Last updated: April 20, 2018
There are different ways you can use our services – to communicate with your customers, to inform personnel or create new content. You share information with us, for example by creating an account and creating content. As you use our services, we want you to be informed on how we’re using information and the ways in which you can protect your privacy.
- What information we collect and why we collect it.
- How we use that information.
- The choices we offer, including how to access and update information.
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses and browsers, then read about this glossary first. Your privacy matters to Bizplay so whether you are new or a long-time user, please do take the time to get to know our practices – and if you have any questions contact us.
At Bizplay, we believe that the less information we know about you, the better. After all, it is impossible to lose, misuse, or abuse information we don’t have. To the extent that we have control over your data or data about you, we see ourselves as custodians of that data on your behalf.
We use your data solely to provide you with services in which you enroll. Our business is providing digital signage services to you, the customer. We have no desire or interest to use or transfer the limited data we acquire for any other purposes.
As stated in our GDPR statment, the services offered through bizplay.com and playr.biz fully comply with the requirements of the European Union’s General Data Protection Regulation (GDPR).
Who We Are
Bizplay is a Dutch company located at Fred Raymondhof 1, Utrecht, The Netherlands. You can find Bizplay in the internet at bizplay.com, and country specifc URLs (bizplay.nl for the Netherlands, bizplay.de for Germany and so on). At the URL bizplay.com only information about our service is provided and subscriptions can be bought. The actual digital signage service is available from the URL playr.biz. Bizplay complies with Dutch AVG privacy laws and thereby the GDPR of The European Union (“EU”).
Information We Collect
We collect information to provide a better user experience to you specifically. From basic stuff like which language you speak and your name and email to identify and contact you, to more complex things like billing information.
We collect the following types of data in the following ways:
Signage Data is data that users enter and upload into our service to use as signage content. This data can only be managed and modified over an HTTPS connection that requires a valid username/password combination to establish. This data is stored on Amazon AWS data servers and is backed up daily, to two different geographical locations on alternate days. The Signage Data is transfered for playback to the players using a HTTP connection since it is considered to be for public consumption when shown on screens. It is possible to protect Signage Data that is transferred to players for playback when using the Pro subscription.
Service data that you give us
For example, we require you to sign up for an account (either a trial or paid) to use our service. When you do, we’ll ask for personal information, like your name, company name and email address. For a paid subscription additional information such as telephone number or credit card.
We retain the right to hold and use Service Data to provide our services, report usage and to provide our payment processors with the information they need to process payments.
Diagnostic data that we get from your use of our services
We collect information about the services that you use and how you use them. This information includes:
- Device information
We collect device-specific information (such as operating system version and possibly a unique device identifier). Bizplay does not associate this information to any third party services or data. This information may be used to uniquely identify a player in order to show the correct content, to help us support you when you report a problem and to check that the number of concurrently active players does not exceed the number of licensed devices.
- Log information
When you use our services or view content provided by Bizplay, we automatically collect and store certain information in server logs. This includes:
- details of how you used our service to play back your content.
- Internet protocol address.
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your account. Log information is typically kept for a few weeks to enable "post mortem" analyses of problems and to analyse short term trends.
- Location information
When you use Bizplay, we may collect and process information about your location. This is only an estimation of your location that is made by from your IP address. This location can be quite inaccurate. The location is used to infer the time zone you are using. This time zone information can easily be overruled by setting the time zone for your company or the player.
- Unique application numbers
Certain devices include a unique device/application number when they communicate with our services. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall our Android or ChromeOS app or when that service periodically contacts our servers, such as for automatic updates.
- Local storage
We may collect and store information (including non personally identifiable information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
- Cookies and similar technologies
Information we collect when you are signed in to Bizplay is not associated with any third party service or data sets.
How We Use Information We Collect
We basically use the information that you give us and that we collect to offer you the best experience of our service, improve and extend our services and to protect Bizplay and our users.
When you contact Bizplay, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
We use information collected from cookies and other technologies to improve your user experience, the overall quality of our services and to help in supporting our users when they report problems or pro actively analysing trends to prevent issues.
Bizplay processes personal information on our servers in several countries around the world. We may process your personal information on a server located outside the country where you live.
Transparency And Choice
People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:
Review and control your personal information tied to your Bizplay account by using the Settings page (you can find the link to that page at the top of your Dashboard if you are an administrator, if you are not an administrator please contact the administrator within your company).
You may also set your browser to block all cookies, including cookies associated with our service, or to indicate when a cookie is being set by us. However, it’s important to remember that you might see small differences in how our service functions if your cookies are disabled. For example, we may not remember your dashboard status.
Information You Share
Although most users intend to use Bizplay to publish/share information with an audience it may not be appropriate in all circumstances to share all the information that Bizplay enables you to. Bizplay offers means to mitigate this risk but can not prevent its users from unintended sharing of secret or inappropriate content.
Information once shared by Bizplay may be forever part of the public domain. This is the inherent flip side of the technology that Bizplay is build upon and offers the many benefits that Bizplay users can leverage.
For accounts that use a Smart or Full subscription the URL of a Bizplay channel is enough to play back the content that is published/shared on that channel. The Pro subscription offers protection against unwanted/unintended play back. This protection has to be configured on the company settings screen.
Bizplay may show content from third party services such as Facebook, Twitter, Instagram and other services. To access the information of these third party services an industry standard technology called OAuth2 is used. This technology ensures that the user grants Bizplay specific access rights to the content of one specific service. This access right can be revoked at any time by the user by logging into the third party service. This access to a specific service can also be managed in the Bizplay Settings screen.
Accessing And Updating Your Personal Information
Whenever you use our services, we aim to provide you with full access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request. A user with limited rights might have to ask a user with administrator rights within its company to change the information for him/her.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Data Processing Agreement (GDPR)
Bizplay.com and playr.biz fully comply with the GDPR. Bizplay uses service providers (data processors) in the Netherlands and the USA.
Data Location and Transfer
bizplay.com (and bizplay.*)
The bizplay.com (and other country specific domains like bizplay.nl, bizplay.de etc.) website contains no Signage nor Service Data. The servers running the website are located in the USA (Digital Ocean).
Service Data is send to and stored by data processors; Bizplay (playr.biz), FastSpring, BrainTree and MoneyBird.
Signage and Service Data is stored on servers running the digital signage service located in the USA (Heroku, Amazon AWS)
Signage and Service Data access is restricted to members of our staff residing in the EU.
Third-Party Data Processors
Your Secure and Service data are held by third party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. Links to descriptions of relevant policies and certifications of each of these parties are given. They all report sufficient support for processes, policies and measures relevant to the GDPR.
Heroku and Salesforce (Heroku is a subsidiary of Salesforce)
- Security: https://www.heroku.com/policy/security
- GDPR: https://www.salesforce.com/eu/campaign/gdpr/
- Privacy: https://www.salesforce.com/company/privacy/
- Security: https://aws.amazon.com/security/
- GDPR: https://aws.amazon.com/compliance/gdpr-center/, https://aws.amazon.com/compliance/eu-data-protection/
- Privacy: https://aws.amazon.com/privacy/, https://aws.amazon.com/compliance/data-privacy-faq/
- Security: no specifc security page, mention of security on: https://fastspring.com/products/payments/
- GDPR: https://fastspring.com/c/gdpr-compliance-2018/
- Privacy: https://fastspring.com/privacy/
- Security: https://www.braintreepayments.com/en-nl/features/data-security
- GDPR: https://www.braintreepayments.com/en-nl/legal/policy-updates
- Privacy: https://www.braintreepayments.com/en-nl/legal/braintree-privacy-policy
- Security: https://www.digitalocean.com/security/
- GDPR: https://www.digitalocean.com/security/gdpr/
- Privacy: https://www.digitalocean.com/legal/privacy/
- Security: https://cloud.google.com/security/
- GDPR: https://cloud.google.com/security/gdpr/, as pdf: https://services.google.com/fh/files/misc/google_cloud_and_the_gdpr_english.pdf
- Privacy: https://policies.google.com/privacy?hl=en
- Security: https://mailchimp.com/about/security/
- GDPR: https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation
- Privacy: https://mailchimp.com/legal/privacy/
Information We Share
We do not share personal information with companies, organisations and individuals outside of Bizplay unless one of the following circumstances applies:
- With your consent
We may share personal information with companies, organisations or individuals outside of Bizplay when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.
- For external payment processing
- For legal reasons
We will share personal information with companies, organizations or individuals outside of Bizplay if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of Bizplay, our users or the public as required or permitted by law.
We work hard to protect Bizplay and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information we hold. In particular:
- We encrypt access to our services that require a user account using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- We restrict access to personal information to Bizplay employees and contractors who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.
Compliance And Cooperation With Regulatory Authorities
The European GDPR law explicitely refers to a number of rights you as a user have concerning Bizplay's handling of personal data.
We want happy customers, not trapped ones. We will not lock you out of your own data. You may export your Bizplay data at any time you wish during the life of your account. If you discontinue payment, your account will enter a frozen (read-only) state for a period not less than two months during which you may still retrieve and export your data after you have contacted us via email.
Export is limited to a part of your Signage Data (images, videos).
Your Right to Knowing to What We Know
You have the right to know what we know about you and to see how that data is handled. All Signage and Service data that we have about an account and its users is accessable to the account owner via her/his dashboard. The only data that is not available is the detailed status of the payment process. Any relevant exceptions to those processes will be communicated to you as soon as possible since they mean we did not receive your subscription fee.
You can send requests for information to our support department that we will gladly fullfill, however, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
Your Right to Have Your Data Erased
As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first end your subscription. After the subscription has been ended, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 72 hours.
Disaster recovery and data availability requirements mean that Bizplay has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
Automated decisions and profiling
Bizplay does not use profiling of Users based on Service Data
- April 20th 2018: Updates with regards to GDPR in the paragraphs: Who we are, Principles, Information we collect, Data processing agreement, Information we share, Information security, GDPR
- December 1st 2011: Initial version
If you have any questions please send an email to firstname.lastname@example.org.