The countdown has begun! Join us for our biggest HexCon yet, this September 20-22.

Register now

Privacy Policy

Privacy Policy

Last Updated: Dec 14, 2023

Your privacy is Mitsogo Inc.’s (referred to as “Mitsogo Inc.”, “us”, “we”, “our”, “its” or the “Company”) top priority. We undertake to make reasonable efforts to protect and process your Personal Data in a manner that is consistent with applicable law. This Privacy Policy (referred to as “Policy”) explains how we process and safeguard the Personal Data of Data Subjects when they (i) visit our websites namely, www.mitsogo.com and www.hexnode.com (referred to as “Websites”); (ii) use the Hexnode UEM – the online Mobile Device Management solution, the Hexnode UEM Mobile Application and the related applications and services offered by the Company (referred to as the “Products”); (iii) attend an event hosted or attended by us and when a person contacts us for customer support (referred to as “Support Services”).

For the sake of convenience, the Website, the Products and Support Services are collectively referred to as “Services” in this Policy.

We request you to acquaint yourself with the terms of this Policy and redirect any queries to us at privacy@hexnode.com

IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, PLEASE REFRAIN FROM USING THE SERVICES. YOU ACKNOWLEDGE AND REPRESENT THAT YOUR CONTINUED USE OF THE SERVICES SHALL AUTHORIZE US TO PROCESS YOUR INFORMATION IN ACCORDANCE WITH THIS POLICY.

Introduction

For the purposes of this Policy,

  • Visitors” refers to those who visit our Websites.
  • Customers” refers to those who register and avail of our Services.
  • End Users” refers to those who are the users of any of our Customers.
  • Administrators” refers to those who operate the technical features of our Services on behalf of the Customers.

Visitors, Customers, End Users and Administrators are collectively referred to as “Users” in this Policy. References to “you” or “your” across this Policy are to Users of our Services.

  • Personal Data” refers to any information about a living individual which identifies or which can be used to identify such individual, directly or indirectly, from other readily available data that is either in our possession or likely to come into our possession.
  • Processing” (and the terms “processes” and “process” shall be construed accordingly) refers to any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Usage Data” refers to information that is collected automatically either generated by the use of the Website/Services or from the Website/Service infrastructure itself (for example, the duration of a page visit).
  • Data Controller” refers to the natural or legal person who (either alone or jointly in common with other persons) determines the purposes for which and the manner in which any Personal Data is, or are to be, processed.
  • Data Processors” or “Service Providers” refers to any natural or legal person who processes Personal Data on behalf of the Data Controller.
  • Data Subject” refers to any living individual who is using our Services and is the subject of Personal Data.

This Policy does not apply to any information collection activity outside of the scope of the Services outlined herein (unless otherwise stated below or at the time of collection). Our Websites may contain links to third-party websites. The information collected by such websites, including but not limited to any Personal Data is governed by the privacy notices of such third-party websites. We encourage you to review the privacy notices of such third-party websites, including the ones we may link to in this Policy, in order to understand their data privacy practices.

It also does not apply to information that we process on behalf of our Customers through their use of our Services. In such cases, we process such information on the basis of our Customer’s instructions and act as their Data Processor. If you are an End User of any of our Customers, we encourage you to review such Customer’s privacy notices and terms of use to understand how your Personal Data is handled.

We acknowledge that you have the right to access, correct, amend or delete your Personal Data under certain circumstances. If you are an End User of any of our Customers, and you have queries regarding such Customer’s privacy practices, or if you seek to access, update, or remove your data, we request you to contact the Customer with whom you interact directly. If a Customer requests access to or otherwise requests us to update or remove data, we shall respond within a reasonable period of time. Please note that we will retain and use data collected on behalf of our Customers as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also transfer Personal Data collected on behalf of our Customers to companies that help us provide our Services.

We rely on Standard Contractual Clauses (referred to as “SCC’s”) approved by the European Commission for transfer of Personal Data from the European Economic Area (referred to as “EEA”), United Kingdom (“UK”) and/or Switzerland, to us, and on other transfer mechanisms deemed ‘adequate’ under applicable laws.

Mitsogo Inc. complies with the EU-U.S. Data Privacy Framework (referred to as the “EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Mitsogo Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (referred to as the “EU-U.S. DPF Principles”) with regard to the Processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Mitsogo Inc has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (referred to as the “Swiss-U.S. DPF Principles”) with regard to the Processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, referred to as the “DPF Principles”), the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Pursuant to the DPF Principles, Mitsogo Inc. acknowledges the following:

  • EU, UK, and Swiss individuals have the right to access their data that has been transferred into the United States and to amend, correct, or update inaccurate information. Furthermore, said individuals also have the right to erasure of information that has been handled in violation of the DPF Principles. Those wishing to exercise these rights may do so by contacting Mitsogo at privacy@hexnode.com.
  • Mitsogo is subject to the oversight and enforcement authority of the United States Federal Trade Commission
  • We may be required to release personal data of EU, UK, or Swiss individuals in response to lawful requests by public authorities including to meet law enforcement and/or national security requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S Data Privacy Framework (“Swiss – U.S. DPF”), Mitsogo Inc. commits to resolve complaints about our Processing of your Personal Data transferred to the U.S pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK and Swiss individuals with inquiries or complaints should first contact us. You may find Section 13 useful in this regard.

Mitsogo Inc. has committed to refer unresolved DPF Principles-related complaints to a U.S. – based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meaning as in our Terms of Use available at: https://www.hexnode.com/legal/hexnode-terms-of-use/.

Types of Information Collected

We collect the following types of information:

Information collected directly from you:

We may collect the following types of information from you at the following instances:

  1. Basic Contact Information: When you express an interest in purchasing or when you ask us for additional information about the Services or when you register for our Services, we may collect information such as, Customer name, contact ame, Customer address, Customer phone number and Customer email address.
  2. Billing Information: When you purchase our Services, we may collect information such as, billing name, billing address, payment method, number of devices/End Users who may be enrolled into our Services.
  3. Information to Support: When you submit information to our support team or open a support ticket or speak with our representatives directly regarding a problem you may be facing when you use our Services we may collect information such as basic contact information, summary of the problem you may be facing and any other additional information that may be useful in solving the problem.
  4. Other Information: This may include information such as Customer’s annual revenue, employee count and the industry in which the Customer operates. We may also collect information that you may submit in social media or social networking sites operated by us. This may include instances when you participate in any events, surveys, contests, promotions organized by us or when you submit feedback regarding the same.

Information collected from you during your Usage of Services

We may collect the following types of information from you whenever you use or access our Services:

  1. Device and Connection Data:

    This may include information about your device such as the type of device (for eg. computer, mobile, tablet etc.), your device’s internet protocol address (IP Address), MAC address, browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, the device operating system, unique device identifiers, session data and other diagnostic data.

    We also collect aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your Personal Data but is not considered Personal Data under law as it does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Policy.

  2. Usage Data:

    This may include information such as the description attached to a ticket, the settings that you may choose to opt for while using our Services, the files and links you upload to the Services, the chat messages you may exchange with our Support Services, your application repositories, the policy settings you may define in our Services and any feedback you may provide us.

  3. Behavioural Data:

    This may include information such as the links or pages you’ve clicked on while using our Services, the time spent on those pages, the queries you’ve raised, and other interactions you may make while using our Services.

Information that we do not collect or store:

  1. Information pertaining to an individual under the age of 16

    Our Services are not intended for any individual under the age of 16. We do not knowingly collect or process any information from any individual under the age of 16. IF YOU ARE AN INDIVIDUAL UNDER THE AGE OF 16, DO NOT SUBMIT ANY INFORMATION TO US AND LOG OFF OUR SERVICES. If you are a parent or a guardian of an individual below the age of 16 and you believe that we have collected the Personal Data of your child/ward, please email us at privacy@hexnode.com. We will remove such data to the extent required by applicable law.

  2. Information pertaining to your political and criminal status

    We do not collect any data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data, or any information about criminal convictions and offences, through our Services.

  3. Payment Information

    We do not retain your payment information when you avail our Services. All payment information is processed in compliance with PCI-DSS through third party billing vendors. We strongly encourage you read the privacy policies of our third party billing vendors since the use of your payment information is governed by their privacy policies: https://stripe.com/en-in/privacy

  4. Information posted through Social Media features on our Website.

    We may offer the use of certain social media features/functionalities on our Website. For eg, the Facebook “Like” button, or a share button. You may be able to share your information on a third party Social Media network through the use of such features. However, please note that these features are governed by the privacy policies of third parties providing such features.

  5. Information posted on Community Spaces and testimonial information

    We may provide community spaces such as blogs or chat rooms on our Websites. Please note that any information you may provide in these spaces may be read, collected, or used by third parties who may visit these spaces. We are not responsible for the information that you choose to submit in these spaces.

    Any testimonial or Customer information that you see posted on our websites have been posted with the prior consent of such Customers.

Information collected through use of Information-gathering technology:

We collect and retain information about your use of our Services using commonly employed information-gathering technology such as cookies, web beacons, embedded scripts, location-tracking technology, in-app tracking technology, and other tracking technology.

  1. Cookies

    Cookies are files with small amount of data that are transferred to your browser by a web server, which in turn may be stored on your device. These files can only be read by the web server that transmitted it to your device. These files allow us to deliver personalized experiences to our Users and maintain and improve our Services. For example, cookies enable us to store your webpage preferences, analyze how our Products perform in your device and help in secure your browsing experience against fraudulent activities.

    Cookies per se cannot personally identify you. However, you can identify yourself to us by opening an account with us or by filling out web form etc.

    We use both session and persistent cookies on our Website. Session Cookies expire at the end of every browsing session. Persistent cookies survive the end of a browsing session and remain on your device even after you close your browser or you switch off your device. You can choose to disable all or some cookies by turning them off in your browser or by making use of third party opt-out tools. You can also choose to manage your browser to alert you when cookies are placed on your device. However, please note that if you choose to disable cookies, parts of the Website may not function smoothly or may stop responding completely.

    We obtain your consent prior to using Cookies wherever we are required to so. Please refer to our Cookie policy at https://www.hexnode.com/legal/cookies-policy/ for more information about our use of cookies. You may also find http://www.allaboutcookies.org useful for educating yourself more about Cookies.

  2. Web Beacons

    Web Beacons, otherwise known as tracker pixels, is a clear graphic image that is used to gather usage and performance information pertaining to a website. We use web beacons, sometimes in combination with cookies, to monitor behavioural data, to improve our Website and email communications.

  3. Embedded Scripts

    Embedded Scripts are small pieces of code programmed to collect user behavioural data. It is temporarily placed onto your device when you use our Website. However, it is deleted after your connection to our Website ends.

  4. Location-tracking technologies:

    Our Services also make use of GPS software, geo-filtering and other location-aware technologies to obtain information regarding your location and provide personalized content based on your content. However, if you are an End User of our Product, please note that only Administrators can enable these functionalities in your device and we only process your data in this regard as Data Processors.

  5. Do not track (DNT)

    We do not support DNT. DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preference or settings page of your web browser.

  6. Analytics

    We make use of Google Analytics to measure and access our user traffic on our Websites. Google may use this information collected to improve and maintain its products and services. Please note that Google’s data collection activities are governed by its own privacy policy, which we encourage you to review. You may also choose to opt out from the collection of information about your visit to our Websites by using the Google Analytics Opt-out feature.

    For more information, please refer to Data sharing settings - Analytics Help (google.com)

Use of Information:

We will only use your Personal Data in accordance with applicable laws. We use your personal data for the following purposes:

  • To provide and maintain our Services, communicate with you about our Services, and process your requests.
  • To administer and protect our business and our Services (including troubleshooting, testing, system maintenance, support, reporting and hosting of data).
  • To notify you about changes to our Services.
  • To allow you to participate in interactive features of our Services when you choose to do so.
  • To provide customer support.
  • To facilitate the processing of payments.
  • To gather analysis or valuable information so that we can improve our Services.
  • To monitor the usage of our Website.
  • To detect, prevent and address technical issues.
  • To enforce our Terms of Use and other legal terms and policies.
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
  • To comply with applicable legal requirements, such as government regulations and industry standards, contracts and law enforcement requests.

If you are a resident of the EEA, UK or Switzerland, we process information about you only when we have legal basis or bases to do so under applicable laws. These legal bases may depend upon your usage of our Services or on the Services you have availed from us or how you choose to interact and communicate with us. We rely on the following bases to process your Personal Data:

  • Contractual Necessity: To operate and provide you with our Services, provide customer support and personalized features and to protect the safety and security of our Services. This is necessary for the performance of the contract which we, you and us, are party to or to take steps at your request before entering into such a contract.
  • Legitimate Interest: When we have a legitimate interest to process your Personal Data (which is not overridden by their impact on you) such as for research and development, for marketing purposes and to protect our legal interests and rights.
  • Consent: When you provide us your consent to do so for a specific purpose; or
  • Compliance with a Legal Obligation: When we need it to comply with any legal obligation.

You may choose to withdraw your consent to our use and the disclosure of your Personal Data. However, this shall not affect any Processing that has already taken place. Where we reasonably consider that we need to use your Personal Data for another reason and that reason is compatible with the original purpose of collection, then we may also use and process your Personal Data. In such cases, you have the right to object to such use. However, this may mean no longer using our Services.

If we require to process your Personal Data for an unrelated purpose, we shall notify you and explain the legal basis/bases which allows us to do so.

International Data Transfer

To provide you with our Services, we may transfer your Personal Data to countries other than where you are a resident. Any data transfer made to these countries is made in accordance with applicable data protection and privacy laws. If you are a resident of the EEA, we rely on SCC’s [updated on June 4th, 2021] for transfer of Personal Data to third countries, or for transfer of Personal Data to third parties in the United States. We have also self-certified to the EU-U.S. DPF, the UK Extension to the EU-US Data Privacy Framework and the Swiss-US DPF.

Where consent is necessary to make such transfer, we transfer your Personal Data only after receiving such consent from you. Please refer to our list of global offices at our websites, where your Personal Data may be sent for Processing.

Retention of Information

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

In some circumstances, we may anonymise your Personal data (so that it can no longer be associated with you) for research and developmental purposes, in which case we may use this information indefinitely without further notice to you.

Disclosure of Information

We may share your Personal Data with the following parties:

  • Internal Parties: Which include affiliates and subsidiaries of Mitsogo Inc. We share information with these parties to fulfil our contractual obligations to you.
  • External Parties: These parties include:
    • Third party service providers, who can provide services on our behalf. They may include service providers who provide IT and system administration servicers, analytics, behavioural marketing, payment processing services etc. However, unless provided for in this Policy, we do not share, sell, rent or trade any Personal Data with third parties for their promotional purposes. We also do not authorise the collection of information by third parties through information-gathering technologies deployed on the Company’s Websites. Please refer to a list of our sub-processors here: https://www.hexnode.com/legal/sub-processors/
    • Professional advisors including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.
    • Regulators and other authorities, if required by the law or if the Company reasonably believes that such use or disclosure is necessary to protect the Company’s legal interests and rights and/or to comply with a judicial proceedings, lawful request, court order or legal processThe Federal Trade Commission (“FTC”) has jurisdiction over Mitsogo’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF . As such, if we become party to a FTC proceeding based on non-compliance with this Policy or with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF , we shall be required to make public such information to the extent consistent with confidentiality requirements.
    • Companies, with whom we may collaborate to jointly offer products or services. If you purchase or specifically express interest in availing a jointly offered product or service, we may share your Personal Data with them. Please note that the use of your Personal Data by such companies is governed by their own privacy policies. You can choose for your Personal Data to not be shared in this manner by opting out of jointly offered products or services.
    • Companies, who are the owners of third-party integration software. You may choose to deploy a new functionality to our Service by installing third party integrations within our Services. Please note that, by doing so, you give access to such companies to your Personal Data and the use of your information by such companies is governed by their own privacy policies. You can choose for your Personal Data to not be shared in this manner by disabling third-party integrations.
    • Companies, to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If such a change happens to our business, then the new owners may use your Personal Data in the manner set out in this Policy or may change the contents of this Policy, after giving notice to you regarding the same.

Security of Information

Mitsogo Inc is an ISO 270001 certified company. ISO 27001 is the leading internationally recognized standard for information security. It has been awarded to us in recognition of the robust security measures that we have put in place to protect all information flowing through our systems from both internal and external threats.

Further, we limit access to your Personal Data to those employees, agents, contractors and other third parties and we disclose your Personal Data only on a need-to-know basis.

Nevertheless, we shall remain liable under the Principle of Accountability for Onward Transfer if sub-processors process your Personal Data in a manner inconsistent with the DPF Principles, unless we prove that we were not responsible for the event giving rise to the damage.

Additionally, we have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulators of a breach where we are legally required to do so. While we strive to use commercially acceptable means to protect your Personal Data, please note that all methods of transmission over the internet or electronic storage are subject to inherent risks.

Your Rights under the General Data Protection Regulation (GDPR)

The GDPR grants all individuals in the EEA certain rights regarding the Processing of their Personal Information. If you are such an individual, you have the following rights, subject to conditions:

  • The Right to access, update or delete the information we have on you: Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
  • The Right of Rectification: You have the right to have your Personal Data rectified if such data is inaccurate or incomplete.
  • The Right to Object: You have the right to object to our Processing of your Personal Data where we are relying on legitimate interests (or those of a third party) and there is something about a particular situation which makes you want to object to Processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your Personal Data which override your rights and freedoms.
  • The Right of Restriction: You have the right to request that we restrict the Processing of your Personal Data. This enables you to ask us to suspend the Processing of your Personal Data in the following scenarios:
    • if you want us to establish the data’s accuracy;
    • where our use of the data is unlawful, but you do not want us to erase it;
    • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • you have objected to our use of your Personal Data , but we need to verify whether we have overriding legitimate grounds to use it.
  • The Right to Data Portability: You also have the right to withdraw your consent at any time where Mitsogo Inc. relied on your consent to process your Personal Data.

Please note that we may ask you to verify your identity before responding to such requests.

If you wish to exercise any of these rights, please contact us by email at privacy@hexnode.com. If requested to remove data, we will respond within a reasonable timeframe.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you are based in the EEA, you have the right to complain to a Data Protection Authority about our Processing of your Personal Data. For more information, please visit https://edpb.europa.eu/about-edpb/about-edpb/members_en to contact your local data protection authority in the EEA.

Representation for Data Subjects In The EU, Switzerland and the UK

We value your privacy and your rights as a Data Subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your rights. If you want to contact us via our representative Prighter or make use of your Data Subject rights, please visit: https://prighter.com/q/11236276819.

CPRA and CCPA

The California Privacy Rights Act (CPRA) [ formerly the California Consumer Protection Act (CCPA)] reserves the right for consumers to request the disclosure of collection and usage of their Personal Data . It also reserves the right to opt-out from any kind of sale of Personal Data by the business.

We do not sell your Personal Data. We follow the standards mentioned in this Policy while handling Personal Data of any kind. We define all the data we collect under Types of Information Collected section and the usage of said data under Use of Information. You can also read about how third parties make use of cookies from our Cookie Policy at https://www.hexnode.com/legal/cookies-policy/.

To request disclosure of any information as described by CCPA, you can mail to us at privacy@hexnode.com

Links to Other Sites

Our Website may contain links to other sites or services that are not operated by us. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Our use and transfer to Services of information received from Google APIs will adhere to Google API Services User Data Policy, including the limited use requirements as defined therein.

Changes

We reserve the right to modify and update this Policy at any time. When we make only minor modifications, we may do so without notifying you. If we make changes to this Policy that we believe materially impact the privacy of your Personal Data, we may notify you. We encourage you to periodically review this page for the latest information on our privacy practices. The “Last Modified” date at the top of this Policy will allow you to quickly know when the last changes were made.

Contact Us

If you have any questions about this Policy, please contact us by email at privacy@hexnode.com.