Nirvana Privacy Notice (GDPR)
Welcome! If you are from Europe or the UK, this is the privacy notice that covers you. This privacy notice is in addition to our general privacy policy, which also applies to you. If there are any contradictions between this notice and the general privacy policy, this notice shall govern.
This privacy notice is meant to comply with the European Union's General Data Protection Regulation ("GDPR"). Many terms in this notice are as defined by the GDPR, and as such, will use the GDPR definitions. To make it easier to read, these terms will have their first character capitalized.
What is your Personal Data and who is the Data Controller?
In order to use our Service, you must create an Account. By creating an Account, you provide us with Personal Data. This is data that you have given us that can be used to identify you directly or indirectly. Your Personal Data is Controlled by us, Nirvanahq, Inc., which means we decide what Personal Data is collected and how it is used.
If you wish to contact us (the Data Controller) regarding this privacy notice, or if you wish to exercise any of your rights under the GDPR or otherwise, please write us at:
Nirvanahq, Inc.
1981 McGill College Ave
Montréal, QC H3A 0G6
Canada
Or by email legal@nirvanahq.com
Supervisory Authorities
Under the GDPR, you have the right to lodge a complaint with a Supervisory Authority regarding the Processing of your Personal Data. For more information, visit your national data protection authority, or visit the European Data Protection Board for a list of national Supervisory Authorities in Europe.
What are my rights?
When it comes to your Personal Data, you have certain rights as follows:
- You have a right to withdraw your consent for us to Process your Personal Data. This can be done easily through your Account settings.
- You have the right to request the erasure of your Personal Data (subject to exceptions in the applicable legislation).
- You have the right to receive the Personal Data that you provided to us in a structured, machine-readable format, and you have the right to transmit that Personal Data to another Data Controller. This is your right to Data Portability.
- You have the right to have your Personal Data corrected if it is inaccurate or incomplete.
- You have the right to request access to your Personal Data that we store.
To exercise any of these rights, write us at the address above, or send us an email (also above).
What Personal Data do you collect about me?
This table provides an overview of the Personal Data we collect.
| Type | Examples | Purpose | Category of Personal Data |
|---|---|---|---|
| Contact information | Email address | To identify you as a unique user, to respond to your requests and to send service- and Account-related emails | Identifiers |
| Account information | Name, email, password | To provide you with access to and use of the Service | Identifiers |
| Billing information | Credit card information, billing address, phone number | To process billing for the Service (if you subscribe to Nirvana Pro) | Identifiers; Commercial Information |
To whom do you transfer my Personal Data?
As explained in the general Privacy Policy, we use third party services. This may mean that your Personal Data is transferred to third parties. We can assure you that we are very careful as to which third party services we use, and any Personal Data transferred to them is only used in a manner consistent with our policies as described in the general Privacy Policy.
The following is a complete listing and description of where your Personal Data may be transferred (excluding this website, which is hosted in Canada and the United States).
| Third Party | Data Sent | Purpose | Country |
|---|---|---|---|
| MailChimp | Email address | To manage our mailing list | United States |
| Paddle | Name, credit card information, billing address, phone number | To process billing for Nirvana Pro | United States / UK |
| Recurly | Name, credit card information, billing address, phone number | To process billing for Nirvana Pro (legacy subscriptions only) | United States |
| Stripe | Name, credit card information, billing address, phone number | To process billing for Nirvana Pro (legacy subscriptions only) | United States |
| Google Analytics | IP address, browser information | To analyse our user base in order to improve the Service | United States |
How do you protect my Personal Data and where do you store and transfer it?
We take the security of your Personal Data seriously. Our website uses Secure Sockets Layer ("SSL") encryption for all communications with the Service. Furthermore, we use Amazon Web Services (AWS) servers located in the United States and Canada, and these servers are secured and inaccessible by third parties.
We may transfer Personal Data from the European Economic Area (EEA) to Canada and the United States.
-
Canada is deemed to provide adequate protection for Personal Data, as determined by the European Commission.
-
For transfers to the United States, please note that many U.S. companies historically participated in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, though these frameworks have been invalidated by the EU Court of Justice. We work with third-party service providers who implement appropriate safeguards such as Standard Contractual Clauses (SCCs) to protect your Personal Data. For more information on how your Personal Data is protected when transferred outside the EEA, please contact us.
How long do you keep my Personal Data?
We will retain your Personal Data for as long as it is needed to provide you with the Service. You can close your Account at any time, and you can ask us to delete your Personal Data as described further above in this notice. If you don't use your Account, we will delete your Personal Data 1 year after your last log-in to the Service.
Changes to this Privacy Notice
We may change this privacy notice from time to time. Any changes to this privacy notice will be posted here, and we may inform you via email to your registered email address if the changes are significant. You are responsible for periodically checking this privacy notice for updates.