Privacy Policy

Effective as from 5 March 2024

At ISL Online, we respect the privacy of our website visitors and users who use our products and services. The purpose of this Privacy Policy is to make our activities related to the processing of your personal data as transparent as possible and to give you control over your own personal information. We will always strive to collect and process your personal data fairly and to keep it secure and confidential.

Download Privacy Policy

  1. Introduction
  2. Definitions
  3. Controller and Processors
  4. Processing Details
  5. Consent
  6. Children
  7. Data Protection
  8. Website Visitors
  9. Registration
  10. Notifications and Newsletter
  11. Additional Features
  12. Billing
  13. Customer Support
  14. Product Use
  15. Transfer of Personal Data to Third Countries
  16. Cookies
  17. Third Parties
  18. Managed Private Cloud
  19. Self-Hosted Solution
  20. Anonymization and Pseudonymization
  21. Previous Product Versions
  22. Your Rights
  23. Contact Us

  1. Introductionlink

    ISL Online ("we", "us", "our") has prepared this policy to provide information about the collection and processing of personal data when using the products and services offered on the official websites (islonline.com and islonline.net). The main purpose of the ISL Online software is to allow IT professionals and helpdesk technicians ("Operator") to establish remote desktop sessions over the Internet for their business purposes, i.e., to provide technical support to their customers ("Client") remotely or to access unattended remote computers.

    This Privacy Policy describes the personal data we collect at various levels of your engagement with us. This Privacy Policy also describes where your personal data is stored and the security measures, we use to protect it.

    We address personal data protection in accordance with the General Data Protection Regulation (EU) 2016/679, which is a European regulation on data protection and privacy (GDPR).

  2. Definitionslink

    • Controller: refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data according to Article 4 paragraph 7 of GDPR.
    • Processor: refers to a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller according to Article 4 paragraph 8 of GDPR.
    • Personal Data: refers to any information that relates to an identified or identifiable natural person according to Article 4 paragraph 1 of GDPR, or any information which can be used to uniquely identify a website visitor, Operator, Client, or Administrator.
    • Website visitor: refers to any individual visiting our official websites or social media sites for informative purposes only.
    • Operator: refers to any individual registered with an ISL Online account. Typically, this refers to an IT professional or helpdesk technician who offers support to a Client.
    • Client: refers to an End-User who joins remote desktop sessions, usually without any credentials, to receive technical support from Operators.
    • Administrator: refers to a privileged Operator who has permission to manage ISL Online licenses and accounts of other Operators within an organization.

  3. Controller and Processorslink

    While using ISL Online products and services, the legal entity collecting and processing personal data is:

    While providing its services, ISL Online assumes both the role of data Controller and data Processor regarding different interactions with our customers and the corresponding personal data.

    ISL Online assumes the role of the Controller regarding personal data described in chapters 8-13, with processing details being described in chapter 4.

    ISL Online assumes the role of the Controller regarding personal data described in chapter 14, which pertains to you (Operator).

    ISL Online assumes the role of the Processor regarding personal data described in chapter 14, which pertains to your clients (Client / Person you offer remote support to). Data Processing Agreement (DPA) for our hosted service users is made available once they log into their account, under My Profile > Other > Data Processing Agreement.

    In addition to ISL Online, the processor or sub-processor of personal data may be:

    • the controller,
    • companies affiliated with us (our subsidiaries, whose controlling interest is owned by us and thus shall not be regarded as third parties):
      • ISL Online Limited, 22 Basepoint Business Centre, Rivermead Drive, Westlea, Swindon, Wiltshire, SN5 7EX, United Kingdom
      • ISL Online AG, Aargauerstrasse 250, 8048 Zürich, Switzerland
      • ISL Online GmbH, Noetherstrasse 1, D-69115 Heidelberg, Germany
    • Third parties:
      • Authorized Partners (our distributors and resellers which assist us in performing certain customer care functions such as marketing activities, sales, customer support, and similar business activities on our behalf)
      • external contractual service providers which we use in connection with the specific functions of our business process, e.g., Google Analytics

  4. Processing Detailslink

    Processing details in the table below cover the personal data for which ISL Online acts as a controller as described in chapters 8-13.

    Description Details
    Purpose of processing Enabling the use of ISL Online products and services in accordance with the Terms of Service and License Agreement.
    Duration of processing Duration of contractual relationship which commences when a user account is created.
    Nature of processing
    • Storage
    • Recording
    • Retrieval
    • Collection
    Types of Personal Data processed
    • Names (optional)
    • Email address (optional)
    • IP addresses
    • Device information
    Data retention

    Most personal data is collected for as long as is necessary to fulfil the purpose of processing under which it was collected.

    Certain personal information is kept for a longer period to comply with European and local legislation.

    Please note that this table provides a general overview of the processing details for personal data for which ISL Online acts as a controller. The specific processing details may vary depending on the individual case and the context in which the personal data is collected and used.

  5. Childrenlink

    We believe that children have no need for our software, and therefore, we do not verify age or obtain parental or guardian consent for any data processing activity. ISL Online software does not contain age-sensitive material, nor should it pose any risk to children.

  6. Data Protectionlink

    ISL Online Headquarters (XLAB d.o.o.) holds the ISO/IEC 27001:2022 certificate, which demonstrates our commitment to information security. We use the globally recognized ISO 27001 standard as a framework for implementing our information security management systems (ISMS), which helps us keep information assets secure.

    All our servers have disk encryption and are exclusively managed by the controller's OPS team (system administrators and other privileged access users). Data is encrypted both at rest and in transit. We have physical and logical access procedures and controls in place, and we conduct training for our employees and contractors to ensure compliance with our data protection and privacy policies.

    We employ the latest technologies and administrative procedures to safeguard your personal data. ISL Online servers are hosted by professional, industry-proven data centers with modern facilities and equipment such as redundant or backup power supplies, redundant data communication connections, environmental controls (e.g., air conditioning, fire suppression), and security devices.

    ISL Online's master servers, which hold the data for which ISL Online acts as a Controller, are located within the European Union in ISO 27001-certified data centers. Session metadata for which ISL Online acts as a Processor is replicated across our worldwide network of servers and gets processed in a location selected by our load balancing system, which includes locations outside the EU. Server locations are shown here: About Us.

    If you wish to have full control over server locations and data transfer, consider setting up a Server License (ISL Online service is hosted on your server(s) and managed by you) or using a Managed Private Cloud solution (ISL Online service is hosted on servers selected in accordance with your preferences and managed by ISL Online professionals).

  7. Website Visitorslink

    When you visit our website, we collect a limited scope of personal data transmitted to us by your browser. This helps us provide the service and improve the user experience. Data collected consists of your IP address and metadata (such as timestamp), technology used (operating system, browser, etc.), referrals (website from which the request comes), language, and the country of origin.

    In addition, your IP address is collected by our systems for security reasons to detect anomalous activity. Anomalous activity includes, but is not limited to, DNS attacks, scam detection, and other activities that could compromise the security or availability of our systems. Browser metadata, language, and country of origin are used to serve the correct version of our website based on your location and language preference. Referral addresses, if obtained, are used by ISL Online to understand where the traffic is coming from.

  8. Registrationlink

    If you decide to sign up for a free trial of the ISL Online software, we will ask you to provide the following personal information:

    • Email address
    • Username
    • Full name

    You are only required to provide your email address during the registration process. We process this information to fulfill the contractual obligation. The username is chosen by you and can be used as an alternative to an email address when logging into ISL Online products and services. The full name is optional and can be specified to personalize the user experience when using ISL Online products and services.

    For billing purposes, we also ask you to provide the name of the company, address, phone number, and similar information, which will be needed if you decide to buy a license. You can review and change this information at any time (log in to My Account > License > Change Information).

    Based on your country of origin and the cookie information, your account information may only be processed by the ISL Online Headquarters, our subsidiaries, or Authorized Partners who have signed information sharing agreements with us. These processors have access to the personal data needed only to perform their customer care functions related to ISL Online's products and services and may not use it for any other purpose. You have the option to choose your preferred point of contact at any time (log in to My Account > License > Change Local Partner).

  9. Notifications and Newsletterlink

    We use internal systems to deliver important system messages and news about the ISL Online products and services to you. Once you sign up for the ISL Online software, we advise you to subscribe to the following two notification types:

    • Automatic Email Notifications (AEN): These are automatic notifications related to your ISL Online account status. For example, our systems will automatically send a message to your email address to notify you when your account expires.
    • Newsletter: Approximately once a month, we send out a newsletter to notify you of important product or service enhancements, security announcements, or other information we consider relevant to our users.

    When you subscribe to Automatic Email Notifications or the Newsletter, we will send emails to the email address specified in your account. You can change your subscription preference at any time (log in to My Account > My Profile > Change Subscription).

  10. Additional Featureslink

    Some organizations may decide to enable additional features provided by ISL Online to enhance their remote desktop sessions, for example:

    • ISL Pronto, which is a text-chat solution that can be published on their website, allows Clients to join a remote support session directly from the respective websites.
    • End-of-Session dialogs, which pop up for Operators or Clients once the remote desktop session is finished for the purpose of collecting users' feedback.
    • Integration into third-party solutions, such as service desk or ticketing products, CRMs, ERPs, and other enterprise systems.

    Enabling such additional features may result in collecting text messages (the transcript of the chat between the Operator and the Client) and different free-form inputs related to a remote desktop session and storing this data on ISL Online servers alongside metadata. Chat transcripts are available to Operators and Administrators of the respective organizations.

    ISL Online implores users to be careful when entering personal or confidential data into session chats, end-of-session dialogs, and other places which allow unmoderated user input. This information becomes a subject of data processing; however, it is technically infeasible to exercise your data subject rights upon such data.

    In the case of the integration of ISL Online software into third-party solutions, the chat transcript may be transferred to service desk or ticketing products, CRMs, ERPs, or other enterprise systems. We do not control the personal data collected and managed by these enterprise systems. We recommend that you contact the enterprise system providers directly for their privacy and data sharing policies.

  11. Billinglink

    When an organization decides to purchase ISL Online licenses, those licenses are assigned to a specific ISL Online account. These accounts are normally managed by Administrators (license owners). During the purchasing process, we will collect the information needed for billing and order processing purposes, which may include your name, company name, company address, email address, and telephone number. We will keep purchase orders and invoice records as long as requested by tax authorities. Please refer to the Terms of Service for details.

  12. Customer Supportlink

    When you contact our service desk via live chat, email, or phone, we may collect your email address, your name, and your telephone number to respond to your inquiry. Your message will also be stored and might be shared with our Authorized Partners to provide prompt and localized customer service to you. Any personal data and other information intentionally or unintentionally provided by you while communicating with our support staff will be processed by us based on our legitimate interest in fulfilling your support request.

  13. Product Uselink

    When you register for a free trial, your account will be activated for product use. Upon registration and all subsequent successful login attempts, we will collect your IP and MAC addresses for auditing and licensing purposes.

    Once logged into your account, ISL Online allows you to establish a remote desktop session with a remote computer or mobile device. The session may include different services such as text-chat, screen sharing, video call, and file transfer.

    All remote desktop sessions are encrypted using symmetrical AES 256-bit keys. A secure SSL end-to-end tunnel is established between a local and a remote computer or device. This means that even the ISL Online servers cannot decrypt the content of the sessions but only transfer packets from one side to another. This means that we do not collect any personal data transmitted during remote desktop sessions.

    We use proprietary geoDNS algorithms to distribute sessions to the nearest servers available. This means that users from a particular country are most likely to be connected through one of our servers hosted in that country (if any of our servers are in that country). For example, UK users will be almost certain to connect through our UK servers, German users will be almost certain to connect through our German servers, etc.

    However, we do collect, store, and process metadata of the remote desktop sessions. This is needed for the legitimate purpose of enabling access to the ISL Online products and services explicitly requested by you. The list of metadata stored on ISL Online's servers may include the following personal data collected from your device as well as the device to which you are connecting.

    From your device / pertaining to you, we may collect the following:

    • Username
    • Email address
    • IP address
    • MAC address

    From the device you are connecting / pertaining to the person you are supporting; we may collect the following:

    • IP address
    • MAC address

    In addition, ISL Online engages certain third parties while providing our products that allow us to provide a stable and secure service. More information on them is available in chapter 17.A - "Service Provisioning" as well as within the Data Processing Agreement (DPA). Third parties we engage may collect the following:

    • IP address

    ISL Online processes the personal data of the people you are supporting upon your request and according to your instructions, thus ISL Online assumes the role of data processor. A data processing agreement (DPA) is available to you once you log in at islonline.com under the "My Profile" section.

    A detailed list of basic session parameters (metadata) is available in our Security Statement.

  14. Transfer of Personal Data to Third Countrieslink

    ISL Online utilizes a grid of servers worldwide to provide our hosted service. A distributed data allocation allows us to guarantee 24/7 availability and reliability of the remote desktop software as a service around the globe.

    When transferring (personal) data outside of the European Union, ISL Online uses the following safeguards and measures to ensure adequate protection of data:

    • All data is encrypted in flight and at rest, with ISL Online being the only entity to possess the encryption/decryption keys;
    • ISL Online has obtained and maintains the ISO 27001 certification;
    • In cases where data export to a third country is not covered by an Adequacy Decision, ISL Online relies on Standard Contractual Clauses signed with selected providers.

    You can request information about the data stored about you via the contact details provided in Chapter 3.

    In addition, the third parties which ISL Online engages while providing our product will process certain personal data (see Chapter 14). The third parties are described in detail in chapter 17.A - "Service Provisioning" as well as in the DPA.

    ISL Online has taken measures available to us to minimize the scope of data shared with third parties and to prevent it from being transferred outside of EEA or to countries without adequacy decisions. In cases where that is not possible, ISL Online relies on Standard Contractual Clauses signed with those third parties.

  15. Cookieslink

    Our websites use cookies, which are small text files that are placed on your computer upon your visit. Cookies are widely used to allow websites to work, or to work more efficiently. Besides the essential and functional cookies that are either required for the service to work correctly or improve the user experience, ISL Online uses some third-party cookies, which you can opt out of. Please refer to our Cookies Policy for more details.

  16. Third Partieslink

    • Service Provisioning

      ISL Online engages certain 3rd parties while providing the Hosted Service to our end-users. Those parties are essential and are engaged solely in the context of service provision. They are described in more detail in the DPA available to our customers ("My Account" - "My Profile" - "DPA"), however they fall into 3 main categories:

      • Data Centers- (physically) hosting the nodes of ISL Online's grid providing the Hosted Service. They store and manage encrypted data. Since they provide network connectivity to the servers, they will process the IP address of the Operator and the Client connected to a remote desktop session.

      • STUN/TURN/ICE- providers that support the "Direct Connection" feature of ISL Online. Third party (TURN/STUN) servers allow the Operator and the Client to discover each other and establish a direct connection between them, rather than the connection being handled via ISL Conference Proxy servers (ICP). Since they provide IP discovery capabilities, they will process the IP address of the Operator and the Client trying to establish a remote desktop session.

      • IP Quality and reputation- services used by ISL Online in the session establishment process to obtain additional information about a potentially suspicious IP address trying to establish a session. Sessions deemed as "high risk" according to our internal security algorithms are dropped to protect our customers. They will process the IP address of the Operator and the Client provided to them by ISL Online for further verification.

    • Web Protection

      • Cloudflare

        Cloudflare is used by ISL Online to protect its website from abuse and malicious actors. ISL Online uses the following services provided by Cloudflare: “Cloudflare Load Balancer session affinity” and “Cloudflare Rate Limiting”. More information can be found at the following address: Cloudflare Cookies.

        Contact information: privacyquestions@cloudflare.com

    • Web Analytics

      • Google Analytics

        Google Analytics is used by ISL Online to track specific page usage on our website and consequently optimize webpage layout and workflow. Google Analytics is used in the anonymized mode, which means that the last octet of an IP address is removed to prevent user identification. More information can be found in Google's Privacy Policy.

      • Google Tag Manager

        Google Tag Manager is used by ISL Online to support the usage of Google Analytics. The Google Tag Manager system itself does not collect any user information. More information can be found in Google's Privacy Policy.

        Contact information: Privacy Inquiry form

      • Leadfeeder

        Leadfeeder is used on ISL Online webpages to identify organizations visiting our websites. Visitor IP addresses are processed to detect company and geographic location. All visit data is aggregated on the company level by Leadfeeder with residential IP addresses being discarded More information can be found in LeadFeeder's Privacy Policy.

        Contact information: privacy@dealfront.com

    • reCAPTCHA

      reCAPTCHA is used by ISL Online to protect our websites from abuse. It uses advanced risk analysis techniques to tell bots and humans apart. More information regarding reCAPTCHA can be found here: https://developers.google.com/recaptcha/. ISL Online uses reCAPTCHA with www.recaptcha.net domain.

    • Third Party Services

      To provide the services and improve our official websites, we may engage the services of third-party vendors, such as Vimeo, YouTube and Google Maps. In the process of supplying such website services through our official website, these third-party vendors may collect your IP or other information provided by your browser.

      Besides disabling third party cookies, it is beyond the control of ISL Online to determine and dictate in what way the third parties will store and handle your personal data. Requests to exercise your rights in regards to personal data processing should be directed directly at the respective third parties.

    • Blog

      Beside the official websites, we use a blog to publish the content created by us. The blog is hosted by WordPress.com, which offers features like "Subscribe to blog" and "Reply to a blog post". We do not control the personal data collected and managed by these blog features. If you wish to use these features and have any concerns, we recommend that you contact WordPress.com directly for their privacy and data sharing policies.

    • Links to Other Websites

      Our official websites contain links to other websites. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation to that third party. We do not exercise control over third party websites. We recommend that you contact those websites directly for their privacy and data sharing policies.

    • Public Authorities

      Under certain circumstances it may be necessary for us to disclose your personal information to relevant Public Authorities to comply with a legal obligation, court order or in response to a valid request by Public Authorities. Our legal team reviews all requests for data access to ensure they comply with applicable legal requirements.

  17. Managed Private Cloudlink

    For organizations that prefer using a cloud solution but also want complete control over the locations of the ISL Online servers hosting their data and remote desktop connections, we offer a special plan called Managed Private Cloud (MPC). This option allows users to enjoy all the advantages of cloud computing in a PRIVATE cloud environment, without the need to invest in hardware or human resources (sysops) for setting up, configuring, monitoring, and maintaining the system. The Managed Private Cloud ensures a higher level of data privacy and control, catering to the specific needs of your organization.

    By choosing the Managed Private Cloud plan, you can benefit from the following:

    • Dedicated, private ISL Online cloud infrastructure tailored to your organization's requirements.
    • Enhanced security and compliance with your organization's data protection policies.
    • Complete control over the server locations hosting your data and remote desktop connections.
    • Customizable performance and scalability to meet your organization's growth and demands.
    • Reduced investment in hardware and human resources for managing the system.

    If you are interested in the Managed Private Cloud plan or need more information, please Contact Us for details. Our team will be happy to assist you in finding the best solution for your organization's needs.

  18. Self-Hosted Solutionlink

    For security-sensitive organizations, such as banks, national agencies, or corporate environments, we offer self-hosted models (Server License, Private Cloud). With these models, the ISL Online system is installed on the server(s) hosted by the organization itself. In this case, all remote desktop connections are established through the server(s) controlled by the organization.

    As the self-hosted installation is a stand-alone system, where all data (including metadata) remains within the closed corporate environment, the organization is responsible for the administration of the server(s) and for protecting the personal data of their users (Operators and Clients). If you are using a self-hosted system and have concerns, inquiries, or requests related to your personal data, you need to contact the Administrators of the respective organizations.

    ISL Online helps organizations using our self-hosted system meet personal data protection requirements by tailoring the ISL Online products to their needs. The benefits of a self-hosted solution include:

    • Complete control over data and remote desktop connections within the organization's secure environment.
    • Enhanced data security and compliance with the organization's data protection policies.
    • Customizable performance and scalability to meet the organization's growth and demands.
    • Reduced reliance on external cloud infrastructure providers.
    • Full responsibility for server administration and personal data protection.

    If you are interested in a self-hosted solution or need more information, please Contact Us for details. Our team will be happy to assist you in finding the best solution for your organization's needs.

  19. Anonymization and Pseudonymizationlink

    At ISL Online, we prioritize the privacy of your personal data. We minimize the collection of personal data and focus on anonymizing most of the data we collect, stripping it of any identifiable information. This ensures that it is impossible to derive insights about a specific individual. However, for the personal data we do collect and store, we may employ pseudonymization:

    • Upon your explicit request, or
    • According to set retention periods.

    You have the right to be forgotten. Pseudonymization is a data processing method that transforms personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information. This additional information is kept separately, ensuring that your personal data is rendered nearly impossible to reidentify.

    We use reasonable efforts and deidentification techniques to pseudonymize your personal data. For organizations using our self-hosted systems, we provide pseudonymization support tools to Administrators. This allows organizations to maintain a high level of privacy and comply with data protection regulations while using our services.

  20. Previous Product Versionslink

    This Privacy Policy is based on the ISL Online products version officially available in the "Downloads" section of our official website as of the effective date of this Privacy Policy or later. It may not apply to previous versions or beta versions of our products. If you are using an earlier version of our products, we recommend upgrading to the latest version to ensure that your experience aligns with the data protection practices outlined in this Privacy Policy.

  21. Your Rightslink

    As a data subject whose personal data we process, you have the right to:

    • Know which types of personal data we have in our possession, how we obtained it, how we protect it, and how we process it.
    • Request a copy of your personal data in our possession.
    • Rectify or complete any incorrect or incomplete parts of your personal data in our possession.
    • Request the erasure of your personal data in our possession.
    • Restrict the processing of your personal data in our possession or object to it.
    • Request the transmission of your personal data to a third party.

    If you have any concerns, you can lodge a complaint directly with us via the contact details provided in Chapter 3 or with a relevant data protection supervisory authority:

    • Information Commissioner of the Republic of Slovenia
    • Dunajska cesta 22
    • SI-1000 Ljubljana

  22. Contact Uslink

    If you have any additional questions or concerns about the collection and processing of your personal data, please do not hesitate to contact our Data Protection Officer at the following email address:

    Our Data Protection Officer will be happy to assist you with any inquiries you may have regarding your personal data and its processing.