This website doesn't track you.
We only use a privacy preserving tool for anonymous, aggregated website stats. We only use functional/essential cookies.

The DataOpera logo. Stylized D and O intertwined with the left side of the D drawn as a gaussian.

Privacy Policy

Last updated: June 26, 2022

The privacy of your data — and it is your data, not ours! — is of paramount concern to us. In this policy, we clarify what data we collect and why, how your data is handled, and your rights regarding your data.

We will never sell your data.

This policy applies to any products built for and maintained by DataOpera SRLS, it does not cover products or services that we build or provide for clients.

What we collect and why

We only collect what we need, and we make sure that's a minimum.

Identity & access

When you sign up for a DatOpera product or start a conversation with us about our services, we typically ask for identifying information such as your name, email address, and maybe a company name.

This allows us to interact with you as you expect, will allow you to personalize a new account, and makes it possible for us to send you invoices, updates, or other essential information.

We may give you the option to add a profile picture to an account, but we do not normally look at or access that picture. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission either.

Billing information

We store billing information (name, address, email) for as long as required to fulfill our agreement with you. When you pay an invoice with us, you will be directly interactng with our payment provider, Revolut. We do not store your payment details.

Geolocation data

If you have an account with us and sign in, we may log access to accounts by full IP address so that we can always verify no unauthorized access has happened. We keep this login data for as long as your account is active.

Website interactions

We use Plausible Analytics to track overall trends in the usage of our website. Plausible Analytics collects only aggregated information, which does not allow us to identify any visitor to our website. For more information, please visit the Plausible Analytics Data Policy.

Cookies and Do Not Track

A cookie is a piece of text stored by your browser. It may help remember login information and site preferences. It might also collect information such as your browser type, operating system, web pages visited, duration of visit, content viewed, and other click-stream data. You can adjust cookie retention settings in your own browser. To learn more about cookies, including how to view which cookies have been set and how to manage and delete them, please visit: www.allaboutcookies.org.

At this time, we only use essential/functional cookies to provide our services and allow our website to function properly. We do not use cookies to track you, or for analytics. (See the previous section, "Website interactions")

Our system status page is managed by BetterUptime and we have requested that any tracking cookies be disabled.

Do Not Track beacons sent by browser plugins are not universally supported, and we do not respond to them.

Voluntary correspondence

When you write to DataOpera, we may keep correspondence for as long as required to fulfill an agreement we may have with you. We may also keep this correspondence based on our legitemate business interest, including the mailing/email address.

We may also store any information you volunteer, like surveys. Sometimes when we do customer interviews, we may ask for your permission to record the conversation for future reference or use. We only do so if you give your express consent.

Information we do not collect

We don’t collect any characteristics of protected classifications including age, race, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities. You may provide these data voluntarily, such as if you include a pronoun preference in your email signature when corresponding with us.

We also do not collect any biometric data. You may be given the option to add a picture to your user profile, which could be a real picture of you or a picture of something else that represents you best. We do not extract any information from profile pictures: they are for your use alone.

When we access or share your information

Our default practice is to not access your information. The only times we’ll ever access or share your info are: We only collect, use, or share your personal data when we have a valid reason to do so.

This section includes the specific legal basis for our use, processing, and disclosure of personal data. The language below is that of the European Union’s General Data Protection Regulation (GDPR), Article 6, Section1.

“Processing personal data” means collecting, using, or sharing personal data.

  • We process personal data to comply with legal and regulatory requirements. We may be required to disclose data to public authorities, including in countries other than your own. This means that we may share your personal data with public authorities in a country other than your own, if we are required to do so.

  • We process personal data based on your consent. We will always obtain your consent before collecting, using or sharing your data in a way that is not covered by this Privacy Policy.

  • We process personal data to ensure the performance of a contract that we have with you. We collect, use and share your personal data to fulfill the obligations of our business relationship with you.

  • We use personal data based on our legitimate business interests. We only collect, use, or share personal data for our business operations when it is strictly necessary. These include the following:

    • For recruitment. For example, if you are applying for a job with us.
    • To protect the security and integrity of our systems, of our organization, and of the data in our care.

We may anonymize and aggregate personal data

We may analyze and process personal data in such a way that (1) the anonymization process cannot be reversed and (2) that it is impossible or extremely impractical to identify you from the anonymized data. We often work with datasets from third parties, including open data that contain exclusively anonymized data.

Mergers and Acquisitions

If DataOpera SRLS is acquired by or merged with another company — we don’t plan on that, but if it happens — we’ll notify you well before any information about you is transferred and becomes subject to a different privacy policy.

Your rights with respect to your information

We apply the same data rights to all customers, regardless of their location. Currently some of the most privacy-forward regulations in place are the European Union’s General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) in the US. DataOpera recognizes all of the rights granted in these regulations, except as limited by applicable law. These rights include:

  • Right to Know. You have the right to know what personal information is collected, used, shared or sold.
  • Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
  • Right to Correction. You have the right to request correction of your personal information.
  • Right to Erasure / “To be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers.
  • Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority. To identify your specific authority or find out more about this right, EU individuals should go to https://edpb.europa.eu/about-edpb/board/members_en.
  • Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we never have and never will sell your personal data.)
  • Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.
  • Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
  • Right to not be subject to Automated Decision-Making. You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
  • Right to Non-Discrimination. This right stems from the CCPA. We will never treat you differently because you have exercised your data privacy rights.

If you have questions about exercising these rights or need assistance, please contact us at privacy@dataopera.com or at DataOpera SRLS, Via Properzio, 5, 00193, Roma, Italia.

For requests to delete personal information or know what personal information has been collected, we will first verify your identity using a combination of at least two pieces of information already collected including your user email address. If an authorized agent is corresponding on your behalf, we will first need written consent with a signature from the account holder before proceeding.

If you are in the EU, you can identify your specific authority to file a complaint or find out more about GDPR, at https://edpb.europa.eu/about-edpb/board/members_en.

How we secure your data

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. Database backups are also encrypted.

DataOpera protects your data by applying several technical, physical and operational security measures. If you believe that any data in our care has been compromised, please contact us immediately.

If we become aware of unauthorized access to data, we will inform the relevant authorities, and you will be promptly informed.

Retention

We only retain your data for as long as required by applicable law, to fulfill our obligations to you, and to maintain our relationship.

If you chose to have your data deleted, we will proceed to do so within 60-90 days. Note that this does not apply to anonimized data no longer linked to you.

Location of data, data transfers

DataOpera SRLS is a company based in Italy, in the European Union. Any of our business data that contains personal information is stored in the EU, on servers in France, Germany, Italy or Ireland.

This does not apply to personal data involved in client projects, which may be governed by a separate agreement and are not covered by this policy.

The GDPR requires that any data transferred out of the EU must be treated with the same level of protection that the EU privacy laws grant. The privacy laws of the several states (including the US) generally do not meet that requirement.

If we do transfer personal data, we will always take steps to ensure that these international data transfers comply with applicable laws, and we will always take steps to ensure that your rights are protected, and that your information is handled appropriately.

In particular, we apply legal mechanisms to protect your personal data. This can include:

Changes & questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. Whenever we make a significant change to our policies, we will also announce it on our websice, DataOpera.com

Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at privacy@dataopera.com and we’ll be happy to answer them!

Adapted from the Basecamp open-source policies / CC BY 4.0