miniOrange ("Us", "We", "Our" or the "Company") is committed to protecting the privacy of your information while you use our miniOrange Product and Services. We’ve crafted the policy below to help you understand how our Product/Services collects and uses personally identifiable information
- miniOrange Product: This refers to all the products and services offered by miniOrange. For Example Product like miniOrange Cloud and On-Premise IDP and services includes different functionalities with the Product.
- Customer Support Services: It involves screen sharing sessions, meetings and support by mail.
- miniOrange Servers: This refers to miniOrange service which is stored on secure cloud service AWS. miniOrange Users datais also stored with AWS.
- Third Party: This refers to customers using miniOrange services i.e. plugin with specific service to all its users
- Personal data: This refers to information provided by you such as name, company name, address, phone number, email address, and any other information necessary.
We protect your personal information using industry standard safeguards. We may share your information only with your consent or as required by law as detailed in this policy, maintaining your trust is our top priority, so we adhere to the following principles to protect your privacy.
We protect your personal information and will only provide it to third parties
- with your consent;
- where it is necessary to carry out your instructions;
- as reasonably necessary in order to provide our features and functionality to you;
- when we reasonably believe it is required by law, subpoena or other legal process; or
- as necessary to enforce our User Agreement or protect the rights, property, or safety of miniOrange, its Customers and Users, and the public
Personal Data Collection
Who has access to your information ?
Your data is only accessed by the authorized employee of the miniOrange which is used solely for the maintenance of your service provided by miniOrange, to provide your billing / payment details, to provide you the support to serve better.
- Right to be erasure: Information collected is stored in miniOrange Servers. Customers can delete end-user’s information if end-user requests.
- Right to object: In certain situations, the end user has the right to object to the data being processed insofar as such data have been collected for direct marketing purposes.
- Right to rectification: You have a right for clarification of inaccurate personal data. And change the data by providing complete information.
- Right of access: You have the right to obtain from us information concerning i.e. you have the right to request and get access to that personal data.
- Right to be informed: You have the right to be informed if we make any changes in the policy or any significant changes we treat your personal information.
- Right to restrict processing: Customers have the right to restrict the access to their personal data by signing mutual NDA with the specific terms and conditions.
- Right to data portability: The right to portability only applies to data that customer has provided with his own consent for the performance.
miniOrange Approach on Rights Through the miniOrange directory services, IT Administrators of customer companies have complete control over the personal data of their end-users, which is securely stored in the identity management platform. They can access the data and then choose to delete or share it. The end-users themselves also have control over their personal information and can utilize it to access other services, as well. These features of our platform allow for our compliance with this section of the GDPR.
miniOrange Approach on Data Breach Notification
miniOrange takes pride in its methods of security concerning personal data: access to our technical infrastructure (In which personal information is contained) is limited only to personnel with a documented and approved business need; all of our data at rest is encrypted; login requests and privileged commands are tracked using the appropriate software; our authentication process is secured with the implementation of methods such as MFA and password complexity. However, if miniOrange has the least reason to suspect a data breach, the technical and organizational personnel follow a specified response plan and policy. Data recovery aside, the Data Breach Notification is something miniOrange is ready to fulfill to the level described above, as soon as the moment arises. This notification includes : data subject name and details. The date and time of the breach The date and time we detected it. Information about the type of breach Information about the personal data affected.
miniOrange Approach on Data Minimization
miniOrange only collects and processes personal data that we need to provide services and products. This personal information includes names, email addresses, and other company information. If customers desire their end-users to input this data individually, the customer themselves becomes the controller over that information, and miniOrange becomes the sub-processor. Customers have a large amount of control over this personal information. They can add, delete or modify existing data as they see fit. miniOrange does not utilize this user-generated content in any way other than to display it at the customers' end, for authentication and verification.
Approach on Data Protection Officer (DPO)
miniOrange does not meet any of the circumstances where a Data Protection Officer would be required. A Data Protection Officer is required to be implemented under if the following circumstances hold true. They are: The processing of personal data is done by a public authority (Courts and independent judicial authorities are exempted from this). The personal data being processed requires regular and systematic monitoring on a large scale. The data subjects (i.e. The EU citizens) are required to be regularly monitored on a large scale for the data processing. The personal data being processed is related to or regards crimes and convictions on a large scale. We need only a handful of personal data from our customers, such as names, email addresses, organization names and phone numbers. Since we are not a public authority, nor are we partaking in the collection or processing of high
Changes in the Policy
We will notify you when we change this policy. We may change this Policy from time to time. If we make significant changes in the way we treat your personal information, we will provide notice by posting an announcement on the Website or sending an email prior to the change becoming effective.