Updated September 1, 2021
- what type of information we collect
- how we use such information
- your rights to your information
- how we protect your information
- our commitment to compliance for customers
Information We Collect and Why
In simple terms, the only personal data we truly capture is the minimum required to operate our administrative website.
Identity & Access
When you sign up for our product (scanii.com), the only personally identifying information we collect and maintain is your name, email address, company name, and the IP address used to register for our services.
We will only use your personal information for the following purposes:
- to deliver the products and/or services to you that you have requested
- to validate your compliance with our terms and conditions
- for content improvement and feedback purposes
- to reach you, when necessary, regarding your use of the web site or product(s).
By submitting your email address on this website, you agree to receive email from us. You may cancel your participation in any of these email lists at any time by clicking the opt-out link or other unsubscribe option that is included in the respective email. We only send emails to people who have authorized us to contact them and never send unsolicited commercial emails, because we hate spam as much as you do.
When you pay for our product, we ask for your credit card and billing address. This information is only used to charge for the services used, calculate taxes, and send you invoices. We do not collect any credit card information, instead we use Stripe’s payment processing system to help ensure your transactions are safe and PCI compliant.
When you reach out to us with a question or to ask for support, we keep that correspondence, including the email address, so that we have a historical record of past correspondences to reference if necessary.
We do use persistent first-party cookies to store certain preferences, make it easier for you to use our applications and support some in-house analytics. These settings can be adjusted within your own browser at any time.
Information we DO NOT Collect
We do not collect any characteristics of protected classifications including age, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities.
Accessing or Sharing Your Information
In general, our practice is to not access your information and we will never sell your information to third parties. In fact, the only times we would ever access or share your info are:
- To deliver the products and/or services that you, our customer, have requested. We have entered into DPAs with all third party sub-processors that support the delivery of our products and services, therefore this same personal data (email, name, company name) may also be shared with our public list of subprocessors.
- To assist you in troubleshooting or to fix a software bug when you reach out to us for support.
- To investigate, prevent, or take action regarding illegal activities.
- In response to lawful requests by public authorities, for law enforcement or national security reasons, or when such action is necessary to comply with a judicial proceeding to court order, or when otherwise required by law.
- If Uva Software were acquired by or merged with another company.
Your Rights to Your Information
We apply the same data rights to all customers, regardless of their location. Uva Software recognizes the rights granted under some of the most privacy-forward regulations in effect at this time including the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These rights include:
Right to access: This is your right to access the personal information collected, stored, processed and shared about you. We give customers full access to view their personal data at any time by logging into their account.
Right to rectification: This is your right to request changes to your personal data. We give customers full access to make changes to their personal data at any time via a self-service privacy control center. Click here to make any changes to your personal data.
Right to be forgotten: This is your right to erase or redact all personal data maintained on our site. Click here to exercise your right to be forgotten from our system via a self-service privacy control center.
Right to withdraw consent: This is your right to withdraw a previously given consent for processing of your personal data. Upon request, we would stop the processing of your personal data.
Right to object: This is your right, under certain circumstances, to object to how or why your personal information is processed.
Right for data portability: This is your right to request an electronic transcript of or transfer of any personal data maintained on our site.
Right to object to automated processing: This is your right to object to decisions made by an automated software that may impact you.
Right to Complain: You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Right to Non-Discrimination: This right stems from the CCPA. We do not and will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, exercising certain rights may prevent you from using our services.
Many of these rights can be exercised by signing into your scanii.com account and updating your user preferences.
If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Securing Your Data
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, logical, and managerial procedures to safeguard and secure the information we collect online.
We do everything we can to protect user information offline. Unfortunately, no transmission over the Internet can be guaranteed to be 100% secure. As a result, while we take reasonable measures to protect your information, we cannot ensure or warrant the security of the information that you transmit to us, and you do so at your own risk.
The files that are analyzed by scanii.com are not permanently stored in our systems. We maintain no information about the files we scan outside of the file signature, type, and size. These elements will never contain any information that could identify you or your customers.If you ever have an access problem we will protect your privacy and security, we will take reasonable steps to verify your identity before granting access or making related changes.
Check out our Scanii Security Overview for additional information.
Location of Site and Data
Uva Software is owned and operated in the United States. Information you provide to us when registering for our service is transferred to and stored in the United States.
Processors We Use
Uva Software does use third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We have entered into GDPR-compliant data processing agreements with all sub-processors thereby ensuring GDPR safeguards everywhere personal data is processed.
Sub-processors located in the United States include:
- Amazon Web Services: Cloud services provider
- Stripe: Payment processing services
- Help Scout: Helpdesk software
- New Relic: Performance monitoring
- Microsoft: Email Services
Transferring Personal Data From the EU
The General Data Protection Regulation requires that any data transferred out of the EU must be treated with the same level of protection that the EU privacy laws grant. Since GDPR went into effect, we offered a standard Data Processing Addendum (DPA) and self-certified to both the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.
Our Data Processing Addendum is now incorporated into our Terms of Service and includes the European Commission’s Standard Contractual Clauses (SCC) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed. An executable copy of the Data Processing Addendum, is available for you to sign online.
Privacy Shield Policy
Despite recent rulings, Uva Software, LLC continues to be committed to and comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, the United Kingdom and Switzerland to the United States.
Uva Software is subject to the investigatory and enforcement jurisdiction of the Federal Trade Commission (FTC) with regard to the Privacy Shield Framework.
Privacy Shield Principles
The Privacy Shield Framework uphold specific principles, many of which have been described in the section of this policy titled Your Rights to Your Information. To further clarify, Uva Software commits to uphold the following principles for all EU, UK, and Swiss personal data transferred into the United States.
Individuals have the right to access their personal data and to update, correct, and/or amend information that is incomplete. Individuals also have the right to request erasure of personal information that has been processed in violation of the principles. Individuals may exercise these rights by signing in and directly updating their account information. If you have questions about exercising these rights or need assistance, please contact us at https://bbbprograms.org/privacy-shield-complaints for more information and to file a complaint. This service is provided to you free of charge.
If your Privacy Shield complaint cannot be resolved through these channels, under limited conditions, you may invoke binding arbitration before a Privacy Shield Panel. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.