1. Register holder
04400 Järvenpää, FINLAND
2. Name of the register
Fluidit Software License Management System
3. Contact information for the register
4. Role responsible for the register
Chief Technology Officer (CTO)
5. Reasons for the information collection and the principles of processing the information
Some personal information (for details, see section 6) is collected in order to enforce the license usage restrictions: that no unauthorized person or organization is using the Fluidit software and that the number of licenses available to the client organization is not exceeded. The information is also used to inform the client organization on their license utilization rates, and possibly for billing, if per time or per project billing is used.
6. Information collected in the register
The register collects 1) the license identifier, 2) the user’s username on the client computer, 3) the client computer’s domain or host name, 4) the client computer’s public IP-address, 5) the time when the software use session started, and 6) the time when the software use session ended. Depending on the computer settings and the user name, the data may not be reference a person, as the computer username is not necessarily the name of any person.
7. The information sources
The information is collected upon Fluidit Software start from the user’s client computer operating system and from the license file supplied by the user. As long as the software is running, it periodically updates the heart beat time, to ensure accurate information on the usage session length.
8. Information transfer
The information is held confidently by Fluidit Ltd. on it’s virtual servers in Microsoft Inc.’s Azure cloud service within EU, and is never transferred to any third party.
9. Information transfer to outside EU or ETA
The information is never transferred outside EU or ETA.
10. Principles on protecting the register
The data is stored on a password protected database in a container running in an encrypted virtual computer hosted by Microsoft in its EU datacenters. The physical security is guaranteed by the service provider (i.e. Microsoft). The virtual server itself only allows personal SSH key based authentication to Fluidit Ltd.’s ICT systems support personnel and the CTO, who is responsible for the product line. The personnel having the access to data, always handles it with utmost care and adhering to the best practices in information security. Fluidit educates the personnel on information security and privacy. The cyber security of the system is under supervision, and more efficient technological means to protect the information and the server are being constantly evaluated and commissioned.
11. Rights of the individual in the register
12. Principles on personal information retention
The information is collected to enforce the license usage policy. The data retention time for the personal data is restricted to one year after the end of the software use session. Completely anonymous aggregate statistics on the total number of users from different client organizations may be retained longer.
13. Register governance
The responsible person is CTO Markus SUNELA, firstname.lastname@example.org.
14. Changes to the policy
©Fluidit Oy 2020