March 24, 2021
As a global company with customers in nearly every country in the world, here at NinjaRMM protecting the personal data of our customers and their end-users is, and has always been, of the utmost priority.
This policy details how NinjaRMM, its affiliated companies (“NinjaRMM” or “NinjaRMM, LLC” or “NinjaRMM GmbH” or “we” or “us”) and the associated websites treat the personal information that we collect, what settings we provide for you to control how your information is used on NinjaRMM, and how you can contact us with any questions or concerns. This policy is not a contract between NinjaRMM and its users, but is merely a recitation of NinjaRMM policies. Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. This policy may change from time to time, so please check the policy periodically for updates.
1. How we collect personal information
This policy describes the types of information we may collect from you or that you may provide when you visit the websites NinjaRMM.com or any of their affiliated websites (our “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. It also applies to information we collect :
- in email, text, and other electronic messages between you and our Website
- through mobile and desktop applications you download from our Website, which provide dedicated non-browser-based interaction between you and this Website
- when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy
- through any other sources associated with our Website
2. Categories of Data Subjects and Data Collected
NinjaRMM only collects data from users who either join, or engage with, the NinjaRMM Websites and products. NinjaRMM is committed to only collecting data that is necessary for NinjaRMM to provide the content and services of the NinjaRMM products.
Children Under the Age of 18:
Information We Collect About You:
Depending on which services you choose to use, NinjaRMM collects several types of information from and about users of our Website, including: Name, Contact Information (e.g. physical address, email address, phone number), Company Name, Billing Information, Usernames, as well as limited Technical Information (e.g. information about internet connection, equipment, website usage details).
We collect this information:
- directly from you when you provide it to us
- automatically as you navigate through the site
Information You Provide to Us:
You may also provide information to NinjaRMM such as the following:
- information that you provide by filling in forms
- information provided at the time of registering to use NinjaRMM Websites
- information when you enter a promotion sponsored by NinjaRMM
- information when you report a problem with NinjaRMM Websites
- records and copies of your correspondence (including email addresses), if you contact NinjaRMM
- your responses to surveys that we might ask you to complete for research purposes
- details of transactions you carry out through the NinjaRMM Websites and of the fulfillment of your orders
- financial information before placing an order through the NinjaRMM Websites
- your search queries on the NinjaRMM Websites
- visit or participate in our online community
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the community or transmitted to other users of the community or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages and you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Information We Collect Through Automatic Data Collection Technologies:
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns. This will only be collected if you have explicitly consented to it. This information includes:
- details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website
- information about your computer and internet connection, including your IP address, operating system, and browser type
The information we collect automatically is statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
- estimate our audience size and usage patterns
- store information about your preferences, allowing us to customize our Website according to your individual interests
- speed up your searches
- recognize you when you return to our Website
We do not handle or monitor “Do Not Track” signals, but we do provide you with the ability to control certain cookies and similar tracking technologies.
3. Basis for Processing
NinjaRMM processes data based on:
- your consent
- your legitimate interests in maintaining and running the site and services.
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Messages from NinjaRMM. On occasion, NinjaRMM will send you messages, that are service related (e.g. welcome messages, confirmation notices), related to your activity on the site, or related to updates and changes to the site or services. By default these are through email though you may opt to receive text messages or physical mail. We will only send you messages if you have consented to receiving such communications and you may opt out of these messages by contacting Customer Service. NinjaRMM also offers optional email newsletters to which you may subscribe or unsubscribe under your account settings, by following the instructions contained in the newsletter emails, or by providing an email address.
4. Cross-Border Transfer/Privacy Shield
NinjaRMM is a global company, and while we strive to ensure personal data is stored and processed in the same region in which it is collected, such data may occasionally be transferred across international borders. To the extent such cross-border transfers occur, personal data will be protected under one of the GDPR’s approved mechanisms to ensure personal data is adequately protected.
With respect to any and all personal data transferred from any country in the European Union, NinjaRMM shall not process or transfer any Customer Data (nor permit the Customer Data to be transferred) outside of the European Economic Area unless an adequate level of protection in accordance with the Applicable Data Protection Law is ensured.
NinjaRMM implements and enforces data protection through compliance and security controls that are based upon the strict requirements within the following frameworks and guidelines:
- AICPA SOC 2
- United States Cybersecurity Maturity Model Certification (CMMC) Level 3
- NIST Cyber Security Framework Revision 1.1
- U.S. Department of Defense DFARS 252.204-712
- NIST Special Publication 800-171 Revision 2
- NIST Special Publication 800-53 Revision 5
NinjaRMM undergoes annual examinations and testing of compliance and security controls through the AICPA Service Organization Control (SOC 2) process of testing Trust Service Principles. The AICPA SOC 2 examination includes 144 [out of 150] individual controls that overlap with the ISO27001 standard.
In addition, NinjaRMM models the United States Cybersecurity Maturity Model Certification (CMMC) standard, Level 3. Specifically, CMMC Level 3 includes 110 security requirements specified in NIST SP 800-171.
To the extent such should become necessary, other Safeguards will be enacted and may include, without limitation: (1) a transfer only to countries which ensure an adequate level of data protection according to an adequacy decision of the European Commission, or (2) or an alternative recognized compliance standard for the lawful transfer of Personal Data - as defined in the GDPR - outside the European Economic Area, such as EU Standard Contractual Clauses.
NinjaRMM commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact NinjaRMM at: firstname.lastname@example.org.
In response to lawful requests by public authorities, including to meet national security or law enforcement requirements, we may be required to disclose personal information.
5. Potential Recipients
NinjaRMM only provides your data to third party recipients who are necessary to provide NinjaRMM’ services or content, where necessary to the conduct of the business, or where legally required. Your personal information may be disclosed:
- to our subsidiaries and affiliates;
- to contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
- to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of NinjaRMM’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by NinjaRMM about our Website users is among the assets transferred;
- to fulfill the purpose for which you provide it;
- for any other purpose disclosed by us when you provide the information;
- with your consent;
- to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of NinjaRMM, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
In some cases we may disclose aggregated and deidentified information, which does not identify any individual, to certain third parties.
6. Data Retention Period
NinjaRMM will retain your information for as long as your account is active or as needed to provide you services. If you no longer want NinjaRMM to use your information to provide you services, you may follow the “Withdrawal of Consent/Erasure” provision below. After closing your account, NinjaRMM will solely use your information as necessary to comply with any applicable legal obligations.
7. Security Policies for Data
NinjaRMM has implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
NinjaRMM follows accepted industry best practices and standards to protect the personal information submitted to us, both during transmission and once NinjaRMM receives it.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
8. Your Rights
You have the right to have any inaccurate data corrected by NinjaRMM.
You have the right to request that NinjaRMM delete your data it holds.
You also have the right to request access to your data.
You have the right request that NinjaRMM make your data portable to another data controller.
You have the right to withdraw your consent to our continued processing of your personal data.
To exercise any of the above rights, email email@example.com. Your request should include your name, company name, email address and physical address. You can also review and change your personal information by logging into the Website and visiting your account profile page.
*Note* that we cannot delete your personal information except by also deleting your user account. Please understand that, without access to your personal data, NinjaRMM may not be able to provide certain services. For example, NinjaRMM will not be able to send you communications, sales, offers, newsletters. Additionally, it may be impossible for NinjaRMM to fulfill purchases or sales without access to personal information.
We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
NinjaRMM will endeavor to address all requests as quickly as possible, but in no more than thirty (30) days.
9. Lead Data Protection Authority
The NinjaRMM Websites' lead data protection authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
+49 30 13889-406
You may lodge any complaints about NinjaRMM’s data processing with this Lead Data Protection Authority.
10. Data Processing Officer
You can contact the NinjaRMM Data Processing Officer by emailing: firstname.lastname@example.org.
11. Contact Information
If you have questions, concerns, or suggestions you can contact us, by sending an email to email@example.com, or at:
111 New Montgomery Street, Suite 300
San Francisco, CA 94105