How We Collect Information
We may collect Personal Information from a variety of sources, including:
Directly from You or any of Your End Users, as applicable
From CIPHR Partners
Automatically, from devices used to connect to the Website and/or the Services
Information We Collect
Personal Information collected through the Services and the Website may include:
SIM#, IMEI#, IMSI#, device model and e-mail address
Other information You or any of Your End Users, as applicable, choose to provide
How We Use Information
We use Personal Information we collect to:
Provide the Services You may request
Analyze the use of and improve the Services
Operate CIPHR’s business generally
Comply with applicable laws and CIPHR policies
How We Share Information
CIPHR may share Personal Information it collects:
In connection with the provision of the Services
In case of a business transaction
For law enforcement
WEBSITE AND SERVICES INTENDED USERS
THE WEBSITE AND SERVICES ARE INTENDED FOR USE BY YOU ONLY
1. GENERAL PRINCIPLE
CIPHR is committed to protecting the privacy of Personal Information. In order to bring to Your attention the privacy
collected, (ii) why CIPHR collects Personal Information, (iii) how CIPHR uses and protects Personal Information, and
(iv) under what circumstances Personal Information is shared with CIPHR Partners and other third parties when required
to the collection, access, use and storage of Personal Information.
2. DEFINITIONS AND INTERPRETATION
CIPHR means Luxon Software Distribution Limited, a corporation duly constituted and doing business under the name CIPHR.
Cookie(s) designates the small text files that are placed on the hard disk of devices when someone uses the Services or accesses the Website, which may either be temporary and disappear when such devices are turned off or be permanent and stay even after such devices are turned off.
De-Identified Personal Information means Personal Information from which an owner’s or user’s name or other identifier has been removed, so that it can no longer be linked to that person.
CIPHR Partners designates CIPHR’s affiliates or other partners assisting CIPHR in the development of the Services.
Personal Information means any information about an identifiable individual or device, such as an e-mail address, and/or unique identifiers, such as SIM# (subscriber identity module number); IMEI# (international mobile equipment identity number), IMSI# (international mobile subscriber identity number) and device model, which are or could qualify as personal information when coupled with other information as they may result in persons or devices being rendered more easily identifiable when using the appropriate resources.
Services means the CIPHR real-time secured communication services for mobile applications, e-mails, text messages and data storage.
Website means the CIPHR website available at https://ciphr.io/ or any other URL.
You means (i) any CIPHR client using the Services for the Permitted Purposes, including any of its directors, officers, employees, agents and other person having access to the Services or (ii) as applicable, any person accessing the Website.
2.2 Unless the context requires otherwise: (i) grammatical variations of any term defined herein have a similar meaning; (ii) words importing the singular number shall include the plural and words importing the masculine gender shall include the feminine and neutral genders and vice versa.
3. COLLECTION AND USE OF PERSONAL INFORMATION
Further, please note that the information and identifiers that CIPHR interacts with and/or collects is constantly changing. Consequently, the information described below about the type of information collected may change; CIPHR regularly monitors the information it is interacting with and collecting, with a view to ensuring we retain the least amount of information, in the most anonymous manner, we can. CIPHR is not a data gatekeeper. To this end, CIPHR may obfuscate, hash or encrypt data rendering it unidentifiable to CIPHR. Nevertheless, the underlying notions and premises delineated herein remain applicable.
3.1 Information obtained directly from You and/or Your End Users
3.1.1 Purchase of Services
When You purchase Services, Your representatives will be required to disclose their contact information (such as their names, e-mail addresses and any other contact information); such information may, in some jurisdictions, constitute Personal Information. Such information is required to allow CIPHR to process the order, to send an electronic invoice and to provide You with the requested Services.
3.1.2 Use of the Services
When the Services are used by You or any of Your End Users, as applicable, CIPHR will collect, use and/or process information, including the device model and the following device identifying numbers:
SIM# (subscriber identity module number): this number (i) is composed of up to 22 digits (made up of several individual parts), (ii) includes some identifying information, as it reveals the telecom operator code, the network the SIM is associated with, the year and month the SIM was created, as well as the SIM’s own number, and (iii) is typically associated with a particular user;
IMSI# (international mobile subscriber identity number): this number (i) is included within the SIM inserted into all connected devices, (ii) includes a mobile country code and mobile network code used to identify the mobile network operator, and the identification number of the subscriber, and (iii) is typically associated with a particular user as it will follow the user even when the user changes devices;
IMEI# (international mobile equipment identity number): this number (i) is usually a unique temporary number used to identify a device as it has no permanent or semi-permanent relation to the user but can confirm whether a service or product is being used again on the same device and (ii) may be used with the IMSI# to ascertain when the device was made, the serial number of the device, the version of its software, the nation of usage-origin, the nation of carrier-of-origin, and the subscriber code of the carrier associated with the device;
The collection of the foregoing information is required in order to uniquely identify Your, and as applicable Your End Users’, devices and provide seamless Services, or allowing You to do the same thing with respect to Your products and services incorporating the Services.
3.1.3 Comments, requests for information and referrals
Should You or any of Your End Users, as applicable, wish to obtain information about the Services or about any other subject online, then You or any of Your End Users, as applicable, will be required to provide their contact information (including names and e-mail addresses), which may, in some jurisdictions and in the country where such person carries on business, constitute Personal Information; this information is required by CIPHR in order to communicate with such person, determine whether the Services are available in a geographic area and respond to such person’s enquiries, comments or requests for information. You or any of Your End Users, as applicable, may also provide additional Personal Information, including when making comments, enquiries, suggestions and referrals.
Should You or any of Your End Users, as applicable, recommend that CIPHR communicate with any person to provide information about the Services, CIPHR will need such person’s contact information for the above-mentioned purposes.
3.1.4 Customer service
When You or any of Your End Users, as applicable, subscribe to CIPHR newsletters or bulletins, the subscriber will be required to disclose its contact information such as its name and e-mail address, which are required by CIPHR to send information about the Services and other information in accordance with such subscription. No marketing or other commercial electronic communication will be sent to You or to Your End Users, if any, without Your or their prior consent, which may be withdrawn at any time as set forth here.
3.2 Information obtained from CIPHR Partners
CIPHR Partners may collect information about You or any of Your End Users, as applicable, some of which may be shared with CIPHR in order for CIPHR to update, upgrade or otherwise improve the Services and Website, or to develop new services.
3.3 Information collected using Cookies and similar technologies
Process Cookies: allow the Services and Website to work properly in keeping track of the sequence of orders or requests or when browsing from one page to the other.
Security Cookies: are used each time Services are used for identification and security purposes.
CIPHR applications leverage an on premise crash reporting system in order to gather application performance and crash data, which does not contain any Personal Information. Additionally, CIPHR applications allow for You or Your End Users to trigger a reporting feature which contains application stack traces and, ideally, information regarding events that occurred prior to and after a crash. Such a report also contains a plain text comments string allowing You or Your End User to report comments related to the issue.
4. SHARING OF PERSONAL INFORMATION COLLECTED
Personal Information is not used or disclosed to third parties for purposes other than those for which it was collected as described herein, unless required or authorized by law or as consented to by You or any of Your End Users, as applicable.
4.1 Personal Information
4.1.1 Sharing made in connection with the provision of Services
Personal Information may be disclosed to CIPHR Partners that facilitate the provision of any Service, such as by providing assistance to CIPHR with respect to the maintenance and development of its Services. Disclosure will be made on a “need-to-know” basis, and after ensuring that all proper contractual and other undertakings are in place.
4.1.2 Business transaction
Personal Information may be transferred to a potential purchaser or other business in connection with any business transaction or corporate reorganization, if such communication is necessary for the purposes of deciding whether to proceed with the sale or other transaction and provided that such disclosure is made in full compliance with applicable laws.
4.1.3 Law enforcement
Personal Information may be used and disclosed if CIPHR, acting reasonably, believes that such use or disclosure is necessary to comply with any applicable law, regulation, legal process or governmental request, or is otherwise required to protect its rights or to fulfil any other purpose set forth in the applicable law allowing or requiring the disclosure of Personal Information.
4.2 De-Identified Information
CIPHR may use De-Identified Personal Information for training, research, promotion and any other purposes.
5. ACCESSING, CORRECTING AND UPDATING PERSONAL INFORMATION
Requests for access to, or for necessary corrections, additions or deletions of, Personal Information in accordance with applicable laws may be made by contacting CIPHR as provided for below.
6. SECURITY MEASURES IMPLEMENTED
6.1 CIPHR uses all reasonable measures, including physical, electronic, technological, organizational and contractual security measures to (i) protect the security and privacy of Personal Information from losses, thefts or unauthorized access, disclosure, copying, use or modification, (ii) maintain data accuracy, and (iii) ensure that Personal Information is appropriately used. CIPHR has put in place or currently implements the following measures:
6.1.1 SSL Technology: Each time Services are accessed via Internet, Secure Sockets Layer (SSL) technology protects Personal Information by using server authentication and data encryption. No Personal Information will be communicated prior to this technology being activated, which can be confirmed by looking (i) at the address bar which will, depending on the browser, have a lock to the left of the website address (URL) and (ii) at the URL or the address bar of the browser, where the first characters of the address in that line should change from “http” to “https.”
6.1.2 Data retention on CIPHR’s servers: Our Services retain as little data as possible for as little time as possible. Payloads are end-to-end encrypted and kept in temporary storage until they are processed for delivery by the intended recipient. In the event that a payload is destined to a recipient who may not be able to retrieve it for an extended period of time, our system will permanently delete said payload within 30 days. However, given the ephemeral nature of the Services, such retention period may be significantly shorter than 30 days; as such we make no guarantees regarding the longevity of the data stored on Your or Your End Users behalf. CIPHR may also retain minimal information in order to troubleshoot issues that may arise; in most cases, this data is only retained for 24 hours or less.
6.1.4 No information collected: CIPHR does not log or store metadata associated with Your, or as applicable any of Your End Users’, use of the Services.
6.1.5 Secured center: CIPHR’s platform and servers are located in various data centers and are deployed at random in order to ensure security and availability. CIPHR may utilize CDNs and proxies to mitigate threats, such as DDOS attacks, which obscure the location of the Service you may be accessing. In the event Your or Your End Users subscription or organization mandates that data must traverse or must not traverse certain locations and/or routes, we will dynamically assign routes that adhere to such policies to ensure a compliant and secure routing profile.
If for any reason the secure Services cannot be accessed or the use of the Services does not provide the assurance required, You or any of Your End Users, as applicable, should feel free to contact CIPHR as set forth below.
6.2 DESPITE THE FOREGOING, YOU AND ANY OF YOUR END USERS, AS APPLICABLE, SHALL BE AWARE OF THE FOLLOWING:
6.2.1 NO GUARANTEE OF SECURITY: EVEN IF CIPHR USES TECHNOLOGIES WHICH ARE OF MERCHANTABLE QUALITY AND SUITABLE FOR THE PROVISIONS OF SERVICES, ANY ELECTRONIC SUPPORT AS WITH ANY OTHER FORM OF SUPPORT IS NOT INFALLIBLE AND FULLY SHELTERED FROM UNFORESEEABLE OR FORCE MAJEURE EVENTS, CYBERATTACKS OR UNAUTHORIZED USES AND ACCESS, AND YOU AND YOUR END USERS, IF ANY, SHALL BE AWARE THAT THERE IS A RISK IN TRANSMITTING ANY DATA ELECTRONICALLY. THIS RISK IS INHERENT IN ALL ELECTRONIC DEALINGS AS WELL AS TO ALL OTHER FORMS OF COMMUNICATIONS. CONSEQUENTLY, CIPHR CANNOT GUARANTEE THAT ANY INFORMATION TRANSMITTED WILL NEVER BE INTERCEPTED OR VIEWED OR SUBJECT TO OTHER INCIDENTS. SUCH EVENTS MAY OCCUR, PURSUANT TO WHICH DEVICES OR SYSTEMS CAN BE ACCESSED OR CONTROLLED BY UNAUTHORIZED PERSONS, OR UNDESIRABLE COMMUNICATIONS AND INVITATIONS MAY BE RECEIVED. SHOULD YOU OR ANY OF YOUR END USERS, AS APPLICABLE, RECEIVE A COMMUNICATION THAT LOOKS LIKE IT IS FROM CIPHR ASKING FOR PERSONAL INFORMATION, YOU OR ANY OF YOUR END USERS, AS APPLICABLE, SHALL AVOID RESPONDING TO SUCH COMMUNICATIONS. CIPHR WILL NEVER REQUEST FINANCIAL AND OTHER SENSITIVE INFORMATION THAT WAY. IF YOU OR ANY OF YOUR END USERS, AS APPLICABLE, HAVE RECEIVED OR ENTERED PERSONAL INFORMATION IN RESPONSE TO A SUSPICIOUS E-MAIL, POP-UP OR PHONY WEBSITE CLAIMING TO BE AFFILIATED WITH CIPHR OR IF ANY OF THE FOREGOING EVENTS TAKE PLACE, PLEASE CONTACT CIPHR IMMEDIATELY BY ANY OF THE MEANS SET FORTH BELOW.
6.2.2 Measures to be implemented: In addition to the foregoing, You acknowledge and agree in Your name and on behalf of Your End Users, if any, that (i) the files or information sent to other recipients may remain on their devices even after You or any of Your End Users, as applicable, deleted it from Your/their own devices, depending on the parameters selected for such transmission or whether these recipients took a screen shot or otherwise recorded that information or file, (ii) when sending or receiving any information or file, You or any of Your End Users, as applicable, are responsible for validating the identity and trustworthiness of the recipients, including whether these recipients are compliant with the representations and warranties constituting a condition precedent to the provision of the Services, (iii) each of You and any of Your End Users are responsible for implementing all physical, electronic, technological, organizational, contractual and other security measures to ensure that the confidentiality of the files and information You or any of Your End Users, as applicable, send or receive is preserved.
7. NATIONAL AND INTERNATIONAL DATA TRANSFERS
8. STORAGE OF PERSONAL INFORMATION
9. THIRD-PARTY WEBSITES
10. CONTACTING CIPHR
10.1 Questions, comments and requests
10.2 Withdrawal of consent
CIPHR may communicate with You for promotional and marketing purposes by e-mail, pop-ups, mail, telephone, text messages or other means of communication. CIPHR will generally use the same means of communication You chose to contact CIPHR or the preferred means specified by You. Should You wish to be removed from one or more of CIPHR’s promotional mailing lists, then You should click on the ready-to-use “unsubscribe” mechanism provided at the bottom of each e-mail or simply reply to that e-mail with the word “STOP” or “Unsubscribe”.
Should You wish to be removed from one or more promotional mailing lists, You can do so by specifying, in an e-mail, letter or phone call from which list(s) You wish to be removed.