Background

The EU's General Data Protection Regulations (GDPR) requires companies that handle personal information to restrict the way this information is handled.

Umigotech AB is the owner of the Umigo platform that handles personal information, company information and access rights to modules for various applications built on top of the Umigo platform.

The Umigo platform is built with security in mind and the purpose of this Integrity Policy is to inform you of how we process and protect your personal information.

Data

Personal Information

The Umigo platform stores a small set of personal information about you as a user to identify you when you log in and make you distinguishable from other users.

An email address and a salted bcrypt hashed password is stored and used to identify users when logging in to the Umigo platform.

The email address is also currently needed for you to be able to reset your password. This email address is never shared outside of the module that sends emails unless you choose to show your email adress in your profile.

You can also add your own name and an image with your likeness to your profile but you are currently allowed to use a nickname and avatar that does not represent you as an individual.

Your profile can also include information about your company. This information is not required and should only be used for business use.

Adding an organisation number to your profile will link your profile to that company if the company has been registered with the Umigo platform.

Storage of Personal Information

This instance of the Umigo platform is storing all personal information in a database cluster hosted on an cloud server located in Sweden hosted by Oderland Webbhotell AB.

Access to the database is restricted to the Umigo platform and only technicians at Umigotech AB and Oderland Webbhotell AB has access to the cloud server.

Privacy Policy

Users of the Umigo platform agrees to have their personal information accessable to other users on the Umigo platform.

Users email addresses however are never shown to other users, unless you choose to show your email adress in your profile, and is only used to send messages directly to the owner of the account.

Services that send email messages are used to reset passwords, confirm account destruction, remind users of calendar events that they themselves have created and send information about new messages sent within the Umigo platform.

Data Management

Access

Our Data Protection Officer is Tor Viktorsson the CTO of Umigotech AB (559177-1448) who can be reached via support@umigotech.se if you have any questions about our Integrity Policy or how we handle your personal information.

Your personal information is presented within the Umigo platform to show who created certain data. If you add data to the Umigo platform the personal information that you have added to the Umigo platform will be linked to the data you added.

Security

Traffic from and to the Umigo platform is secured with HTTPS which means that information sent over the Internet is always encrypted.

All information linked to your personal information uses a unique 12 byte ObjectId that can not be traced back to your personal information if you delete your Umigo platform account.

Service Hosts

The Umigo platform is hosted on a cloud server hosted by Oderland Webbhotell AB and access to the cloud server configuration is restricted to technicians at Umigotech AB and Oderland Webbhotell AB for configuration and maintenance only.

Breaches

Information about security breaches is published on the front pages of every Umigo powered application on this server instance.

Information about security breaches is sent to all Umigo platform users on this server instance.

Rights

Personal Information

As a user of an Umigo platform you have access to your personal information via an Umigo platform profile.

Other users can send you invitations to the Umigo platform but only your email address and a unique invitation key is stored until you accept the invitation.

You are the only one who can update your own personal information.

At any time you can request for your personal information to be deleted. When doing so a confirmation email is sent to your registered email address with instructions on how to permanently destroy your personal information.

If you destroy your personal information your old account will be empty and only contain an encrypted reference to your email address and your password. This means that you can recover your account if you remember your email address and your password but there is no way to reset your password since your email address no longer will be stored wihin the Umigo platform so there is no way for us to send you a recovery instruction to validate you as the owner of the email address.

Information Linked to Your Profile

You can join open groups and get invitations to closed groups and you can exit any of these groups at any time. Being part of a group can give you access to information and data only published to the given group.

All information and data that you add to the Umigo platform will be stored until you yourself delete it from within the Umigo platform. Information that is part of a transaction between two Umigo platform users is stored until both users has chosen to delete the information.

Users can download a copy of their personal information in JSON format from their profile. This copy will only include personal profile information and not other information and data that you may have added to the Umigo platform.

How Information is Gathered

All information accessable via the Umigo platform has been added by a user of the Umigo platform. A reference to the user that added the information is stored so that the system knows which user has the rights to update or delete the data. Some data types can also be shared within the Umigo platform effectivly giving other users access to update or delete the data.

Local Storage

Cookies

When you log in to an Umigo platform a token is stored in a cookie within your web browser. This token includes information (a unique 12 byte ObjectId) that grants you access to the Umigo platform for 7 days. No personal information is stored within the cookie. No session data is stored server side.

The Umigo platform client is loaded in your browser. Any information that you access on the Umigo platform is cached in your browser while your browser is open.

Contact

Contact support@umigotech.se if you have questions about our Integrity Policy or how we handle your personal information.

Contact support@umigotech.se if you have questions about the Umigo platform.


© Umigotech AB