Legal Documents - 10/01/2024

Privacy Policy

Last update: 10th January 2024

Purpose of this Privacy Policy

We have prepared this privacy policy to inform you about how we handle and process your personal data on Insulae. Phalanx Software goes to great lengths to respect your privacy. We invite all users to familiarise themselves with the contents of this policy before making use of Insulae.

Data Controller

Insulae is a cloud-based software system developed and operated by Phalanx Software Limited, a private limited liability company established in the Republic of Malta. Phalanx Software Ltd. is registered with the Malta Business Registry and has the identification number C 89596.

For the purposes of the GDPR and with respect to all data processed by Insulae, Phalanx Software is the Data Controller.

If you have any questions or concerns with regards to how your data is handled by us, you may reach out to us by sending us an e-mail on contact@phalanx.software.

Nature of Data we Collect

Insulae collects and stores both personal and anonymous data from you that could be used to identify you. This includes:

  • Your name;
  • Your residential address;
  • Your telephone number;
  • Your e-mail address;
  • Your national identification number; and,
  • The IP address used for connecting to Insulae's servers

Your name, residential address, telephone number, e-mail address and national identification number is stored on Insulae's database and shared only with third-parties as indicated within this policy. Your IP (Internet Protocol) address, which is a number that identifies your device when it connects to the internet, is stored in Insulae's logs and is used in the event that we need to investigate and resolve a system defect.

Third-party Data Processors

While using Insulae, your data may be transferred to third-parties for further storage and processing. We ensure that your data is transferred to companies that comply with the provisions of the GDPR. In the case that such companies are not part of the European Economic Area (EEA), we link their Data Processing Agreement explaining how they treat and process your data below.

In particular, your data is transferred to the following Data Processors:

  • Amazon Web Services EMEA SARL, ("AWS Europe") whose policy regarding data they process is given in their "AWS Data Processing Addendum" available on: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf. Insulae is hosted on servers running on Amazon Web Service's infrastructure, specifically located in Frankfurt.
  • MongoDB, whose policy regarding data they process is given in their "MongoDB Data Processing Agreement" available on https://www.mongodb.com/legal/dpa. MongoDB hosts the database server containing all data stored at rest for Insulae. This data is located in Frankfurt.

Further to the above, your personal data will be accessible to the designated condominium administrator for your common areas. This condominium administrator could be a natural person, body corporate or legal person who is chosen by yourself, and other members of your condominium, in terms of the Condominium Act (Chapter 398) of the Republic of Malta.

Passwords and Authentication Data

When using Insulae, you are required to authenticate yourself and prove your identity to the system using one of the login methods supported by the system. If you use a third-party method to log-on to Insulae, those third-parties will transfer your personal data to us and we will handle that data in accordance with this policy. Furthermore, we will not transfer any data back to those third-parties.

Note that we do not collect, store or have access to any of your passwords, and we will not be able to assist you directly if you are unable to recall the password you use for logging into Insulae.

Security

We shall endeavour to keep your personal data, which is stored on our servers, secure and take all reasonable safeguards to prevent any unauthorised access to your data. In the event that a data breach occurs, we will resolve any system and procedural defects that allowed the data breach to occur in the first place; then, we will inform you of the event and any necessary steps to take, as soon as reasonably possible.

Reasons for Data Collection

We will not, under any circumstance, ever sell your personal data to any third-party or marketing agency. The data collected is used solely for the provision of our service to you through the Insulae system. In particular:

  • Your name, contact information and identification number will be shown to the administrator as part of the condominium members list;
  • Your e-mail address will be used to contact you whenever the administrator makes a condominium-wide announcement or some other important event occurs within your condominium (eg. a maintenance request is filed);
  • Your e-mail address will also be used by us in the event that we need to contact you regarding your Insulae account.

Cookies and Other Tracking Measures

The Insulae website and the Insulae system do not use any user tracking measures nor do we use any cookies to conduct any profiling on our users. The only cookies used are necessary for us to authenticate your device to the Insulae system.

Right to Rectification

You may view your personal and contact details as currently stored on the Insulae system by first logging in, using your preferred method and then navigating to the 'Contact Details' page by clicking or tapping on the button on the top-right of the screen. You may add, remove or correct any data from the same page as necessary.

Data Retention and the Right to be Forgotten

We will delete all personal details connected to you following a period of two years where all the following conditions applied continuously throughout:

  • You have not logged into the Insulae system; and,
  • Your account is not a member of any condominium on the Insulae system;

You may contact us on contact@phalanx.software if you would like us to delete your data earlier than that stipulated above. However, be advised that we may not be able to completely remove all information about you if that information is used by your condominium administrator to comply with their obligations as described in the Condominium Act.

Additional Rights

In addition to the rights described above, you may ask us to confirm and give you a written copy of the personal data we retain about you. You have the option to receive this data in a machine-based format, such as JSON, if you so desire. In certain cases, we may not be able to give you a copy of all your data and we may need to redact parts of the data we give you if that data also includes the personal data of someone else.

If you are not satisfied with the way we process your data or the manner with which we handled any of your queries regarding your data, you may forward your complaint to the Information and Data Protection Commissioner who is the designated Authority with respect to data privacy in Malta. The Commissioner's website can be accessed on: https://idpc.org.mt.

Changes to this Policy

From time to time, we may make changes to this privacy policy. You can determine the version of this privacy policy by looking at the date written at the top of the policy. We encourage you to review the policy regularly to ensure that you still agree with its contents.