Control Ice Privacy Policy
Your privacy and secure handling of your information is important for us. This privacy statement describes how we Control Ice – legally represented by Ice Cream Controling LLC – collect and use your ‘Personally identifiable information’ (PII) in our system/website. PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read the following statement and in case you have unanswered questions reach out to us at office@controlice.com.
What personal information do we collect?
- When registering on our site, you are asked to enter your name, email address, mailing address and other company information.
- When adding users to your store you are asked to enter the new user’s name, email address and other information regarding their position in the company, like privileges. The person filling out the new user’s details gives consent to this privacy policy on behalf of the new user until the new user’s first log in.
- When users log in and execute various tasks, like opening the shop, measuring pans, cooking ice cream or other products, etc. we’re registering these actions associated with timestamps to provide accountability and an accurate history to the account owner and other users with adequate privileges.
- In some countries, like Romania, it is required by law that the transportation documents contain the transporter’s PII: name, national ID number, the date and the license plate of the vehicle used for transportation. To help our customers under such laws we have implemented a plugin – that is off by default – which will request the above PII before generating the transportation documents. We’re storing the PII only on as part of the transportation documents.
- We do not collect credit card information, we use EuroPayment Services (euplatesc.ro)s service to process online transactions.
Other information we collect
- We’re collecting various telemetry items through Microsoft’s Application Insights telemetry scripts, like “timings of page loads and AJAX calls, counts and details of browser exceptions and AJAX failures, as well as users and session counts. All these can be segmented by page, client OS and browser version, geo location, and other dimensions”. Note that this information is not PII. To understand better how does application insights collect and store data please visit https://docs.microsoft.com/en-us/azure/application-insights/app-insights-data-retention-privacy.
How do we use your information?
- Your PII is used as part of the business logic, that implements temporal accountability of users – e.g. who measured the pans at the end of the day and closed the shop. This information is only available within the same Control Ice subscription (store) and accessible only to users with adequate permissions. See the help in “Users” tab to understand the permissions or watch https://www.youtube.com/watch?v=yiLz6ZFrPNE&feature=youtu.be.
- The information collected through Application Insights is used to better understand the needs of our users and to improve the overall user experience. This telemetry is crucial for our day to day operations, so we can detect service degradation at the time or before our users experience it.
- We use your company’s information and part of your PII (name) for billing purposes.
- We may use your PII to contact you regarding changes in the service conditions.
- We may use your PII to announce new feature availability and service disruptions.
- We may contact you about trainings to improve your effectiveness.
- We may use your PII to follow up after correspondence (email or phone inquiries).
- We do no use Google AdSense.
How do we share your information?
- If your PII is part of the transportation documents (Invoice: Transportation data plugin is turned on) then it will be available for the parties involved in the transport. If the plugin is turned on we assume you operate in such a country, and the transportation documents will be kept in our system, available to both parties until both are deleted.
- When you connect your store with other clients’ stores we’re not exposing any PII between the two accounts, only publicly available company information.
- We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
- We will share your PII with authorities to abide the law, when presented with a court order. In such an event, unless the court order specifies, we will notify you in the shortest possible time.
How do we protect your information?
- We host our service on Microsoft Azure. Our website is subject to regular malware scans.
- Your PII is stored in Azure SQL Database and it is encrypted at all times and encryption keys are managed by Azure, changed periodically.
- We are auditing access to PII data – we know who, when and from where did access PII.
- All public access to the system happens through SSL.
How to delete your PII?
- Subscription owners or whichever user that holds admin permissions may request the deletion of their account (store) on the settings page. Upon such a request we will delete all information related to your store, including, but not limited to shops, historical income and consumption data, recipes, users, etc.. Given that transportation documents belong to both parties we delete such documents only when both accounts involved the transport are deleted from our system.
- Individual users – usually employees of the subscription owner – may request their personal information to be deleted. To maintain correct system behavior in such scenarios we will obfuscate the PII of the user.
Do we use ‘cookies’?
- We do not use cookies for tracking purposes.
- You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. If you disable cookies, some features will be disabled that make your site experience more efficient and some of our services will not function properly.
Third-party links
- We do not include or offer third-party products or services on our website.
According to CalOPPA we agree to the following:
- Users can visit our site anonymously.
- Once this privacy policy is created, we will add a link to it in the settings page. Our Privacy Policy link includes the word ‘Privacy’ and can be easily be found on the page specified above.
- Users will be notified of any privacy policy changes via Email
- Users are able to change their personal information by logging in to their account and visiting the user page.
Does our site allow third-party behavioral tracking?
- It’s also important to note that we do not allow third-party behavioral tracking.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13, moreover we require our users to be at least 18 years of age.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
To be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via email within 1 business day, after noticing data breach or having a reasonable doubt of such an event.
We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
To be in accordance with CANSPAM we agree to the following:
- NOT use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Honor opt-out/unsubscribe requests quickly.
If at any time you would like to unsubscribe from receiving future emails, you can email us at office@controlice.com and we will promptly remove you from ALL correspondence.
Contacting Us
If there are any questions regarding this privacy policy you may contact us using the information below.
controlice.com
Kossuth Lajos nr. 1
Odorheiu Secuiesc, Harghita 535600
Romania
office@controlice.com
Last Edited on 2018-05-25