Privacy policy
Last update: April 20, 2018
Introduction
When you use Bizplay, you trust us with your information. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. This is important; we hope you will take time to read it carefully. And remember, you can find controls to manage your information on your company's Settings page (you can find the link to this page at the top of your Dashboard).
Privacy policy
There are different ways you can use our services – to communicate with your customers, inform personnel, or create new content. You share information with us, for example, by creating an account and creating content. As you use our services, we want you to be informed on how we’re using information and the ways in which you can protect your privacy.
Our Privacy Policy explains:
- What information we collect, and why we collect it.
- How we use that information.
- The choices we offer, including how to access and update information.
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses, and browsers, then read about this glossary first. Your privacy matters to Bizplay, so whether you are new or a long-time user, please do take the time to get to know our practices – and if you have any questions, contact us
Principles
At Bizplay, we believe that the less information we know about you, the better. After all, it is impossible to lose, misuse, or abuse information we don’t have. To the extent that we have control over your data or data about you, we see ourselves as custodians of that data on your behalf.
We use your data solely to provide you with services in which you enroll. Our business is providing digital signage services to you, the customer. We have no desire or interest to use or transfer the limited data we acquire for any other purposes.
As stated in our GDPR statment, the services offered through bizplay.com and playr.biz fully comply with the requirements of the European Union’s General Data Protection Regulation (GDPR).
Who we are
Bizplay is a Dutch company located at Fred Raymondhof 1, Utrecht, The Netherlands. You can find Bizplay on the internet at bizplay.com, and country-specific URLs (bizplay.nl for the Netherlands, bizplay.de for Germany, and so on). At the URL bizplay.com only information about our service is provided, and subscriptions can be bought. The actual digital signage service is available from the URL playr.biz. Bizplay complies with Dutch AVG privacy laws and, thereby, the GDPR of The European Union (“EU”).
Information we collect
We collect information to provide a better user experience to you specifically. From basic stuff like which language you speak and your name and email to identify and contact you to more complex things like billing information.
We collect the following types of data in the following ways:
Signage Data
Signage Data is data that users enter and upload into our service to use as signage content. This data can only be managed and modified over an HTTPS connection that requires a valid username/password combination to establish. This data is stored on Amazon AWS data servers and is backed up daily to two different geographical locations on alternate days. The Signage Data is transferred for playback to the players using an HTTP connection since it is considered to be for public consumption when shown on screens. It is possible to protect Signage Data that is transferred to players for playback when using the Pro subscription.
Service data that you give us
For example, we require you to sign up for an account (either a trial or paid) to use our service. When you do, we’ll ask for personal information, like your name, company name, and email address. For a paid subscription additional information such as telephone number or credit card.
We retain the right to hold and use Service Data to provide our services, report usage, and provide our payment processors with the information they need to process payments.
Diagnostic data that we get from your use of our services
We collect information about the services that you use and how you use them. This information includes:
- Device information
We collect device-specific information (such as operating system version and possibly a unique device identifier). Bizplay does not associate this information to any third-party services or data. This information may be used to uniquely identify a player in order to show the correct content, to help us support you when you report a problem, and to check that the number of concurrently active players does not exceed the number of licensed devices. - Log information
When you use our services or view content provided by Bizplay, we automatically collect and store certain information in server logs. This includes:- details of how you used our service to play back your content.
- Internet protocol address.
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your account. Log information is typically kept for a few weeks to enable "post mortem" analyses of problems and to analyze short term trends.
- Location information
When you use Bizplay; we may collect and process information about your location. This is only an estimation of your location that is made from your IP address. This location can be quite inaccurate. The location is used to infer the time zone you are using. This time zone information can easily be overruled by setting the time zone for your company or the player. - Unique application numbers
Certain devices include a unique device/application number when they communicate with our services. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall our Android or ChromeOS app or when that service periodically contacts our servers, such as for automatic updates. - Local storage
We may collect and store information (including non-personally identifiable information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches. - Cookies and similar technologies
We may use cookies or similar technologies to identify your browser or device. We use Google Analytics on our publicly accessible website to analyze the traffic. This information is not linked with information about visits to other sites except the sites and services of our payment providers. The aim of this is to assess how successful we are in selling visitors of our website our subscriptions.
Information we collect when you are signed in to Bizplay is not associated with any third-party service or data sets.
How we use the information we collect
We basically use the information that you give us and that we collect to offer you the best experience of our service, improve and extend our services, and protect Bizplay and our users.
When you contact Bizplay, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
We use information collected from cookies and other technologies to improve your user experience and the overall quality of our services and to help in supporting our users when they report problems or proactively analyze trends to prevent issues.
We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.
Bizplay processes personal information on our servers in several countries around the world. We may process your personal information on a server located outside the country where you live.
Transparency and choice
People have different privacy concerns. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. For example, you can:
Review and control your personal information tied to your Bizplay account by using the Settings page (you can find the link to that page at the top of your Dashboard if you are an administrator, if you are not an administrator, please contact the administrator within your company).
You may also set your browser to block all cookies, including cookies associated with our service, or to indicate when a cookie is being set by us. However, it’s important to remember that you might see small differences in how our service functions if your cookies are disabled. For example, we may not remember your dashboard status.
Information you share
Although most users intend to use Bizplay to publish/share information with an audience, it may not be appropriate in all circumstances to share all the information that Bizplay enables you to. Bizplay offers means to mitigate this risk but can not prevent its users from unintended sharing of secret or inappropriate content.
Information once shared by Bizplay may be forever part of the public domain. This is the inherent flip side of the technology that Bizplay is built upon and offers the many benefits that Bizplay users can leverage.
For accounts that use a Smart or Full subscription, the URL of a Bizplay channel is enough to play back the content that is published/shared on that channel. The Pro subscription offers protection against unwanted/unintended playback. This protection has to be configured on the company settings screen.
Bizplay may show content from third-party services such as Facebook, Twitter, Instagram, and other services. To access the information of these third-party services, an industry-standard technology called OAuth2 is used. This technology ensures that the user grants Bizplay specific access rights to the content of one specific service. This access right can be revoked at any time by the user by logging into the third-party service. This access to a specific service can also be managed in the Bizplay Settings screen.
Information obtained from external platforms
Bizplay has integration capabilities with all kinds of external platforms, such as Instagram, Facebook, Twitter, Google Calendar, Microsoft Calendar and more. Access to these services is obtained by you, the user, giving permission to the platform via the "add account" procedure. The platform provides us with a so-called authorization token that allows us to retrieve the desired information on your behalf. You will never have to enter your login details for these platforms in Bizplay and we never store them. Also, you can revoke the granted access rights at any time; both in Bizplay and on the external platform. Finally, the authorization code is always securely stored on our servers and cannot be distilled from the code running in the web browser.
The data retrieved on your behalf is in no way stored in our systems, nor do we apply any analysis or processing to it, other than applying the desired filters for its playback on the currently running signage presentation. The data is never provided to third parties. The data is not viewed by humans unless it is part of a support request from you, the customer.
Provider specific references
- (App’s) use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Acessing and updating your personal information
Whenever you use our services, we aim to provide you with full access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request. A user with limited rights might have to ask a user with administrator rights within the company to change the information for him/her.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Data processing agreement (GDPR)
Bizplay.com and playr.biz fully comply with the GDPR. Bizplay uses service providers (data processors) in the EU.
Data Location and Transfer
bizplay.com (and bizplay.*)
- The bizplay.com (and other country-specific domains like bizplay.nl, bizplay.de, etc.) website contains no Signage nor Service Data. The servers running the website are located in the EU (Digital Ocean).
- Service Data is send to and stored by data processors; Bizplay (playr.biz), FastSpring, BrainTree, and MoneyBird.
playr.biz
- Signage and Service Data is stored on servers running the digital signage service located in the EU.
- Signage and Service Data access is restricted to members of our staff residing in the EU..
Third-Party Data Processors
Your Secure and Service data are held by third-party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. Links to descriptions of relevant policies and certifications of each of these parties are given. They all report sufficient support for processes, policies, and measures relevant to the GDPR.
Amazon AWS
- Security: https://aws.amazon.com/security/
- GDPR: https://aws.amazon.com/compliance/gdpr-center/, https://aws.amazon.com/compliance/eu-data-protection/
- Privacy: https://aws.amazon.com/privacy/, https://aws.amazon.com/compliance/data-privacy-faq/
Digital Ocean
- Security: https://www.digitalocean.com/security/
- GDPR: https://www.digitalocean.com/security/gdpr/
- Privacy: https://www.digitalocean.com/legal/privacy/
Fastspring
- Security: no specifc security page, mention of security on: https://fastspring.com/products/payments/
- GDPR: [https://fastspring.com/docs/about-gdpr-compliance/)
- Privacy: https://fastspring.com/privacy/
BrainTree
- Security: https://www.braintreepayments.com/en-nl/features/data-security
- GDPR: https://www.braintreepayments.com/en-nl/legal/policy-updates
- Privacy: https://www.braintreepayments.com/en-nl/legal/braintree-privacy-policy
Google Suite
- Security: https://cloud.google.com/security/
- GDPR: https://cloud.google.com/security/gdpr/, as pdf: https://services.google.com/fh/files/misc/google_cloud_and_the_gdpr_english.pdf
- Privacy: https://policies.google.com/privacy?hl=en
MailChimp
Information we share
We do not share personal information with companies, organizations, and individuals outside of Bizplay unless one of the following circumstances applies:
- With your consent
We may share personal information with companies, organizations, or individuals outside of Bizplay when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information. - For external payment processing
We provide personal information to our PCI-compliant payment providers to enable them to do financial transactions for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. Bizplay does not store credit card information, and our systems cannot do financial transactions directly. These measures are aimed at protecting our users against fraud. - For legal reasons
We will share personal information with companies, organizations, or individuals outside of Bizplay if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:- meet any applicable law, regulation, legal process, or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security, or technical issues.
- protect against harm to the rights, property, or safety of Bizplay, our users, or the public as required or permitted by law.
If Bizplay is involved in a merger, acquisition, or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.
Information security
We work hard to protect Bizplay and our users from unauthorized access to or unauthorized alteration, disclosure, or destruction of information we hold. In particular:
- We encrypt access to our services that require a user account using SSL.
- We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to personal information to Bizplay employees and contractors who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Breach notification
If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.
When this privacy policy applies
Our Privacy Policy applies to all of the services offered by Bizplay.
Our Privacy Policy does not apply to services offered by other companies or individuals, including the companies of our users and products or sites that may be displayed to you on devices used by our users. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies and other technologies to serve and offer relevant ads.
Compliance and cooperation with regulatory authorities
We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
GDPR
The European GDPR law explicitly refers to a number of rights you as a user have concerning Bizplay's handling of personal data.
Data Portability
We want happy customers, not trapped ones. We will not lock you out of your own data. You may export your Bizplay data at any time you wish during the life of your account. If you discontinue payment, your account will enter a frozen (read-only) state for a period not less than two months, during which you may still retrieve and export your data after you have contacted us via email.
Export is limited to a part of your Signage Data (images, videos).
Your Right to Knowing What We Know
You have the right to know what we know about you and to see how that data is handled. All Signage and Service data that we have about an account and its users is accessible to the account owner via her/his dashboard. The only data that is not available is the detailed status of the payment process. Any relevant exceptions to those processes will be communicated to you as soon as possible since they mean we did not receive your subscription fee.
You can send requests for information to our support department that we will gladly fulfill; however, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating the control of the customer’s email address.
Your Right to Have Your Data Erased
As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first end your subscription. After the subscription has ended, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 72 hours.
Disaster recovery and data availability requirements mean that Bizplay has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
Automated decisions and profiling
Bizplay does not use profiling of Users based on Service Data
Changes to our privacy policy
Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page, and if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.
Version History
- March 17, 2023: Added "Information obtained from external platforms" section.
- 2 February 2022: Updates concerning data storage and data processing in Europe, a few minor changes to clarify the meaning of the text in Signage Data, Service Data That You Give Us, Information You Share, Accessing And Updating Your Personal Information, Data Portability. Added MFA option to Information Security. Removed Heroku from Third Party Data Processors and fixed a few typos.
- 20 April 2018: Updates with regards to GDPR in the paragraphs: Who we are, Principles, Information we collect, Data processing agreement, Information we share, Information security, GDPR
- 1 December 2011: Initial version