Privacy Policy

  HomeDigital Signage OS  /  Privacy Policy

Privacy Policy

Privacy Policy

Introduction

The Digital Signage OS digital signage content management system offers a comprehensive, cloud-based digital signage platform that empowers you to display various content, including videos, images, documents, web pages, and widgets (the “Digital Signage OS Software“).

By accessing and using this Website, you confirm that you have thoroughly read and understood this Policy. You agree to the collection and use of your own and others’ personal data in accordance with this Policy, and you affirm that you have the authority to provide us with all information submitted via the Website and Digital Signage OS Software, including any third-party personal data.

General Principles of Data Processing

We collect and process personal data transparently, solely to the extent necessary for specified, explicit, and legitimate purposes. We do not process data in a manner incompatible with these initial purposes. We ensure the data we collect is accurate and, where necessary, kept up-to-date. We take all reasonable measures to promptly delete or rectify inaccurate personal data, or we assist our Customers in doing so for data stored or processed within the Digital Signage OS Software. Our data processing practices guarantee security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or degradation, through appropriate technical and organizational measures. We are prepared to demonstrate our adherence to these principles at any time. We affirm that these measures inherently prevent personal data from being accessed by an indeterminate number of individuals without explicit natural person intervention. We uphold your rights under the GDPR, CCPA, and DPF where applicable, along with other relevant data protection laws. When personal data must be shared with a third party, we will inform you and take appropriate steps to ensure that the third party maintains an adequate level of data protection.

Digital Signage OS as Data Controller

  1. Data Collected Through the Website

We act as the “Data Controller” for all Personal Data collected via the Website. This means that we determine the methods and purposes of data processing and are responsible for responding to data subjects’ requests. A “Visitor” (referred to as “you” or “your” in this Policy) is anyone who visits our Website, interacts with it by submitting a contact form, or subscribes to our Newsletter.

Cookies

A cookie is a small data file stored by your browser on your device’s hard disk for record-keeping, capturing information about Website usage and activity. This may include your Internet Protocol address, browser type, browsing history before visiting our Website, and our Website’s search history.

Cookies can be “first-party cookies,” set by us, or “third-party cookies,” set by other parties.

Cookies serve various purposes:

  • Necessary cookies are technically required for a website to function.
  • Preferences cookies enhance a website’s performance and functionality, but aren’t essential. Opting out may limit certain features.
  • Statistic cookies collect aggregated, anonymous information to help website owners understand usage patterns. These can be first-party or third-party (e.g., Google Analytics uses cookies to differentiate users and provide aggregate data on visits, page views, and session durations).
  • Marketing cookies (third-party) are used for advertising. Placed by providers like Google or Facebook, they help tailor advertising content on third-party websites based on your browsing interests. You can visit the third parties’ websites to understand their data collection and analysis practices.

When you visit our Website, you’re asked to consent to cookie usage. You can choose which types of cookies to accept or decline. You can easily withdraw your consent at any time during your visit by using the Cookies Manager button to adjust your preferences. Additionally, your browser settings allow you to control cookie acceptance, including stopping acceptance entirely or prompting you before accepting a cookie from visited websites.

Contact Forms

To communicate with us via the Contact Form, you may provide your name, email address, telephone number, the subject of your inquiry, and your message. This personal data is used exclusively to respond to your inquiry and is retained only as long as necessary to address your request.

Support

For support, you can contact the Digital Signage OS team at support@digitalsignageos.com.

  1. Data Collected through Customer’s Purchasing and Use of the Services

A “Customer” is a Website Visitor who has either purchased or signed up for free and is actively using the Services offered through Digital Signage OS Software (referred to as “Services” in this Privacy Policy).

For our Customers, we process the following categories of personal data (Customer’s Data):

  • Name & Surname (optional)
  • Email and Password
  • Last IP Address of the Customer
  • Billing/Shipping Address and Phone Number (if an order has been made)
  • Traffic Data within the Digital Signage OS Application

Processing of Email and Password for the Performance of the Digital Signage SaaS Agreement

We process the Customer’s Email and Password to identify our Customers and Accounts, enabling them to log into their Accounts. Our Customers may authorize other Users (“Authorized Users”) and/or their Affiliates (“Authorized Affiliates”), collectively referred to as “Designated Users” in this Policy, to use the Services. For the same identification and login purpose, we process the Email and Password of these Designated Users.

We process Emails to send non-marketing, automated onboarding emails aimed at assisting new Customers and Designated Users with any questions regarding their setup.

We also process Emails to send billing-related communications if the Account is on a paid subscription. These are sent only to Customers or Designated Users who, at the Customer’s choice, have access to the Account’s Subscription section.

The legal basis for these processing activities is the performance of our contractual obligations. Therefore, we retain relevant personal data for the duration of the Digital Signage SaaS Agreement (the “Agreement”). After the Agreement’s termination or expiry, we retain billing data as long as required by law for accounting and tax purposes, and in case of a judicial challenge, to defend our claims.

Processing of Emails to send Newsletter

Upon a Customer’s or Designated User’s written and explicit consent, we process Emails to send them new offers or announcements about our activities. Each email provides an easy and free “unsubscribe” option.

The legal basis for this processing activity is your consent, which you may withdraw freely at any time. If you withdraw your consent, we will remove you from the mailing list; however, we retain a record of those who have unsubscribed, as required by applicable law.

Processing of Name and Surname

Names and Surnames are used to identify and communicate easily with our customers and designated users. This information also enables other Designated Users within a single Digital Signage OS Account to easily identify each other through our “User Management” section.

We use Names and Surnames in some automated system notifications and emails.

(Please note: Name & Surname are optional for better communication and account management.)

Customers and Designated Users can choose not to provide their Name and Surname initially. However, if a Customer or Designated User proceeds with an order, we will request this information to complete the transaction. They can subsequently choose to remove this information from their profile.

Processing of Last IP Address

We process the Last IP Address of Customers and Designated Users to obtain geolocation data, specifically the city from which the Account was accessed. This information is then used to derive the Country and timezone, allowing us to pre-fill Timezone settings for the Account and pre-select the Country for orders, eliminating the need for manual input by the Customer or Designated Users.

Additionally, in cases of Terms of Services violations, we use this IP Address as a factor to confirm the violation (e.g., using multiple Free Accounts, which is prohibited). The Last IP Address is not shared with any third-party service providers.

You may object to this processing activity based on your specific circumstances; however, we may not be able to fulfill your request if there are compelling reasons that supersede your interests.

Processing of Billing/Shipping Address and Phone Number

We use Billing/Shipping Address and Phone Number solely for invoicing purposes. This information is not requested if no order has been placed.

The legal basis for this processing activity is the performance of our contractual obligations, and we retain this information for the duration of the contract. However, Customers and Designated Users can remove their stored billing/shipping details from our database at any time. We do, however, retain the phone number and may use it in a future incident, solely to prevent service downtime.

Furthermore, your phone number may be used after the contract duration to facilitate returning Customers and simplify future purchases. For instance, we might use the phone number to help Customers reinstate a recently canceled Digital Signage OS Account. You may object to this processing of your contact details after the contract duration. We may not fulfill your request only if retention is required by applicable law at the time or if retention is necessary for the defense of legal claims.

Please be assured that we do not store credit card details. All credit card transactions are processed using secure encryption, the same level of encryption employed by leading banks. Card information is transmitted, stored, and processed securely at gateways on a PCI-compliant network.

For billing and payments, we engage Stripe (Privacy Policy (stripe.com), Chartmogul for Subscription Analytics (Privacy and Cookies Policy | ChartMogul, Security Policy | ChartMogul – Germany), Dreamdata for revenue analytics (www.dreamdata.io – EU, Denmark), and Hubspot as our CRM (https://legal.hubspot.com/privacy-policy – Germany).

We ensure, through written contracts or assignments, that our agents provide at least the same level of data protection as we do, including adhering to reliable technical and organizational security measures.

Processing of Analytics

We process data generated during your and your Authorized Users’ use of the Services, such as traffic and behavioral data, in an aggregated and anonymous form for statistics, analysis, and benchmarking. This helps us understand the ease and speed of your Service usage, identify popular or difficult tools, and determine if you require assistance.

For this purpose, we utilize Hotjar for user behavior analysis (for a restricted number of users for problem solving, Hotjar – Privacy Policy – Malta, data stored in Ireland AWS EU-West-1), Google for analytics (Privacy Policy – Privacy & Terms – Google – US).

Processing of Logging Data

We may process logging data periodically to perform audits ensuring that copyright of the Services is respected.

This processing activity is legally based on the obligations undertaken by the Agreement and their monitoring.

Digital Signage OS as Data Processor

Personal Data Processed on instructions by the Customer

We acts as the “Data Processor” for all personal data processed in relation to the provision of the Services under the Digital Signage Subscription Services Agreement. This means that such Personal Data is collected on the Customer’s/Account Owner’s behalf for their own purposes, and the Customer/Account Owner is solely responsible for: (i) the legality, reliability, accuracy, and quality of such Personal Data; (ii) the legality of the processing purposes; and (iii) the necessity of the processing to serve these purposes. The Customer/Account Owner is the Data Controller of Personal Data processed while using the Services. Therefore, the Customer/Account Owner is responsible for fulfilling requests from data subjects whose Personal Data is processed through the Digital Signage OS Software. Additionally, the Customer/Account Owner is responsible for informing data subjects (anyone whose personal data is processed by using the Digital Signage OS Software) about the scope, purpose, duration, and means of processing, and for obtaining their consent where required. We executes a Data Processing Addendum (DPA) with the Customer/Account Owner as an integral part of the Digital Signage Subscription Services Agreement, which also describes the security measures in place.

We share personal data with our agents (sub-contractors and sub-processors) solely for the provision of the Services. We ensure, through written contracts or assignments, that our sub-processors comply with the DPA and provide at least the same level of data protection as we do, including adhering to reliable technical and organizational security measures. Please note that Digital Signage OS is liable for onward transfers.

Our complete list of sub-processors, including their tasks, contact details, and privacy policies, is available on this Website as part of the DPA, Attachment 3, and on our Sub-processors page.

How the Services Accommodate Your Rights

Based on the Data Processing Addendum (DPA) we conclude with our Customers (Data Controllers), we undertake to assist, where possible and through appropriate technical and organizational measures, in fulfilling the Controller’s obligation to respond to requests for exercising data subject rights. Additionally, the Services incorporate the following technical and organizational measures:

Consent and Notice

Before creating an Account, a Customer must accept the Terms of Services and the DPA, including the Customer’s instructions on how personal data uploaded to Digital Signage OS Software will be processed. Every Designated User is informed about our Privacy Policy, Terms of Services, and accompanying DPA before signing up for the Account for the first time. Customers and Designated Users can access and review the Terms of Services, DPA, and our Privacy Policy on our website at any time.

Access, Rectification, and Deletion

To create an Account, a Customer must insert an access code. The Services incorporate the following security measures: (i) user authentication before access; (ii) encryption of passwords; (iii) activation of a secure password policy by the Customer in the Enterprise Plan; and (iv) prevention of access after suspicious access attempts. The Customer manages each user’s access to and use of the Services by assigning credentials and a user type that controls the level of access and use. The Customer is responsible for protecting the confidentiality of their own and each user’s login and password and for managing each user’s access to the Services. The Services enable the Customer to assign specific rights (view, access, modification, and deletion) based on the tasks and responsibilities of the Designated User. Customers and Designated Users may extract, rectify, and delete uploaded personal data, depending on the rights granted to them by the Customer through user type selection.

Deletion of the Account

Customers and any Designated User with Admin Rights can request Account deletion through one of the following methods:

  • In-app option, within the Account settings
  • By sending an email
  • Through our contact form on our Website

We will reply to the request via email, asking for confirmation and informing the Customer and all Designated Users with Admin rights. This verification step ensures the requester has legitimate access to the associated email Account and that all administrative Designated Users are aware. If the request appears suspicious, we may investigate further before proceeding with complete Account deletion.

Upon confirmation, we initiate the following process:

  • All information related to the Account is removed from our Database.
  • All files on our cloud storage related to the Account are marked for deletion.
  • All information regarding the Account is explicitly deleted from all Service Providers. If a Service Provider has a specific procedure for this case, we will follow that procedure instead of standard API calls.

In the event of Subscription Term non-renewal by the Parties, accounts are downgraded to the Standard Free Plan. If a Customer does not log into their Account for more than 365 days, the Account is permanently deleted, and its content is either deleted or returned, as requested by the Customer. After 6 months of inactivity, we will provide bimonthly (every 60 days) reminder notifications before deleting the Account, giving you the opportunity to retain your Standard Free Plan active or upgrade your account with a paid subscription.

Security

Whether we process personal data as Data Controllers or Data Processors, we implement appropriate technical and organizational security measures to protect the integrity, accessibility, and confidentiality of your data. These measures include physical and environmental security, as well as IT security measures such as updated anti-virus and firewalls, secure protocols, user authentication processes, encryption, data separation, vulnerability and penetration tests, etc. We also have specific procedures in place for incident management and a Data Breach Policy.

Sharing your Data – International Data Transfer

We do not share personal data with any third party unless legally required. In such cases, we will inform you of the legal requirement before processing, unless prohibited by law for important public interest reasons (e.g., to protect the confidentiality of a criminal investigation).

In cases where an Adequacy Decision is not in place, transfers are subject to the latest versions of the appropriate form of the Standard Contractual Clauses, as released by the European Commission and in force from time to time.

Social media

You may access third-party social media services through our Website using social media plugins. In such cases, URL data may be transferred to these third parties, governed by their respective Privacy Policies. Please ensure you read their Privacy Policies before using such plugins.

Your Rights

We respect your rights as a data subject under the GDPR and other applicable data protection laws. When acting as Data Controllers, we are obligated to respond to your data subject requests if you contact us at privacy@digitalsignageos.com. When we are acting as Data Processors, our Customer (the Data Controller) is responsible for addressing your requests. However, we will provide all reasonable assistance to the Data Controller to facilitate the satisfaction of your rights.

As a data subject, you have the following rights under the GDPR and the UK GDPR:

  • Information and Transparency: You have the right to be informed about any processing of your personal data (purpose, scope, duration, means, and data sharing). We adhere to the principle of transparency. For any questions regarding this Policy, please contact us at support@digitalsignageos.com. We will respond without delay, and in any case, within one month of receiving your request.
  • Access: You have the right to receive confirmation on whether your personal data is being processed and, if so, all relevant information (processing means, goals, records, etc.). This allows you to obtain a copy of your personal information held by the data controller and verify its lawful processing. You will not be charged a fee to access your personal data (or to exercise any other rights). However, a reasonable fee may be charged if your access request is clearly unfounded or excessive. Alternatively, the data controller may refuse to comply with such a request.
  • Rectification: You have the right to request the rectification of incomplete or inaccurate data relating to you without undue delay, and to complete incomplete data if necessary for processing. If you are an Account Owner or a User with a Sub-account, you can update personal data submitted in your Account or Sub-account via your profile by selecting “My information” from the options menu at the top of the screen.
  • Erasure (Right to be Forgotten): You have the right to request the erasure of personal data concerning you without undue delay. If we are the data controllers, we will erase the data when one of the following conditions applies: (a) personal data is no longer necessary for the purposes of processing; (b) the person requesting erasure withdraws consent on which processing is based, and there is no other legal ground for processing; (c) the data subject objects to processing, and there are no overriding legitimate grounds for processing, or the data subject objects to processing for direct marketing; or (d) personal data must be erased to comply with a legal obligation. We will not proceed with erasure if the data must be maintained due to a legal obligation or if processing is required for the establishment, exercise, or defense of legal claims.
  • Restriction of processing: You have the right to request the restriction of processing if the accuracy of personal data is disputed, for a period allowing the data controller to verify accuracy, or based on any other legitimate reason specified in applicable data protection laws. For example, you may ask for the suspension of your personal data processing if you want the data controller to establish its accuracy or the reason for processing it.
  • Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, as well as the right to request the direct transmission of personal data from one controller to another (or processor), if technically feasible.
  • Right to Object: You may object to the processing of personal data that occurs based on an overriding legitimate interest without your consent. In this case, the data controller may no longer process your personal data unless it demonstrates imperative and legitimate reasons for the processing that outweigh your interests, rights, and freedoms as a data subject, or for the establishment, exercise, or defense of legal claims.
  • No automated individual decision-making: We fully respect your right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to object to such automated individual decision-making.
  • Consent Withdrawal: If you have provided consent for the collection, processing, and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we receive notification of your consent withdrawal, we will no longer process your information for the purpose(s) you originally agreed to, unless we have another legitimate legal basis for doing so. In such a case, we will notify you. For example, you may withdraw your consent to cookie usage by clicking the “Manage Cookies Settings” button or by adjusting your browser settings to not accept cookies.

Children

Our services are not directed at children. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will immediately delete such information. If you become aware that a child has provided us with their personal data, please contact us using the contact information below.

Complaint to a Supervisory Authority

You have the right to lodge a complaint with a Supervisory Authority (an independent public authority established by an EU Member State, pursuant to the GDPR) if you believe that the processing of your personal data infringes the GDPR and other applicable European Union or member state data privacy laws.

Changes to this Privacy Policy

Our Privacy Policy may change periodically, and any updates will be reflected here to describe these changes. We encourage you to check our website regularly to stay informed of any modifications to this Policy.

Contact Us