Date: March 4 2022
1. Who we are
1. We are Endtest Inc., a Delaware company, email: firstname.lastname@example.org.
Throughout the site, the terms 'we', 'us' and 'our' or any equivalent terms refer to Endtest.
2. The platform Endtest (“Platform”) is a software application provided as a service (Saas), via your Internet browser, and is designed to help organizations efficiently build automated end-to-end tests for Web and Mobile Applications.
2. Our processing of data provided by users
4. Through our website and Platform we may collect, store, transfer and, in general, use (these operations collectively referred to as “processing” or “processing operation”) various information provided by Users, some of which include personal data (meaning any information referring to an identified or identifiable individual – the Data Subject).
5. Most of the processing operation are carried out in the name and on behalf of the Users, in accordance with the Users’ instructions. In relation to such processing, we have the capacity of Data Processor.
6. Consequently, the Platform is a testing instrument, which can be also used to process personal data (e.g. storage) for the purposes followed by the Users, namely building automated end-to-end tests for Web and/or Mobile Applications.
7. Also, we process a minimal amount of personal data, in our capacity as controller, as described below.
3. Data processor operations
9. The information below are the personal data you input or you may make accessible within the Platform for using it:
Personal data of team members assigned in the Platform (such as: name, e-mail, IP address)
10. You can also add various other information used within the Platform, which may include personal data.
11. The data is stored in an encrypted format and is NOT clearly accessible to third parties. By way of exception, we may access such data, incidentally, in the event of technical maintenance of the Platform.
12. Only the Users have access and control over such data (e.g. you may choose to insert, erase, modify them or limit the access to them, at any point)
13. For this processing made as Data Processor, we have undertaken the Data Processing Agreement which you may access at the following link: DPA
14. By creating the User account and by using the Platform, the User specifically agrees to become a part of the said Data Processing Agreement, which regulate our processing operations as Data Processors.
4. Processing as Data Controller
15. In this section 4, we present several important aspects regarding the personal data processing which we undertake as Data Controller. Such information includes:
a. The general context of the processing, what type of personal data or other information we process, as well as the purposes for which such processing is made (para 16 et seq);
b. To whom we may disclose such data, where the case (para 21 et seq)ꓼ
c. International data transfers, if any made (para 25 et seq);
d. The (in)existence of automated decision-making, if any (para 26 et seq);
e. What type of security measures we apply to protect your data (para 27 et seq)ꓼ
f. What are your rights in relation to the personal data processed (para 28 et seq)ꓼ
g. Other mandatory information provided by the applicable law, mainly REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”).
16. General context of processing
Context of collectionCategories of dataPurpose of processingCreation of the user accountName, surname, e-mail, passwordAccessing the Platform.The e-mail may also be used for sending marketing e-mails based on the consent of the Users.Contact formName, surname, e-mail, other information provided in the body of the e-mailContacting the users who wish to communicate with us.
17. Duration of storage. The data remains with us, in electronic format, for up to 3 years from your last communication with us. You may also unsubscribe from our database at any time and without any cost, by contacting us as described in section I of this Policy.
18. Processing in the context of e-mail marketing. In respect of the data used to send you marketing e-mails (i.e. newsletters), you can ask us to stop our processing (i.e. erasing the data from our database and stopping the marketing e-mails) by contacting us.
You can also unsubscribe – free-of-charge and at any time – by accessing the “unsubscribe” button/link you receive at the end of each such e-mail. Within 48 hours we will eliminate the e-mail address from our database.
19. Legal basis for processing
Art. 6, letter a) of the GDPR (consent) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes. More specifically, we are facilitating the use of our website and Platform and present our company and services to you, upon your request to communicate with us. Also, your consent is the basis for the marketing e-mails we send to you.
Art. 6, letter f) of the GDPR (legitimate interest)– The legitimate interest of the controller of promoting its activity and carrying out its business. This is applicable in respect of the marketing e-mails which are not sent based on the consent of the users, but are allowed under the law (e.g. marketing e-mails sent to existing clients).
20. Other processed information
We and our partners (such as advertising servers, content servers, etc.) may also collect pseudonymized or anonymous information about you through cookies, action tags and similar instruments. For more information regarding our Cookies Policy, follow this link
21. To whom we may disclose the personal data and other information you provide:
Our employees, consultants and other authorized persons which need to know such information. Every such person is subject to a legal or contractual confidentiality undertaking;
Our partners. Such third-party partners may include online services providers, software providers, webhosting providers, online advertisers etc.
23. The online payment details (such as your credit card or debit card number) are provided directly to our payment processor [PayPal]. We do not access or store such information.
24. We do not sell or rent the personal data and other information you provide to other companies or persons.
25. International data transfer.
At the moment we do not intend to transfer your data to any third party, including those based outside the European Union. In the future, the above-mentioned data may also be transferred to a third-party in the context of a business transfer from Endtest Inc. to a third-party. Your explicit consent regarding the transfer will be asked beforehand and you will have the possibility to oppose to such transfer.
26. Inexistence of an automated individual decision-making, including profiling.
The Data Subject shall not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
27. How do we protect your data
Your data is protected by a wide range of security measures, both local and online, including:
SSL Certificates - Our SSL certificates guarantee the highest possible encryption levels for online transactions. Each SSL certificate is signed with NIST recommended 2048 bit signatures and provides up to 256 bit encryption of customer data.
Locally, we use Mac desktops protected by strong passwords for each of our operators and the emails are secured on data centers.
28. What are your rights and how you may exercise them
We are committed to respecting your rights regarding your personal data and information you provide to us. Briefly, in relation to your personal data you have the following rights:
- Right to object to the data processing (if applicable)
At any moment, based on grounds relating to his or her particular situation, the data subject has the right to object to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- Right of access.
You have the right to access your personal data that we are processing; you also have the right to obtain information regarding the nature, the processing and disclosure of such data, as well as to obtain a copy of the personal data which is processed.
- Right to rectification.
Upon your request we will correct any errors or inaccuracies regarding your personal data that we are processing.
- Right to be forgotten.
You can also request that we erase all your personal data that we or our partners are processing. However, not all the requests for erasure of personal data shall be granted, for example if the controller uses the personal data for defending its legal claims.
- Right to restrict the data processing.
Under certain condition provided the law, you have the right to restrict the processing of your personal data that we are processing (for example: if the accuracy of the personal data is challenged by the data subject). Under such circumstances, the processing shall be suspended, except for certain specific processing (e.g. for which the data subject consents or in the case of storage).
- Right to data portability.
You have the right to request us to send you your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
- Right to withdraw your consent.
Where the personal data processing is based on your consent, you may withdraw such consent at any moment. This shall not affect any previous data processing, but, may prevent us from processing it in the future.
- Right to lodge a complaint with a supervisory authority.
For data processing falling under the jurisdiction of the Delaware authorities you may lodge a complaint with the Delaware Attorney General (https://attorneygeneral.delaware.gov).
The above-mentioned rights do not preclude any rights you have under any applicable law.
29. Other information
29.1 What happens if you refuse to provide us with your personal data
You are not obliged under the law to provide us with your personal data, however refusing to provide it may in certain cases result in the inability to provide you our services (e.g. if you do not provide the minimal data required for the creation of the account you cannot use the Platform; if you do not provide us with your contact details, we will not be able to contact you, etc.).
29.3 Links to other websites
This website may contain links to other websites (which in their turn may collect personal data from you). By accessing such links, you will become subject to the practices and policies of such third-party websites. We encourage you to analyze them beforehand and take necessary precautions. We cannot be held liable for the practices and policies of such third-party websites regarding your use thereof.