Image Filters Privacy Policy

1. General Information

1.1. About the Privacy Policy. This Image Filters Privacy Policy (the “Privacy Policy”) governs the processing of personal data collected from natural persons (“you” and “your”) through the add-on Image Filters, the website https://imagefilters.io, and the related software and services (collectively, “Image Filters”). The Privacy Policy does not cover any third-party websites, applications, software, products or services that integrate with Image Filters or are linked to from Image Filters.

1.2. About Image Filters. Image Filters is designed to assist you in creating designs (by means of, for example, filters) for your presentations, documents and spreadsheets (the “Content”).

1.3. Owner of Image Filters. Image Filters is owned and operated by Tazo AS having a registered office at Sandakerveien 14 A, 0473 Oslo, Norway, with company registration number 925 633 062 (“we”, “us”, or “our”).

1.4. Our role as a data controller and data processor. We act in the capacity of a data controller and a data processor with regard to the personal data processed through Image Filters in terms of the applicable data protection laws, including the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which personal data is handled by us, as explained in detail below:

• Data controller. We are responsible for the collection and use of your personal data through Image Filters and we make decisions about the types of personal data that should be collected from you and purposes for which such personal data should be used. Therefore, we act as a data controller with regard to the personal data collected directly through Image Filters (e.g., when you conclude a service contract or communicate with us). We comply with data controller’s obligations set forth in the applicable laws.
• Data processor. We act in the capacity of a data processor in situations when we receive the Content for processing through Image Filters and that Content contains personal data. We do not own, control, or make decisions about the Content. We process the Content only in accordance with the instructions issued by a respective data controller. To ensure that the Content is processed in accordance with the strictest data protection standards, we have drafted and offer a data processing agreement that is available for consultation at https://imagefilters.io/terms/dpa.pdf (the “DPA”). To conclude the DPA, please download it, add the required information, sign it, and return a copy of the signed DPA to privacy@tazo.tech.

1.5. Your consent. Before you submit any personal data through Image Filters, you are encouraged to read this Privacy Policy that is always available on Image Filters to understand on what legal bases (other than your consent) we rely when handling your personal data. In some cases, if required by the applicable law, we may seek to obtain your informed consent for the processing of your personal data. For example, you consent may be necessary if: (i) we intend to collect other types of personal data that are not mentioned in this Privacy Policy; (ii) we would like to use your personal data for other purposes that are not specified in this Privacy Policy; or (iii) we would like to transfer your personal data to third parties that are not listed in this Privacy Policy.

1.6. Minors. Image Filters is not intended for use by children (i.e., persons who are minors in their country of residence). Therefore, we do not knowingly collect minors’ personal data. If you, as a parent or a legal guardian of a child, become aware that the child has submitted his/ger personal data to us, please contact us immediately. We will delete your child’s personal data from our systems without undue delay.

1.7. Term and termination. This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.

1.8. Amendments. The Privacy Policy may be changed from time to time to address the changes in laws, regulations, and industry standards. We encourage you to review our Privacy Policy to stay informed. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent.

2. What Personal Data do we collect and for what purpose do we use it?

When you use certain functionalities of Image Filters, we ask you to provide us with your personal data. In this section, we explain what types of personal data we collect from you, for what purposes we use that data, and on what legal bases we rely when processing your personal data.

2.1. We respect data minimisation principles. Thus, we collect only a minimal amount of personal data through Image Filters that is necessary to ensure the proper provision of Image Filters. We use your personal data for limited, specified and legitimate purposes explicitly mentioned in this Privacy Policy. We do not use your personal data for any purposes that are different from the purposes for which it was provided.

• Using the Image Filters Add-On and Registration of User Account. When you register your user account through Tazo, we collect your email address and password. When you use the Image Filters Add-On which you have installed from the Google Workspace Marketplace, your email is collected even if you have not registered for a Tazo account previously. We use this data to register and maintain your user account, enable your access to Image Filters, provide you with the requested services, contact you, if necessary, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (i.e., analyse, grow, and administer Image Filters).
• Payments. When you make a payment, we ask you to provide us with your name, credit card number, expiry date, security code, billing address, and email address. If you make a payment on behalf of a business entity, we ask to specify company’s names, address, and VAT number. Please note that we do not process payments - it is done by our third-party payment processors Stripe and PayPal. We use your payment data to process your payments and maintain our business records. The legal bases on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (i.e., administer our business).
• Contact form and email enquiries. When you contact us by email or using our contact form, we collect your name, email address, and any information that you decide to include in your message. We use such data to respond to your enquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).
• Live chat. When you contact us via the live chat, we collect any information that you decide to include in your message. We use such data to respond to your enquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data).
• IP address. When you visit and browse Image Filters, we or our third-party analytics service providers (as explained in section 3 below) collect your IP address. We use your IP address to analyse the technical aspects of your use of Image Filters, prevent fraud and abuse of Image Filters, and ensure the security of Image Filters. The legal basis that we rely on when processing your IP address is ‘pursuing our legitimate business interests’ (i.e., to analyse and protect Image Filters).
• Cookies. When you browse Image Filters, we collect your cookie-related data. For more information about the purposes for which we use cookies, please refer to our cookie policy available at https://imagefilters.io/terms/cookies/. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to analyse and promote our business) and ‘your consent’.

2.2. Sensitive data. We do not collect or have access to any special categories of personal data (“sensitive data”) from you, unless you decide, at your own discretion, to provide such data to us. Sensitive data is information that relates to your health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, sex life, or sexual orientation.

2.3. Refusal to provide personal data. If you refuse to provide us with your personal data when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of Image Filters, or get our response. Please contact us immediately if you think that any personal data that we collect is excessive or not necessary for the intended purpose.

2.4. Sources of personal data. We obtain your personal data from the following categories of sources:

• Directly from you. For example, if you submit certain personal data directly to us when registering your user account, completing the necessary forms, or contacting us.
• Directly or indirectly through your activity on Image Filters. When you use Image Filters, we automatically collect technical information about your use of Image Filters.
• From third parties. We may receive information about your from third parties to whom you have previously provided your personal data, if those third parties have a lawful basis for disclosing your personal data to us.

3. What Technical (Non-Personal) Data do we collect?

When you use Image Filters, we receive some technical data about your device for analytics purposes. In this section, we inform you what non-personal data we collect from you and for what purposes we use that data.

3.1. Log files and analytics data. In order to analyse your use of Image Filters, we and our analytics service providers Google Analytics and Hotjar automatically collect certain technical non-personal data about your use of Image Filters. Such data does not allow us us to identify you as an individual person in any manner. The non-personal data includes the following information:

• Your activity on Image Filters (e.g., what filters you use, how much time you spend on Image Filters, how long it takes for Image Filters to load and process your requests, and what errors occur);
• Your device type;
• The operating system of your device;
• Your browser type;
• URL addresses that you visit; and
• Your other online behaviour.

3.2. Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and any subsequent responses. Where reasonably possible, we remove all personal data that is not necessary for keeping such records.

3.3. Purposes of technical (non-personal) data. We use your technical (non-personal) data for the following purposes:

• To analyse what kind of users visit Image Filters;
• To examine the relevance, popularity, and engagement rate of Image Filters;
• To investigate and help prevent bugs, security issues and abuse;
• To develop and provide additional features to Image Filters; and
• To personalise Image Filters for your specific technical needs (e.g., to adjust the design and resolution for your device).

3.4. Aggregated and de-identified data. If we combine your non-personal data with certain elements of your personal data and such a combination allows us to identify you as a natural person, we will handle such aggregated data as personal data. If your personal data is de-identified in a way that it can no longer be associated with a natural person, it will not be considered personal data and we may use it for any business purpose.

4. How do we communicate with you?

From time to time, you may receive messages from us. In this section, we explain when you may receive commercial and service-related notices from us and what you can do to decline our promotional messages.

4.1. Newsletters. If we have your email address, we may send you a newsletter to keep you updated about the latest developments related to Image Filters and our special offers. You will receive our newsletters in the following instances:

• If we receive your express (“opt-in”) consent to receive marketing messages;
• If you voluntarily subscribe for our newsletter; or
• If we decide to send you information closely related to services already used by you.

4.2 Opting-out. You can opt-out from receiving our commercial communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters, adjusting the settings of your user account, or by contacting us directly.

4.3 Service-related notices. If necessary, we will send you important informational messages, such as confirmation receipts, payment information, technical or administrative emails, and other administrative updates. Please note that such messages are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that may require your prior consent. You cannot opt-out from service-related notices.

4.4 Tracking pixels. The newsletters sent by us may contain tracking pixels that allow us to conduct analysis of our marketing campaigns. Tracking pixels allow us to see whether you opened the newsletter and what links you have clicked on. We use such information to conduct analytics and pursue our legitimate business interests.

5. How long do we keep your personal data?

We keep your personal data for the shortest possible period and only if it is necessary. In this section, we specify the retention periods for your personal and non-personal data.

5.1. Retention of personal data. Your personal dat is stored in our systems only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to delete your personal data, whichever comes first. After your personal data is no longer necessary for its primary purposes and we do not have another legal basis for storing it, we securely delete your personal data from our systems.

5.2. Retention of technical (non-personal) data. We retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. For example, we can store it for the period of time needed for us to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

5.3. Retention as required by law. In certain cases, we are required by law to store your personal data for certain period of time (e.g., for business records or accountancy purposes). Thus, we keep your personal data for the time period stipulated by the applicable law and securely delete it as soon as the required storage period expires.

6. How do we share and disclose your data?

We share some of your personal data with our external service providers. In this section, you can find information about third parties that have access to your personal data and the instances when we make data transfers.

6.1. Disclosure to data processors. From time to time, your personal data is disclosed to our service providers with whom we cooperate (our data processors). For example, we share your personal and non-personal data with entities that provide certain technical support services to us, such as hosting and email distribution services. We do not sell your personal data to third parties. The disclosure is limited to the situations when your personal data is required for the following purposes:

• Ensuring the proper operation of Image Filters;
• Ensuring the delivery of the services ordered by you;
• Providing you with the requested information;
• Pursuing our legitimate business interests;
• Enforcing our rights, preventing fraud, and security purposes;
• Carrying out our contractual obligations; or
• If you provide your prior consent to such a disclosure.

6.2 List of our data processors. We use a limited number of data processors. We choose them only if they agree to ensure an adequate level of protection of your personal data that is consistent with this Privacy Policy and the applicable data protection laws. The data processors that have access to your personal data are:

• Our hosting, cloud storage, database, and analytics service provider Google (https://www.google.com) located in the United States;
• Our payment service providers PayPal (https://www.paypal.com) and Stripe (https://stripe.com) located in the United Sates;
• Our hosting service provider Netlify (https://www.netlify.com) located in the United States;
• Our hosting, cloud storage, and database service provider Microsoft (https://www.microsoft.com) located in the United States;
• Our email service provider Namecheap (https://www.namecheap.com) located in the United States;
• Our live chat service provider Tidio (https://www.tidio.com) located in the United States; and
• Our independent contractors and consultants.

6.3. Disclosure of technical (non-personal) data. Your technical (non-personal) data may be disclosed to third parties for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving Image Filters, responding to lawful requests from public authorities or developing new products and services.

6.4. Legal requests. If we are contacted by a public authority, we may need to disclose information about you to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

6.5. Successors. In case Image Filters is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy. We will notify you of any changes of the data controller.

6.6. Selling personal data. We do not directly sell your personal data to third parties. However, some of your personal data, including online identifiers (e.g., cookie-generated data and IP addresses) may be used for advertising, marketing, and monetisation purposes (e.g., programmatic advertising, retargeting, third-party marketing, profiling, or cross-device tracking). To make sure that you have full transparency and control over your personal data, we provide you with a possibility to manage your personal data used for such purposes as described in our cookie policy.

6.7. International transfers. Some of our data processors listed above are located outside the country in which you reside. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data or we conclude a data processing agreement with the respective third party that ensures such protection. We will not transfer your personal data internationally if no appropriate level of protection can be granted.

7. How do we protect your personal data?

We strive to ensure that your personal data is kept safe and secure. In this section, we inform you about our measures that help us to protect your personal data.

7.1. Our security measures. We implement organisational and technical information security measures to protect your personal data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include:

• Secured networks;
• SSL protocol;
• Encryption;
• Strong passwords;
• Limited access to your personal data by our staff;
• Anonymisation of personal data (when possible); and
• Carefully selected data processors.

7.2. Security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data that was caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

8. What rights do you have with regard to your personal data?

You have certain rights to control how we process your personal data. Below, we list the rights that you can exercise with regard to your personal data and explain how you can exercise those rights.

8.1. The list of your rights. You can exercise your rights listed below, unless, in very limited cases, the applicable law provides otherwise:

• Right of access: you can get a copy of your personal data that we store in our systems and a list of purposes for which your personal data is processed;
• Right to rectification: you can rectify inaccurate personal data that we hold about you;
• Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data from our systems;
• Right to restriction: you can ask us to restrict the processing of your personal data;
• Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format and move that personal data to another processor;
• Right to object: you can ask us to stop processing your personal data;
• Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
• Right to complaint: you can submit your complaint regarding our processing of your personal data.

8.2. How to exercise your rights? If you would like to exercise any of your rights, please contact us by email at privacy@tazo.tech and explain your request in detail. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to identify you in our system. We will answer your request within a reasonable time frame but no later than 2 weeks.

8.3 Complaints. If you would like to launch a complaint about the way in which we process your personal data, we kindly ask you to contact us first and express your concerns. If we receive your complaint, we will investigate it and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

8.4 Non-discrimination. We do not discriminate you if you decide to exercise your rights. It means that we will not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with a lower quality services.

9. Contact

If you have any questions about this Privacy Policy or our data protection practices, please contact us by:

• Email: privacy@tazo.tech
• Contact form: https://imagefilters.io/contact