Last modified: October 13, 2022
Controller and data protection officer
The data controller for our sites and applications is Thincast Technologies GmbH, Bahnhofplatz 7/3, 2340 Mödling, Austria.
General remarks on data processing
As a matter of principle:
- We do not collect, store or process any sensitive personal data as per Recital 51 GDPR
- We do not share, sell, rent, or trade any information with third parties for any commercial purposes
- We keep the collected data as minimal as possible
- We do not collect any information without your consent, except in cases where it is not possible to obtain consent beforehand, like server logs.
Article 6 (1) GPDR serves as the legal foundation for the processing of your data.
If you only browse our website, for example like having a look at our products, we do use common internet technologies like cookies and server side logs.
In the server side logs we collect the following data:
- the URL requested by the browser
- the visitor's browser type ("user agent")
- the referring site
- the amount of the transferred data in bytes
- the IP address the request is made from
- the date and time of the request
The above data is used to improve, monitor and protect the security of the website.
Additionally, in order to better understand the visitors and users of our site, we use Google Analytics. See Google analytics below for details.
We process and store personal data that you enter during your registration at the Thincast website (https://thincast.com/user/signup) and also the data you enter after the registration in your Thincast account.
The data includes:
- Personal data (name, company, address, phone number, fax number, VAT number and email address)
- Data from the fulfillment of our contractual obligations (orders, invoices, purchased software licenses and sales records)
Payments by credit card
Our PCI-DSS compliant payment provider for credit card payment processing is Stripe, 510 Townsend Street San Francisco, CA 94103, USA. If you choose to pay via credit card you will be redirected to Stripes's checkout page.
In order for Stripe to process your payment, we will only share (and securely transfer) the following required data with them:
- Your name
- Order number
- Your e-mail address
- Amount to pay
For information about their data processing please refer to the information provided by to Article 13 GDPR as part of the processing of credit card payments at https://stripe.com/dpa/legal
Payments via PayPal
If you choose to pay via PayPal you will be redirected to their payment page. In order for PayPal to process your payment, we will only share (and securely transfer) the following minimal required data with them:
- Your name
- Order number
- Amount to pay
To inform you about updates, new products, news and to keep you up to date we offer a low volume newsletter you can subscribe to. For the newsletter we use a two-step subscription process. First you need to enter your email address in our newsletter subscription form. Then we send a confirmation email containing a verification link to the address you've entered. Once the link is clicked, the provided email address is verified and added to our newsletter recipients.
The verified email address is only used for the newsletter and saved until you unsubscribe. To protect our site from spam and abuse we use Google reCAPTCHA in our subscription web form. See Google reCAPTCHA below for details.
Email communication and contact form
For documentation and support purposes, like being able to answer follow up questions and research previous issues, we do save your correspondence with us (including your name and email address). This includes email communication as well as our web contact form.
Contributor license agreement (CLA)
For some of our open source projects it is necessary to sign a contributor license agreement. As described in our signing documentation this can be done on- and off-line. In both cases the collected data is stored as long as it is required for legal reasons.
Depending on the type of the CLA the following information is saved:
- entity CLA: company name, company address, company contact name, company contact email address; as well as name, email address and GitHub username for each employee that is entitled to contribute
- individual CLA: name, address, email address, GitHub username
Thincast Support Request Package (TSRP)
In some situations our support requires you to upload a Thincast support request package. We can use a support request package to reproduce and find problems in situations where we require additional information or when crashes happen. Depending on the product the TSRP can contain different types of data. For example the TSRP created by the Thincast Workstation software includes, among other things, the following data:
- contact email address and name
- contact company name (optional)
- description of the problem
- Thincast workstation and virtual machine configuration
- if it was a crash, the crash dump of the application
- Windows application and system event log
- Thincast application log files (VBOxSvc, Thincast Client, virtual machines, setup API and setup error)
- additional information about the computer where the TSRP was generated (like computer name, DirectX diagnostic, OS version information, ..)
- related registry hives
Our support package is a simple ZIP archive file. You can open it with any application that supports ZIP and review the collected information before uploading it. For reference and debugging purpose we save TSRPs until we could solve the problem and all related (support/development/research) tasks are completed.
In order to check if software updates are available the Thincast Updater sends the following data to our update API:
- Product (like tcc for Thincast Client)
- Branches to check (like stable,beta,nightly,..)
- hashed OS-ID
- Kernel version (e.g 10.0.19044)
- Kernel type (e.g. winnt/darwin/..)
- Platform type (e.g. windows/osx/..)
- Platform version (i.e. 10 for Windows 10)
- Architecture (x86_64/arm64)
We save the above data anonymously to understand the product usage and to improve and focus our development efforts.
Your rights of access, correction and objection
You can contact us at any time if you want to:
- access and assess what personal information we have collected from you
- ask for correction of personal information
- or want us to delete all personal information related to you
You can contact our data protection officer at firstname.lastname@example.org or use our web contact form.
If you contact us please also provide a proper identification for you that we can process your request as quickly as possible.
You also have the right to file a complaint with our principal supervisory authority, the Austrian Data Protection Authority, or with a local authority.
Cookies and tracking
Your browser may be set to block all cookies. Already set cookies can be deleted at any time. Refer to your browser's manual on how to block or delete cookies.
Please note if you block all cookies our site might not work properly.
There are different types of cookies we use:
- Session cookies - Session cookies are cookies that exist only temporary in memory. They are deleted when the browser is closed.
- Persistent cookies - Persistent cookies are cookies with a certain lifespan which are saved by the browser. They expire after a specific length of time or specific date. Once a cookie is expired it is deleted. While a persistent cookie exists, it's content is sent to the web site it belongs to every time the site is visited.
The following is a list of cookies we use:
|PHPSESSID||session||-||Required. Contains a reference to the session on the web server|
|cookie_settings||persistent||90 days||Required. Contains cookie settings for this site|
|_ga||persistent||2 years||Google Analytics - Used to distinguish users (more information).|
|_ga_\<container-id>||persistent||2 years||Google Analytics - Used to persist session state (more information).|
|_gac_\<property-id>||persistent||90 days||Google Analytics - Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. (more information).|
|_gid||persistent||24 hours||Google Analytics - Used to distinguish users (more information) .|
|_gat||persistent||1 minute||Google Analytics - Used to throttle request rate (more information) .|
|_gat_gtag_UA_*||persistent||1 minute||Google Analytics - Used to throttle request rate (more information) .|
|AMP_TOKEN||persistent||30 seconds to 1 year||Google Analytics - Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. (more information) .|
|ga-disable-UA-*||persistent||until 31 Dec 2099 23:59:59 UTC||Optional. Set when Google Analytics was disabled for this site.|
PHPSESSID and cookie_settings are technically striclty necessary cookies and will always be set.
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
Google Analytics uses “cookies”, to help the website analyze how you use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Our website anonymizes IP addresses, your IP address will be truncated (anonymized) by Google within a EU member state or other EEA state before being transmitted to the US. Only in exceptional situations will your full IP address be transmitted to Google servers in the United States and truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
Further information concerning the terms and conditions of use and data privacy can be found at the Google Analytics Terms of Service or at the Google Analytics Privacy Overview You can prevent data collection via Google Analytics by clicking here. If you do so a persistent "opt out" cookie is set that will prevent any further collection of your data when visiting this website.
How do we secure your information
Thincast follows generally accepted industry standards to protect the personal information you have entrusted us with. This applies to data during transmission and once it is stored. We take all necessary measures to protect personal information from unauthorized access, alteration, or destruction; and ensure the appropriate use of personal information.
- October 2022 - add section about Thincast Updater and update the list of cookies uses by google analytics