Security and privacy of Mapotic users are and will always be our top priorities.
In the context of the new regulation concerning the personal data protection, GDPR, we have updated the terms and conditions, conditions of personal data protection and we have also made few minor adjustments in the application itself. In this article you will learn how Mapotic deals with security and how users’ personal data are treated.
Mapotics works as an open platform for organizations, businesses, and individuals who can create online interactive maps and upload their own content. In addition to registration information, users enter their own content and then access it to other users through a web interface, mobile application, or embedded in third-party applications (websites, mobile apps, etc.).
What Type of Information We Gather and for What Purpose?
In order to best meet the needs of our users and provide a good mapping service, we collect data from interactions running on our platform
Data is then used for the purpose of:
- Service provision, testing, improvement and personalization
- Aggregation of anonymized reports on how users use the service
- Spam and unfair communication prevention
- Support and communication aiming to solve users’ issues
- Promotion of services
Under certain circumstances we might share the gathered data with third parties to fulfill the above mentioned purposes.
In case the personal details are shared with third parties while respecting the applicable law (e.g. with bodies involved in criminal proceedings and other public authorities) and we are not explicitly limited by the law, we will always try to avoid requests that we consider non-standard or unfounded.
Except for the above we use standard statistical and reporting tools that work with anonymized data like Google Analytics or Crazy egg. They help us to find out which functions and tools are used the most and how to improve the entire service.
How Mapotic Deals with Personal Data of Users?
Mapotic applies all necessary technical and organizational tools to secure the protection of personal data according to the appropriate legal measures that prevent from an undue or random access to personal details, their change, their unauthorized transmission, abuse or unauthorized processing.
Users insert their personal details when registering (name, surname, email, etc.). These and other data which is filled in by the user or other automatically gathered machine data that have no direct connection to personal information (server logs, event logs, etc.) are securely recorded on servers of Linode company while the service is used. Linode, an established supplier, is GDPR compatible. Here you can read its statement on personal data protection.
Every Mapotic user has the right to access the personal data and has the right to receive a confirmation whether his/her details are or are not processed. We provide all information related to the personal data processing upon request. This encompasses also the right to correct or delete users’ details from our service.
Data Inserted in Maps
Authors of added content are map founders or users that contribute to certain maps and add new places, photos, etc. The nature of Mapotics’ service doesn’t allow to influence what content is inserted in maps. Users have to make sure that they are authorized to add given information to the service and, therefore, make it public. They take responsibility for that and it is regulated in the Terms and Conditions.
Map Founders have to be compliant with statutory regulations related to the personal data protection. They are authorized to enter only the type of personal information that was approved by a given subject, i.e. the personal information is allowed to be published or there exist another legal condition allowing to publish the information.
As for the maps with active an “crowdsourcing” function, i.e. other users can contribute to the map too, it is the Map Founder’s responsibility to check in his/her project whether personal details are published or not and if their protection is violated. Mapotic contains a function informing the Founder when a new place is added by an external user. The Map Founder can use tools to approve or reject publishing a place on the map.
When a Founder or a user enters data to the map that might be protected as intellectual property (e.g. a photo), he/she gives us permission to use such information without being limited. If such permission can’t be given due to an insufficient right, the data can’t be inserted to the service at all.
Changes and Deletion of Personal Data
If a user believes that his/her personal data on Mapotic are treated in conflict with the protection of his/her personal life or in conflict with the law, he/she should turn him/herself in the first place to the operator of the given map clicking on “Contact the map owner”. In case the correction doesn’t take place he/she can contact the service operator who will take corrective action.
- It is possible to contact a map owner through a contact form – an envelope icon on the homepage of every map project.
- It is possible to contact the service operator regarding the protection of personal data at email@example.com.
If map founders process personal data in their map they become Personal Data Administrators, as understood from the perspective of the protection of personal data and notions defined in the GDPR. Mapotic service is then personal data processor. There should be a Processing Contract containing rules when working with personal data between the two subjects. Such contract is concluded between us and the map founders (administrators) when they agree with Terms and Conditions. Map admins can download it here or in the relevant part of the Terms and Conditions. It is the map admin who is responsible for the contract conclusion as Mapotic can’t verify and assess which newly founded map uses personal data.
Data on Map Layers
Mapotic uses third party providers as Mapy.cz (Seznam, a.s.), Mapbox LLC, Open Street Maps, Google Maps, etc., to display map layers. There is a one-way communication between those services – data and information to display a map layer are sent from the provider to Mapotic.
Neither Mapotic nor the map founders are responsible for potential personal information contained in map layers (map tiles) and information contained directly in map layers are adjusted by the Terms and Conditions of every provider.
Security and the Way How Data are Stored
The production server, database, data storage operation is ensured by external providers and partners. The main server provider is Linode service. Its servers are located in the European Union and the company fulfills all legal conditions for data storage. Some sub-services, external functionalities or logs may be located with other partners and IT solution providers as Amazon, CDN77, Google Cloud. When personal data is transferred, it is always compliant with conditions for transfer and location of sensitive data out of the EU.
We use HTTPS/TSL encryption to protect data between users and our service. In the application itself and in the development stages we use password and sensitive data encryption techniques. We won’t state any specific encryption mechanisms due to security reasons. Given the fact that there is no absolutely safe transfer on the Internet, we are unable, like other online services, to guarantee 100% transfer security (e.g. we can’t watch the security of users’ devices, to prevent hackers’ attack on the way, and so on). Users should take this into consideration, be responsible for their activity and take relevant steps on their side.
Third Party Content
Some content displayed on Mapotic doesn’t have to come from the users of the service. They are typically videos uploaded to places that come from e.g. a third party such as YouTube, music or audio recordings SoundCloud and similar services.
These services send their contents to Mapotic only when a given page (a map, a place) is visited and Mapotic has no control over such uploaded content. Possible displayed private data are subject to the conditions of external operators.
User Tracking and Cookies
Mapotic doesn’t use any illegal or non-standard techniques and doesn’t record any users’ activity out of the Mapotic application itself (i.e. website, mobile application or maps embedded into websites of our clients).
Service usage can’t get by without emailing, e.g. a registration, a forgotten password. We send these emails only when we have to inform users and make sure the service is fully operational.
Users can receive email notifications from the service. Users can be informed that other users interacted with content added by themselves, that a comment was added to a place previously added by themselves or that a new place was added to their map. Notifications can be turned off in the account settings.
Mapotic sends newsletters to its users. Users can unsubscribe from newsletters by clicking on the link in every newsletter or in the account settings after logging in.
Mapotic doesn’t send advertising emails that don’t relate to the service. If Mapotic sends marketing emails in the future, it will ask for recipients’ consent.
Look forward to hearing from us again 🙂