Security & Privacy

I. Privacy

I.I. bugle Website

1. Information collection

1.1. General Website Usage
The user can navigate bugle website without providing any personal information. Upon website visit, or subscription of bugle Subscription services, personal information is requested, and navigational information is collected.

1.2 "Personal Information" means any information the website users voluntarily provide about themselves. This information includes but is not restricted to name, email address, company name, job title, phone number, and information about the user’s company. Personal information may also include information about the users publicly available on the internet, namely in social media networks or other service providers.

1.3 "Navigational Information" means information about the user’s computer and visits to the bugle website. This information includes but is not restricted to the user’s IP address, browser information, referral source, geographical location, pages visited and length of visit. The usage of this information is detailed on clause 2.4 ("Navigational Information Usage") and 3 (“Navigational Information”).

2. Information Usage

2.1. bugle uses the information collected in the bugle website in compliance with this privacy policy.

2.2. bugle does not share or sell to third parties the bugle website users’ personal information.

2.3. the information collected from bugle website users is used to:
- improve the users’ experience on bugle website with personalized content and offers; - send relevant information to the users via email, port, social media networks and other channels; - send marketing communications related to bugle products and services, as well as industry and company related content topics.

2.4. Navigational Information Usage. Navigational information collected from bugle website users is used to provide a personalized experience in the bugle website and other bugle digital channels, as well as to provide information to users about bugle products and services, and industry and business relevant content.

2.5. Customer Testimonials and Use Cases. All customer testimonials and Use Cases available on bugle website and communicated through other bugle channels have due written authorization from the displayed data subject.

2.6. Security of Personal Information collected via website Measures are in place to prevent unauthorized access or disclosure of bugle website users’ personal information, including technological security measures and safety procedures. For queries regarding the security of personal information, contact hello@bugleon.com.

2.7. Retention of Personal Information bugle retains Personal Information that bugle website users provide for as long as it is considered useful to contacting bugle website users about bugle products or services, or as needed to comply with legal obligations, resolve disputes and enforce our agreements. At bugle website users request, the users’ personal information will be deleted as described in clause 4 (“Opting Out and Unsubscribing”).

3.1. Cookies. bugle uses cookies to collect demographic information about bugle website users, to analyse website usage and track users’ website navigation. The use of Cookies has the purpose of providing the bugle website users a personalized user experience, to improve usability and convenience for the user, and to deliver customized promotions and offers based on the users’ digital behaviour. bugle website users can accept or decline cookies when entering bugle website.

3.2. Log Files. Bugle collects demographic information and computer hardware and software information using log files not associated with the users’ personal information. This information includes, but is not limited to IP address, browser, operating system, files viewed on the website, access times. Bugle uses this information to measure and analyse bugle website statistics.

4. Opting Out and Unsubscribing

4.1. Reviewing, Correcting and Removing Personal Information. Upon request bugle will provide the users information about their personal information collected by bugle, and to:
- review the user personal information collected by bugle; - request the correction of errors, outdated information, or omissions in user information; - request the opt out and cease of contact by bugle; - request to be removed from any solicitation list used by bugle; - request that user information is deleted from bugle records.

To exercise these rights, the user should contact bugle at hello@bugleon.com. The bugle team will respond to the users’ requests to change, correct, or delete their information within a reasonable time-frame and notify the user the action has been taken.

4.2 Unsubscribe from bugle Communications. Users may unsubscribe from bugle marketing communications by clicking on the "unsubscribe" link located on the bottom of bugle e-mails, or by sending an email with such solicitation to hello@bugleon.com.

4.3 bugle Website personal information collection, usage and management is fully complaint with General Data Protection Regulation (GDPR). Any situation related to personal information management not addressed in the previous clauses, the user can refer to the GDPR (Clause 2 “General Data Protection Regulation” of I.II bugle SaaS Tool).

 

I.II. bugle SaaS Tool

5. Confidentiality Agreement

Both bugle and the customer shall keep confidential any confidential information received from the other and use such Confidential Information only to the extent necessary to fulfill its obligations under the Service Level Agreement (see Terms of Service), and not reveal the same to any third party (other than to those employees, permitted subcontractors or agents who require such information to enable them to fulfill their obligations to, in which case the Receiving Party shall ensure that all such recipients are aware of and abide by these confidentiality agreement obligations.

The provisions of this Confidentiality Agreement shall not apply where the information in question:
- is in the public domain otherwise than by breach of this Agreement; - was lawfully in the possession of the Receiving Party prior to its disclosure by the Disclosing Party; - or is disclosed pursuant to a requirement of law, a court order, or the request of any regulatory body.

As between bugle and the customer, all Customer Data, including all Intellectual Property Rights therein, is owned exclusively by the Customer. Customer Data shall be considered Customer's Confidential Information subject to the terms of this Agreement and the General Data Protection Regulation.

6. General Data Protection Regulation

The European Union’s General Data Protection Regulation (GDPR) is a privacy regulation in terms of its breadth, depth, and impact. The GDPR takes effect on May 25, 2018. bugle has already undergone the necessary steps for full compliance.

7. Data Processing and Protection Agreement

7.1. bugle collects information from subscription services customers for the purposes of:
- provide the services subscribed by the customer, including prevention, detection and resolution of technical and security issues; - to respond to customer support requests; - to fulfil the obligations under bugle Service Level Agreement (SLA) and Terms of Service.

7.2 When processing Personal Data on behalf of our subscription services customers, bugle ensures that the provisions of this clause are fully complied with. bugle agrees that the customer and/or its affiliates are data controllers and that bugle is a data processor of the Personal Data.

7.3 bugle shall only process Personal Data from Customers’ users pursuant to the performance of the Services and until the date that bugle ceases to provide the Services to the Customer. On termination, upon customer request, bugle agrees to transfer the Customers’ users Data (including all Personal Data) to the Customer and to subsequently deactivate and sanitize the Customers’ users Data within 15 days after termination.

7.4 In providing the Services and in meeting its obligations under this Agreement, bugle undertakes to the customer that it will:

7.4.1 process Customers’ Users Data in accordance with written instructions from the customeror pursuant to the performance of the Services. If bugle is required to process the Customers’ users Data for any other purpose by European Union or Member State law to which bugle is subject, bugle will inform the Customer of this requirement before the processing, unless that law prohibits this on important grounds of public interest;

7.4.2 notify the customer immediately if, in bugle's opinion, an instruction for the processing of the customers’ users Data given by the customer infringes Data Protection Legislation;

7.4.3 assist the customer by: (a) ensuring the use of appropriate technical and organisational measures for the customer and its affiliates to comply with Data Protection Legislation; (b) assisting the customer in meeting its obligations to respond to requests from data subjects exercising their rights; and (c) ensuring its compliance with the obligations of Articles 32 to 36 of the General Data Protection Regulation;

7.4.4 implement and maintain appropriate technical and organisational measures to protect the Customers’ and Customers’ users Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the personal data and having regard to the nature of the personal data which is to be protected. As a minimum, these should include the requirements required under Data Protection Legislation.

7.4.5 not to give access to or transfer any Customer Data to any third party (including any affiliates, group companies or sub-contractors) without the express prior written consent of the customer. Where the customer does consent to bugle engaging a sub-contractor to carry out any part of the Services, bugle must ensure the reliability and competence of the third party, its employees and agents who may have access to the Customer Data and must include in any contract with the third party provisions in favour of the customer which are equivalent to those in this clause and as are required by Data Protection Legislation. For the avoidance of doubt, where a third party fails to enable bugle to fulfil its obligations, bugle will remain fully liable to the customer;

7.4.6 take reasonable steps to ensure the reliability and competence of bugle's personnel who have access to the Customer Data;

7.4.7 ensure that personnel required to access Customer Data are informed of the confidential nature of the personal data comprised within such data and comply with the obligations set out in this clause;

7.4.8 ensure that none of bugle's personnel publish, disclose or divulge any of the Customer or Customers’ users Data to any third party unless directed in writing to do so by the customer;

7.4.9 not retain any of the customers’ users Data for longer than is necessary to perform bugle's obligations under this Agreement and the Service Level Agreement (see Terms of Service), at the end of the Services upon customer's request, securely destroy or return such data to the customers’ users; and

7.4.10 allow the customer and its respective auditors or authorised agents to conduct audits or inspections during the term of the Agreement and for 6 months thereafter which will include providing access to the premises, resources and bugle personnel and bugle's sub-contractors use in connection with the provision of the Services, and provide all reasonable assistance in order to assist the customer in exercising its audit rights under this sub-clause to enable verification that the customers’ and customers’ users Data is and/or has been processed in accordance with this Agreement and Data Protection Legislation.

7.4.11 bugle shall aid the customer into cooperation with the supervisory authorities, where necessary, including direct cooperation between bugle and such supervisory authorities.

7.5 In the event that bugle directly receives a request from a data subject to exercise one of the rights described in the Data Protection Laws (a "Data Subject Request"), bugle will:

- Notify the customer immediately of the Data Subject Request, without responding to that Data Subject Request unless it has been otherwise authorised by the customer to do so;
- Provide details of the Data Subject Request (and any other relevant information the customer may reasonably request) to the customer within three (3) business days;
- Provide such assistance to the Customer’s Data Controller that they may reasonably require for the purposes of responding to the Data Subject Request.

7.6 If bugle or its contractors become aware of any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to Customers Data (a "Security Breach"), or reasonably believe that a Security Breach has occurred, bugle will immediately notify the customer in writing and on an on-going basis will:

7.6.1 Immediately provide the customer with a detailed description of the Security Breach, the type of data that was the subject of the Security Breach and the identity of each affected person, (as well as periodic updates to this information and any other information the customer may reasonably request relating to the Security Breach) and the name and contact details of the data protection officer or other point of contact where more information can be obtained;

7.6.2 Assist the customer and take action immediately, at bugle's own expense, to investigate the Security Breach and to identify, prevent and mitigate the effects of the Security Breach and, with the prior written approval of the customer, to carry out any recovery or other action necessary to remedy the Security Breach; and

7.6.3 within four (4) weeks of closure of the incident, provide the customer a written report describing the Security Breach, the root cause analysis, actions taken by bugle during its response and bugle's plans for future actions to prevent a similar Data Breach from occurring;

7.6.4 not release or publish any filing, communication, notice, press release, or report concerning the Security Breach (including supervisory authorities) without the customer's prior written approval (except where required to do so by law).

7.7 If the European Commission lays down, or an applicable supervisory authority adopts, standard contractual clauses for personal data processing activities and the customer notifies bugle that it wishes to incorporate any element of any such standard contractual clauses into this Agreement, bugle will agree to the changes as reasonably required by the customer in order to achieve this.

7.8 bugle will indemnify and hold the Customer harmless against all losses, claims, costs, damages or proceedings suffered or incurred by the customer and its affiliates arising out of or in connection with bugle's breach of this clause. The indemnity contained in this Clause shall remain in full force and effect following any termination of this Agreement.

7.9 bugle will not process the Customers’ Users Data outside the European Economic Area, or a country in respect of which a valid adequacy decision has been issued by the European Commission, except with the prior written consent of the customer and subject to the adoption of the appropriate security measures in accordance with the Data Protection Laws.

8. Data Centers

bugle’s products run on world class infrastructure hosted at Amazon data centres running on Amazon Web Service (AWS) technology. Our data centres are in Dublin, Ireland and data never leaves Europe. Amazon maintains security certifications with: SOC 1 / ISAE 3402; SOC 2; SOC 3; FISMA, DIACAP, and FedRAMP; CSM Levels 15; PCI DSS Level 1; ISO 9001 / ISO 27001.

Customer data is stored in multi-tenant datastores. Strict privacy controls exist in our platform code to ensure data privacy. We have many unit and integration tests in place to ensure privacy controls work as expected.

9. Logging

Logging is used extensively for platform troubleshooting and investigating issues. Logs are streamed in real time and over secure channels to a centralized logging service. This also allows bugle technical support and development teams to view logs without gaining access to the production systems.

 

II. Security

1. General Security Agreement

1.1 bugle will:

1.1.1 use up-to- date, commercially available firewalls, anti-virus software and virus detection software designed to prevent and detect the introduction of a virus to any software or computer system related to the SaaS Service;

1.1.2 take all precautions necessary to preserve the integrity of Customer Data and to prevent any loss, corruption, disclosure, theft, manipulation or interception of the Customer Data, and

1.1.3 make secure back-up copies of the Customer Data.

1.2 If any user signs up to become a registered User, the user will have to provide a set of information required by bugle and may also be asked to choose a username and a password for their account.

1.3 the Customer agrees that Customers’ users shall provide true, accurate, current and complete information to bugle in connection with any use or access of the SaaS Services and will maintain and update this information to keep it true, accurate, current and complete. bugle reserves the right to terminate a specific user’s use of the Service in the event we learn or believe any information provided may be false, inaccurate, not current or incomplete.

1.4 the Customers’ users are responsible for maintaining the confidentiality of their accounts and password and for restricting access to their computers and other internet platforms. Customers’ users agree to accept responsibility for all activities that occur under their account and/or password. If any unauthorized person obtains access to bugle SaaS Service as a result of any act or omission by a Customers’ user, this user shall use its best efforts to ascertain the source and manner of acquisition and shall fully and promptly brief bugle. Customers’ user shall otherwise cooperate and assist in any investigation relating to any such unauthorized access.

2. Security Measures

2.1 Access control to premises and facilities
Measures are in place to prevent unauthorized physical access to premises and facilities holding personal data.

2.2 Access control to systems
Measures are in place to prevent unauthorized access to IT systems.

2.3 Access control to data
Measures are in place to prevent authorized users from accessing data beyond their authorized access rights and prevent the unauthorised input, reading, copying, removal modification or disclosure of data.

2.4 Disclosure control
Measures are in place to prevent the unauthorized access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged.

2.5 Input control
Measures are in place to ensure all data management and maintenance is logged, and an audit trail of whether data have been entered, changed or removed (deleted) and by whom must be maintained.

2.6 Job control
Measures are in place to ensure that data is processed strictly in compliance with the data importer's instructions.

2.7 Availability control
Measures are in place to ensure that data is protected against accidental destruction or loss.

2.8 Segregation control
Measures are in place to allow data collected for different purposes to be processed separately.

2.9 Disaster Recovery Plan
Measures are in place to ensure the key elements of a Disaster Recovery Plan. If data, IT systems and networks are disrupted, this plan will assure there are processes in place to certify that the business can be recovered in an emergency.

2.10 Business Continuity Plan
Measures are in place for the key elements of a Business Continuity Plan. The function of the Business Continuity Plan is to assist impacted areas in ensuring that critical business functions are maintained, restored, or augmented to meet the designated Recovery Time and recovery strategies outlined in the areas' business continuity and business resumption plans.

3. Network Security

bugle has measures in place to prevent eavesdropping between the customer and customers’ users and bugle systems, as well as within bugle infrastructure. All network traffic runs over SSL/HTTPS. Internal infrastructure is isolated using strict firewalls and network access lists. Each system is designated to a firewall security group by its function. By default, all access is denied and only explicitly allowed ports are exposed. Persistence and storage layers are encrypted and secured behind VPN & VPC firewalls.

Need Help | Bugle
bugle video training subscription plans pricing