SumWare Consulting

A private consultancy of FileMaker developers since 1992.

Privacy Policy

Last updated March 2021.

Overview

SumWare Consulting Ltd is committed to protecting the privacy of clients and associates as practically as possible.

This document describes how or when we collect, store and use personal and certain other information.

This document will be updated from time to time.

We take all reasonable technical and organisational precautions to protect personal information we hold about individuals, however we can not guarantee the security of the internet nor the actions of other parties outside of our control.

Personal Information

Personal information is data that can be used to identify or contact a single person. You are entitled to request details of your personal information that we hold.

If you wish to know what personal information we hold, please send an email to support@sumware.co.nz including your full name and the details of your request. We may request further evidence of your identification.

We may charge - at commercial rates - for providing such information.

Collection of Personal and other Information

Personal Information

When you register an interest or purchase a product or service from SumWare Consulting, we collect and store your contact information such as name, organisation name and details, email address, phone numbers in order do business with you.

This information will be provided by you, or collected from your organisation's public information (e.g. web site), or other public information (e.g. government listings), or any third party authorised by you, or a combination of these.

We do not collect financial information such as credit card details from you nor third party suppliers used for payment services.

We may disclose your personal information:

  • to third parties where that disclosure is related to the services or products we supply to you
  • to any person authorised by you
  • where we are required by law.

Other information

Our software on your computers may interact with our servers to provide technical information about your computing environment for licensing, diagnostic and support purposes. For example, our web servers collect and store your connection information such as IP address, time of access and details of the connection agent. Our software may from time to time submit to our servers your registration detail (IP address, registration number, organisation name, contact name) to confirm your user licence as well as information about your computing environment (software versions, operating system information, computer display dimensions).

Third party software used with our software may provide certain information to the relevant third parties. For example, FileMaker Pro - used to access our software - will provide to Claris International certain technical information as described in Claris International's privacy policy https://www.claris.com/company/legal/privacy.html.

Accounts and Passwords

Our systems use at the minimum 1 layer of protection using accounts and passwords known only to us and selected and trusted partners (e.g. our web consultants might be able to connect to our network and know certain passwords to our web servers required to accomplish their work). Alternative authentication methods (e.g. your Active Directory servers) may also be used (and may be preferred.)

We may, at a minimum, provide you with one or more initial "standard" account(s) and password(s) for accessing our software and we strongly advise you to change such password, as some standard passwords are known to others. We do not ask you to disclose your username and/or password, except occasionally for support reasons (when we encourage you to change your passwords again after the fact). Nor do we store nor share any such revealed data. You are responsible for keeping your personal information in your control secure at all times.

Authorisation and protection

When you use our software, you or your third party agents may provide to our software personal information such as contact details and transactional information. By doing so, you attest that you are authorised to store such information and it is implied that you are authorised to allow us access to this data for the purposes described in this document.

We also have administrative accounts and passwords that allow us access to your data for the purposes of providing support and additional features to you.

Self hosted software

When our software is self-hosted in your own or third party facilities, you may grant us access to your the software for support purposes. When providing support services, we may

  • log in with you or on your behalf using our passwords for the purposes of providing said support
  • request copies of your data that we keep only as long as is necessary to provide those services.

"Cloud" hosted software

Should your custom software (written by us) be hosted on our servers, you provide to our software personal information such as contact details and transactional information. In doing so, you attest that you are authorised to do so and grant us and any authorised third parties permission to access such data for operational and support purposes only.

We also create backup copies of your data that are stored on third party "cloud" servers such as Arq or BackBlaze in encrypted form. You are not identified to such third parties.

Data Breaches

Should we be made aware of your personal information under our control being accessed by unauthorised parties, we will:

  • investigate to the best of our ability to find out what happened and why
  • do our best to ensure this does not occur again
  • advise you and other known affected parties of the same as soon as practicable

Responsible Disclosure

Should you become aware of such a data breach we expect you:

  • to advise us of the same with sufficient detail of the circumstances to take action.
  • to allow reasonable time for resolution before taking any other action.
  • if necessary, to assist us with our investigations and mitigations in what is sometimes known as "responsible disclosure" https://en.wikipedia.org/wiki/Responsible_disclosure.

This is to allow practical mitigation of the effects or further effects of data breaches.

Further Questions

Please address any further questions to support@sumware.co.nz.