The European Union GDPR (General Data Protection Regulation) regulation concerns data protection and privacy
for all individuals within the European Union. The GDPR aims primarily to give control back to citizens and residents
over their personal data and becomes effective on May 25, 2018.
If you have End-Users based in the EU, then the GDPR regulation applies to your relationship with your customers
and applies to our relationship with you as a "processor" of End-User personal data on your behalf.
There are many excellent sources of information on GDPR available on the internet and how to prepare for this new
regulation.
software_DNA GDPR Policy
As part of our preparation towards GDPR compliance, we have completed a detailed internal review including:
Review of all End-User "Personal Information" stored in the software_DNA system, the justification
for storing this information, and which information should be stored in encrypted form.
For example, we will no longer store IP address information related to License events
Review and update of our Encryption Key Management policies
Development of new functions in the DNA Control Panel to view and erase "Personal Information"
Review and update of our Information Policy
The following summarizes some of the key GDPR principles and our response / actions:
Explicit consent from the End-User for capturing and storing of "personal information"
It is your reponsibility to ensure your EULA with your End-User includes the personal information that we store
while providing our Licensing Management services. See below for our GDPR Policy and details.
End-user must be able to get access to the "personal information" stored by the
software_DNA System
End-Users may request from you details on what "Personal Information" you have.
In order to help you
in answering these requests, we have provided a new function in the DNA Control Panel
View GDPR Info in the Code View screen. A button will appear if the License
Code of an ACTIVE product has been activated, and will display the "Personal Information" currently
stored by software_DNA for that License. (see below)
Security of personal data
"Personal Information" is stored in encrypted form in the software_DNA system.
Management of Encryption Keys is governed by our Data Security policies and overseen by our Data Protection
Officer.
Right to be forgotten
End-Users may request that you erase all "Personal Information" that you retain or that 3rd parties
retain on your behalf.
In order to help you in complying with these request, we have provided a new function in the DNA Control Panel that
allows you to delete any "Personal Information" of an End-User related to a specific License. You can access
this function from the Code View screen by clicking on View GDPR Info (see below).
The License will continue to be ACTIVE, but some restrictions will apply. You also have the option of Banning / Disabling
the License.
Breach Notification
As stated in our revised "Information Privacy", we are commited to inform our Customers of any breach
of "Personal Information" and provide any assistance required for your communication with your customers.
Personal Information in software_DNA
End User information stored in the software_DNA system:
- One-way Hash: Information that identify parts of the computer are put through a special function
(called a "one-way hash") that turns the information into one code number that is unique to the
end user’s computer but cannot be deciphered (or reverse engineered) to determine what those
components are. Only this hash value is sent to the activation server and not the details on the computer parts.
- Computer Name / ID
- License Activation Email - optional
- License Activation Password - optional
- Registration information as collected by your software application - optional
This information is stored in encrypted form on our servers. If none of the optional information is provided
(email address and registration information) then no personal information will be transferred and stored.
We suggest that no important personal passwords be used for the activation password, or a
password that personally identifies the end user.
We do not share this information with 3rd parties.
Viewing GDPR Info
To view the "Personal Information" of a given End-User in the software_DNA system:
From the Codes -> View / Search menu item, enter the User’s License Activation code
or their email address provided during the License Activation process.
If you searched using an email address and the User has multiple Licenses, then a list of License Activation codes
will be displayed and you can select one to view.
In the Code View screen, click on View GDPR Info
(will be displayed if the Product is ACTIVE and the License has been activated)
All the "Personal Information" stored in the software_DNA system related to this License will be displayed
Deleting GDPR Info
When viewing the GDPR Info of a License as explained above, you will be able to erase all "Personal Information"
by clicking on Delete Info (you will be asked to confirm).
This will delete all Personal Information about the User associated with this License from the software_DNA system,
except for the Evaluation Code Email.
It is recommended, in order to comply with the User Request, to delete all information contained in the
Info Tags. If you determine that no Personal information is contained in the Info Tag, and this information is
required for continued management of the License, you have the option of not deleting the Info Tags.
Evaluation Code Email (if stored) must be retained as it is used to ensure
only one Evaluation License Code is issued per Email address.
The License will continue to be ACTIVE in software_DNA and the User can continue to use your
Application, although some Personal Information may be collected during normal license management, such as
Computer ID and InfoTags, and there will be some limitations for the User:
- User will not be able to retrieve a "Lost License Password"
- User will not be able to retrieve License information from the License Manager Portal using his
email address
If you wish to Ban / Disable the License at this time so that no possibility exists of collecting further
Personal Information, then check the option.