Privacy Policy
Effective Date: [INSERT DATE] Last Updated: [INSERT DATE]
1. Data Controller
AVESYS OU ("Avesys," "we," "us," or "our") is the data controller responsible for the processing of your personal data as described in this Privacy Policy.
Contact:
- Email: privacy@avesys.net
- Data Protection Contact: privacy@avesys.net
- Address: Harju maakond, Kuusalu vald, Pudisoo kula, Mannimae/1, 74626, Estonia (Registry code: 14486578)
2. Scope
This Privacy Policy applies to personal data collected through:
- The avesys.net website and all subdomains;
- Avesys product portals (Customer Portal, Partner Portal, Admin Portal);
- Avesys products: Avesys DPM, Database Compare, DataForge, SQL Version Control;
- Communication channels (email, support tickets, contact forms);
- Marketing activities and events.
This Privacy Policy does not apply to data stored within your SQL Server instances. For On-Premise Deployments, your database content remains on your infrastructure and is not accessed by Avesys.
3. Types of Data Collected
3.1 Account Data
Data you provide when creating an Account:
- Full name
- Email address
- Company name
- Job title
- Phone number
- Country
- Password (stored in hashed form)
3.2 Billing Data
Data required for payment processing:
- Company billing address
- VAT/Tax identification number
- Bank account details for wire transfer payments
- Invoice history
3.3 Usage Data
Data collected automatically when you use our Services:
- IP address
- Browser type and version
- Operating system
- Pages visited and features used
- Date, time, and duration of visits
- Referral source
- Device identifiers
3.4 Product Telemetry Data
Anonymized data collected by Avesys products (where enabled):
- Feature usage statistics
- Error and crash reports
- Performance metrics of the Avesys software itself (not your SQL Server data)
- Product version and configuration
3.5 Support Data
Data provided through support interactions:
- Support ticket content
- Screenshots or logs you share
- Communication history
3.6 Partner Data
Additional data collected from Partner Portal users:
- Partner company information
- Client count and territory
- Commission and payment details
- Deal registration data
3.7 Contact Form Data
Data submitted through website contact and demo request forms:
- Name, email, company
- Number of SQL Server instances
- Current monitoring tool
- Message content
4. Legal Basis for Processing
We process your personal data under the following legal bases (GDPR Article 6):
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and billing | Performance of a contract (Art. 6(1)(b)) |
| Providing customer support | Performance of a contract (Art. 6(1)(b)) |
| Sending service notifications | Performance of a contract (Art. 6(1)(b)) |
| Product improvement via telemetry | Legitimate interest (Art. 6(1)(f)) |
| Website analytics | Consent (Art. 6(1)(a)) via cookie consent |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Partner program management | Performance of a contract (Art. 6(1)(b)) |
5. Purposes of Processing
We process your personal data for the following purposes:
5.1 Service Delivery
- Creating and managing your Account
- Processing subscriptions and payments
- Providing access to Avesys products and portals
- Delivering software updates and patches
- License verification and activation
5.2 Support and Communication
- Responding to support requests and inquiries
- Sending service-related notifications (billing, maintenance, security alerts)
- Providing product documentation and training materials
5.3 Product Improvement
- Analyzing anonymized usage patterns to improve product features
- Identifying and fixing software defects
- Planning product roadmap based on feature adoption
5.4 Marketing (with consent)
- Sending newsletters and product announcements
- Informing you about new features, products, or promotions
- Inviting you to webinars, events, or surveys
5.5 Security
- Detecting and preventing unauthorized access
- Monitoring for abuse of the Services
- Maintaining audit logs for security investigations
5.6 Legal Compliance
- Fulfilling tax and accounting obligations
- Responding to lawful requests from authorities
- Establishing, exercising, or defending legal claims
6. Data Sharing and Third Parties
6.1 Service Providers
We share personal data with trusted service providers who assist in operating our business:
| Provider Category | Purpose | Data Shared |
|---|---|---|
| Cloud hosting | Infrastructure | Account data, usage data |
| Bank transfer processing | Billing | Billing data (invoices, company details) |
| Email delivery | Notifications & marketing | Email address, name |
| Analytics | Website improvement | Usage data (anonymized where possible) |
| Support platform | Ticket management | Support data |
| Licensing | License verification | License keys, instance counts |
All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
6.2 Partners
If you were referred by or purchase through an Avesys Partner, we may share your name, company, and subscription status with that Partner for the purpose of managing the partner relationship and commission payments.
6.3 Legal Requirements
We may disclose personal data if required by law, regulation, legal process, or governmental request.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.
6.5 No Sale of Data
Avesys does not sell your personal data to third parties.
7. International Data Transfers
Avesys is headquartered in Estonia. If you are located in the European Economic Area (EEA), your personal data is processed within the EEA (Estonia).
To ensure adequate protection for international transfers, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Adequacy decisions where applicable;
- Your explicit consent for specific transfers where no other mechanism is available.
You may request a copy of the applicable transfer safeguards by contacting privacy@avesys.net.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of your Account + 2 years |
| Billing data | 10 years (tax/accounting obligations) |
| Usage data | 26 months from collection |
| Product telemetry | 12 months (anonymized) |
| Support data | Duration of your Account + 2 years |
| Marketing consent records | Duration of consent + 3 years |
| Contact form submissions | 12 months |
| Server logs | 90 days |
After the retention period, data is securely deleted or irreversibly anonymized.
9. Your Data Subject Rights
Under the GDPR and KVKK, you have the following rights:
9.1 Right of Access (GDPR Art. 15)
You have the right to request a copy of your personal data and information about how it is processed.
9.2 Right to Rectification (GDPR Art. 16)
You have the right to request correction of inaccurate or incomplete personal data.
9.3 Right to Erasure (GDPR Art. 17)
You have the right to request deletion of your personal data, subject to legal retention obligations.
9.4 Right to Restriction (GDPR Art. 18)
You have the right to request that we restrict processing of your personal data in certain circumstances.
9.5 Right to Data Portability (GDPR Art. 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format.
9.6 Right to Object (GDPR Art. 21)
You have the right to object to processing based on legitimate interest, including profiling and direct marketing.
9.7 Right to Withdraw Consent (GDPR Art. 7(3))
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
9.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority:
- Estonia: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
- Other EU countries: Your local data protection authority
How to Exercise Your Rights
Submit requests to: privacy@avesys.net We will respond within thirty (30) days. We may request identity verification before processing your request.
10. Cookie Policy
Our use of cookies and similar technologies is described in our Cookie Policy, available at avesys.net/legal/cookies.
11. Children's Privacy
The Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact privacy@avesys.net.
12. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS 1.2+) and at rest;
- Access controls and role-based permissions;
- Regular security assessments and penetration testing;
- Employee training on data protection;
- Incident response procedures;
- Secure development practices.
For more details, see our Security Overview at avesys.net/legal/security.
13. On-Premise Deployment Privacy
For customers using On-Premise Deployments:
13.1 Your Data Stays With You
Avesys DPM, DataForge, Database Compare, and SQL Version Control collect and process data locally within your infrastructure. Your SQL Server data, performance metrics, and query content do not leave your network.
13.2 License Verification
The only outbound communication from on-premise installations is periodic license verification with Avesys licensing servers. This communication transmits:
- License key identifier
- Number of connected instances
- Product version
- No database content, query text, or performance data is transmitted.
13.3 Optional Telemetry
On-premise products may optionally collect anonymized feature usage telemetry. This can be disabled in product settings. When disabled, no data is transmitted to Avesys from your on-premise installation.
13.4 Remote Support
Avesys support engineers may request remote access to your on-premise deployment for troubleshooting. Remote access is only initiated with your explicit consent and can be revoked at any time.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via:
- Email notification to the address associated with your Account;
- A prominent notice on avesys.net;
- In-product notification where applicable.
The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Services after the effective date of changes constitutes acceptance.
15. Contact
For privacy-related inquiries:
AVESYS OU
- Privacy inquiries: privacy@avesys.net
- General contact: info@avesys.net
- Website: avesys.net
This Privacy Policy was last updated on [INSERT DATE].
IMPORTANT NOTICE: This document is a template and should be reviewed by a qualified attorney specializing in data protection law before publication. GDPR compliance requires careful assessment of actual data processing activities. A Data Protection Impact Assessment (DPIA) may be required for certain processing operations, particularly those involving DataForge's PII discovery features.