Where did we get your data from?

• Browser

  Your internet browser (such as Mozilla Firefox, Google Chrome, or Microsoft Internet Explorer) automatically transmits some information to us every time you access content on one of our internet domains. Examples of such information include the URL of the particular Web page you visited, the IP (Internet Protocol) address of the computer you are using, or the browser version that you are using to access the website.

• Our customer

  Out customers can upload their databases to our system, which will create a profile of you as a customer’s client. The customer should inform you about that in their privacy notice.

• Directly from you

  We may obtain personal data directly from you, e.g. when you contact us, when our cookies are enabled on the customers’ websites.

Cross-border transfer?

Information about these companies and their data protection practices:

Internal operations

• Maestra

  Maestra has sales, marketing, R&D, support, accounting team in Kazakhstan and Armenia.

  They work in accordance with this Privacy Policy. The relevant agreements are used to ensure that your personal data are properly protected.

• Xero limited

  Xero is an accounting software. The recipient is located in New Zealand, which is considered by European Data Protection Board to provide adequate level of data protection. Relevant Privacy Policy.

• Digital Ocean LLC

  Diginal Ocean is a hosting for our website maestra.io. The recipient is located in the USA. Relevant Privacy Policy of Digital Ocean LLC. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• Google LLC

  The services for internal data storage and communications are provided by Google LLC. Address: Google LLC, Google Data Protection Office, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. Relevant privacy policy of Google. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to Google to ensure that they are properly protected. For more information: click on this link.

• DocuSign Inc.

  We use DocuSign in order to sign the agreements with customers electronically. Address: 221 Main St., Suite 1000 San Francisco, USA. Relevant privacy policy of DocuSign. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• Atlassian Pty Ltd

  To manage the tasks within our team, we use such tools as Trello and Slack. Some of your personal information (such as support request) may be processed within these tools.

  Relevant privacy policy. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• 37signals LLC

  We use Basecamp provided by 37signals LLC located in the USA to manage our projects. Relevant privacy policy. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• Zoom Video Communications, Inc.

  The video conference calls services are provided by Zoom Video Communications, Inc. Address: 55 Almaden Boulevard, 6 th Floor, San Jose, California 95113, USA. Relevant privacy policy of Zoom. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• LinkedIn Corporation

  The marketing services are provided by Linkedin Corporation. Address: 1000 West Maude Avenue Sunnyvale, CA 94085, USA. Relevant privacy policy of Linkedin. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data.

  Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• Meta Platforms, Inc.

  The marketing services are provided by Meta Platforms, Inc. Relevant privacy policy. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data.

• Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• HubSpot Inc.

  The services for storing customer databases for sales and marketing purposes, communications are provided by HubSpot Inc., the U.S. Relevant privacy policy. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data.

  Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• Infobip

  Infobip, United Kingdom. Infobip provides global mobile messaging and infrastructure services for enterprice business communication. Relevant privacy policy.

  Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

Maestra software

• Maestra

  Maestra has sales, marketing, R&D, support, accounting team in Kazakhstan and Armenia. They work in accordance with this Privacy Policy. The relevant agreements are used to ensure that your personal data are properly protected.

Maestra

• Apple

  If you are Maestra Customer and your clients use iPhone, when Maestra send mobile push notification to them, Apple Push Notification service (APNs) receives your clients’ data. Relevant privacy policy. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• Push Kit

  If you are Maestra customer and your clients use Huawei phone, when Maestra send mobile push notification to them, Push Kit, operated by Huawei receives your clients’ data. Relevant privacy policy. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• Firebase Cloud Messaging

  If you are Maestra customer and your clients use Andriod phone, when Maestra send mobile push notification to them, Firebase Cloud Messaging, operated by Google LLC receives your clients’ data. Relevant privacy policy. Unfortunately, the country of data recipient doesn’t ensure an adequate level of protection of your personal data. Standard Contractual Clauses are used to transfer your data to ensure that they are properly protected.

• Mobile operators

  When we send SMS newsletters, some personal information may be collected by mobile operators. The customer chooses which mobile operator will be operating the processing.

• SMS newsletter providers

  When we send SMS newsletters, the customer may refer to the services of SMS newsletter providers and choose the appropriate one.

Where Maestra store Customer’s data

We store your data within the EU in order ensure that they are properly protected.

• Microsoft Azure

  Microsoft provides could services called «Microsoft Azure» where we store Customer’s data. We rent servers in the Eurozone, that is, your data is stored on the servers located in the EU.

  Address: Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Relevant privacy policy of Microsoft Corporation.

• Amazon Web Services

  Amazon provides could services called «Amazon Web Services» where we store customer’s data. We rent servers in the Eurozone, that is, your data is stored on the servers located in the EU.

  Address: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg. Relevant privacy policy of Amazon Web Services.

• Leaseweb Deutschland GmbH

  Leaseweb is a data center where we rent servers for storing customer’s data. We rent servers in the Eurozone, that is, your data is stored on the servers located in the EU.

  Address: Leaseweb Deutschland GmbH Hanauer Landstraße 121 60314 Frankfurt am Main. Relevant privacy policy of Leaseweb.

Automated decisions

Our customer can activate the module based on machine learning. We use machine learning to determine product recommendations and best time to send the materials.

Your rights

request information about the processing of your personal data obtain access to the personal data held about you

Under Article 15 of the GDPR, individuals have a right of access that gives them the right to obtain a copy of their personal data, as well as other supplementary information. It helps individuals to understand how and why companies are using their data, and check the lawfulness of the processing.

ask for incorrect, inaccurate or incomplete personal data to be corrected

Under Article 16 of the GDPR, individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed — although this will depend on the purposes for the processing.

request that personal data be erased when they are no longer needed or if processing is unlawful

Under Article 17< of the GDPR, individuals have the right to have personal data erased. This is also known as the ’right to be forgotten’. The right is not absolute and only applies in certain circumstances.

request the restriction of the processing of your personal data in specific cases

Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.

receive your personal data in a machine-readable format and send them to another controller (’data portability’)

Under Article 20 of theGDPR, individuals have the right to data portability that gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits those data directly to another controller.

object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation

Article 21 of theGDPR gives individuals the right to object to the processing of their personal data at any time. This effectively allows individuals to stop or prevent you from processing their personal data.

request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to challenge the decision

withdraw your consent at any time

The GDPR gives a specific right to withdraw consent. You need to tell people about their right to withdraw, and offer them easy ways to withdraw consent at any time.

lodge a complaint with a supervisory authority

In accordance with Article 77 of theGDPR, you, as a data subject, have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place.If you have any questions about the protection of your personal data, you can contact us by using our email: dpo@maestra.io