage
- Twilio SendGrid
6. International transfers of personal data
The personal data we collect is primarily stored and processed within the EU, and more specifically in Ireland wherever it is possible to restrict the processing of your personal data. Third parties that we contract for services may use processing facilities outside of the EU for redundancy, and for the purposes of providing support services. Where this is the case, and the country does not have equivalent data protection laws to that of the EU, we will ensure:
- Any transfers of data are performed in accordance with the requirements of applicable law; and
Typically, we will do this by ensuring Standard Contractual Clauses (SCC) published by the European Commission are in place with relevant third parties as part of our ISO/IEC 27001:2013 aligned supplier due diligence programme prior to any transfers. Where this is not possible, we will ensure that transfers will only take place based on your informed consent.
7. Children's privacy
We do not aim any of our products or services directly at children under the age of 18 and we do not knowingly collect personal information about children under 18.
We use 'cookies' to collect information about the devices you use and your activity across our site as mentioned in section 1 of this policy. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified, and helps us to analyse the performance of our site.
9. Your data protection rights
Under data protection law, you have certain rights which you are entitled to exercise and which we are required to make you aware of. These include:
9.1 The right to access
You may request that we provide you with copies of any personal data that we hold about you.
9.2 The right to rectification
9.3 The right to erasure
You have the right to request that we erase any personal data we hold about you. However, where we are required to process your data for a legal basis such as compliance with a legal obligation, or where the data must be processed to continue to deliver contracted services to you, it may not be possible to erase your personal data.
9.4 The right to restrict processing
You have the right to request that we restrict the processing of your personal data if (i) you are concerned about the accuracy of your personal data; (ii) you believe your personal data has been unlawfully processed; (iii) you need us to maintain the personal data solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
9.5 The right to object to processing
9.6 The right to data portability
You have the right to request that your personal data be transferred to you, or another data controller of your choice, in a structured and machine-readable form so that the personal data can be reused. An example of this may be if you choose to transfer services to another service provider.
As mentioned in section 2 of this policy, you have the right to withdraw consent of the processing of your personal data at any time, subject to certain conditions. To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided below, or opt-out using the opt-out facilities provided in the communication. We may need to request information from you to help us confirm your identity.
9.8 Lodging a complaint with a supervisory authority
You have the right to lodge a complaint regarding our processing of your personal data with a supervisory authority. In Ireland, the supervisory authority is the Data Protection Commission, and you can submit a complaint via webform or post as directed on their website.
10. Contacting us
The personal data that we process about you is controlled by Upscaler Limited, Yellow Walls Road, Malahide, Co. Dublin, Ireland. For any queries or requests regarding your personal data, or if you believe that we may be in breach of relevant data protection law, please contact: email@example.com. Where you prefer to make a request verbally via phone call, please let us know and we will arrange a call back.
Where you submit a data subject access request to us, we will respond without undue delay in writing, unless specifically requested otherwise, within 1 month of receiving your request, in line with current data protection law.
11. Changes to this policy
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or provide you with the facility to opt in to or opt out of, as applicable, any new uses of your personal information.