Welcome to PassCamp!

When we refer to “PassCamp,” “we,” “our,” or “us” in this policy, we are referring to PassCamp, a joint-stock company and its subsidiaries and affiliates, which provides the Services to you.

This Privacy Policy is intended to help you better understand how we collect, use and store the personal information (as defined below) from users of our website at https://www.passcamp.com (the “Site”) or our product PassCamp website https://www.passcamp.com (the “Product”).

Whether you are a merchant or end user that uses PassCamp’s products or services (together, the “Services”) or whether you’re simply visiting this website. By using any of PassCamp’s Services, or by dealing with a merchant using PassCamp’s Services, you are agreeing to the terms of this Privacy Policy and, as applicable, the PassCamp’s Terms of Service.

This Privacy Policy explains what personal data we collect and why we use it, what choices we offer, including how to access and update such data.

If you do not agree to the terms below, please do not visit our site, do not use our content and / or services, and do not provide us with your personal data.

Persons under the age of 16 can not provide any personal information through our site. If you are a person below the age of 16, you must obtain the consent of your parent or other legal guardians before submitting personal information.

Principles

We use your data solely to provide you with services in which you enroll. Our business is providing PassCamp products and services to you (the “Customer”). We have no desire or interest to use or transfer the limited data we acquire for any other purposes.

Who We Are

UAB PassCamp is a Lithuanian company located at Savanorių pr. 178, LT-44150 Kaunas, Lithuania. PassCamp complies with Lithuanian privacy laws. Lithuania is a member of The European Union (“EU”) since 2004 May 1st.

Non-Owners

If you are a non-owner member of a personal and teams account, your use of PassCamp may be subject to your organization’s privacy policy or practices, if any. Non-owner members of an account transfer some of the rights described here to the account owners.

Information We Keep and How We Use It

We retain two kinds of user information to deliver our services: Secure Data and Service Data. Both are treated securely with respect for customer privacy and data confidentiality, but there are important technical and usage differences.

Secure Data

Secure Data is data that we are not capable of decrypting under any circumstance. It includes all information stored within accounts in PassCamp. This data is encrypted using secure cryptographic keys that exist only in the possession and under the control of our customers. We have no way of accessing or providing decrypted Secure Data, and we never receive copies of unencrypted Secure Data.

Your Secure Data is your property. We claim no rights to it beyond those necessary to deliver services to you. You may add, modify, and delete Secure Data at your discretion. If you do not have a PassCamp account, you cannot provide us with Secure Data.

Service Data

We inevitably acquire Service Data about your usage of PassCamp, your account, and your payments through operating our services. We retain only enough Service Data to operate and maintain the services. This data is never used for any other purpose.

Service Data is kept confidential. It is visible to our staff and includes, but is not limited to, server logs, billing information, client IP addresses, number of accounts and number of items in accounts, company or family name, and email addresses. Service data includes the name you provide us for your profile.

We retain the right to hold and use Service Data to provide our services, troubleshoot problems, analyze the performance and demands on our services, and to provide our payment processors with the information they need to process payments.

Diagnostic Data (Optional)

Diagnostic Data is a type of Service Data which is not automatically collected or required for operation of our services.

In some cases we solicit diagnostic reports and other troubleshooting, bug, and crash reports from customers to help identify and solve problems with our products and services. This information is sent to us explicitly on a case by case basis, or by users who explicitly opt into our beta software programs or who otherwise explicitly choose to provide diagnostic data to us.

Diagnostic Data may contain sensitive information about your devices and operating environment as well as personally identifying information. Although there may be occasions when we ask for Diagnostic Data to assist you with a problem, you are never obligated to provide it.

Diagnostic data never includes decrypted Secure Data. We will never ask for your Master Password.

Keeping Your Information Safe

We understand and accept our responsibility to protect Service Data and Secure Data. We use strict access control mechanisms, network isolation, and encryption to ensure that Secure and Service Data is only available to authorized personnel. Additionally, Secure Data cannot be decrypted even by those who do have access to it.

Data Processing Agreement (GDPR)

PassCamp fully complies with the GDPR, including the third country data transfer requirements. PassCamp complies with everything except for third country data transfer requirements.

Data Location and Transfer

PassCamp.com

PassCamp data is held on servers located within the European Union.

Customer support system

Our customer support and email services are hosted primarily in Lithuania. Any information you choose to send us through email or our customer support system may pass through and be stored on a variety of intermediate services.

Third-Party Data Processors

Your Secure and Service data are held by third party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. In many cases (but we cannot promise that this will always be the case) even Service data held by these entities is encrypted with keys held only by us.

Data needed to process payments is collected by our payment processor, Stripe, Inc. (payment processor). Stripe acts as an independent data controller. Stripe’s privacy policy is available here. Stripe no longer relies on the Privacy Shield data transfer mechanism to the US, but continues to participate in this programme. For transfers of personal data outside the EEA, Stripe uses the Standard Contractual Clauses (SCC) approved by the European Commission.

Contacting You

We may use your contact information to communicate with you about Service activity, provide support, and send you other information such as product updates and announcements. You may choose to stop receiving communications from us, except certain important notifications such as billing and account security alerts.

Your Responsibilities for Protecting Your Data

When you create a PassCamp account you will create a Master Password. For your protection, you should create a strong and unique Master Password to ensure that it is not easily guessed.

It is extremely important that you understand that anyone with your Master Password can access your Secure Data. It is equally important that you keep a copy in a safe place for your own reference, because future access to your Secure Data depends on having access to your Master Password. We will never ask you for your Master Password and you should never send it to us.

Due to the nature of our design and the sensitivity of the information you entrust to us (even in encrypted form), it may not be possible for us to help you with certain customer service requests unless you are listed as an account owner and are communicating from your verified email address. In the event that you change your email address, it is very important that you update your email on your PassCamp account(s) or you may eventually lose access.

Data Portability

We want happy customers, not trapped ones. We will not lock you out of your own data. However, we are unable to decrypt your Secure Data; you will need your Master Password to decrypt it.

You may export your PassCamp data at any time you wish during the life of your account. If you discontinue payment, your account will enter a frozen (read-only) state for a period not less than six months during which you may still retrieve and export your data.

Export is limited to your Secure Data. Account permissions, the structure of groups of individuals, and other information about the relationship between individuals and data is not guaranteed to be included in export.

Your Right to Have Your Data Erased

As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. After your account has been deleted, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 72 hours.

Disaster recovery and data availability requirements mean that PassCamp has a legitimate interest in maintaining secure and immutable backups. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.

Cookies and Tracking

We do not engage in or support cross-service tracking.

We do set and use cookies (small text files placed on your device) on our own domains and subdomains to store settings that assist with identifying your account for sign-in. We also use third party analytics packages for our public pages that may set cookies on your computer. These are limited to our domains, and do not involve cross-service tracking. You may disable cookies in your browser and continue to use our services without impact.

Client applications, including web browsers, will store information about your account to assist with future sign-ins and keep some information available to you when you are not signed in. Users may remove all such information from their devices, but doing so will require that they provide complete information (account details, Master Password) on subsequent sign-ins.

Consent for Underage Enrollment Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian.

Disclosure

We will comply with applicable law with respect to providing Service Data and encrypted Secure Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied. Your Secure Data remains encrypted with keys which we do not possess, and so we can only hand over Secure Data in encrypted form.

Some Service Data is made available to team owners. In some limited circumstances we may provide some information to non-owner members of these accounts. Account owners will be informed in these circumstances.

Breach Notification

If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. At a bare minimum, we must inform the applicable supervisory authorities as required by law and regulation.

Updates to our Privacy Policy

At our discretion, we may make changes to this Policy and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Policy. We maintain the right to send you annoying email informing you of substantive changes. Previous versions will be made available from this page.

Contact Us

If you have any questions about this Policy, you can contact us by mail at: [email protected]

Savanorių pr. 178,
LT-44150
Kaunas, Lithuania

Glossary

Data Processor

Data Processor as defined by the GDPR. We and the subprocessors (hosting services, payment processors)we appoint are the Data Processors.

Master Password

A user secret password, that is necessary to decrypt Secure Data.

PassCamp staff, staff

Our Directors, employees, and subcontractors

GDPR

European Union’s General Data Protection Regulation

Decrypt

Decryption transforms encrypted data back to its original form. It cannot be performed without the appropriate cryptographic key.

Encrypt, Encryption

Encryption transforms usable data into a form that conceals all information contained in the original data. This day transformation uses a cryptographic key.

Owner, Organizer

Business and Family accounts, which allow for multiple members, will have Owners or Organizers. Owners and Organizers have some rights over the data belonging to members of the Business or Family.

Personal Data

As defined in the GDPR

Subprocessor

Anyone other than us who we have appointed to process customer data. Subprocessors can see no more data than we can see. Examples include our data hosting providers and payment processors.

Supervisory Authority

A local regulator under the GDPR which has the job of seeing that we protect your data properly.

Secure Data

Data encrypted with keys derived from the user’s Master Password and Secret Key. This data cannot be decrypted by PassCamp.

Service Data

Data about a user account, which is available to PassCamp.

You, Data Subject

You are the Data Subject as defined in the GDPR. In general, we are addressing “you” as the Owner or Organizer of an Individual, Family, Team, or Business account.