Napatech Privacy policy

1 Introduction
1.1 This privacy notice explains how Napatech (“Napatech “, “we”, “us”, “our”) processes personal data in various situations. We provide you with this information as we are required to do so under the General Data Protection Regulation (the “GDPR”).
1.2 Below, please find information on the various situations where we process personal data:

2 Controller
2.1 Depending on the specific processing operations, various entities within the Napatech group may be the data controller. Each section below will contain information of the controllership in the specific situations. Contact information of our group companies is indicated below.
2.2 Napatech A/S, Tobaksvejen 23A, 1., 2860 Søborg, Denmark, CVR no. 10109124.
2.3 Napatech Inc., 1 New Hampshire Avenue, Suite 125, Portsmouth, NH 03801.
2.4 If you have any questions about how we process personal data, please contact us at info[@]napatech.com.

3 Description of the processing
3.1 Below, please find the specific purposes for our data processing, the categories of personal data that we process, the legal basis for such processing, and the retention periods that we have decided (in specific situations, we may defer from our general retention periods in case of e.g., complaints, objections, or other specific situations).

3.2 When you visit our website (cookies)

Purpose Categories Legal basis Retention Controller
To ensure the functionality and security on our website (necessary cookies). Necessary cookies include ones that enable users to log into secure areas of our website: Session cookies that keep users logged in on our website and persistent cookies that save the user’s preferences such as language. These cookies do not track any personal data of visitors. Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in ensuring the functionality and security of our website. See our cookie declaration https://www.napatech.com/cookie-declaration/. Napatech A/S.
To compile statistics in order to optimize the user experience on our website and the services we offer (statistical cookies). Statistic cookies help us to understand how users interact with our website by collecting and reporting information anonymously. Data collected by a statistical cookie are for statistical purposes only, such as analysing and reporting visitor interactions with our website: Activity on our website, including location, IP-addresses, browser used, time and date of access, operating system, pages visited, web requests etc. According to the Danish Executive Order on Cookies we are required to obtain you consent to use cookies for statistical purposes. At the same time we obtain your consent to the processing of your personal data, c.f. Article 6(1)(a) of the GDPR. See our cookie declaration https://www.napatech.com/cookie-declaration/. Napatech A/S.
To personalise the browsing experience by saving information about your preferences (preference cookies). Preference cookies enable our website to remember information that changes the way the website behaves or looks: User preferences, language, login details, customize your browsing experience. According to the Danish Executive Order on Cookies we are required to obtain you consent to use preference cookies. At the same time we obtain your consent to the processing of your personal data, c.f. Article 6(1)(a) of the GDPR. See our cookie declaration https://www.napatech.com/cookie-declaration/. Napatech A/S.
Tracking website visitors for marketing purposes, including targeted advertising (marketing cookies). Marketing cookies collect information about the user: Activity on our website, geographic location, IP-addresses, browser used, time and date of access, operating system, pages visited, products click on, web requests etc. According to the Danish Executive Order on Cookies we are required to obtain you consent to use targeting cookies for marketing purposes. At the same time we obtain your consent to the processing of your personal data, c.f. Article 6(1)(a) of the GDPR. See our cookie declaration https://www.napatech.com/cookie-declaration/. Napatech A/S.

3.3 When you sign up for the Napatech Support Portal NRC

Purpose Categories Legal basis Retention Controller
Managing the Napatech Documentation Portal and/or the Napatech Support Portal.

Username, password, company information.

Personal data that is submitted when you sign up to the portal(s) will not be used to send you any marketing or non-marketing communication.

 The legal basis for our processing is article 6(1)(f) of the GDPR, as we pursue our legitimate interest in managing the portal(s) and ensuring that you are able to log on to the portal(s).

Personal data pertaining to accounts will as a starting point be deleted upon your request or when the log on/account has been inactive for 2 years.

In specific situations, we may differ from our general retention periods (in case of e.g., complaints, objections or other specific situations).

 Napatech A/S.

3.4 When you sign up for the Napatech Documentation Portal

Purpose Categories Legal basis Retention Controller
Managing the Napatech Documentation Portal and/or the Napatech Support Portal.

Full name, username, password, company information.

Personal data that is submitted when you sign up to the portal(s) will not be used to send you any marketing or non-marketing communication.

 The legal basis for our processing is article 6(1)(f) of the GDPR, as we pursue our legitimate interest in managing the portal(s) and ensuring that you are able to log on to the portal(s).

Personal data pertaining to accounts will as a starting point be deleted upon your request or when the log on/account has been inactive for 2 years.

In specific situations, we may differ from our general retention periods (in case of e.g., complaints, objections or other specific situations).

 Napatech A/S.

3.4.1 User Generated Content (UGC) can be created, updated, and deleted in the Napatech Documentation Portal (docs.napatech.com). This content includes, for example, personal books, annotations, user-authored topics, bookmarks, alerts, scopes, and ratings. UGC belongs solely to the user that created it (the UGC owner), and Napatech enforces security rules ensuring that this content is private, unless explicitly shared by the UGC owner. Napatech stores and displays UGC as-is and has no ownership of UGC in any way.

3.5 When you communicate with us etc.

Purpose Categories Legal basis Retention Controller
Communicating with you when you represent a customer, partner, supplier, or another third party. Name and contact information, title, and position. The relationship to the business that you represent. Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing business contacts and fulfilling any agreement, we may have concluded with the company you represent. As long as the business relationship exists and up to 2 years after the end of the financial year in which the customer or supplier relationship has ended. The Napatech company that you communicate with.
Communication via the website contact form. Name, email, phone number, company, role and any other information that you chose to include in the message/communication. Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing communications with you. The user can withdraw the consent to receive digital communications from Napatech. This can be done using the unsubscribe link provided in Napatech’s email communications or on our GDPR request webpage: https://www.napatech.com/gdpr-request/ Napatech A/S.
Providing our services, software etc. to our customers (the company that you represent). Name and contact information, title, and position. The relationship to the company that you represent. Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests providing our services to the company you represent. As long as the business relationship exists and up to 2 years after the end of the financial year in which the customer relationship has ended. The Napatech company that you communicate with.
Bookkeeping purposes. Information stated on invoices such as name and contact details. Article 6(1)(c) of the GDPR. The legal obligations derive from the Danish bookkeeping legislation. Up to 5 years after the end of the financial year in which the customer or supplier relationship has ended. The Napatech entity that the invoice relates to.

3.6 When you sign up to our newsletter and other marketing activities

Purpose Categories Legal basis Retention Controller
Sending newsletters (direct marketing). Name and email. Article 6(1)(a) of the GDPR, as we ask for your consent to send newsletters. The user can cancel the subscription by using the link “Subscription Management”, which can be found in all our emails, to cancel your subscription. Or by our GDPR request webpage: https://www.napatech.com/gdpr-request/. Napatech A/S.
Facilitating marketing events, webinars, pitch meetings, participating in industrial fairs, etc. Name, email, phone number, company, role and any other information that you chose to include in the message/communication. Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing your personal data when participating in marketing events etc. Up to 24 months after the last communication. The user can withdraw their consent to receive digital communications from Napatech. This can be done using the unsubscribe link provided in Napatech’s email communications or on our GDPR request webpage: https://www.napatech.com/gdpr-request/. The Napatech entity that facilitates the event, etc.

3.6.1 If personal data are processed for the purpose of direct marketing, you have the right at any time to object to the processing of your personal data for such marketing, including to object to profiling in so far as it relates to direct marketing. If you object to processing for the purpose of direct marketing, the personal data may no longer be processed for this purpose. See our contact information above.

3.7 When you visit our profiles on social media

Purpose Categories Legal basis Retention Controller
Processing of personal data via our social media accounts (LinkedIn, Facebook, X and YouTube). IP-address and any information that you have made available in relation to our social media accounts, including reactions related to posts, sharing of posts and comments provided regarding our posts.

Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in branding our business via social media and interacting with our customers and other third parties.

We are joint controllers with the social media providers. See more in section 4.5 below.

 Information related to our posts on social media will be deleted, when the post is removed, or if you chose to withdraw your comment, reaction etc. Napatech A/S.

4 Categories of recipients

4.1 We may process and share your personal data with external partners who process personal data on our behalf (data processors). Such external partners include e.g. providers of hosting services, IT systems and technical assistance with regard to our IT.
4.2 Further, we may share your personal data with suppliers or subcontractors, if relevant in their work, insofar as reasonably necessary for the purposes set out in this privacy policy.
4.3 Additionally, we share your personal data within our group companies if necessary, when providing our services to you.
4.4 If necessary, e.g., in relation to any disputes or when we otherwise need external advice, we may disclose information to our advisors, such as auditors and lawyers.
4.5 When you use our website, you may share information with social media providers, such as Facebook, LinkedIn, or Twitter, through an implemented social plug-in (such as a like button). If you choose to share information via a social plug-in, your browser will transfer the following data to the social medium:

  • Date and time of your visit
  • The internet address or URL for the address you are temporarily visiting
  • Your IP address
  • The browser you are using
  • The operating system you are using

4.6 We are joint controllers with the social media providers in relation to the personal data processed on social media and/or personal data collected through our website and sent to social media providers (e.g. by way of social media plug-ins). Further information on the joint controllership agreement can be found here:

Additionally, we refer to the terms and conditions for the relevant social media provider.

5 Transfer to third countries
5.1 We transfer your personal data to our processors and our group company (Napatech Inc.) located in the United States, which are certified under the Data Privacy Framework (https://www.dataprivacyframework.gov/). See further information in the Data Privacy Framework under section 8.
5.2 If you want additional information about our transfer of personal data to third countries, you may make a request for such additional information by contacting us (see above).

6 Your rights
6.1 As a starting point and depending on the specific situations, you have the following rights:

  • Right to withdraw consent: Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us (see contact details above). If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.
  • Right of access: You have the right to have confirmed whether collection or processing your personal data has taken place, and, if so, you have the right to request a copy of your personal data in a digital format.
  • Right of rectification: You have the right to require that we correct any inaccurate personal data, and that we complete incomplete personal data.
  • Right of erasure: In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes in which it was originally collected.
  • Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data, for example, if you believe that the personal data is not accurate or lawfully processed.
  • Right to object to the processing: In certain circumstances, you have the right to request that we stop processing your personal data.
  • Right to data portability: In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.

6.2 You can read more about your rights in the Danish Data Protection Agency’s guidelines on data subjects’ rights, which is available at datatilsynet.dk (in Danish) and at datatilsynet.dk (in English). Please contact us if you wish to exercise any of your rights. The relevant contact details are stated above.

7 Complaint to a supervisory authority
7.1 If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, www.datatilsynet.dk.

8 Additional information re. the EU-U.S. Data Privacy Framework (Napatech Inc.)
8.1 Napatech Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Napatech Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view Napatech Inc.’s certification, please visit Data Privacy Framework Website.
8.2 In compliance with the EU-U.S. DPF, Napatech Inc. commits to resolve DPF Principles-related complaints about Napatech Inc.’s collection and use of your personal information. EU individuals with inquiries or complaints regarding Napatech Inc.’s handling of personal data received in reliance on the EU-U.S. DPF should first contact Napatech via the contact information under section 2.
8.3 In compliance with the EU-U.S. DPF, Napatech Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPA’s) with regard to unresolved complaints concerning Napatech Inc.’s handling of personal data received in reliance on the EU-U.S. DPF.
8.4 You can, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms in accordance with Annex I of the DPF. For additional information: www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
8.5 The Federal Trade Commission has jurisdiction over Napatech Inc.’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In certain situations, Napatech Inc. may be required to disclose personal data subject to lawful requests by public authorities, including to meet national security or law enforcement requirements.
8.6 If Napatech Inc. transfer your personal data to third parties, e.g when performing an onward transfer of your personal data protected under the GDPR, Napatech Inc. remains responsible for the processing of your personal data. For personal data subject to an onward transfer by Napatech Inc. under the Data Privacy Framework, Napatech Inc. will remain liable under the Data Privacy Framework Principles if a recipient of your protected personal data processes such personal information in a manner inconsistent with the Data Privacy Framework Principles, unless Napatech Inc. is able to prove that Napatech Inc. is not responsible for the event giving rise to the damage.

Napatech Privacy Policy v4, September, 2024