Privacy Notice

  • Our commitment

    This Privacy Notice describes our policies and practices regarding the processing of personal data and sets forth your privacy rights.

    We are aware that you care about your personal data and we take that seriously. We respect your privacy and your rights to control your personal data. We are committed to maintaining the privacy and confidentiality of the personal information we process.

    We assure you that data protection is an ongoing responsibility and in this respect, we will periodically update this Privacy Notice.

    Unless Bigstep explicitly requests your consent, by providing us your personal data in the ways described in this Privacy Notice:

    • you agree with this Privacy Notice and any supplementary privacy notices that may be relevant to you;
    • you agree that you are authorized to provide this information.

    We strongly advise you to read this Privacy Notice so that you know your rights regarding your personal data and understand our commitment to your privacy. If you have any questions or any privacy or data use concern, please contact us at dpo@bigstep.com.

  • Who are we?

    Bigstep (collectively “Bigstep”, “we”, “us” or “our”) is a provider of infrastructure and big data services. We do not knowingly attempt to solicit or receive personal data from children.

    Bigstep may process your personal data as a controller (usually, the personal data that we collect from you) or as a processor (usually, your hosted personal data).

    More information.

  • What is the scope of this policy?

    This Privacy Notice applies to personal data processed by Bigstep or its service providers from or about:

    • visitors to, or users of our websites and other Bigstep domains (containing or ending in bigstep.com; bigstep.io; bigstepcloud.com);
    • current and potential customers of Bigstep services;
    • service providers, contractors and business partners;
    • job applicants;
    • participants to Bigstep's or our partners events;
    • visitors on our premises;
    • other third-parties that we interacts with.
  • What personal data do we process?

    By “personal data,” we mean any information that can identify you. It includes information from which you are reasonably identifiable.

    By “you” we mean any data subject whose personal data is in our possession.

    We may also process information that is related to you, but that does not identify you personally. This type of information is called “Non-personal data”. Non-personal data also include information that, in its original form, could personally identify you, but that we have modified (by means such as anonymizing, aggregating or de-identifying) in order to hide or remove any personal data.

    We may process:

    • Contact details, usually that data that you can find on a business card, such as your name, job title, email, telephone, postal addresses, PIN, ID series and number, ID issuing date and authority, birth date;
    • Your correspondence with us, such as emails, tickets, physical correspondence;
    • Your account data, such as transactional information about the services you use, how you interact with us and the services, dates of payment owed or received, subscriptions you use, logs, service use history, account numbers or other information related to or included in your management interface;
    • Credential data, such as passwords, hints and similar security information used for authentication and access to accounts and services;
    • Traffic data, such as IP address, User-Agent header value, IP packet headers;
    • Payment card data, such as bank card (expiry date, name written on the card, last 4 digits, security code), bank account details; is provided directly by users into the PCI/DSS-compliant payment processing service and Bigstep does not, itself, process or store the card information. Bigstep may retain only card number and security code, billing address and bank account information;
    • Cookies and other similar technologies, such as data from your web browser – browser type and language, IP address, the operating system and version, your general geographic location, and your activity on Bigstep websites (the web pages viewed, the links accessed, number of visits, domain name, language information, mails opened, links clicked inside the e-mail etc.);
    • Images, such as photographs, video, voice recordings when you participate to our events; CCTV recordings when you visit our premises;
    • Data we obtain from other sources, such as Trade Registry, public authorities and other data providers. This includes public data, demographic data, interest-based data and internet browsing behaviour;
    • Recruiting data, such as details of your qualifications, skills, experience and employment history, information about your current level of remuneration, including benefit entitlements;
    • Cilents’ Hosted Data. To find out more about clients’ hosted data and privacy go to our Service Agreement. If you receive hosting or other services from one of our clients and have privacy-related questions about those services, please contact our clients directly.

    We do not process:

    • Sensitive information such as any information regarding your medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other such private information which is considered sensitive information and we will not intentionally collect or maintain or provide such information to third parties.
  • How do we process personal data?

    We collect information directly from you, as well as automatically through your use of our Services and, in some cases, from third parties.
    The personal data may be collected in the following ways:

    • directly from you, for example when you submit an order, conclude an agreement, apply for a job, use our services, communicate with Bigstep via phone calls, ticketing platform, email, web forms, chat, social media and other such methods of communication, submit a request via your Bigstep management interface, subscribe to Bigstep marketing newsletter or blog posts, attend our events or provide us services, access Bigstep websites.
    • automatically via cookies or other similar technologies by tracking you online when you visit our website (observed data). You can find out more about this in our Cookies and similar technologies policy available on our website.
    • from other sources for instance, from third parties such as when your employer is our client and appoints you as a delegate on our management interface or provides us with certain information in order for us to be able to contact you, or if one of our third-party partners we work closely with (such as business partners, service providers, sub-contractors, resellers, etc.) shares your personal data with Bigstep in order for us to be able to contact you. In this case we receive minimum information about you (the information that you usually find on a business card) and we will remove it at any time upon your request. We also collect information from certain organisations, where appropriate and to the extent we have legal grounds to do so.
    • Co-branded services
      Since certain Bigstep services may be co-branded and offered in association with another company, if you use such services, both Bigstep and the other company may receive information that is collected via that co-branded service. The company whose privacy policy is displayed on a co-branded website will be responsible for personal data collected on such website.

    Bigstep may engage the services of third-party partners which, in the process of supplying services to Bigstep, may collect personal data about you, data that may include your name, email address and online activity.

    Also, we perform different types of operations on your personal data, such as collection, recording, organisation, structuring, storage, consultation, use, transmission, making available, combination, restriction, erasure or destruction.

  • Why do we use personal data?

    We use the personal data for the following purposes:

    Communications
    We use your contact information, for reasons such as to get in touch with you, communicate with you about your orders or the services you use, subscription keeping a record of your complaint or ticket, security updates, reminders of the need to take action to keep your account active and up to date, sending announcements about our services/newsletters, informing you about upcoming events sponsored by us, promotional activities, communication with you in the recruiting processes.
    If you correspond with us by chat, email, tickets, postal service, or other form of communication, we may retain such correspondence and the information contained in it and use it to respond to your inquiry.
    You may wish to subscribe to Bigstep blog posts. Many people sign up to receive Bigstep blog posts even if they are not current clients. To receive Bigstep blog posts, you will need to create a “profile” with us which involves providing us with at least your email address. You can manage your preferences adding your first name and last name.
    Bigstep does not share this information with any third party other; however, we may store the information in our cloud-hosted databases.

    Marketing purposes
    We use your contact information to recommend products and services that might be of interest to you, to send you marketing and advertising messages such as newsletters, marketing communications, announcements or special offers, to personalize your experience or to inform you of upcoming events. You may always opt-out from receiving such communications, and this decision will not affect your ability to continue receiving services from us, visiting our website and reading blog posts.

    Statistical purposes and aggregated data insights
    We use personal data for statistical purposes and to produce aggregate data insights. For example, we may use data to generate statistics about number of users, event participants, the number of clicked on website, or the demographic distribution of visitors to a site.
    Bigstep website uses Google Analytics to track how often people gain access to or read our content or access our website. We use this information as aggregate data to understand what content, information or services our users find useful or interesting, so we can produce the most valuable content to meet your needs. We do not track individuals but look at information in the aggregate only. We may use these aggregated statistics for marketing purposes.
    We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.
    You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

    We also use Leadfeeder services to track how often people access our website. Our legitimate interest is to contact potential customers, to market our products, and optimize our website. The Leadfeeder services are GDPR compliant, offered by a European company. 
    The Leadfeeder tracker may collect for each visit: (a) time and date of visit; (b) source and medium; (c) number of pages visited; (d) pages visited (Title, URL, and Length of a page visit); (e) a visitor ID number (as set by a cookie); (f) the total length of visit; (g) visitor IP address.
    For more information on Leadfeeder tracker, please see Leadfeeder & GDPR page and the Technical Specifications of Leadfeeder Tracker page.

    Managing a job application.
    As part of any recruitment process, Bigstep collects and processes personal data relating to job applicants. We need to process data to take steps at your request prior to entering into a contract with you. We also need to process your data to enter into a contract with you. In some cases, we need to process data to ensure that we are complying with the legal obligations. For example, it is mandatory to check a successful applicant’s eligibility to work in the UK before employment starts. Bigstep has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

    Providing and improving our services and customer support
    When you become our client, we collect personal data about you including contact details, communications, correspondence, feedback, your account information, credential information, traffic data, payment card information for processing orders (including payments).
    We use the personal data (which can include your correspondence, traffic data, logs) needed to investigate, respond to and resolve complaints and service issues or downtime.
    We process your personal data for creating and maintaining your account, controlling the access to it, contract administration, providing services, processing orders and payments and enabling other benefits or opportunities associated with our services, including certain features of our solutions.

    Protecting ourselves and our clients
    We use the personal data, such as information about you including contact details, your correspondence with us, your account information, credential information, traffic data, payment card information to prevent and to detect fraud or abuses of Bigstep website and services, to prevent and detect any attack and to be able to identify, to assure your account and your data security and to protect our business from fraudulent transactions.
    When you visit our premises, we may also collect information about you on CCTV as part of our security prevention measures.

    Helping us to manage our business needs
    Bigstep may use this personal data to refine our services and to understand your needs and interests, to better tailor our services to meet your needs and to communicate with you about other services offered by Bigstep.
    We use personal data, including your feedback, to conduct research and development for the further development with regards to our services in order to provide a better experience to our clients and to grow our business.
    Collecting data in this manner allows us to collect statistics about the usage and effectiveness of our websites, personalize your experience and tailor our interactions with you.

    Event planning
    Your personal data may be processed as a participant to our events, conferences, trainings, demonstration.
    Bigstep may host or participate to many events throughout the year. If you are already our client and you register for one of our events we will access the information from your client account to provide you with information and services associated with the event. If you are not our client and you register for one of our events, we will collect your name and contact details, which we will store in our database(s) and use them in order to provide you with information and services associated with the event.
    If you are a speaker at one of our events, we will collect information about you, including your name, employer and contact details, and photograph, and we may also collect information provided by event attendees who evaluated your performance as a speaker. We may also make and store photos, video and audio recordings.
    Some of our events may be sponsored. Bigstep provides an attendee list to sponsors, co-sponsors and exhibitors of our events. Bigstep may also allow sponsors, co-sponsors and/or exhibitors to send you material by mail once per sponsored event, in which case Bigstep engages a third-party mailing house and does not share your mailing address directly with the sponsor/exhibitor. If you do not wish to have your information included in an attendee list or to receive information from sponsors, co-sponsors and/or exhibitors, you can express your preferences when you register for events or you may contact Bigstep directly at dpo@bigstep.com.

    Online advertising
    We do not deliver third party online advertisements on our websites, but we advertise our services on others’ websites. Please familiarize yourself with those website operators’ or network advertisers’ privacy statements to understand their practices relating to advertising.

    Third party Services
    We may use your contact details in a referral or reseller program, but in this situation, we will inform you that you will be introduced to a third party or that we resell other services.
    Bigstep offers a platform for big data services for our clients. In addition to offering big data services, Bigstep also offers big data services produced by others, which we often link to from our website. This means you may find yourself on the Bigstep website or reading an email from the Bigstep and we will offer you a link to another company’s website where you will find the information about their services. At these times, you will be leaving the Bigstep website. Bigstep is not responsible or liable for content provided by these third-party websites or personal information they may happen to gather from you.

    What happens if you don’t give us your data
    You can use Bigstep website without giving us your personal data. The information on our website is available even if you are not providing us with any personal data. However, if you want to order Bigstep services we need you fill in your Bigstep account only the minimal amount of information. Certain personal data is necessary so that Bigstep will be able to provide the services you have purchased or requested, as well as to authenticate you so that we know it is you and not someone else. You may manage your account and you may opt-out of receiving marketing communication at any time.

    Access to datacenters
    Some of our customers have a need to access the datacenters used by Bigstep and, in order to do so, the datacenter may require the personal information of the customer’s representatives, solely for security purposes and clearance. At the customer’s written request, Bigstep shall collect and transfer to the datacenter the representative’s personal information.

  • What is the lawful basis for processing?

    We will process your personal data based on the following legal grounds:

    To enter into the agreement and the performance of your agreement and to take action in accordance with on your requests.

    Bigstep’s legitimate business interests, for example, fraud prevention, maintaining the security of our network and services and improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information please see our website (what are data subject rights?).

    Compliance with a mandatory legal obligation, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures and your rights under GDPR.

    Consent you provide where Bigstep does not rely on another legal basis. Consent may be easily withdrawn at any time. When you give your consent, you will also receive information on how to change your mind. For more information please see our website (what are data subject rights).

  • To whom will we share personal data?

    The personal data we gather is for internal use only, and we will not authorize the release of this data to anyone outside Bigstep, without your consent for such disclosure, except for the limited circumstances described in this Privacy Notice, in your applicable agreement or permitted by law. Shall we ever need to provide the personal data to third parties, we will only share it to the reasonably necessary extent.
    We may disclose your personal data as described in below:

    Disclosure to Bigstep group companies or affiliates
    All of the personal data we collect about you may be transferred or accessed by our companies. We will protect the privacy and the security of the personal data that we collect in accordance with the terms of this Privacy Notices and the applicable law.

    Disclosure to third-party business partners and providers
    To the necessary extend of providing the services, we may disclose your personal data to third party service providers, if needed/required. Also, please note that our third party service providers and channel partners may be located in a different country than yours, so your personal data might be transferred across borders. We assure you that we require our third-party service providers and business partners to keep all the data we share with them confidential and to use it only to perform their obligations resulting from the agreements we have in place with them. They are required to maintain a proper level of privacy and security. Please note that any information you independently share with these third parties is subject to their respective privacy practices and policies. In the event of a reorganization, merger, sale, joint venture, transfer as a going concern or any such act, we may provide the personal data to a third party.
    Example of type of third-party business partners and providers

    • Third parties for joint promotions. They’ll be responsible for their own compliance with applicable privacy laws;
    • Other third parties, when you are signing up to their service and your personal data is used by them for authentication and fraud-prevention purposes;
    • Third parties that we advertise with such as Facebook in order to serve you advertisements online;
    • Third parties that we use to serve you sales and/or marketing emails, for example, MailChimp;
    • Companies who are engaged to perform services for, or on behalf of, Bigstep;
    • Debt collection agencies or other debt-recovery organisations.

    Disclosure to authorities or other bodies
    If we are under a legal obligation to share your personal data, we may disclose the information to the relevant authority. We may release the personal data in order to comply with the law, to protect our rights, property, the safety of our business, to enforce our rights and to assist with the control of fraud, spam or other undesirable conduct, and to support auditing.
    Example of authorities or other bodies

    • Law enforcement agencies, government bodies, regulatory organisations, courts or other public authorities if we have to, or are authorised to by law;
    • A third party or body where such disclosure is required to satisfy any applicable law, or other legal or regulatory requirement.

    Disclosure when you have given your consent
    We may disclose your personal data if we have your consent to do so.

    Disclosure of anonymous or aggregated data:
    We may share information that does not identify any individual without restriction.

  • How long do we keep your data?

    We will retain your personal data as needed to fulfil the purposes for which it was collected. We will retain and use your personal data in order to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.
    Examples:
    We will retain your contact details and account data for as long as your account is active.
    If you are our client, we will keep all collected data needed to perform our agreements or to provide you the contracted services, meaning during the contractual period and for a period of 3 years after the termination of the agreement, except otherwise stated by the law.
    We will retain your personal data, collected automatically via cookies or other similar technologies for as long as we deem it necessary to enable you to use the website, but no more than 26 months.
    We will retain job applicant’s personal data for 6 months.

  • Where do we process and store your data?

    Personal data collected by us may be stored and processed in UK, Romania, or in any other country where our affiliates, subsidiaries or service providers maintain facilities. We do not intend to transfer personal data from the European Economic Area and Switzerland to other countries, but some of our providers/contractors may be located in US. However, in such cases, Bigstep has put in place adequate mechanisms to protect personal data when it is transferred internationally, for example by using the Standard Contractual Clauses as approved by the European Commission.

  • What are your rights?

    Below we set out details on how you can exercise your rights. If you have question or cannot find the answer, please email us at dpo@bigstep.com

    Right to access personal data
    You have the right to make a request for a copy of the personal data that we hold about you. To submit a request please email us at dpo@bigstep.com.

    Right to correct personal data
    You have the right to obtain the rectification of inaccurate personal data concerning you. If your data needs to be updated you also have the possibility to correct, delete inaccuracies and/or update the data from our management interface or by emailing us at dpo@bigstep.com

    Right to data portability
    You have the right to receive the personal data concerning you, which you have provided, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller, where: the processing is based on consent or on a contract and the processing is carried out by automated means, in accordance with GDPR.
    Bigstep ensures that you can take your data with you by allowing you to download your invoice from your management interface.
    If you need more information, please email us at dpo@bigstep.com

    Right to restrict use of your data
    If you feel data we hold on you is inaccurate, or you believe we shouldn’t be processing your data, please email us at dpo@bigstep.com to discuss your rights. In certain circumstances you will have the right to ask us to restrict processing.

    Right to erasure
    Bigstep strives to only process and retain your data for as long as we need to. In certain circumstances stipulated by GDPR you have the right to request us to erase your personal data that we hold. As always, if you wish Bigstep to erase your personal data from our records, please contact us at dpo@bigstep.com and we will respond within a reasonable time. If necessary, given each particular case, we may be required to retain certain information for performing the agreement, legitimate business purposes and by law.

    Right to revoke your consent
    You may also revoke your consent previously granted.

    Right to object to use of personal data
    You have the right, in certain circumstances stipulated by GDPR, to object to Bigstep processing your personal data. If you need more information, please email us at dpo@bigstep.com.

    Right to opt out of marketing messages
    If you no longer want to receive marketing messages from Bigstep, you can elect to opt out of all marketing communications.
    There are various ways to opt out:

    • Contact our marketing team - email us at marketing@bigstep.com
    • Click the link at the end of a marketing email to unsubscribe;
    • Tell the sales representative if you receive a call;
    • Email us at dpo@bigstep.com;

    Opting out does not mean that you won’t receive messages related to the services provided any longer, if you have an agreement with us. You will still receive such messages, unless we have indicated otherwise.

    To manage cookies and understand more about what they are
    Want to disable a cookie, or understand more about what these are? Check the Cookies section of this policy for full details on how to do this.

    To opt out of Bigstep Analytics, or to understand what it means for you
    While it can’t identify or contact you, it’s your choice whether you want to be included or not. If you need more information, please email us at dpo@bigstep.com.

    We reserve the right to retain your personal data for a reasonable amount of time, in accordance with industry standards and applicable laws.

    When using Bigstep services, you can choose not to provide certain information, but this may prevent you from taking full advantage of the available functions, and it may prevent us from successfully providing you with our services.

  • Information Security

    We intend to protect the personal information entrusted to us and treat it securely in accordance with this Privacy notice. Bigstep implements physical, administrative, and technical safeguards designed to protect your personal information from unauthorized access, use, or disclosure.

    When it comes to prevention of data loss, alteration, misuse, unauthorized access or unlawful processing of the collected personal data, we are committed to industry best practices.

    Therefore, we:

    • Use encryption technology as appropriate;
    • Require to our suppliers to protect personal data from unauthorized access, use, and disclosure;
    • Limit the access to the systems on which the personal data is stored;
    • Test our website, data centres, systems, and other assets for security vulnerabilities;
    • Monitor for possible attacks and vulnerabilities.

    However, we cannot guarantee that the measures taken will prevent every security threat. In the event of a security breach which results in an unauthorized disclosure of information, we will notify you as soon as possible.

    We have teams who constantly review and improve our measures to protect your personal data from unauthorised access, accidental loss, disclosure or destruction.

    You can only access management interface and our service through the use of an individual user login and password. To protect the confidentiality of personal information, you must keep your password confidential and not disclose it to any other person. Please notify us immediately if you believe your password has been misused. You should always log out and close your browser when you finish your session. Please note, we’ll never ask for your secure personal data or account information by unsolicited means of communication. You’re responsible for keeping your personal data and account information secure and not sharing it with others.

    Our website may provide links to third-party websites. We cannot be responsible for the security and content of such third-party websites. So, make sure you read that company’s privacy and cookies policies before using or putting your personal information on their site.

    You may choose to disclose your personal data in certain ways such as social plug-ins (including those offered by Google, Facebook, Twitter) and to use third-party services that allow you to post reviews or other information publicly, and a third party could use that information.

    Social plug-ins and social applications are operated by the social network themselves and are subject to their own terms of use and privacy and cookies policies. You should make sure you’re familiar with these.

    The payment is handled directly by users into the Payment Card Industry Data Security Standard PCI/DSS-compliant payment processing service and Bigstep does not, itself, process or store the card data.
    However, while we take reasonable precautions to guard the personal data we collect, no security system is impenetrable.

  • Data integrity

    We take reasonable steps to help ensure that the data we collect is accurate, complete and up-to-date, for it to be reliable for its intended use.

  • Information about Children

    We will never intentionally collect or maintain information about individuals defined as minors in local law or regulation. However, if you believe that we are in possession of such information, please contact us at dpo@bigstep.com, and we will make necessary inquiries and investigations and, if applicable, delete that information.

  • Privacy Policy verification

    We periodically verify that this Privacy Policy is complete, accurate and comprehensive, displayed prominently and completely implemented. Appropriate employee training is in place, and we have developed internal procedures to assure the integrity and safety of the stored personal data.

  • Personal data of our clients’ customers

    If you have provided your personal data to one of our clients who hosts your data on our servers, this section applies to you.

    In these situations, it is our client who decides the reasons for which the data is collected and processed. We will not review, share, distribute or reference such personal data unless otherwise provided in the agreement between our clients and Bigstep or as may be required by law. Our clients are fully responsible for the personal data that they collect and process and for the compliance with the applicable laws regarding data protection. Bigstep provides service under the instructions of its clients and has no direct relationship with the individuals whose personal data our clients store and process.

  • How to submit a complaint or an inquiry

    Should you have any questions about how we are processing your personal data, about exercising your rights or about our privacy policy, please feel free to contact us at dpo@bigstep.com, and we will get back to you as soon as possible.

    Please be assured that we will promptly investigate the matter and that we are committed to resolving any privacy concerns that you may have.

    If you are not satisfied with our response or believe we are not processing your personal data not in accordance with the law, you can complain to the National Data Protection Authorities.

    • UK Data Protection Authority: Information Commissioner’s Office, www.ico.org.uk
    • Romanian Data Protection Authority: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal, www.dataprotection.ro.