Privacy Policy and Cookies Policy

This Privacy Policy was last modified on May 23, 2018.


  1. Introduction

    1. We are committed to safeguarding the privacy of our website visitors and service users. We keep your personal information personal and private. We will not sell, rent, share, or otherwise disclose your personal information to anyone except as necessary to provide our services or as otherwise described in this policy.

    2. This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. Our service users may be either our customers with whom we have a direct contractual relationship ("Customers") or the users of our Customers' sites and services ("End-Users").

    3. We may use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first use our services.

    4. In this policy, "we", "us" and "our" refer to Xvid Services OÜ. For more information about us, see Section 18.

  2. Personal data of children

    1. Our website and services are targeted at persons over the age of eighteen. We do not knowingly collect personally identifiable information from any person under the age of eighteen.

    2. If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.

  3. Acting as a data processor

    1. We also host and/or process data for our Customers. Our Customers tell us what to do with this data, and we follow their instructions. In respect of this data, we do not act as a data controller; instead, we act as a data processor.

    2. Insofar as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller. If you are an End-User of one of our Customer’s sites and want to know how our Customer handles your information, you should check its privacy policy. If you want to know about what we do for our own purposes, read on.

  4. How we use your personal data

    1. In this Section 4 we have set out:

      1. the general categories of personal data that we may process;
      2. in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
      3. the purposes for which we may process personal data; and
      4. the legal bases of the processing.

    2. We collect various personal data regarding you or your device. This includes the following:

      • We may process the data you provide to us when creating an account ("account data"). The account data may include your email address, your username and your first name and last name. If you subscribe to paid services, we may ask you for your company details, your VAT registration, your postal address and your country. Further, we may receive a portion of your payment data from our payment processor (such as the last four digits, the country of issuance or the expiration date of the payment card used).
      • We may process the information you provide in your personal profile on our website and services ("profile data"). The profile data may include your username, location, profile picture, your personal profile description and your publication preferences.
      • We may process data about your notification and marketing preferences ("notification data"). This may include data you provide us for the purpose of subscribing to our email notifications and/or newsletters like your email address, or any information regarding your marketing preferences.
      • We may process information contained in or relating to any communication that you send to us or otherwise contribute, such as messages sent to us via our website contact form, customer support inquiries or posts to our customer helpdesk or forums, or direct emails ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. Our website may generate the metadata associated with communications made using the website contact forms or our customer helpdesk. Please be aware that information on public parts of our sites, like for example our community forums, is available also to others.
      • We may process data about your use of our website and services or your use of our Customers' content and services that we host on their behalf ("usage data"). The usage data may include your IP address, network, network ports, internet service provider, geographical location, browser type, language, features and version, preference settings, operating system, hardware device IDs, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use or problems you may encounter, such as loading errors.
      • If you subscribe to paid services, we may process information relating to transactions, including recurring or non-recurring purchases of services that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your card details and the transaction details.
      • Other information you may submit to us directly or through third party services ("other data") if you use a third party service to create an account, subscribe to service status updates, make payments for paid services or if you use our Customers’ services (based on the privacy policies and your privacy settings with such third party services).

    3. We may obtain personal data from various sources. We do this mainly in these ways:

      • You provide some of it directly to us (such as by registering for a user account or by filling out and submitting our website contact form).
      • We record some of it automatically when you use our website or services or our Customers’ websites (including using technologies like cookies). For example, your IP address may be automatically recorded in our server log files when you visit our website.
      • We receive some of it from third parties (like when you create an account by using a third party service or when you make payments to us using certain payment methods).

      We will explain this in more detail in the following:

      1. Personal data you provide

        When you use our website and services, we collect information from you in various ways. For instance, we may ask you to provide your name and email address to create and manage your account. We also maintain your notification and marketing preferences, and the emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer helpdesk or forums. You might also provide us with information in other ways, including by submitting a form or participating in surveys.

        Sometimes we require you to provide us with information for contractual or legal reasons. For example, we may ask you to provide your company details, your address and your country when you subscribe to paid services in order to determine if, and how much, tax we need to collect from you. We will normally inform you when providing information is mandatory and the consequences of failing to provide it. If you do not provide personal information when requested, you may not be able to use our services if that information is necessary to provide you with the service or if we are legally required to collect it.

      2. Personal data obtained from your use of our website or services

        When you use our website or services, we collect data about your activity on and interaction with our website or services, such as your IP address, your device and browser type, your language settings and other browser features, the web page you visited before coming to our site, what page on our sites you visit and for how long as well as identifiers associated with your hardware.

        If you are an End-User of our Customers’ sites, we may also get information about your interactions with content in their sites in case the content is hosted by us, though we use this information only in aggregated or pseudonymized form in order to be able to provision our services as contractually agreed with our Customers, to prevent fraud and abuse, to protect and keep secure our services or to improve the performance of our services (including developing also new features or new services).

        Some of this information is collected automatically using cookies or similar technologies when you use our services or our Customers' sites. We let our Customers control what cookies and similar technologies are used in their sites (except those we need to use to provision the services properly, such as for fraud prevention, performance or security related reasons). You can read more about our use of cookies in Section 15. Some of this information may similarly be collected automatically also through your browser or from your device, for example in connection with the website analytics tool we use.

      3. Personal data obtained from other sources

        If you use a third party service (such as PayPal or Google) to register for an account or to make payments, the third party service may provide us with your third party service account information on your behalf, such as your name, postal address and email address (we will not have access to passwords you use to access third party services). Normally, you can specifically select what information will be shared or you can generally control this using the privacy settings of the third party service. So please make sure you have chosen settings you are comfortable with.

        We also publish realtime monitoring and health data about the status of the services we provide and we use a third-party service to publish this monitoring data (currently, we use statuspage.io). This third-party status page service may allow you to optionally subscribe to email notifications about incidents and status changes. If you subscribe to such notifications, the third-party service may give us access to your email address information. We will use your email address obtained through this third-party service solely to send you the status notifications you requested.

        If you are an End-User of our Customers' sites, our Customer may share some of the account information you have with them as is necessary to prevent fraud or to allow us in assisting with resolving a support ticket you filed with our Customer.

    4. We may use the personal data we obtain about you to:

      • Provision of the services. Create and manage your account, provide and personalize our services, keep track of your usage for billing purposes, process payments and respond to your inquiries.
      • Communicating with you. Communicate with you, including by sending you emails about your transactions, invoices and service-related notifications and announcements.
      • Promotion. Promote our services and send you tailored marketing communications about our products, services, offers and promotions depending on your marketing preference. For example, we may send different marketing communications to you based on your subscription plan or what we think may interest you based on other information we hold about you.
      • Customizing the services. Provide you with customized services. For example, we may use your location information to prefill your country address details, determine your language preferences or display accurate time zone information. We may also use cookies and similar technologies for this purpose, such as remembering whether you are logged in and then showing you personalized messages including your first name or username.
      • Improving our services. Analyze and learn about how our website and services are accessed and used, monitor and improve our services (including by performance optimizations or by developing new features and new services). We usually do this based on aggregated or pseudonymized information which does not focus on you individually. For example, if we learn that End-Users of a particular internet service provider receive sub-optimal transfer speeds when served from one of our datacenter locations, we may wish to switch serving these users from another datacenter or expand our infrastructure accordingly.
      • Security. Ensure the security and integrity of our services. For example, if we learn that some of our services is the target of a denial of service attack originating from a certain IP address range, we will block these IP addresses.
      • Third party relationships. Manage our vendor, subcontractor and partner relationships.
      • Enforcement. Enforce our Terms of Service and other legal terms and policies.
      • Protection. Protect our and others' interests, rights and property (e.g., to protect our Customers from abuse and fraud, and our Customers’ content that we distribute through our services from unauthorized access and from illegal copying).

      We process your personal data for the above purposes when:

      • Consent. You have consented to the use of your personal information in a particular way when you provided it to us. When you consent, you can change your mind at any time.
      • Performance of a contract. We need your personal information to provide you with services or products requested by you, to charge you for services purchased by you, or to respond to your inquiries. In other words, so we can perform our contract with you or take steps, at your request, to enter into such a contract. For example, we need your email address so you can sign in to your account.
      • Legal obligation. We have a legal obligation to collect and use your personal information, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
      • Legitimate interests. We have a legitimate interest in using your personal information. In particular, we have a legitimate interest in the following cases:

        • To operate and properly administrate our business and to manage our customer relationships including communicating with you, developing our business and promoting our services.
        • To analyze and improve the safety and security of our services. We do this as it is necessary to pursue our legitimate interests in ensuring our website and services are secure, such as by implementing and enhancing security measures and protecting against attacks, fraud, spam and abuse.
        • To provide, monitor and improve the services, including any personalized services. We do this as it is necessary to pursue our legitimate interests of providing an innovative and tailored offering to our Customers on a sustained basis.
        • To share your personal data with any other member of our group of companies that is involved in providing and improving the services.
        • To anonymize personal data and subsequently use anonymized information in perpetuity.
        • To obtain or maintain insurance coverage, managing risks, or obtaining professional advice. We do this as is necessary for the proper protection of our business against risks.
        • To establish, exercise or defend legal claims, whether in court proceedings or in an administrative or out-of-court procedure. We do this as is necessary to protect and assert our legal rights, your legal rights and the legal rights of others.
      • Protecting you and others. To protect your vital interests, or those of others.
      • Others’ legitimate interests. Where necessary for the purposes of a third party’s legitimate interests, such as our Customers who have a legitimate interest in having the distribution of their content to function properly and securely, and having their content protected from fraud, abuse, unauthorized access and illegal copying.

    5. Please do not supply any other person's personal data to us, unless we prompt you to do so or unless we have entered into a separate data-sharing or data-processing agreement with you that requires supplying the data.

  5. Automated decision-making

    1. We will use your personal data for the purposes of automated decision-making in relation to fraud prevention, in particular to protect our business, or that of our Customers, from credit card or other forms of payment fraud.

    2. This automated decision-making will involve risk-assessing and matching your usage, account and profile data (or other data, including security features like CVV or ZIP codes that you provide during the checkout) against the data of the payment card or payment account owner as determined by the payment services providers or the processing bank.

    3. The significance and possible consequences of this automated decision-making are that you may be denied from accessing and using paid services if your payment is not accepted due to an unacceptably high determined fraud risk. You can contact us and ask for a manual review of your case if you become subject to such an automatic rejection.

  6. Providing your personal data to others

    1. We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our sister companies, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

    2. We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

    3. We may disclose your IP address, name, username, contact details and/or email address to our suppliers or subcontractors insofar as reasonably necessary for the secure hosting of our website and services, for provisioning the services as contractually agreed with you, for personalizing our services, for providing support to you via our helpdesl system or via email, for receiving your emails and sending you replies or notifications by email or otherwise communicating with you, and for obtaining payments as contractually agreed with you.

    4. Financial transactions relating to our website and services may be handled by our payment services providers, Braintree Payments and/or PayPal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments, protecting our business from fraud as well as dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at:

      https://www.braintreepayments.com/en-ee/legal/braintree-privacy-policy
      https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

    5. We may disclose your personal data in case we are involved in a reorganization, merger, acquisition or sale of some or all of our assets. In this case, your personal data may be transferred as part of that deal.

    6. In addition to the specific disclosures of personal data set out in this Section 6, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

  7. International transfers of your personal data

    1. In this Section 7, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

    2. The hosting facilities for our website and services are partly situated in the United States of America and in Canada. The European Commission has made an "adequacy decision" with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, and/or the rules of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as approved by the European Commission and Switzerland, as is applicable.

    3. Our payment services providers, our customer support helpdesk provider, some of our email services providers as well as some of our cloud infrastructure and content delivery services providers are situated in the United States of America. The European Commission has made an "adequacy decision" with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, and/or the terms of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as approved by the European Commission and Switzerland, as is applicable.

    4. You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

  8. Retaining and deleting personal data

    1. This Section 8 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

    2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

      As such, we retain personal data regarding you or your use of the services for as long as your account is active or for as long as needed to provide you with the services. We also retain personal information for as long as necessary to achieve the purposes described in this privacy policy, for example, to comply with our legal obligations, to ensure the security of our website and services, to establish, exercise or defend legal claims, to protect us in the event of disputes and to enforce our agreements, and to protect our and others’ interests.

    3. The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your account is active, while the period for how long we keep a message you sent via a website form is based on how long has passed since you submitted it.

      As Customers may come back to us also after an account has become inactive, we do not immediately delete your personal data when you close your account or cancel your subscription. Instead, we keep your personal information for a reasonable period of time, so it will be there for you if you come back.

      You may delete your account by contacting us and we will delete the personal data we hold about you (unless we need to retain it for the purposes set out in this privacy policy).

      Please note that in the course of providing the services, we collect and maintain aggregated, anonymized or de-personalized information which we may retain indefinitely.

  9. Security of personal data

    1. We will take all reasonable technical and organisational precautions to secure your personal data and to prevent the loss, misuse, unauthorized access, disclosure, alteration and/or destruction of your personal data.

    2. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information. We will store all your personal data on secure servers, personal computers and mobile devices, and we make use of privacy-enhancing technologies such as encryption.

    3. Data relating to your enquiries and financial transactions that is sent from your web browser to our web server, or from our web server to your web browser, will be protected using encryption technology.

    4. You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

    5. You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password (except when you log in to our website).

  10. Amendments

    1. We may update this policy from time to time by publishing a new version on our website.

    2. You should check this page occasionally to ensure you are happy with any changes to this policy.

    3. We may notify you of significant changes to this policy by email or through the private messaging system on our website.

  11. Your rights

    1. In this Section 11, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

    2. Your principal rights under data protection law are:

      1. the right to access;
      2. the right to rectification;
      3. the right to erasure;
      4. the right to restrict processing;
      5. the right to object to processing;
      6. the right to data portability;
      7. the right to complain to a supervisory authority; and
      8. the right to withdraw consent.

    3. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

    4. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. You can rectify or complete your account and profile data by logging on to our service or by contacting us.

    5. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

    6. In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

    7. You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

    8. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

    9. You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

    10. To the extent that the legal basis for our processing of your personal data is:

      1. consent; or
      2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
      and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

    11. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

    12. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

    13. You may exercise any of your rights in relation to your personal data by written notice to us, in addition to the other methods specified in this Section 11.

    14. If you are an End-User of one of our Customer’s sites or services, you should contact them to exercise your rights with respect to any data they hold about you.

  12. Third party websites

    1. Our website includes hyperlinks to, and details of, third party websites.

    2. We have no control over, and are not responsible for, the privacy policies and practices of third parties.

  13. Updating information

    1. Please let us know if the personal information that we hold about you needs to be corrected or updated.

  14. About cookies

    1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

    2. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

    3. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

  15. Cookies that we use

    1. We use cookies for the following purposes:

      • authentication - we use cookies to identify you when you visit our website and as you navigate our website;
      • status - we use cookies to help us to determine if you are logged into our website;
      • personalisation - we use cookies to store information about your preferences and to personalise the website for you;
      • security - we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to generally protect our website and services or those of our Customers;
      • analysis - we use cookies to help us to analyse the use and performance of our website and services; and
      • cookie consent - we use cookies to store your acknowledgement and your preferences in relation to the use of cookies more generally.

  16. Cookies used by our service providers

    1. Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

    2. We use Freshworks to provide Customer Support and Helpdesk Community services as part of our website and services. This service uses cookies for authenticating you with the Helpdesk, showing you personalized information, ensuring the security of the Helpdesk and determining whether you are logged on to the Helpdesk. You can view the privacy policy of this service provider at:

      https://www.freshworks.com/privacy/

    3. We use Braintree Payments to collect payments from you for the services we provide. We use the Braintree Drop-In UI to enable you to enter your payment details (like credit card details) securely and conveniently. The Braintree service may place cookies on your computer to personalize your experience and to prevent fraud and abuse. You can view the privacy policy of Braintree Payments at:

      https://www.braintreepayments.com/en-ee/legal/braintree-privacy-policy

    4. We use Google AdWords service to advertise our website or services on the Google search result page. Upon a search for certain keywords on Google, our ads may be shown in the areas of the search result page designated for this purpose. A cookie is stored by Google when an ad is clicked (so-called "conversion cookie"). The purpose of the conversion cookie is to enable Google to provision their ad services and to enable us to evaluate the success of our ad campaigns and to optimize our ads. For more information on Google AdWords services and how to opt-out, please refer to Google specific privacy policy and settings for Google ads at:

      http://www.google.com/policies/privacy/
      http://www.google.com/settings/ads

  17. Managing cookies

    1. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

    2. Blocking all cookies will have a negative impact upon the usability of many websites.

    3. If you block cookies, you will not be able to use all the features on our website.

  18. Our details

    1. This website is owned and operated by Xvid Services OÜ.

    2. We are registered in Estonia under registration number 12405759, and our office is at Narva mnt. 5, 10117 Tallinn.

    3. You can contact us:

      • using our website contact form; or
      • by email, using any of the email addresses published by us on our website.

  19. Data protection officer

    1. Our data protection officer's contact details are: dpo@xvidservices.com.