Cortex I.T. Labs Pty Ltd

(BackupAssist Backup Software)

Data handling document

In order to deliver our services to you, we collect data from you and store it on computer systems under our control and on external data processors.

This document provides an overview of:

• What data we collect
• Where it is stored
• The measures we take to safeguard the data
• Data retention policies
• Data deletion upon your request

These policies and procedures are designed to be compliant with GDPR and CAN-SPAM.

What data we collect

Listed in typical order of the lifecycle of interactions with our customers, we collect the following data:

Data collected	Contains personally identifiable information?	Contains sensitive information
1.      BackupAssist website usage analytics	No	No
2.      Trial download registration	Yes	No
3.      Reseller expression of interest forms	Yes	No
4.      Technical support and sales emails	Yes	No
5.      Anonymous usage data	No	No
6.      CSG whitelist	Yes	No
7.      Software diagnostics	Yes	Yes
8.      Purchasing data (invoicing, payment)	Yes	No
9.      Reseller membership data	Yes	No
10.    Backup report history	No	Yes

Data retention and handling summary

As per good data handling policies and GDPR Article 17 (“Right to erasure”), the following table summarises our data retention and deletion procedures.

Data collected	Data retention	User-initiated data deletion
1.      BackupAssist website usage analytics	Indefinite	Impossible. The data is anonymous from the start
2.      Trial download registration	Indefinite	Deleted upon request
3.      Reseller expression of interest forms	Indefinite	Deleted upon request
4.      Technical support and sales emails	Indefinite	Deleted upon request
5.      Anonymous usage data	Indefinite	Deleted upon request (old software versions)
6.      Software diagnostics	Up to 6 months from date of receipt	Deleted upon request
7.      Purchasing data (invoicing, payment)	Retained indefinitely (refer below)	Retained for compliance reasons
8.      Reseller membership data	Retained indefinitely	Deleted upon request
9.      Backup report history	Up to 3 months from date of receipt	Deleted upon request
10.    CSG data	Up to 12 months from date of receipt	Deleted upon request

                                                                                                                           

Third party data processors

• Email list: SharpSpring / Mail Chimp
• BackupAssist purchasing and monitoring services – Rackspace
• Technical support and sales emails – Zoho systems
• Software diagnostics storage – Microsoft OneDrive
• Website analytics – Google Analytics

Data handling procedures

Each type of data we collect is handled in different ways, so we will discuss each in turn.

1. BackupAssist website analytics

We use Google Analytics to collect data about website usage. This data is collected and stored by Google. It is anonymised from the start.

2. Trial download registration

When requesting a trial we collect basic information such as name and email address. Data collected is stored in our database.

You will then be registered on the following mailing lists:

• BackupAssist trial user list

You may unsubscribe from any mailing list by clicking “Unsubscribe” in the footer of emails.

3. Reseller expression of interest

When requesting information about our reseller programs we collect basic information such as Company, name, contact number and email address. Data collected is stored in our database.

You will then be registered on the BackupAssist reseller prospect list.

You may unsubscribe from any mailing list by clicking “Unsubscribe” in the footer of emails.

4. Technical support and sales emails

When you send an email to us at any of our support email addresses, the emails will be imported into our third party system, Zoho. We do not store copies of these emails.

5. Anonymous usage data

Usage data from software installations of BackupAssist are collected to assist us in delivering services to all customers. The data includes:

• What features are turned on/off in the software
• Backup configuration features
• Backup results and statistics
• Basic information about the installed operating system: Windows version, etc.

The data is uploaded daily to the BackupAssist website and stored in a secure database with reporting access only to authorized BackupAssist staff.

When you install BackupAssist 10.4 or later, the data capture is anonymous by design, via association with a random token that is unique to each machine and only used for statistics. Therefore it is impossible to link the usage data back to an individual installation of BackupAssist, or back to any particular customer/reseller.

6. Software diagnostics

For the sole purpose of assisting our technical support team resolve issues you may experience, we provide the ability to send us a “diagnostics” file by using the “Send diagnostics” feature in the software.

Diagnostics files contain information about your system that enable us to diagnose and troubleshoot technical issues. It contains sensitive information such as BackupAssist settings, machine settings, Windows Event Log messages, and registry settings relating to backup services such as VSS.

This information is sensitive in nature. Therefore, it undergoes extra safeguarding.

1. User clicks on the “Contact Support” link/button, and optionally ticks the extra option to allow collection and submission of diagnostics – a double opt-in system.
2. If enabled, diagnostics data is collected by BackupAssist and compressed and encrypted on the user’s computer into a ZIP file. The ZIP file is given a random file name and uploaded to the BackupAssist website. From 10.4 the ZIP file is double-zipped to further protect the user’s privacy.
3. The BackupAssist website stores the ZIP files using a further layer of encryption for the data “at rest” in a dedicated Microsoft OneDrive cloud storage account.
4. Relevant BackupAssist technical support technicians and developers will download the encrypted ZIP files to local machines to perform their technical support duties. Diagnostics are deleted from the local machines after cases are closed.
5. Diagnostics are retained on the Microsoft OneDrive cloud storage account for up to 6 months, to assist us in delivery services to all customers, and are then deleted.

7. Purchasing data

When placing an order with BackupAssist, we collect information relevant to the purchase, such as the company name, email address, physical address, SKUs purchased, date of purchase, and so on.

For compliance reasons, we retain this data indefinitely.

Note: we never store or have access to credit card information. Our 3^rd party payment processors collect and retain this information.

You will then be registered on the following mailing lists:

• BackupAssist registered user list

You may unsubscribe from any mailing list by clicking “Unsubscribe” in the footer of emails.

8. Reseller membership

When joining as a BackupAssist reseller or MSP, we collect and store information relevant to delivering the services requested. This includes billing history (covered in #7 above) and backup reports (covered in #9 below).

You will then be registered on the following mailing lists:

• BackupAssist registered reseller list

You may unsubscribe from any mailing list by clicking “Unsubscribe” in the footer of emails.

9. Backup report history

Users of the BackupAssist Centralised Monitoring Console (CMC) receive daily summary reports of backup reports in their account. We collect the backup reports and store them on our web server.

As backup reports contain sensitive data, they are stored encrypted on our web server.

These backup reports are automatically purged as per the Data retention table included in this document.

10. Request to delete data

Customers who request their data to be deleted are required to submit a completed

“Request of data deletion” form.  This form is available by a request to support@backupassist.com