1.1. This Policy is an integral part of NextGIS Terms of Service available at https://nextgis.com/terms and User Agreements for the specific Services, in case User Agreements directly specify it.
1.2. Hereinafter the Policy uses the meaning of terms and expressions pursuant to the Terms of Service or User Agreements for the specific Services, unless the Policy directly specifies or implies otherwise. If the definition is not provided, terms and expressions shall be construed pursuant to the laws of Estonia.
1.3. By using the Services in any way User signifies his/her acceptance of this Policy and terms for processing of his/her Personal information set out in the Policy. If User does not agree with these terms, he/she should abstain from use of the Services.
1.4. Administrator contracts with the third party service providers. These third party services may require access to User’s Personal information. For example, Administrator uses third party services to provide hosting, payment processing, customer support, data analytics, email automation, and other services. Administrator’s contracts with these services provide for the confidentiality and security of User’s Personal information shared with them.
2. What information we collect about you
2.1. User’s Personal information (the “Personal information”) in this Policy means the following information, including personal data:
- mandatory information provided by User to Administrator during signup or authorization. This information includes User’s email address, username and password;
- additional information which User can choose to provide to Administrator at his/her discretion, either manually or by giving access to his/her accounts at other online resources. Such additional information may include: name, last name, phone number, company affiliation, country of residence, profile photo, links to User’s social media accounts, etc.;
- information provided by User to Administrator itself or through third party service providers during the use of the specific Services, including information provided through feedback forms or required for the creation and execution of orders, agreements and invoices for paid Services, such as name, last name, address, phone number, occupation, company affiliation, billing details, additional email addresses, support requests, services feedback, etc.;
- data collected by Administrator itself or through third party service providers in automatic mode according to User’s software settings, including but not limited to: operating system, Internet Protocol (IP) address, cookie information, browser (or other software used to access the Services) identification information, technical parameters of User’s software and hardware, date and time of accessing the Services, accessed pages, information uploaded and/or downloaded during the use of the Services, User actions (clicks on certain links, accessed features, etc.), device location data (including data collected in the background).
2.2. Administrator does not verify Personal information provided to him and assumes User acts in good faith, with due deliberation and applies reasonable efforts to keep his/her Personal information up-to-date.
2.3. Administrator does not control processing of Personal information of persons who are not Services Users. In case User uploads to the Services personal data of third parties and/or uses the Services to collect, process and publish such data, he/she bears full responsibility for obtaining consent of personal data subjects to perform such actions, for personal data safety and confidentiality, and for complying with other legal requirements, imposed by Estonia laws and other applicable laws.
2.4. Administrator receives only partial information about Users’ billing details from third party payment providers (such as name, billing address, email, phone number, IP address) and does not process any credit card/debit card data.
2.5. Administrator does not perform any automatic decision-making, including profiling, based on the collected Personal information. The monitoring of User behaviour during the use of the Services is performed only for the purpose of enhancement of performance and user experience of the Services and for the development of new Services.
2.6. User can at any time request personal data collected by Administrator concerning him or her, by using relevant technical functionality in the Services or by sending the relevant request to email@example.com. Administrator provides requested personal data not later than 30 days after the receipt of User’s request.
3. How we use Personal information we collect
3.1. Administrator processes Personal information only to the extent which is necessary in relation to the specific purposes for which Personal information is collected.
3.2. User accepts and agrees that Administrator processes Personal information for the following purposes:
- entering into agreements with Users regarding the use of Services;
- identifying a User in order to perform obligations under the existing User agreements;
- performing obligations under the existing User agreements, including provision of User’s access to the Services;
- contacting User by sending him notices, requests and information related to the use of the Services and/or execution of contracts, including notices about changes in Administrator’s Terms of Service, User agreements and/or Policies, changes in terms and forms of payment, changes in technical functionality of the Services, release of the new Services;
- processing of User’s requests, notices and feedback, including User’s requests for free consultations;
- providing technical support related to the use of the Services;
- enhancing performance and user experience of the Services, developing new Services;
- marketing and other research based on depersonalised data.
3.3. By signing up for the Services User gives his consent to receive from time to time advertising messages from Administrator in regard to the Services, and for his/her personal data to be processed by Administrator for the purpose of advertising the Services.
3.4. User can at any time waive his consent to receive advertising messages by using relevant technical functionality (“Unsubscribe” link in the email) or by sending the relevant request to firstname.lastname@example.org.
4. How we store and protect your Personal information
4.1. Administrator takes all necessary and sufficient legal, organisational and technical measures to protect Personal information from illegal or accidental access, removal, editing, blocking, copying, publishing or other unauthorised action by third parties.
4.2. Administrator stores and processes Personal information in accordance with its internal rules and regulations and applicable laws of Estonia.
4.3. User’s Personal information is confidential except when User voluntarily makes it available to the general public. User accepts and agrees that use of some of the Services technical functionality leads to making part of his/her Personal information (e.g. username) available to the general public.
4.4. Administrator arranges storage of Personal information inside the European Union. By providing to Administrator their Personal information non-EU Users accept and agree that their Personal information will be processed and protected according to Estonia laws on personal data which can differ from laws in User’s country of residence.
5. How we share Personal information we collect
5.1. User accepts and agrees that Administrator can transfer Personal information to third parties in the following cases:
- User gave his consent for such transfer;
- such transfer is necessary for functioning of the Services according to Administrator’s obligations under his agreement with User (for example, when third-party hosting or email automation services are used by Administrator);
- such transfer is necessary for collection and processing of depersonalised data for enhancing performance and user experience of the Services (for example, when Administrator uses third-party analytics services);
- following request from court or other designated authority made according to the valid legal procedure;
- in the event of a sale or a merger of all or any portion of Administrator’s business units;
- for protection of rights and interests of Administrator and third parties in case User violates NextGIS Terms of Service, present Policy and/or User Agreements for the specific Services;
- for other legitimate business purposes or legal obligations of Administrator.
5.2. Administrator does not sell User Personal information to advertisers, data brokers or other third parties.
6.2. User is aware that the hardware and the software used for his/her web browsing may ban operations with cookie files for all or selected websites and remove previously received cookie files.
6.3. Administrator may provide access to the specific Services on a condition that User accepts operations with cookie files.
6.4. The Structure, content and technical parameters of cookie files are set by Administrator and can be changed without User’s prior notification.
6.5. The trackers placed by Administrator at the Services’ pages can be used to analyse User’s cookie files, to collect and process statistical data on how the Services are used, to maintain the Services or their separate functions. The trackers’ technical parameters are set by Administrator and can be changed without User’s prior notification.
7. How you can edit or remove your Personal information
7.1. User can at any time edit any Personal information provided during signup or authorisation.
7.2. Personal information can be removed:
- by User when editing Personal information in his/her account;
- by Administrator when User requests to remove his/her account completely;
- by Administrator when Administrator removes User’s account according to NextGIS Terms of Service or User Agreements for the specific Services;
- by Administrator when User withdraws his/her consent for processing of his/her personal data and this data is no longer required for the purposes outlined in this Policy.
7.3. Administrator is obliged to remove Personal information from his servers not later than:
- 6 (six) months after its edit/removal by User or User’s account removal, except for the cases when different term is required according to Estonian laws;
- 30 (thirty) days after User withdraws his/her consent for processing of his/her personal data and this data is no longer required for the purposes outlined in this Policy.
7.4. To enhance performance and user experience of the Services Administrator can store logs with depersonalised data on User’s actions for 3 (three) years.
8. Amendments to the Policy
8.1. Administrator may modify/update this Policy from time to time without giving any prior notice. The most current version of the Policy is available at https://nextgis.com/privacy. Administrator recommends Users to check this page for updates. By continuing to access or use the Services after Policy was modified/updated, User agrees to be bound by the updated Policy.
9.1. All questions, notices and claims regarding the present Policy and processing of User Personal information by Administrator should be sent to email@example.com or to the following postal address: