Welcome to the nista.io Privacy Policy

PLEASE READ THESE TERMS CAREFULLY AND COMPLETELY.


Privacy policy
In a nutshell, the information we may collect, store and use is to enable ongoing business relations – to facilitate trading and general correspondence with your employees. Our information systems backup and store all information in a secure, off-site and encrypted environment which only nista.io can access.

The responsible body for data processing on this website is:
Campfire Solutions GmbH
Stella-Klein-Löw-Weg 8
1020 Vienna
Austria

(in short “nista.io”)

We created this Privacy Policy, to declare which information we collect, how we use data and which options the users of our website have, according to the guidelines of the General Data Protection Regulation (EU) 2016/679.
For any questions and/or request, please use the following Email Address to get in touch with our team: info@nista.io
 
nista.io is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).
Unfortunately, these subjects sound rather technical due to their nature, but we have put much effort into describing the most important things as simply and clearly as possible.

Information we collect

In order for us to process business we collect customer and supplier registered company details which will include name and contact details (such as email, physical address and telephone numbers, VAT number, banking details). In certain instances, we may also collect additional names and contact details (as per above) dependent on customer or supplier services required.

Server log files
In server log files, the provider of the website automatically collects and stores information that your browser automatically transmits to us. These are:
    • Paged visited on our domain
    • Date and time of the server request
    • Browser type and browser version
    • Operating system used
    • Referrer URL
    • Hostname of the accessing computer
    • IP address

These data are not merged with other data sources. The data processing is based on Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.


Who we share your information with?
We do not sell your information to anyone and only pass it to our trusted partners and service providers who work with us to run our business.
We may pass your information to: 
    • Service providers who work for us, such as cloud providers
    • Subsidiary companies who work with us in providing services
    • Regulatory bodies, courts and law enforcement agencies
    • Our partner companies to supply services and/or where there is a complaint or query

 

How long do we keep your personal Information? 
How long we keep your personal information depends on why we have it and what we are doing with it: 
    • We keep records of any dealings you have with us or our partner companies so that we can respond to any complaints or disputes that may arise
    • We will keep other personal information about you if it is necessary for us to do so to comply with the law

 

Rights in accordance with the General Data Protection Regulation
You are granted the following rights in accordance with the provisions of the GDPR (General Data Protection Regulation) and the Austrian Data Protection Act (DSG):

  • to rectification (article 16 GDPR)
  • to erasure (“right to be forgotten“) (article 17 GDPR)
  • right to restrict processing (article 18 GDPR)
  • notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
  • right to data portability (article 20 GDPR)
  • right to object (article 21 GDPR)
  • right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)

If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria, this is the data protection authority, whose website you can access at https://www.data-protection-authority.gv.at/.

Cookies

Our website uses HTTP-cookies to store user-specific data. For your better understanding of the following Privacy Policy statement, we will explain to you below what cookies are and why they are in use.


What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
What should not be dismissed, is that cookies are very useful little helpers. Nearly all websites use cookies. More accurately speaking, these are HTTP-cookies, since there are also different cookies for other uses. http-cookies are small files which our website stores on your computer. These cookie files are automatically put into the cookie-folder, which is like the “brain” of your browser. A cookie consists of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.
Cookies save certain parts of your user data, such as, e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others, such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Piwik Pro). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, Trojans or any other malware. Cookies also cannot access your PC’s information.


Contact form
Data transmitted via the contact form will be stored, including your contact data in order to be able to process your request or to be available for follow-up questions. 
The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage, or until data storage is no longer necessary. Mandatory legal provisions – in particular retention periods – remain unaffected.


TLS encryption with https
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognize the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.

Google Fonts Privacy Policy

On our website we use Google Fonts, from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).


What are Google Fonts?
Google Fonts (previously Google Web Fonts) is a list of over 800 fonts which Google provides its users for free.

Piwik Pro Privacy Policy

We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.

We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.

We host our solution on Microsoft Azure in Germany/Netherlands/United States/Singapore/ElastX in Sweden, and the data is stored for 14/25 months.

The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR.

Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.

YouTube Privacy Policy

We have integrated YouTube videos to our website. Therefore, we can show you interesting videos directly on our site. YouTube is a video portal, which has been a subsidiary company of Google LLC since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that contains an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Thereby, certain data are transferred (depending on the settings). Google is responsible for YouTube’s data processing and therefore Google’s data protection applies.

In the following we will explain in more detail which data is processed, why we have integrated YouTube videos and how you can manage or clear your data.

What data is stored by YouTube?

As soon as you visit one of our pages with an integrated YouTube video, YouTube places at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, by using cookies, YouTube can usually associate your interactions on our website with your profile. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your Internet provider. Additional data can include contact details, potential ratings, shared content via social media or YouTube videos you added to your favorites.

If you are not logged in to a Google or YouTube account, Google stores data with a unique identifier linked to your device, browser or app. Thereby, e.g. your preferred language setting is maintained. However, many interaction data cannot be saved since fewer cookies are set.

What is Django CMS?

Django CMS is an open-source tool management tool and is used for our website nista.io. In another word we can say that it is a web-based framework, and it provides different types of features to the user such as editing of the frontend, reusability of different plugins, it also provides the flexible architecture to the user, search engine optimization, etc.  


A CMS is a Content Management System. This framework allows its client to add, alter and erase the substance according to the client’s will. The substance we are discussing is an advanced substance. It incorporates text and pictures. The CMS gives a connection point that can be effortlessly utilized by clients to keep up with their sites. The client need not be comfortable with backend advancements.

 
By default, Django stores files locally, using the MEDIA_ROOT and MEDIA_URL settings.

Google reCAPTCHA Privacy Policy

Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood human being and not a robot or other spam software. By spam we mean any unsolicited information sent to us electronically. With the classic CAPTCHAS, you usually had to solve text or image puzzles to verify the information. With reCAPTCHA from Google, we usually don't have to bother you with such puzzles. Here, in most cases, it is enough to simply check a box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don't even have to set a checkmark anymore. You'll find out exactly how this works and, more importantly, what data is used to do it later in this privacy policy.


What is reCAPTCHA?
reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. The most common use of this service is when you fill out forms on the web. A captcha service is a kind of automatic Turing test, designed to ensure that an action on the Internet is performed by a human and not by a bot. In the classic Turing test (named after computer scientist Alan Turing), a human determines the distinction between a bot and a human. In captchas, the computer or a software program also does this. Classic captchas work with small tasks that are easy for humans to solve, but present significant difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. Here, you only need to check the "I am not a robot" text box, or with Invisible reCAPTCHA, even that is no longer necessary. With reCAPTCHA, a JavaScript element is included in the source code and then the tool runs in the background and analyzes your user behavior. From these user actions, the software calculates a so-called captcha score. Google uses this score to calculate even before the captcha is entered how likely you are to be a human. reCAPTCHA or captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).


Why do we use reCAPTCHA on our website?
We only want to welcome flesh and blood people on our site. Bots or spam software of any kind can safely stay at home. That's why we pull out all the stops to protect ourselves and offer the best possible user experience for you. For this reason we use Google reCAPTCHA from Google. This way we can be pretty sure that we remain a "bot-free" website. By using reCAPTCHA, data is sent to Google to determine whether you are actually human. reCAPTCHA therefore serves the security of our website and, by extension, your security. For example, without reCAPTCHA, it could happen that a bot registers as many e-mail addresses as possible during registration in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.


What data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users to determine whether the actions on our website really come from people. Thus, the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube. Gmail, etc.) are already placed on your browser. Then, reCAPTCHA places an additional cookie on your browser and collects a snapshot of your browser window.
The following list of collected browser and user data, does not claim to be exhaustive. Rather, it is examples of data that, to our knowledge, are processed by Google.

  • Referrer URL (the address of the page from which the visitor comes)
  • IP address (e.g. 256.123.123.1)
  • Info about the operating system (the software that allows your computer to operate. Known operating systems are Windows, Mac OS X or Linux).
  • Cookies (small text files that store data in your browser).
  • Mouse and keyboard behavior (every action you perform with the mouse or keyboard is stored).
  • Date and language settings (which language or date you have preset on your PC is saved)
  • All JavaScript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
  • Screen resolution (shows how many pixels the image display consists of)

It is undisputed that Google uses and analyzes this data even before you click on the "I am not a robot" checkbox. With the Invisible reCAPTCHA version even the ticking is omitted and the whole recognition process runs in the background. How much and which data Google stores exactly, Google does not tell you in detail. The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Name: IDE
Wert: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-231600428874-8
Purpose: This cookie is set by the DoubleClick company (also owned by Google) to register and report a user's actions on the website in dealing with advertisements. In this way, advertising effectiveness can be measured and appropriate optimization measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year
Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month
Name: ANID
Wert: U7j1v3dZa2316004288740xgZFmiqWppRWKOr
Purpose: We could not find out much info about this cookie. Google's privacy policy mentions the cookie in the context of "advertising cookies" such as "DSID", "FLC", "AID", "TAID". ANID is stored under domain google.com.
Expiration date: after 9 months
Name: CONSENT
Value: YES+AT.en+20150628-20-0
Purpose: The cookie stores the status of a user's consent to use different services provided by Google. CONSENT is also used for security purposes to verify users, prevent credential fraud, and protect user data from unauthorized attacks.
Expiration date: after 19 years
Name: NID
Wert: 0WmuWqy231600428874zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to customize ads to your Google search. With the help of the cookie, Google "remembers" your most typed search queries or your previous interaction with ads. This way, you always get tailored ads. The cookie contains a unique ID to collect personal settings of the user for advertising purposes.
Expiration date: after 6 months
Name: DV
Wert: gEAABBCjJMXcI0dSAAAANbqc231600428874-4
Purpose: Once you tick the "I am not a robot" box, this cookie will be set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymous form and is further used to make user distinctions.
Expiration date: after 10 minutes


Note: This list cannot claim to be complete, as Google's experience shows that it changes the choice of its cookies time and again.


How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored, Google does not make clear, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The deviating data protection provisions of the Google company apply to this.


How can I delete my data or prevent data storage?
If you do not want any data about you and your behavior to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. Basically, as soon as you visit our site, the data is automatically transmitted to Google. To delete this data again, you must contact Google support at https://support.google.com. So, when you use our website, you agree that Google LLC and its agents automatically collect, process and use data. You can learn a little more about reCAPTCHA on Google's web developer page at developers.google.com/recaptcha/. Google does go into more detail about the technical development of reCAPTCHA here, but you will search in vain for precise information about data storage and privacy-related issues there as well. A good overview of the basic use of data at Google can be found in the in-house privacy policy at www.google.com/intl/de/policies/privacy/.

Hotjar Privacy Policy

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.