Privacy policy
Last updated: December 4, 2024
When you use Playr, you trust us with your information. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. This is important; we hope you will take time to read it carefully. And remember, you can find controls to manage your information on your company's Settings page (you can find the link to this page at the top of your Dashboard).
Privacy policy
There are different ways you can use our services – to communicate with your customers, to inform personnel or create new content. You share information with us, for example by creating an account and creating content. As you use our services, we want you to be informed on how we’re using information and the ways in which you can protect your privacy.
Our Privacy Policy explains:
- What information we collect and why we collect it.
- How we use that information.
- The choices we offer, including how to access and update information.
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses and browsers, then read about this glossary first. Your privacy matters to Playr so whether you are new or a long-time user, please do take the time to get to know our practices – and if you have any questions contact us.
Principles
At Playr, we believe that the less information we know about you, the better. After all, it is impossible to lose, misuse, or abuse information we don’t have. To the extent that we have control over your data or data about you, we see ourselves as custodians of that data on your behalf.
We use your data solely to provide you with services in which you enroll. Our business is providing digital signage services to you, the customer. We have no desire or interest to use or transfer the limited data we acquire for any other purposes.
As stated in our GDPR statement, the services offered through Playr fully comply with the requirements of the European Union’s General Data Protection Regulation (GDPR).
Who We Are
Playr is operated by C0FF33 B.V., which is a Dutch company located at Fred Raymondhof 1, Utrecht, The Netherlands.
Playr complies with Dutch AVG privacy laws and thereby the GDPR of The European Union (“EU”).
Information We Collect
We collect information to provide a better user experience to you specifically. From basic stuff like which language you speak and your name and email to identify and contact you, to more complex things like billing information.
We collect the following types of data in the following ways:
Signage Data
Signage data is data that users enter and upload into our service for use as signage content. This data can only be managed and modified via an HTTPS connection requiring a valid combination of username and password and optionally multi-factor authentication. This data is stored on Amazon AWS data servers, from which it is backed up daily to two different geographical locations. The Signage Data is transferred for display to players using an HTTP connection, as it is considered for public consumption when displayed on screens. If the data displayed by Playr is not intended for public consumption or needs to be secured for other reasons, two means are available for this purpose:
- Transport of data to the player over HTTPS
- Configuration/use of Playr so that the data displayed remains within the customer's network. By using Playr in this way, the data displayed on the screens will not be transported, stored or processed via Playr servers.
We advise all customers, who wish to display sensitive data with Playr, to use these means and are happy to help set this up correctly.
Service Data (that you give us)
The only personal data we ask for are first name, last name and e-mail address of users and the person who receives our invoices. Service Data further consists of the name, address details and telephone number of the organisation that owns the subscription. Any information required for payments is stored directly by our payment processors and is not stored by Playr.
We reserve the right to store and process Service Data to provide our services, report usage and provide our payment processors with the information they need to process payments. This use of personal data by Playr for its business operations is different from a data processor processing personal data on behalf of a data controller as defined in the GDPR. A data processing agreement with Playr is therefore not required.
Diagnostic data that we get from your use of our services
We collect information about the services that you use and how you use them. This information includes:
- Device information We collect device-specific information (such as operating system version and possibly a unique device identifier). Playr does not associate this information to any third-party services or data. This information may be used to uniquely identify a player in order to show the correct content, to help us support you when you report a problem and to check that the number of concurrently active players does not exceed the number of licensed devices.
- Log information When you use our services or view content provided by Playr, we automatically collect and store certain information in server logs. This includes:
- details of how you used our service to play back your content.
- Internet protocol address.
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your account. Log information is typically kept for a few weeks to enable "post-mortem" analyses of problems and to analyse short-term trends.
- Location information When you use Playr, we may collect and process information about your location. This is only an estimation of your location that is made by from your IP address. This location can be quite inaccurate. The location is used to infer the time zone you are using. This time zone information can easily be overruled by setting the time zone for your company or the player.
- Unique application numbers Certain devices include a unique device/application number when they communicate with our services. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall our Android or ChromeOS app or when that service periodically contacts our servers, such as for automatic updates.
- Local storage We may collect and store information (including non-personally identifiable information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
- Cookies and similar technologies We may use cookies or similar technologies to identify your browser or device. We use Google Analytics on our publicly accessible website to analyze the traffic. This information is not linked with information about visits to other sites except the sites and services of our payment providers. The aim of this is to assess how successful we are in selling visitors to our website subscriptions.
Information we collect when you are signed in to Playr is not associated with any third-party service or data sets.
How We Use The Information We Collect
We basically use the information that you give us and that we collect to offer you the best experience of our service, improve and extend our services and to protect Playr and our users.
When you contact Playr, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
We use information collected from cookies and other technologies to improve your user experience, the overall quality of our services and to help in supporting our users when they report problems or proactively analysing trends to prevent issues.
We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.
Playr processes personal information on our servers in several countries around the world. We may process your personal information on a server located outside the country where you live.
Transparency And Choice
People have different privacy concerns. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. For example, you can:
Review and control your personal information tied to your Playr account by using the Settings page (you can find the link to that page at the top of your Dashboard if you are an administrator, if you are not an administrator please contact the administrator within your company).
You may also set your browser to block all cookies, including cookies associated with our service, or to indicate when a cookie is being set by us. However, it’s important to remember that you might see small differences in how our service functions if your cookies are disabled. For example, we may not remember your dashboard status.
Information You Share
Although most users intend to use Playr to publish/share information with an audience it may not be appropriate in all circumstances to share all the information that Playr enables you to. Playr offers means to mitigate this risk but can not prevent its users from unintended sharing of secret or inappropriate content.
Information once shared by Playr may be forever part of the public domain. This is the inherent flip side of the technology that Playr is build upon and offers the many benefits that Playr users can leverage.
For accounts that use a Smart or Full subscription the URL of a Playr channel is enough to play back the content that is published/shared on that channel. The Pro subscription offers protection against unwanted/unintended play back. This protection has to be configured on the company settings screen.
Playr offers integrations with a number of third party services, like YouTube (through YouTube API Services), Instagram, Facebook, Google Calendar, Microsoft Calendar, etc. If you choose to use any of these within our Service, you should be aware that the privacy statements of those services also apply. When you like to retrieve your own data from those services, Playr uses industry standards authentication and authorization methods, like OAuth2, so that Playr can securely retrieve that data on your behalf. Playr will not ask for and therefore not store your login information for such third party services. The access you've granted Playr this way can always be revoked from your company settings page.
Information obtained from external platforms
Playr has integration capabilities with all kinds of external platforms, such as Instagram, Facebook, Twitter, Google Calendar, Microsoft Calendar and more. Access to these services is obtained by you, the user, giving permission to the platform via the "add account" procedure. The platform provides us with a so-called authorization token that allows us to retrieve the desired information on your behalf. You will never have to enter your login details for these platforms in Playr and we never store them. Also, you can revoke the granted access rights at any time; both in Playr and on the external platform. Finally, the authorization code is always securely stored on our servers and cannot be distilled from the code running in the web browser.
The data retrieved on your behalf is in no way stored in our systems, nor do we apply any analysis or processing to it, other than applying the desired filters for its playback on the currently running signage presentation. The data is never provided to third parties. The data is not viewed by humans unless it is part of a support request from you, the customer.
Provider specific references
- (App’s) use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Accessing And Updating Your Personal Information
Whenever you use our services, we aim to provide you with full access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request. A user with limited rights might have to ask a user with administrator rights within the company to change the information for him/her.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Data Processing Agreement (GDPR)
Playr.com and playr.biz fully comply with the GDPR. Playr uses service providers (data processors) in the EU.
Data Location and Transfer
playr.biz
- Signage and Service Data is stored on servers running the digital signage service located in the EU.
- Signage and Service Data access is restricted to members of our staff residing in the EU.
Third-Party Data Processors
Your Secure and Service data are held by third-party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. Links to descriptions of relevant policies and certifications of each of these parties are given. They all report sufficient support for processes, policies and measures relevant to the GDPR.
- Signage and Service Data is stored on servers running the digital signage service located in the EU.
- Signage and Service Data access is restricted to members of our staff residing in the EU..
Third-Party Data Processors
Your Signage, Service and Diagnostic data are held by third-party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. Links to descriptions of relevant policies and certifications of each of these parties are given. They all report sufficient support for processes, policies, and measures relevant to the GDPR.
Amazon AWS; processing and storage of media files
- Security: https://aws.amazon.com/security/
- GDPR: https://aws.amazon.com/compliance/gdpr-center/, https://aws.amazon.com/compliance/eu-data-protection/
- Privacy: https://aws.amazon.com/privacy/, https://aws.amazon.com/compliance/data-privacy-faq/
Fastspring; past online sales provider
- Security: no specifc security page, mention of security on: https://fastspring.com/products/payments/
- GDPR: https://fastspring.com/docs/about-gdpr-compliance/
- Privacy: https://fastspring.com/privacy/
BrainTree; payment provider
- Security: https://www.braintreepayments.com/en-nl/features/data-security
- GDPR: https://www.braintreepayments.com/en-nl/legal/policy-updates
- Privacy: https://www.braintreepayments.com/en-nl/legal/braintree-privacy-policy
Google Analytics (GA4); website traffic optimalisation
- Security: https://cloud.google.com/security/
- GDPR: https://cloud.google.com/security/gdpr/, as pdf: https://services.google.com/fh/files/misc/googlecloudandthegdpr_english.pdf
- Privacy: https://policies.google.com/privacy?hl=en
- Specifically for EU-focussed data: https://support.google.com/analytics/answer/12017362?hl=en
MailChimp; promotional emails
- Security: https://mailchimp.com/about/security/
- GDPR: https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation
- Privacy: https://mailchimp.com/legal/privacy/
Brevo; transactional emails
- Security: https://www.brevo.com/features/data-security/
- GDPR: https://www.brevo.com/gdpr/
- Privacy: https://www.brevo.com/legal/privacypolicy/
AMEX; payment provider
- Security: https://www.americanexpress.com/icc/data-protection-and-privacy-principles.html
- GDPR: https://www.americanexpress.com/en-nl/company/legal/privacy-centre/european-implementing-principles/
- Privacy: https://www.americanexpress.com/us/company/privacy-center/online-privacy-disclosures/
Third-Party Tools
We use cloud infrastructure providers to host our services. We also use cloud based (office) tools to support us in our daily operations. These parties do not process our customers data as defined in the GDPR and are therefore not "third party data processors" or "data sub processors". To be fully transparent we list these parties below with links to descriptions of relevant policies and certifications of each of these parties. They all report sufficient support for processes, policies, and measures relevant to the GDPR.
Digital Ocean; cloud infrastructure provider
- Security: https://www.digitalocean.com/security/
- GDPR: https://www.digitalocean.com/security/gdpr/
- Privacy: https://www.digitalocean.com/legal/privacy/
Google Suite; office suite
- Security: https://cloud.google.com/security/
- GDPR: https://cloud.google.com/security/gdpr/, as pdf: https://services.google.com/fh/files/misc/googlecloudandthegdpr_english.pdf
- Privacy: https://policies.google.com/privacy?hl=en
Microsoft Office365; office suite
- Security: https://www.microsoft.com/en-us/trust-center/privacy
- GDPR: https://www.microsoft.com/en-us/trust-center/privacy/gdpr-overview
- Privacy: https://www.microsoft.com/en-US/privacy/privacystatement
Information We Share
We do not share personal information with companies, organisations and individuals outside of Playr unless one of the following circumstances applies:
- With your consent - We may share personal information with companies, organisations or individuals outside of Playr when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.
- For external payment processing - We provide personal information to our PCI compliant payment providers to enable them to do financial transactions for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. Playr does not store credit card information and our systems cannot do financial transactions directly. These measures are aimed at protecting our users against fraud.
- For legal reasons - We will share personal information with companies, organizations or individuals outside of Playr if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of Playr, our users or the public as required or permitted by law.
If Playr is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.
Information Security
We work hard to protect Playr and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information we hold. In particular:
- We encrypt access to our services that require a user account using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- We restrict access to personal information to Playr employees and contractors who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Breach Notification
If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.
When This Privacy Policy Applies
Our Privacy Policy applies to all of the services offered by Playr.
Our Privacy Policy does not apply to services offered by other companies or individuals, including the companies of our users and products or sites that may be displayed to you on devices used by our users. Our Privacy Policy does not cover the information practices of other companies and organisations who advertise our services, and who may use cookies and other technologies to serve and offer relevant ads.
Compliance And Cooperation With Regulatory Authorities
We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
GDPR
The European GDPR law explicitly refers to a number of rights you as a user have concerning Playr's handling of personal data.
Data Portability
We want happy customers, not trapped ones. We will not lock you out of your own data. You may export your Playr data at any time you wish during the life of your account. If you discontinue payment, your account will enter a frozen (read-only) state for a period not less than two months during which you may still retrieve and export your data after you have contacted us via email.
Export is limited to a part of your Signage Data (images, videos).
Your Right to Knowing to What We Know
You have the right to know what we know about you and to see how that data is handled. All Signage and Service data that we have about an account and its users is accessable to the account owner via her/his dashboard. The only data that is not available is the detailed status of the payment process. Any relevant exceptions to those processes will be communicated to you as soon as possible since they mean we did not receive your subscription fee.
You can send requests for information to our support team that we will gladly fulfill, however, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
Your Right to Have Your Data Erased
As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first end your subscription. After the subscription has been ended, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 72 hours.
Disaster recovery and data availability requirements mean that Playr has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
Automated decisions and profiling
Playr does not use profiling of Users based on Service Data
Changes to our Privacy Policy
Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.
Version History
- December 4, 2024: Added Brevo, Google Analytics and Amex as third party data processors, moved Digital Ocean and Google Suite to third party tool since they provide hardware or services but do not process our customers data, added Microsoft Office365 as third party tool Precise definition of what personal data is part of Service Data, explanation of how Signage Data can be protected.
- October 17, 2024: Mentioned YouTube API Services.
- October 11, 2024: Improved privacy information about integrations with third parties.
- March 17, 2023: Added "Information obtained from external platforms" section.
- April 20th 2018: Updates with regards to GDPR in the paragraphs: Who we are, Principles, Information we collect, Data processing agreement, Information we share, Information security, GDPR.
- December 1st 2011: Initial version.
If you have any questions please send an email to [email protected].