Privacy Policy 10.0

Download PDF

1. Who we are

We are Highsoft AS, the company behind the Highcharts Javascript charting library family. Our address is Sentrumsgata 44, 6893 Vik i Sogn, Norway.

You can contact us at the above address, or by email to [email protected].

You can read more about us on our website.

In collecting information about you, we are acting as a Data Controller and we are required to provide you with information about why and how we collect and use your data, and about the rights you have as a Data Subject.

2. Introduction

Highsoft is committed to protecting your privacy and will make every commercially viable measure to secure your data according to European Union’s General Data Protection Regulation (GDPR) guidelines. All information collected is safeguarded according to the applicable legislation concerning personal data and is updated to comply with the GDPR.

This privacy policy outlines the information we collect when you use and interact with our website and services.

2.1. Information storage and security

We rely on third-party partners to process data about you and your use of our website and services as well as for some of the features and functionality.

We have DPAs with all our Processors, and they all adhere to the Payment Card Industry Data Security Standard (PCI DSS) for Service Providers. For processing that is taking place outside EEA, we have provided appropriate safeguards to ensure our partners accept the EU Standard Contractual Clauses (SCC) for International Data Transfers. All 3rd party processors will have access to the minimum of information needed.

2.2. 3rd party Systems and Processors

SystemData processorPurpose of the ProcessingCategories of personal Data
SalesforceSalesforceCustomer Relationship Management System (CRM) Name, title, position, employer, email address, company name, purchase order, license information, transactions, work address, professional life data, connection data, localisation data
MauticHighsoftEmail Marketing System (EMS) Name, email, company name, personal interests or other identifiers that client provides or submits in connection with using the service
FreshdeskFreshworksSupport Ticket System Company name, contact name, email address and a brief description of your inquiry
Freshsales SuiteFreshworksEmail Marketing System (EMS) Photo, Name, title, employer, place of employment, occupation, email address, telephone number, company name, purchase order, license information, order details, transactions, work address, location, professional life data, connection data, localisation data, IP address, date of birth, age, personal interests or other identifiers that client provides or submits in connection with using the service like sending emails or chat, purchasing in the webshop or by submitting forms
Magento 2ConvertE-commerce Platform (Ecom) Name, address, phone number, email, customer number, order history, IP address, Company name (2020-2022)
Magento 1VismaE-commerce Platform (Ecom) Name, phone number, address, email, title, user level, company name, order history (2012-2020)
WooCommerceHighsoftE-commerce Platform (Ecom) Name, address, phone number, email, customer number, order history, IP address, Company name (2022 -)
WaysayerFastpathMiddleware for CRM, Ecom and EMS Name, address, phone number, email, customer number, order history, IP address, company name Other information generated from the registered user by interaction through e-mail, chat services, webshop or by submitted forms
PairyPairyMiddleware for Ecom and Accounting System Name, email account (private or business), payment details (invoice or credit card), company if applicable, invoice and delivery address, name of customer representative if different from the one making the order
TripletexVismaAccounting SystemName, email address, company name, transactions
Nets EasyNetsOnline Card Terminal Name, email address, company name, delivery address, IP address, transactions, credit card
PayPalPayPalOnline Card Terminal Name, email address, company name, address, IP address, transactions, credit card
SlackSlackInternal Communication Platform Name, title, position, employer, email address, company name, purchase orders, license information, transactions, work address, professional life data, connection data, localisation data, profile picture if submitted
SkypeMicrosoftCustomer SupportEmail, name, company
TeamtailorTeamtailorRecruiting System Name, email address, postal address or other identifiers that client provides or submits in connection with using the server, such as location, company, company address, telephone or mobile number, email address, date of birth, place of employment, sex, cv, profile picture. Other information generated from the registered user by interaction through e-mail, chat services, or by submitted forms
Google Suite AppGoogleEmail Provider Company name, contact name, email address and a brief description of your inquiry or other information provided in emails
Google Forms Google - Privacy PolicySurvey Vendor Name, company name, email address, other personal information the recipient fills in
Google Team DriveGoogleDocument Storage System Documents related to a purchase or other business processes between you and Highsoft
Google Data StudioGoogleData Visualization Platform We use Data Analytics to create dashboards of data collected from other business processes
Google AnalyticsGoogleWeb TrackingNo Personal Data collected in web tracking
Google Tag ManagerGoogleWeb TrackingNo Personal Data collected in web tracking
Google AdsGoogleAdvertising PlatformNo Personal Data collected in web tracking
Google Search ConsoleGoogleSEO platformNo Personal Data collected in web tracking
Google OptimizeGoogleA/B TestingNo Personal Data collected in web tracking
HotjarHotjarWeb TrackingNo Personal Data collected in web tracking
SEMrushSEMrushSEO and Website TrendsNo Personal Data collected in web tracking

Below you will find more information about how we collect and process information, including how we use third-party partners in connection with our services.

3. When you use our website

This section details the information we collect from you when you use our website to browse our products and services and view the content we make available. Our legal basis for collecting information as described in this section is based on legitimate interest, in reference to Article 6-1(f) of the GDPR, or consent in reference to Article 6-1(a) of the GDPR.

3.1. Cookies

Cookies are small pieces of text sent by a website and stored on your computer by your web browser. A cookie file is stored in your web browser and allows the Service or a third party to recognize you and make your next visit easier and the service more useful to you.

Please refer to our Cookie Policy on our website for detailed information on which cookies we set when visiting our website and using our services, including what purpose each serves.

JSFiddle is used to display code demos and samples on our web pages and our blog.

JSFiddle does not track personal data but sets a session cookie to prevent cross-domain attacks in the embedded code samples. Please refer to JSFiddle - Terms & Conditions and JSFiddle - Privacy Policy for additional information.

Google Analytics uses cookies to record usage and performance data of our website and web services.

We have ensured that the data we collect through website analytics services are anonymized in such a manner that it can not be used to re-identify you by e.g. excluding IP addresses or your detailed location. We analyze data based on e.g. when and how often users visit the site, what pages users visit, what other sites used before based on coming to our site, observing trends, visitor numbers, and behavior.

Google Optimize gets data from Google Analytics to perform A/B testing as a statistical experiment that aims at testing different variations against each other in a controlled environment to find the most effective variation of designs and content on our website, for example, types of imagery to improve engagement or CTAs to increase conversions.

If you consent to us using Statistics cookies in our consent manager, we additionally use Google Analytics built-in demographic, and extended ecommerce tracking. This tracking provides aggregated data on Age, Gender, Affinity Categories, In-Market Segments, and other categories along with product and licensing information in the event a purchase is made.

Demographics data is collected by Google and its Affiliates and shared with us in an aggregated form. Google and its Affiliates may use collected data for targeted advertising. Please refer to Google - Privacy Policy for further information on how Google collects, processes, and stores this data.

The use of Statistics cookies requires that you give your consent to our cookie manager. You may also prevent data from being used by Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

If you consent to Marketing cookies in our consent manager and are signed up to receive content from our website or have purchased a license or subscription from our website, the Email Marketing Software we use may store cookie identifiers that are used to gather certain website data related to campaigns. Our web application provides a unified tracking code that lets us track web page engagement, custom events like content downloads or abandoned shopping carts, and form submissions from your website and store them as contacts in our CRM. Email address is mandatory for tracking custom events.

We will use this information to create segments, marketing journeys and to ensure we send you relevant information.

3.2. User behavior tracking

When consenting to Statistics cookies in our consent manager, we use cookies and other technologies to collect data on users’ behavior and devices. User behavior tracking is useful to understand user experience and to optimize experience as well as building and maintaining user feedback.

The information we collect includes a device's IP address, which is processed during your session and stored in a de-identified form; device screen size, device type using unique device identifiers, browser information, geographic location limited to country only, and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile and is contractually forbidden to sell any of the data collected on our behalf. For further details, see Hotjar’s support site.

AddSearch Search Engine is used to enable a user to make a search request on our webpage. AddSearch logs the IP address and the search request for services like monitoring or analytics. Logs with end-user IP addresses are encrypted with AES-256. Please refer to AddSearch - Privacy Policy for additional information.

3.3. Web beacons

Pages on our site and emails we send to our users may contain web beacons. Web beacons also referred to as clear gifs, pixel tags, and single-pixel gifs, are small electronic file references that are embedded onto a web page or an email to analyze traffic, for example, whether a user has successfully opened an email, visited a page or completed a purchase.

In contrast to cookies, which are stored on a user's computer hard drive, web beacons are rendered invisibly on web pages when you open a page.

3.4. UTM codes

We may also make use of UTM codes. These are strings that are appended to a URL (the

“Uniform Resource Locator,” which is typically the HTTP or HTTPS address entered to go to a web page) when a user moves from one web page or website to another, where the string can

represent information about browsing, such as which promotion, page, or publisher sent the

user to the receiving website.

UTM codes are used to enhance our web analytics solutions to understand, for example, if the visitor’s journey on our site started with a newsletter or ad campaign. Any analytics gathered based on UTM codes are, and will remain, anonymous and analyzed in aggregate form.

3.5. Google reCAPTCHA

In the prevention of spam and abuse, we use the reCAPTCHA feature of Google on our website. This function is primarily used to distinguish whether an input is made by a natural person or abusive by automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. Please refer to Google - Privacy Policy for additional information about Google reCAPTCHA.

3.6. Why do we collect this information?

Some tracking mechanisms are considered necessary and are required to provide certain functionality like navigation and search. Other tracking mechanisms are essential for us to understand how our visitors find and use our site. We also monitor our website performance, such as what pages our visitors navigate to understand how to improve our service and offerings, as well as measuring marketing efforts and user experience to ensure intended and proper functionality.

If you do not want us to track your website interactions, you may revise your cookie preferences on our website. We will not deny you access to our site or services should you choose to decline the use of such tracking mechanisms, but when declined, there may be cases where the user experience is not optimal.

3.7. What do we do with your information?

Besides the functionality necessary for our website and services to function, we may use portions or aggregated numbers for internal presentations and visualizations. We do not share or sell any information collected.

We will use some of the information to create segments, marketing journeys, or view contact’s activities on the activity timeline. Email address is mandatory for tracking custom events.

Google provides some additional privacy options for Google Analytics cookies.

3.8. How long do we keep your information?

The information we collect is kept for a maximum of 38 months. Google provides some additional privacy terms.

3.9. Additional rights as a data subject

In collecting this information, we are acting as a data controller and you have additional rights with regards to the data we store and process, which is outlined in the section below called ‘Your rights as a data subject’.

4. When you submit feedback or an inquiry

This section outlines the information we collect from you when you submit feedback or an inquiry via our website, email, or social media. Our legal basis for processing and collecting your data when you contact us via our website, by email, in Social Media or leave feedback is based on our legitimate interest to process your submission and to provide you with the most accurate response in reference to Article 6-1(f) of the GDPR.

When you submit an inquiry via our website or send an email, we may ask you for your company name, email address, and a brief description of your inquiry. We will ask for a minimum set of information to reply to technical or sales support questions, or other inquiries.

When you contact us on a Social Media platform, like Facebook, Twitter, Instagram, or LinkedIn, we might transfer your message together with your username to our internal communication platform or we will reply to your inquiry directly on that platform. We encourage you to contact us via our website. We will also have access to aggregate insights to visitor activity on our social media accounts, as well as any individual public activity, such as liking, posting, or commenting on our accounts. For all interactions on our social media accounts, we hold a shared data controller role of your data along with the social media platform. This means that all information posted on our social media accounts will also be available to that social media company. To learn more about such companies' use of personal data, please visit the respective social media company’s privacy notice.

4.1. Why do we collect this information?

We use the information you provide to respond and hopefully to provide you with the information you need, including providing Support or fulfilling steps required before entering into a contract e.g. as part of a pre-sales activity. The feedback you leave will be used to improve our website and offerings.

We may send you an email to follow up on your interest and ensure that we have answered to your satisfaction or send you information that we think will be of interest to you with respect to your inquiry.

4.2. What do we do with your information?

We may share your question/problem internally by email or chat to provide you with a solution.

The information collected in a sales-related inquiry is stored and processed in our CRM, EMS and Email provider.We might share your name, email, and company name with partners, for the sole purpose of performing sales activities and providing information that we think will be of interest to you with respect to your inquiry. Our partners will have access to the minimum of information needed to perform their services.

Technical Support inquiries are stored and processed in our Support Ticket system and Email provider.

Our first-line support inquiries are handled by our Technical Support Partner. Our partners will have access to the minimum of information needed to provide support.

If you contact us via chat on our webpage we store the information you provide in our EMS.

4.3. How long do we keep your information?

Inquiries you make that are not of a financial or legal nature (e.g. purchasing a product or service) will be removed from our records if you are inactive for more than 2 years unless you explicitly consent to us storing your information to keep you updated on our products and services (in such a case, see below ‘when you sign up to receive content from our webpage on how we handle your data).

4.4. Additional rights as a data subject

In collecting this information, we are acting as a data controller and you have additional rights with regards to the data we store and process, which is outlined in the section below called ‘Your rights as a data subject’.

5. When you purchase a license or subscription

This section outlines the information we collect from you when you purchase a product from our website. Our legal basis for collecting and processing your data is based on Legitimate interest in reference to Article 6-1(f) of the GDPR fulfilling legal obligations in reference to Article 6-1(c) of the GDPR or contractual obligations in reference to Article 6-1(b) of the GDPR.

When you purchase from us, we ask you for your name, billing address, email address, company details, and we collect your IP address and payment information including credit card details.

5.1. Why do we collect this information?

The information we collect is required to process your payment, deliver products or services, and comply with applicable tax/revenue laws. We will use the information you provide to send you a receipt after purchase and contact you regarding your purchase or otherwise exchange information necessary to fulfil our contract with you.

When you register for a non-commercial license, we ask for your name, email address, intended usage, and organization details, to verify the free usage. This information and a copy of your License information will be stored in our CRM system and our Email Marketing Software.

5.2. What do we do with your information?

We use third-party vendors to store and process payments, and they all adhere to the PCI Data Security Standard (PCI DSS) for Service Providers.

The information you provide during the purchase process is stored in our E-Commerce platform, CRM system and Email Marketing Software.

From March 8th, 2022, our Ecom is hosted on our servers. Data collected between June 30th, 2020 and March 8th, 2022 is temporarily hosted by Convert Group AS and data collected prior to June 30th, 2020  will by hosted by Visma AS, as we phase out these previous processors.

Your IP address, email address and credit card details are passed on to the payment providers we use which are Nets, PayPal, or American Express. Except for the email address attached to your PayPal account, Highsoft does not store or process any payment information.

Your name, email, company name, and License information are sent to our EMS to follow up on your license and support term, including relevant product updates.

Documents related to the purchase like e.g. Purchase Order, Custom license agreement, and other information related to the purchase will be stored in our Ecom, CRM and our Document Storage System.  

The information you provide when you purchase a license or subscription from our website might be shared with our partners, for the sole purpose of following up on your purchase and providing you with relevant updates and other information that we think might be of interest to you with respect to your purchase. Our partners will have access to the minimum of information needed.

If you purchase a product from our website on someone else’s behalf as a reseller or distributor, or if such entity purchases a product on your behalf, we will process and collect the name, email address and company details from the intended end user, as well as the name, billing address, email address and company details of the reseller/distributor. The information is collected for the same purposes, processed in the same manner, and kept for the same amount of time, as further detailed in this section.

If you consent to us using Statistics cookies in our consent manager, we additionally use Google Analytics built-in demographic, and extended ECommerce tracking to the same end. This tracking provides aggregated data on Age, Gender, Affinity Categories, In-Market Segments, and other categories, along with Purchasing Information (Product, Quantity) from our Ecom in the event a purchase is made.

Anonymized data may also be sent to our data visualization platform for analyzing our performance internally.

For more information, please see Policy for Online Purchase here.

5.3. How long do we keep your information?

Information about the transaction is kept for however long necessary to comply with applicable tax/revenue laws, which under current laws is 10 years.

5.4. Additional rights as a data subject

In collecting this information, we are acting as a data controller and you have additional rights with regards to the data we store and process, which is outlined in the section below called ‘Your rights as a data subject’.

6. When you sign up to receive content

This section outlines the information we collect from you when you sign up to receive content by signing up to receive newsletters or notifications of product updates, when you register an account in our webshop or download whitepapers or tutorials.

Our legal basis for processing and collecting your data is based on consent in reference to Article 6-1(a) of the GDPR.

When you sign up to receive content from our website, we will ask you for your name, email address, and optionally other information about your interests and preferences, etc. We will collect your IP address and information about what kind of content that you engage with.

Upon registration, you will receive an email to confirm your registration. Unless you act upon that email, you will not be enrolled in our database.

6.1. Why do we collect this information?

The email address will be used to periodically provide you with news and information about our products and services, which we feel might be of interest to you.

Optional information we ask for will be used to make sure we send you relevant information and to spot trends. We collect your IP address to prevent fraud and identify geographical clusters of customers so we may serve you better. If you consent to marketing cookies we will additionally track your website engagement to make sure we send you relevant information.

We use web beacons to detect whether you have opened the email we send or not. This is to keep track of your engagement and ensure we send you relevant information or if you have been inactive for more than the retention limit, we will ensure that your email will be deleted from our database. Read more about web beacons here.

We use UTM codes to identify specific sources of traffic and to customize content but never used for profiling or other, user identifiable, tracking. Read more about UTM codes here.

6.2. What do we do with your information?

The information you provide when you sign up to receive content from our website is stored and processed in our Email Marketing Software and CRM system.

We might share your name, email, and company name with our partners, for the sole purpose of performing sales activities and providing information that we think will be of interest to you with respect to the content you have received. Our partners will have access to the minimum of information needed to perform their duties.

6.3. How long do we keep your information?

Your information is kept for as long as you continue to engage with our content, but we cease to send you information and content and will remove your data from our records if you are inactive for more than 2 years. Inactive, in this respect, means that you have not read any of the emails we have sent you, or downloaded any content from our website. You may unsubscribe at any time by clicking the unsubscribe link at the bottom of any email you receive or by contacting us to revoke your consent, which will result in the prompt removal of your information from our database, along with any data regarding your engagement with our content.

6.4. Additional rights as a data subject

In collecting this information, we are acting as a data controller and you have additional rights with regards to the data we store and process on you, which are outlined in the section below called ‘Your rights as a data subject’.

7. When you use our products

We do not require any personal information from you in order for you to use Highcharts JS including any other offering like e.g., Highcharts Maps, Highcharts Stock, Highcharts Gantt, Optional Dependencies, or any of our official Wrappers and  Add-ons.

The products are downloadable, and we do not track further usage of it, except as set forth herein in terms of purchasing a license and use of Export Server.

7.1. When you use our Export Server

The Export Server is a service that you can use optionally, when you have purchased a license from us.

The export server is not to be used in cases where charts may contain personal data. In such cases the offline export module or self-hosted export servers that require no server-side component must be used. In terms of data processing, the server is completely stateless, and does not store the visualization configuration once the export request has been processed. For more details, please see our Export Server Terms of Use.

8. When you contact us for any other inquiries

This section outlines the information we collect from you when you e.g. submit a survey, participate in a competition, submit code examples, blog for us, or apply for a job via our website.

Our legal basis for processing and collecting your personal data is based on consent Article 6-1(a) or Legitimate Interest 6-1(f) of the GDPR.

Along with your contact information and contribution or inquiry, we may ask you for information about your interests, preferences, opinion, etc. as relevant to the particular submission.

8.1. Why do we collect this information?

Depending on your inquiry we will need personal data to contact you, highlight your contribution on our website, to evaluate if you are a candidate for a job, and other relevant information pertaining to the nature of the inquiry.

8.2. What do we do with your information?

When you apply for a job your information is collected and stored in our Recruitment System. You can read more about how your data is handled on the Recruitment website.  All other inquiries or contributions are stored and processed in our Email Marketing Software.

We may in some cases use online forms when conducting Surveys, such submissions will then be processed by our Survey Vendor.

We may publish your submission to our website, in the event where that was the purpose of the submission. Further details will be provided upon initial contact. We will use your information to provide the information you need related to your inquiry.

We may ask for your consent to retain your information in our systems to send you further information that we think may be of interest to you. We will only send you updates and information for as long as you continue to consent. You may unsubscribe to such automated contact at any time by clicking the unsubscribe link at the bottom of any email newsletter you receive.

If you post a comment on our site, we won’t use your email address except to send you update notices about the specific entry you commented on or to initiate a private one-to-one email conversation with you about your post.

8.3. How long do we keep your information for?

Your information is kept for as long as you continue to consent, but we cease to send you updates and will remove your data from our records if you are inactive for more than 2 years. Inactive, in this respect, means that you have not read any of the newsletters we have sent you.

You may opt out of such updates at any time, which will result in the prompt deletion of any non-legal or financial information we have about you.

When you apply for a job, your information will be removed from our database once the position is filled, or until - if applicable - you are no longer considered for the position. The information will not be stored for longer than 3 months after your submission.

8.4. Additional rights as a data subject

In collecting this information, we are acting as a data controller and you have additional rights with regards to the data we store and process, which is outlined in the section below called ‘Your rights as a data subject’.

9. Your rights as a data subject

By law, you can ask us what information we hold about you and ask to have it corrected if it is inaccurate.

If we have asked for your consent to process your personal data, you may withdraw that consent at any time, and you can request that your data be erased.

If we are processing your personal data for reasons to fulfil a contract, you can ask us to give you a copy of the information you have provided for us in a machine-readable format so that you can transfer it to another provider.

You have the right to ask us to stop using your information for a period of time if you believe our processing is not lawful.

We will not make automated decisions on the basis of the personal data we have collected.

You may not ask to delete, or substantially change,  financial transaction data that requires retention for legal purposes. Such data will be handled in accordance with any applicable tax law.

To submit a request regarding personal data by email, please use the contact information provided above in ‘Who are we’ or contact us through our data subject request form. We will collect and process the information submitted for the sole purpose of responding to your request.

9.1. Your right to complain

If you have a complaint about our use of your information, we prefer that you contact us directly in the first instance so that we can address your complaint.

For any inquiries about our use of your personal data, please use the contact information provided above in ‘Who are we’ or contact us through our data subject request form.

9.2. Legal Requirements

We might need to disclose personal data of users based on requirements by law. This might result in legal obligations or urgent needs to suspend or block an account. In such an event we will aim to notify the user that is affected by such actions.

Highsoft may also retain, preserve, or release personal data in response to lawful requests by public authorities, including to meet legitimate security or law enforcement requirements; to protect, establish, or exercise our legal rights or defend against legal claims, including to collect a debt; or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of License Agreement for our JS products.

9.3. Retention

Highsoft will retain and use your information only as long as it is necessary for the purposes set out in this policy, and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and as otherwise described in this policy.

Specifically, Highsoft will retain your information for as long as you have an active service account with us, for as long as you remain subscribed to our newsletter, or as needed to provide the services to you. The exception to this is data arising from a financial transaction, which we are required by local tax and accounting laws to store for 10 years.

9.4. Right to be forgotten

If you have not interacted with our sales team, support team, subscribed to any of our newsletters or utilized any of our products and services for 2 years, and your contact information is not necessary per the Retention policy above, we will automatically delete your records from our databases. The only exception is if you send us a job application. In this instance, we will keep your application for a maximum of three months.

10. Our Policy Toward Children

Our services are not intended for users under the age of 13, and we do not knowingly collect or maintain information of such individuals. We encourage parents and guardians to monitor their children’s online activities.

11. Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.