Byssus Software Solutions Copy Protected Software Trial & Activation Service  
Home   |   Solutions   |   Downloads   |   Company   |   News   |   Contact us   |   Partners

Privacy policy

Limitations

This privacy policy covers only Byssus, its web site and its rights management service. If an external link is followed from the Byssus web site this privacy policy does not apply. You are encouraged to read the privacy policy for the third party web site visited.

Where it is stated that data is not supplied to any third party a general exclusion to this statement applies. Where Byssus are legally required to supply data to a third party (e.g. the police, in a criminal investigation) Byssus shall supply personal data to that third party but only to the extent strictly required by the appropriate legal provision.

Definitions

Byssus sells to other businesses and not to consumers. The word "Customer" becomes potentially ambiguous in this scenario unless carefully qualified. Byssus have customers, which have customers of their own. To avoid confusion and clumsy language the following definitions shall be used in this document:

  • Client shall mean a customer of Byssus i.e. typically a software developer using the Byssus service.

  • End-User shall mean a customer of a Client i.e. a user of a Client's software.

NB When used in this specific manner Client and End-User shall start with a capital letter.

Where the terms "processed" (for data), "data controller" or "data subject" are used in this document without special qualification their use is intended to be as defined and used within Directive 95/46/EC (European Parliament and Council) and supporting guidance documents.

Processing of Personal Data

Web Site

Byssus does not actively collect any personal data via the Byssus company web site. Cookies are not used by the Byssus company web site, nor are Java applets, JavaScript nor ActiveX controls.

Byssus may log other data supplied automatically such as IP address and browser identity. Such data shall only be used in aggregate form to analyse how the Byssus web site is used and to improve the service offered by Byssus through the web site.

Byssus Service

The Byssus service is delivered through a server on the Internet dedicated to handling all the transactions required for the service to function properly. The service delivers three major functions:

  • Credit card payment processing.

  • Pass-through of additional registration data.

  • Software licence management.

a) Payment Processing
    Byssus Clients collect all the personal data required to process credit card payments made by End-Users. Byssus acts as an intermediary between its Clients and a payment service provider based within a member country of the European Union. Byssus receives the personal data from its Client's software application and then passes the data to the payment service provider. Details of each transaction are recorded by Byssus. Credit card details are not recorded. At the end of each reporting period agreed between Byssus and its Client, Byssus supplies its Client with an electronic copy of the payment transaction log. Within one month of receiving acknowledgment from the Client that the payment transaction log has been successfully received, Byssus will ensure that personal data are deleted from all Byssus systems.

    The format of the data sent to Byssus by Clients is specified in a programming interface (API). Only the minimum personal data required to process a credit card transaction are specified in the API. Byssus supplies only the essential data to the payment service provider. These data are not passed to any other third party.
b) Additional Registration Data
    Typically, Clients collect additional End-User personal data when a licence payment is made. This supplementary data is usually used either for the Client's sales and marketing activities or for providing support to End-Users (e.g. automatic distribution of program bug fixes or updates). It is usually more convenient for a Client to process all the software registration data (payment processing data and supplementary data) together.

    For this purpose, Byssus supplies a single free-format field in the API. Whereas the usage and meaning of the other fields in the API are commonly understood by both Byssus and its Clients, the usage and meaning of the free-format field is defined by the Client and not communicated to Byssus. Byssus store the data supplied in this field in the payment transaction log, exactly as provided by the Client (because the meaning of the data is unknown to Byssus).

    The supplementary data are returned to the Client in the periodic copy of the payment transaction log and deleted within one month of confirmation of successful receipt by the Client. These supplementary data are not passed to the payment service provider nor to any other third party.
c) Licence Management
    Licence management for trial usage of Client software requires no personal data to be processed. A unique hardware identifier for the End-User's computer is supplied to Byssus by the Client's software application. If the trial usage period is still valid Byssus supplies a licence key to operate the Client software properly. Byssus records usage data for the trial usage period, referenced by the Client software identity and the End-User's hardware identifier. During the trial usage period no data are held on any Byssus system that could enable the End-User's personal identity to be revealed (except for a rare case where an End-User has recently purchased a licence to use a different software application managed by Byssus, using the same computer. See below to understand why this exception applies).

    However, if an End-User purchases a licence to use the Client software, the same hardware identifier is supplied by the Client software to reference the record of the issue of a permanent licence key and the record of payment for the licence to use the software. Because the payment management system temporarily stores personal data together with the hardware identifier, it then becomes possible to personally identify the End-User associated with any record of trial usage (via the hardware identifier which cross-references records in both systems).

    Consequently, during the period between an End-User's payment to licence the Client's software and the deletion of the personal payment and supplementary registration data from the payment transaction log, the licence management system effectively holds additional personal data. Specifically, this additional personal data comprises the details of any trial usage periods for any software managed by the Byssus service, on a common End-User computer. Byssus returns trial usage data to Clients (but only the trial usage details associated with the specific Client's software application). These data shall not be supplied to any other party.

    Once the personal data in the payment system have been deleted, there is no means of matching corresponding data in the licence management system to an individual End-User. Consequently the data in the licence management system cease to be personal data once more. If a Client needs to query or set specific information in the licence management system, this will be carried out by supplying the hardware identifier or other unique cross reference to Byssus together with the processing request. Byssus will not be supplied with and do not need to be supplied with any personal data to carry out such functions.

    Byssus may log other data supplied automatically such as the End-User IP address. Such data shall only be used in aggregate form to analyse how the Byssus service is used and to improve the service. No record will be kept enabling an IP address to be mapped to a specific End-User, at any time.

Byssus Sales & Marketing

Byssus may process personal data related to its Clients. The source of such data will be either:

  • Interactions between Byssus employees and those of its Clients, or Third parties.

  • Data obtained directly from interactions with Clients will be used solely for Byssus' own sales & marketing operations and will not be supplied to any third party. Such data will be processed according to the principles specified in Directive 95/46/EC (European Parliament and Council).

  • Data obtained from third parties will be used by Byssus only strictly in compliance with Directive 95/46/EC (specifically with the UK Data Protection Act, 1998) and, in circumstances where it provides more stringent protection to a data subject, with the privacy policy of the third party supplying the data to Byssus. In addition, Byssus will not enter into a contract for the supply of personal data to Byssus, with any third party, unless Byssus is satisfied that the third party's privacy policy meets relevant legal requirements and is properly executed by the third party.

Contacting Byssus About Privacy Issues

If you have any questions, comments or suggestions about how we use your personal data please email us at info@byssus.com. Please note that to respond to some queries we may require some form of proof of identity.


Copyright © 2003-2005 Byssus Software Solutions, Ltd. All rights reserved.