User Data Privacy Notice
Data is Beautiful
Last updated: January 1, 2023
Introduction
Volument is insight-led web analytics software that puts privacy first. We aim to make web analytics more accessible and data beautiful using privacy-friendly practices.
This User Data Privacy Notice is for current and prospective Volument users:
We collect and process limited information from those who join our waitlist (“prospective users”).
We collect and process minimal amounts of personal data from the people and businesses that use our web analytics software (“current users”).
Along these lines, this Notice provides important information about
Why we collect and process personal data from our users
What personal data we collect and process
What personal data our third-party service providers collect and process
How we store personal data that we collect or process
Your rights over any personal data about you and
A summary of our acceptable use policy
The information provided herein is for general purposes only. It may or may not apply to every Volument user or to your unique circumstances.
The information, terms, and conditions you receive when you sign-up for a Volument account, including in contracts or on the Volument digital platform, govern your use of our products and services. Such information will supersede any information provided herein.
Additionally, for information relevant to visiting our website (www.volument.com, “our website”), please read our Privacy Notice. Please also review our Product Data Policy to learn about how our web analytics software works and our Uncookie Policy to learn how we store and collect information using your device.
Why do we process personal data from our users?
Our most important reasons for processing personal data from our users include:
Fulfilling or managing orders
Delivering goods and services
Sharing information about our products and services
Understanding how our visitors use our products for product development
Supporting our marketing activities, including by analyzing how our website and services are used so we can improve them to engage and retain users
Diagnosing problems and offering technical support
Requesting feedback
Asserting or protecting legal rights
Fulfilling legal obligations
Protecting vital interests, including ours, yours and those of other natural person
Ensuring security
Preventing fraudulent activities
Acting on your instructions
Acting with your consent or
Pursuing our legitimate interests
(See also European Union General Data Protection Regulation Art. 6(a), (b), ( c), (d) and (f))
We process as little personal data as possible and do so only when we have a valid reason.
What data we collect
Joining our waitlist
We collect the following limited personal information (contact information) when you join our waitlist.
Examples of personal information collected
Work email: rcanoe@business.org
Name: Robin Canoe
Where are you based (“Country”): United States
Please note that our waitlist form asks some additional optional business-related questions that are open-eneded. These questions are not designed to elicit any personal data. Please do not share any unsolicited personal information on our waitlist form or anywhere else.
Signing up for our services
Signing up for our services requires signing up for a Volument account. When you sign up for a Volument account we collect and process the minimum amount of personal data necessary to provide our services. This may includes:
Email addresses
We require email addresses to create Volument accounts. We use email addresses to grant you access to our analytics platform, to communicate with users as we deliver services, and to send invoices, updates or other essential information.
Names
We require names of individual users to communicate with them as we deliver services and send invoices, updates, or other essential information. We also need names to set up the interactive features of our web analytics product.
A persistent first-party cookie is stored to remember if you’re logged in to your Volument account. If you log in, you give us permission to use cookies so you don’t have to log in on each returning session. You can adjust “cookie” settings in your own browser. Cookies that are already stored may be deleted at any time. See our Uncookie Policy for more information.
When you write to us directly
We keep all correspondence that you send us. This includes emails sent to our email addresses and any privacy forms you submit to us. We keep such and other correspondence for our records, including for reference if you reach out to us again. We use this data in connection with answering the queries or requests we receive.
Under limited circumstances, we might need to use correspondence to, amongst other things, assert or protect legal rights, fulfill legal obligations, protect vital interests, ensure security, or prevent fraud. For this reason, please ensure that the correspondence you send us is truthful, secure, and devoid of any hate speech, slurs, threats, or abusive language. Please do not include, in any correspondence, any more personal information than is absolutely necessary. Never include any unsolicited sensitive personal information in any correspondence with us.
Sharing personal data with third-parties
We never sell personal data. We share it in the following circumstances, only:
To deliver or improve our services
In other words, with our vendors, consultants, contractors, agents, and other third-party service providers, as needed to provide and improve our products and services.
Our third parties are committed and contractually bound to comply with applicable privacy and data protection regulations.
When you tell us to share your personal information or you share it with us yourself.
As required to fulfill our legal obligations, satisfy safety measures, or enforce legal rights.
If there’s a change in company ownership such as a merger, acquisition, or bankruptcy, your data may be transferred to the new controlling party.
If so, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
Data collected by Third-Party Service providers
We rely on thoughtfully selected third-party providers to help us deliver our software. From time to time, our third-party providers may need to collect and process personal data. All our third party providers are committed and contractually bound to comply with privacy and data protection regulations.
While some of them might process information using processors located outside the EU, they are all obligated to ensure that all processing activities comply with applicable laws, including the EU General Data Protection Regulation.
Here are some examples of our third-party service providers:
Tally
Volument’s waitlist is operated by Tally, a third-party processor committed to privacy friendly practices.
Tally is based in the European Union and stores all data collected for Volument’s waitlist in Belgium.
In our relationship with Tally, we are the “data controller.” This means, we determine when and why data is collected or processed. *For this reason, if you need to assert your rights with respect to personal information collected through our waitlist, please contact us directly.*
For more detailed and up-to-date information on Tally’s policies and practices, you should visit Tally's privacy policy.
Bunny
We use Bunny, a European service from Slovenia as our content delivery network.
A content delivery network distributes content from an “origin” server throughout the world by placing content close to a visitor accessing the content.
Stripe
We use Stripe to process all payments.
What are your rights over your personal data and how do you exercise them?
General data protection laws like the EU’s General Data Protection Regulation grant consumers with certain statutory rights over personal information specifically about them. Accordingly, you have the following rights:
You have a right to know whether or not we process personal data about you. If we do, then you have the right to access to and a copy of any such personal data.
You have the right to request that we erase personal data about you.
This right is subject to limitations that include consideration for our rights and the rights of others. Simply put, unless we have a good reason not to do so (which we will do our best to promptly), we will honor your requests for erasure without undue delay.
You have the right to request correction of your personal data that is incorrect or no longer relevant.
This does not guarantee a right to erasure of any old or incorrect data.
You have the right to object to processing of personal data about you, at any time and on grounds relating to your particular situation.
We will stop processing such personal data unless we can demonstrate strong grounds for such processing which override your request.
You have the right to restrict the processing of personal data about you in certain situations.
For example, when personal data about you is no longer needed but retained to satisfy other valid obligations, you can request restriction.
If processing has been restricted, we will inform you before the restrictions are lifted.
You have the right to a copy of your data in a format that makes it easier to reuse in another context or send to another service of your choosing. This includes the right to receive personal data about you in a machine-readable form.
Withdrawal of consent
Where we process your personal data based purely upon your consent, you have a right to withdraw this consent at any time.
This means, for example, that you have the right to withdraw your consent for processing your personal information for our waitlist.
To do so, you can use our privacy form or contact us at hello@volument.com. Please use the subject “Withdrawing my consent for data processing.”
You can also opt out of waitlist communications at any time by clicking on the unsubscribe link in the emails we send.
While you will be removed from our waitlist, we may still communicate with you for certain necessary purposes, including for sending you service-related messages that are necessary for the administration and use of your account, to respond to service requests or for other non-marketing purposes.
Withdrawing your consent will not affect the lawfulness of any processing that took place before such withdrawal.
Withdrawing your consent will not affect the processing of your personal data on lawful processing grounds other than consent.
Exercising your rights
You may assert rights you have over any personal data concerning you by using this form or sending us an email with the subject “Asserting my privacy rights.“
We will consider and act upon any requests in accordance with applicable data protection laws.
As a general rule, it is possible to exercise your rights to access personal data specifically about you once a calendar year, free of charge.
We may charge a reasonable administrative fee for subsequent requests. This fee will depend on the scope of the request and will be estimated in advance.
Where you make the request by electronic means, unless you tell us otherwise, we will provide you with this information in a commonly used electronic form.
For requests that are manifestly excessive or repetitive, while we may charge a reasonable fee considering the administrative costs involved in taking the action requested, we also have a right to refuse to act on such requests.
Your ability to exercise rights with respect to personal data about you is subject to your ability to identify yourself. If we can’t identify you, we will try to let you know and we will give you a reasonable opportunity to provide additional information to help us identify you.
Your right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority if you suspect that your personal data is being used improperly or unlawfully.
Contact information for our Supervisory Authority:
Supervisory Authority: Office of the Data Protection Ombudsman
Physical Location: Ratapihantie 9, 6. krs, 00520 Helsinki, Finland
Postal address: PL 800, 00521 Helsinki, Finland
General guidance for private persons: +358 (0)29 566 6777
General guidance for controllers: +358 (0)29 566 6778
Fax: + 358 (0)29 56 66735
Email: tietosuoja@om.fi(mailto:tietosuoja@om.fi)
If you are in the European Economic Area, you have the right to complain to your local data protection supervisory authority. You can find their contact details here.
While we will always respect your right to lodge a complaint, we hope that you will reach out to us first, in order to solve any issues to your satisfaction.
How we store personal data
The data we track is secured, encrypted, and hosted in Falkenstein, Germany. The server is owned by Hetzner, a European company. All of the website data is covered by the European Union’s laws on data privacy. See Hetzner privacy policy for full details.
While some of our third-parties might process information using processors located outside the EU, they are committed and contractual bound to ensuring that all processing activities comply with applicable laws.
Data retention and cancellation
Your data is stored on immutable JSON-formatted files on Hetzner's datacenters. The data is kept safe as long as you use the service. You can cancel the service from your account.
Security on our website
We have implemented an appropriate and reasonable system of technical and organizational security measures designed to protect the security of any personal information we process. The processing of personal data and the protection measures consider the requirements of the applicable data protection legislation. The goal of our security measures is to secure the availability of information and information systems, to ensure their confidentiality, to ensure the integrity of the information and to minimize the damage caused by possible deviations. Any large-scale data leaks are always notified to relevant parties (and, as required, relevant authorities), whether or not the matter is subject to any notification obligations.
While we do our best to protect you, you use our website and services at your own risk. No online activity is guaranteed to be fully secure, and we cannot guarantee your safety against unauthorized third parties. You should only access our website and services from a secure environment. We cannot and will not guarantee that our website is free from computer viruses or other similar destructive properties. No website can make such commitments.
Additionally, please note that we minimize the extent of personal information we collect to the maximum extent possible. The biggest risk we face comes from any unsolicited information you provide us through open communication formats, including through emails or open-ended questions in our contact or waitlist forms. For example, our waitlist form asks some optional business-related questions which are not designed to elicit any personal data.
For your own safety, we discourage you from sharing any unsolicited personal information in response to questions on our website or through any of your communications with us.
How does our site interact with other sites, services, and software?
Our site sometimes links to external sites and services run by other companies. And as you browse our site, you might have pre-existing software from other sites or services running on your browser or device. We are not responsible for such sites, software, or services in any way. They are not governed by or covered under our notices or policies; they don’t follow our rules; they might not share our values.
Acceptable use of our software
When you use our services you warrant that you will comply with this Policy and with all applicable laws.
You also acknowledge that you may not:
Systematically retrieve data or other content to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us.
Make any unauthorized use of our software, including collecting usernames and/or email addresses of users by electronic or other means for the purpose of sending unsolicited email, or creating user accounts by automated means or under false pretenses.
Circumvent, disable, or otherwise interfere with security-related features of our software or website, including features that prevent or restrict the use or copying of any Content or enforce limitations on the use of our software and/or the content contained therein.
Engage in unauthorized framing of or linking to our software.
Trick, defraud, or mislead us and other users, especially in any attempt to learn sensitive account information such as user passwords.
Make improper use of our software, including our support services or submit false reports of abuse or misconduct.
Engage in any automated use of our software, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools.
Interfere with, disrupt, or create an undue burden on our software or the networks or the Services connected.
Attempt to impersonate another user or person or use the username of another user.
Use any information obtained from our software in order to harass, abuse, or harm another person.
Use our software as part of any effort to compete with us or otherwise use our software and/or its content as any revenue-generating endeavor or commercial enterprise.
Decipher, decompile, disassemble, or reverse engineer any of the components or parts comprising or in any way making up a part of our software, except as expressly permitted by applicable law.
Attempt to bypass any measures of our services designed to prevent or restrict access to our software, or any portion of our software.
Harass, annoy, intimidate, or threaten any of our employees or agents engaged in providing any portion of our software to you.
Delete the copyright or other proprietary rights notice from any content.
Copy or adapt our software, including but not limited to Flash, PHP, HTML, JavaScript, or other code.
Upload or transmit (or attempt to upload or to transmit) viruses, Trojan horses, or other material, including excessive use of capital letters and spamming (continuous posting of repetitive text), that interferes with any party’s uninterrupted use and enjoyment of our software or modifies, impairs, disrupts, alters, or interferes with the use, features, functions, operation, or maintenance of our software.
Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats (“gifs”), 1×1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as “spyware” or “passive collection mechanisms” or “pcms”).
Except as may be the result of standard search engine or Internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Services, or using or launching any unauthorized script or other software.
Disparage, tarnish, or otherwise harm, in our opinion, us and/or our software. Use our software in a manner inconsistent with any applicable laws or regulations.
Any violation of our Policy will result in immediate suspension of access to Volument accounts or software.
Updates to this Notice
As we improve our product and services, we may need to change our website and any policies, notices, terms, or conditions published, linked, or referenced herein, from time to time.
We encourage you to review this page and linked documents frequently to stay informed about our policies and practices. Updates become effective as soon as they are published and are noticed in our Change Log below.
While we will do our best to provide clear and timely updates, it's up to you to read, understand, and keep current with our notices and policies. If you continue to use our website, products, and services, we’ll assume that you are okay with any changes.
This policy is incorporated by reference into our Privacy Notice. Please refer to our Privacy Notice for further context and information regarding the information provided on this page.
Change Log
March 8, 2021 • First version
September 21, 2022 • Updates to information on tracked data
October 8, 2022 • Second version
January 1, 2022 • Third version