What do we do with your personal information?
The following information has been collated to provide a clear and concise understanding of all personal data stored and used by Mythicsoft. If for any reason you would like clarification or more information please contact firstname.lastname@example.org.
Why does Mythicsoft collect personal data?
Mythicsoft requires your personal information to register specific Mythicsoft products to you and provide support services and/or product information or updates. We will only send you newsletter or product update emails if you have provided consent through a double opt-in signup process, which you can unsubscribe from at any time.
Who do we share your information with?
Mythicsoft does not share your information with third parties for marketing purposes outside of the Mythicsoft’s own marketing operations.
In order to provide the best service we can we use the services of third parties, such as credit card processing companies (to bill you for goods and services), survey providers to send out surveys on our behalf (such as SurveyMonkey), and email providers (such as Amazon/GMail). All third parties we use have comprehensive privacy policies to protect your information.
What data is collected and stored?
We collect information from various sources:
- Product purchases via 3rd party providers, such as FastSpring, will request information such as name, email, address, telephone number, company name, and credit card information so that you can securely and safely pay for the product. The 3rd party providers then notify us of the purchase and provide all the information except the credit card information. Mythicsoft does not record, process, store, or handle credit card information in any way unless you send credit card information to us via email, which we do not recommend. During the purchase process we may also ask for optional information such as product usage information to help us understand how you use the product.
- Registration for free products, such as Agent Ransack, request information such as name, email address, company name, number of users, and usage information.
- Technical Support collects email address, names and diagnostic information if included with the email. This information is retained after the support incident to help with future support requests. Since the support ticketing system is built around email this information is stored in both the ticketing system database and support staff email systems such as Gmail and Outlook offline storage caches.
- Website logs and analytics includes information such as IP addresses, pages visited and browser header information (such as browser type and operating system). This information is shared with Google Analytics to provide enhanced web site analytics. We use this information to help optimise the web site and understand visitor interest.
- Account auditing information such web site logins, changes to passwords and email addresses are recorded to securely monitor account access and ensure the safety of accounts. Passwords are stored securely as one-way BCrypt hashes.
- Crash reports sent to us via the built-in Crash Reporting tool are initially stored in a secure section of the web site before being downloaded to our crash report system. Crash reports can contain screenshots, registered email addresses, error logs, and crash dumps but any or all of these data stores can be deleted prior to submission. Crash reports are not automatically sent to us, they require the end user to specifically click on the ‘Send Report’ button on the Crash Report dialog.
Some of the above information is used to analyse trends and understand demographic information about our user base so that we can improve our services and usability of our services. We may use Statistical Information to operate our hardware and software, diagnose problems and administer our web site. We may also use aggregate information to modify the products and services we offer based on who is visiting our web site, and what they are purchasing. We do not use this data to identify you individually.
Where is the data stored?
The collected information is stored on one or more of the following systems:
- Web site databases. All databases are password protected with long, randomly generated passwords.
- Computer system hard drives. All computer systems are protected with complex passwords and are kept in secure locations. No personal data is allowed to be stored on laptops or removable media.
- Third party offsite backup systems. All backups are encrypted and protected with long, randomly generated passwords.
How long do we keep hold of your information?
Mythicsoft will store your information for as long as your registration is active or as required so that we can provide you with the necessary product support and services. If you wish to cancel your registration or request that we no longer provide you with our services then please contact us at email@example.com. We will retain your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
How can I access/change/delete/move the data you hold?
- Customers/users have access to their data and can request access and view the data that Mythicsoft have collected on them at any time. You have the right to obtain confirmation about how that data is or is not being collected, and if so exactly what data is being collected, how, where, and for what purpose.
- Customers/users can also request, obtain, and/or transfer possession of collected data at any time, and this will be actioned by Mythicsoft within one month of receipt.
- Customer/users can withdraw consent and purge personal data collected on them; i.e. the “Right to Be Forgotten” at any time.
- This data is provided to customers/users in an electronic format free of charge on request.
To action any of the above, please contact David Vest at Mythicsoft via email address: firstname.lastname@example.org for this information.
If a breach/unauthorized access of personal data takes place that is likely to “result in a risk for the rights and freedoms of individuals”, notification will be made within 72 hours of becoming aware of the breach.
The security of your personally identifiable information is important to us. When you provide personally identifiable information to us, as well as sensitive information, we ensure that it is available only to key personnel.
Security patches are applied to our systems as a matter of priority and any changes or updates to our own systems are done so, always, with data protection and privacy in mind and where appropriate, in discussion with our customers.
We follow generally accepted industry standards to protect the personally identifiable information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personally identifiable information, we cannot guarantee its absolute security.
Contact details for Mythicsoft’s Data Protection Officer
David Vest – Director
St John’s Innovation Centre,
Cambridge, CB4 0WS