Privacy policy

Please read this policy carefully before proceeding any further. This policy tells you how we use, store, and secure your data, and other important information. If you think that there is a mistake in this policy, please contact us to discuss.

Privacy policy

  1. Purpose and scope of notice

    1. This Privacy Notice ("Notice") is intended to explain how your personal information will be handled by Team Tito Limited ("Tito" "we", "our" and "us") of Unit 2, 64 Dame Street, Dublin 2 and sets out the information including the personal information detailed below relating to you ("Personal Data") that will be collected and processed by Vito and/or on its behalf by its third party service providers in the context of your engagement with vi.to (the "Website") and the platform and services provided thereon (together the "Vito Services").
    2. Vito provides a content and community platform to its customers ("Hub Organisers") that facilitates administration and organisation of hubs plus, and the optional purchase of access to these hubs by, potential and actual participants ("Participants"). In certain circumstances, Hub Organisers may be the controller of certain Participants' Personal Data. Participants who are a customer of, or otherwise interact through the Vito Services with, any of our Hub Organisers are asked to also read Section 10 of this Privacy Notice.
    3. For the purposes of this Notice, the controller of your Personal Data is Vito. If you have any questions or concerns about this Notice, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

  2. Application of this notice

    1. IMPORTANT: Please note that this Notice, while intended to be as complete and accurate as reasonably possible, is not exhaustive and may be updated from time to time in accordance with Section 11 of this Notice.
    2. This Notice applies to the way we collect and process your Personal Data. Personal Data will be collected and processed during the course of our relationship with you and for a period afterward as may be required by applicable law.

    3. During the course of your dealings with us, we will collect Personal Data:

      • from you: for example when you communicate with us, sign-up to the Vito Services as a Hub Organiser, work with us or supply us with services, when you supply Personal Data via our Website or through the Vito Services, submit an enquiry or request support or when you subscribe to or express an interest in any of our newsletters or mailing lists; and
      • from Hub Organisers or other third party sources: for example when you are a participant who expresses an interest in or purchases access to a hub promoted by a Hub Organiser using the Vito Services, through software platforms we use for business processes, statutory and regulatory authorities, third party service providers and occasionally some additional sources.

  3. What personal data we process

    1. We may collect and process the following Personal Data:

      Personal Information

      This includes information such as your name, email address, company, phone number and your password.

      Device Information

      This includes information such as:

      • your device type, operating system, browser, IP address and other information derived from cookies used on the Website. Please see our Cookie Policy for further information; and
      • details of your visits to the Website such as traffic data, location data and the resources, advertisements and linked websites that you access through the Website.

      Transactional History

      This includes information about the date, time, value and number of transactions you make through the Vito Services.

      Miscellaneous

      This includes any other information which is provided to us by you or on your behalf.

  4. Why we process your personal data

    1. The following table details the legal bases for which ("Legal Basis") and the reasons why ("Purposes") we collect, obtain and process your Personal Data:

      Legal Basis Purpose(s)
      Contract

      It is necessary to process this Personal Data to enter into and perform our contract with you in relation to:

      • your use of the Vito Services as a Hub Organiser; and
      • your use of the Website.

      If you do not wish to provide us with your Personal Data for these purposes, we will not be able to enter into or perform our contract(s) with you and you will not be able to avail of the Vito Services.
       
      Access to the website
      • To provide you with access to the Website and to allow you to use the Website.
      Providing the Vito Services
      • To determine, perform and execute the terms on which you will engage with us as a Hub Organiser;
      • to ensure the smooth running of the Vito Services;
      • to process your payments, through our third party payment provider; and
      • to contact you in relation to any aspect of the Vito Services;
      Customer account
      • To create your account for you to use on the Website;
      • to process your actions through this account; and
      • to otherwise manage and administer your account.
      Legitimate Interests

      It is in our legitimate interests to collect and process your Personal Data for the purposes of improving and monitoring website efficiency, enhancing your use of the Website.

      It is also necessary for the purposes of our legitimate interests to process your Personal Data to respond to any queries or requests submitted by you to us.

      Before we process your Personal Data to pursue our legitimate interests for these purposes, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
       
      Improving Functionality and Efficiency
      • To monitor, test and improve the effectiveness of the Vito Services;
      • to monitor metrics such as total number of visitors, traffic data and demographic patterns on our Website; and
      • to ensure the content on the Website is presented in the most effective manner for you and your device.
      Responding to Queries
      • To process and respond to any queries or requests you submit to us whether through the Website, by emailing us or otherwise; and
      • to seek your views on the Website and our services.
      Customer Profiling
      • To build up a profile of you as a user of the Vito Services, so that we can analyse and derive insights about who uses the Vito Services and how you use them.
      News and Marketing
      • To send you a personal introduction email when you first sign up for the Vito Services;
      • to keep you updated with our news; and
      • to send you promotional and marketing material which we believe would be of use or interest to you.
      Compliance with a Legal Obligation

      We may process your Personal Data where it is necessary to comply with legal obligations to which we are subject.
       
      • To comply with our obligations under Irish and European law.
      To Defend, Establish or be a Party to Legal Claims

      We may process your Personal Data as necessary in order for us to establish, investigate, exercise or defend a legal claim to which you are a party.
       
      • To file legal proceedings;
      • to investigate, establish, exercise or defend a legal claim; and
      • to settle legal claims.

    1. Disclosure of your personal data

      We may disclose some or all of the Personal Data we collect from and obtain about you to the following third parties:

      Third Party Service Providers

      We may share your Personal Data with the following third party service providers:

      • Amazon Web Services, who provide us with cloud storage;
      • Apple, who we use for Apple Pay;
      • BackBlaze;
      • CircleCI;
      • EmailOctopus;
      • GitHub;
      • Google Apps;
      • Intercom, who provide us with customer relationship management, messaging and technical support services;
      • Microsoft Office Online;
      • Papertrail;
      • Slack;
      • Stripe, as our trusted payment services and billing provider;
      • Xero;
      • Time Machine.

      The list of third party service providers we use may change from time to time as we change or remove some of the providers listed above and/or put in place other providers to assist us in providing the Vito Services. We update our list of third party service providers on https://github.com/teamtito/tito-gdpr-compliance/blob/master/third-parties.md regularly and we would refer you to this as the most up-to-date source of information on our third party service providers.

    2. Regulatory Authorities, Law Enforcement Agencies, Public Bodies and Other Third-Party Companies
      • To comply with any applicable legal obligation, court order, summons, search warrants, or any other legal or regulatory obligation or request to which Team Tito Limited is or may become subject; and
      • to protect the rights, property or safety of Team Tito limited, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
    3. Other Recipients

      We may share your Personal Data with other third parties as and when necessary, including:

      • prospective or actual buyers of Team Tito Limited or our assets (to facilitate the acquisition of Team Tito Limited or a substantial portion of Team Tito Limited's assets by a third party);
      • external advisors such as our lawyers, accountants and auditors.

  6. Vito Transfers Of Your Personal Data

    1. We store and process your Personal Data on servers located within the European Economic Area (the "EEA"). However, we may transfer your Personal Data outside the EEA where we engage with third party services providers. We only transfer your personal data outside the EEA where the European Commission has decided that the third country in question ensures an adequate level of protection in line with EEA data protection standards or there are appropriate safeguards in place to protect your Personal Data. If you would like to find out more about the appropriate safeguards that we have in place to govern the transfer of your Personal Data you can contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

      Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your Personal Data, we cannot guarantee the security of any information you transmit to us. Any transmission is at your own risk. Once we have received your information, we use strictly maintained physical, electronic and procedural safeguards to prevent unauthorised access.

      We do not store or process any of your card or payment information. All payment information is processed by our trusted third party payment provider.

  7. Retention of your personal data

    1. In general, we expect to keep your Personal Data for as long as you use the Vito Services plus a period of up to 7 years thereafter. However we shall delete your IP address after 90 days. Please note that in certain circumstances, we may hold your personal data for a different period, for example, if we believe in good faith that the law or a relevant regulator may reasonably in our view expect or require us to preserve or delete your Personal Data.

      If you would like to know more about how long we will retain your Personal Data, please contact our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

  8. How we store and safeguard your personal data

    1. We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your Personal Data. We also have in place measures to deal with and respond to any suspected data breach.

      We are committed to taking reasonable and appropriate steps to protect the Personal Data that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures.

  9. Your rights and how to exercise them

    1. You have a number of rights in relation to your Personal Data, which are set out in this Section 9. Note that in certain circumstances these rights might not be absolute.

      Right Further Information
      Right to be Informed

      You have the right to know whether your Personal Data is being processed by us, how we use your Personal Data and your rights in relation to your Personal Data.
      Right of Access

      You have the right to request a copy of the Personal Data held by us about you and to access the information which we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
      Right to Rectification

      You have the right to have any inaccurate Personal Data which we hold about you updated or corrected.
      Right to Erasure

      In certain circumstances, you may also have the Personal Data that we hold about you deleted, for example if you exercise your right to object and we do not have an overriding reason to process your Personal Data or if we no longer require your Personal Data for the purposes set out in this notice.
      Right to Restriction of Processing

      You have the right to ask us to restrict processing your Personal Data in certain cases, including if you believe that the Personal Data we hold about you is inaccurate or that our use of your Personal Data is unlawful. If you validly exercise this right, we will store your Personal Data and will not carry out any other processing on it until the issue is resolved.
      Right to Data Portability

      You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another controller where this is technically feasible.

      This right only arises where we process your Personal Data on the legal basis of either your consent or where it is necessary to perform our contract with you and the processing is carried out by automated means.
      Right to Object

      You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.

      Please note you have the right to object to our processing of your Personal Data for the purposes of sending you marketing and news.

      You can exercise any of these rights by submitting a request to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

      We will provide you with information on any action taken in relation to any of these rights upon your request without undue delay and at the latest within 1 month of receiving your request. We may extend this timeframe by one more month if necessary however we will inform you if this arises. Please note that we may ask you to verify your identity when you seek to exercise any of your data protection rights.

      You also have the right to lodge a complaint with the Data Protection Commission. For further information see www.dataprotection.ie.

  10. Consumers of our Vito Services

    1. Vito provides a comprehensive content platform through which Hub Organisers reach out to, communicate with, and sell to Participants.

      Whenever Vito processes a Participant's Personal Data on behalf of a Hub Organiser, we are acting as a processor, and we therefore conduct such activities strictly in accordance with the instructions of that Hub Organiser and pursuant to the contractual arrangements in place with them. If you are a Participant with an existing relationship with one of our Hub Organisers, you should refer to the Hub Organiser's website or any terms provided by that Hub Organiser to understand their privacy practices and policies. Where you, as a Participant, would like to exercise your rights in relation to your Personal Data over which the Hub Organiser is the controller, you should contact the Hub Organiser with such requests. We will cooperate as appropriate with requests from our Hub Organisers to assist with such requests.

  11. Changes to this notice and questions

    1. We may amend this Notice on occasion, in whole or in part, at our sole discretion. Any changes will be effective immediately upon communicating the revised Notice to you.

      If at any time we decide to use your Personal Data in a manner significantly different from that stated in this Notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail, and you will have a choice as to whether or not we use your Personal Data in the new manner.

      If you have any questions, comments or concerns about the way your Personal Data are being used or processed by Vito, please submit your question, comment or concern in writing to our Data Protection Representative Cillian O’Ruanaidh who can be contacted at security@tito.io.

Security policy

  1. General Web Security

    1. All Vito services that store data are hosted by Amazon Web Services, in Ireland.
    2. All applications use SSL for HTTP transport, without support for compromised cryptographic mechanisms.
    3. Outside access to services other than those hosted on port 80 and 443 are disabled. All insecure HTTP requests on port 80 are automatically redirected to HTTPS on port 443.
    4. All passwords are stored in a one-way hash using strong (bcrypt) cryptography and multiple stretches.

  2. Audit Policy

    1. Vito will commission a detailed penetration test every 2 years, and an interim test every 6 months.
    2.  

  3. Breach Policy

    1. In the event of a data breach, upon investigation, Vito will notify all individuals affected by the breach with:

      • details of what happened
      • personal information compromised
      • recommendations of a follow-on action
      If there is evidence of a breach, all passwords will be reset, even those not specifically targetted by the breach.

Cookie policy

  1. Marketing Page (https://vi.to/home)

    1. Vito’s marketing page sets the following cookies:

      Vito Application Cookies

      These cookies are set by the application software that we use to host the site (Ruby on Rails and Phusion Passenger). These cookies do not store any data that is tracked.

      Google Analytics

      Google Analytics cookies are used to measure visitors to the site.

  2. Vito Hubs

    1. Vito Application Cookies

      These cookies are set by the application software that we use to host the web application (Ruby on Rails and Phusion Passenger). These cookies do not store any data that is tracked.

      Stripe Cookies

      If a Vito customer is using Stripe, then Stripe sets a cookie on initial page load. These cookies are set by Stripe and are used by Stripe’s fraud detection software to assist in ensuring that only safe and legitimate transactions are allowed through their payment system.