It’s important to say that Convify acts both as a Processor and Controller Based upon the provenience on the data it handles:
We control and process Customers’ Personal Data;
We only process data controlled from the customer, like the list of customers’ contact data Clients may import or upload to Convify.
To be able to prevent confusion, the term of”Controller” should only be applied to the Client, unless we specify otherwise: “Convify behaving as a data Controller.”
You can learn more about Convify duties and obligations as a Processor or Controller in that our GDPR compliance record , or below within this Policy (see 4. Data Controller and Data Processor).
This Policy also explains what measures we take to ensure Personal Data security and how you can access, edit or permanently delete such information.
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is somebody who could be identified, directly or indirectly, in particular with regard to an identifier such as a name, an identification number, place data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person.
“Data subject” signifies the individual to whom Personal Data joins.
“Consent” of the data subject means any freely given, specific, informed and unambiguous sign of the data subject’s wishes by which he or she, by a statement or with a clear affirmative action, suggests Convify to the processing of Personal Data about him or her
“Processing” means any operation or set of operations which is performed on Personal Data or on places of Personal Data, whether or not by automatic methods, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction.
“Controller” means the natural or legal person, public authority, agency or other body that, independently or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of these processing depend on Union or Member State law, the controller or the specific criteria for its nomination may be provided due to Union or Member State law.
“Processor” means a legal or natural person, public authority, agency or other body which processes Personal Data on behalf of the control.
“Third-party” means a legal or natural person, public authority, agency or body apart from the data subject, controller, chip and individuals that, under the direct authority of the controller or processor, are authorized to process Personal Data.
“Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
2. Data we collect and/or procedure
2.1. Personal Data we collect and procedure:
Client Personal Data: When registering and using the Service we may ask you to supply us with certain Personal Data that may comprise:
First name and last name
Location (state or town )
You may decline to discuss certain Personal Information , in which case you will not be able to sign up and use the Service.
Data Controlled by Client: whilst using the Service, then you might import or upload into your account lists containing your customers’ Personal Data. When uploading or importing your clients’ Personal Data to the Service, we may ask you to Supply the following information:
Client’s email address
Client’s first name and last name
Customer’s business name
Customer’s location (state and/or city)
The Service has no direct connection with a Client’s Data Subjects (in this case, customers), and each Client, in their role as Data Controller, is exclusively responsible for distributing their Data Subjects about the reason behind the group of the Personal Data and how this data is processed in or through the Service.
2.3. Personal Data from Other Sources.
We may also collect Personal Data using different opt-in types such as:
Ebooks download forms
Newsletter sign up kinds
Meeting and telephone scheduling kinds
While filling out some of the types listed here, we might ask you to provide your email address, full name, telephone number, company name, title or location (country and/or city).
2.4. Non-Identifiable Data (“Log Data”).
We may also gather information that the Client’s browser automatically sends whenever they see our services. This is called”Log Data”, and it might consist of details such as the Client’s operating system, browser type, browser version, the visited pages of this Service, the time and date of the trip, time spent on these pages along with other statistics.
Additionally, we can use third-party providers (see 7.1. Service Providers) that collect, track and analyze this type of information in order to boost our Service’s performance.
We don’t connect this automatically-collected data to Personal Data.
3. Cookies and remarketing
4. Data Controller and Data Processor
The Service does not own or control the use of some of their Personal Data imported by the Client, which is controlled by the Client and processed by the Service based on the exact instructions given in this Policy (see 5. The way we share Personal Data). Just the customer can access, retrieve and control using the information they upload/import. Convify isn’t mindful of exactly what Personal Data is being stored or made accessible by a Client to the Service and doesn’t directly get such data except as authorized by the customer, or as required to supply services to the customer.
Considering that the Service doesn’t collect or restrain using any Personal Data contained in a Client’s accounts, and because it does not determine the purposes for which and the way such Personal Data is collected or the uses of such Personal Data, the Service isn’t behaving as a Data Controller for Clients’ Data Topics concerning the European Union’s General Data Protection Legislation (Regulation (EU) 2016/679, hereinafter”GDPR”)) and does not have the related duties under the GDPR. The Service must be considered only as the Processor of Personal Data, imported or uploaded from the customer, which is subject to the requirements of this GDPR. Except as specified in this Policy, the Service does not independently decide to move or make available Personal Data imported or uploaded from the Client to third parties.
Convify handles two types of information: Customers’ Personal Data, and the Personal Data that’s controlled by uploaded and Clients or imported to the Service. How we use any of the Personal Data we collect and/or procedure:
5.1. How we use Personal Data as Controller:
As a Controller, we gather and process our Clients’ Personal Data.
Operations and Improvements: We use the Customers’ Personal Data we collect to examine the way the Service is used by the Client, and identify trends and tastes of our customers, which permits us to enhance the Service and create new functionalities.
Communication: We may utilize Client Personal Data to contact them with newsletters, promotional or marketing materials, and other information which may be of interest to the customer. The customer may opt out of receiving some, or all, of these communications by following the directions included in such communications or by calling us (see section 16. Contact Us) and asking to opt them out. Please be aware, however, that throughout your subscription period you may be not able to opt out of certain service-related communications, including, but not restricted to, security-related alarms, important Service upgrades, change of ownership statements.
Support: We can use Client Personal Data to respond to questions, requests or queries and send updates about the Service.
As a Processorwe procedure Personal Data commanded by our Clients.
Send polls on behalf of their client: Convify requires access to Personal Data imported or uploaded by the customer in order to identify respondents and send surveys (email or web surveys). Personal Data will also be used to connect respondents’ feedback to some specific data topic and display the response in the Client’s account.
Allow direct Clients-customer communication: Convify requires access to Personal Data imported or uploaded from the Client to give them the possibility to start and followup on email conversations inside the Client’s account.
Troubleshooting: we might call for special Personal Data for Tracking only based and also for the purposes specified in this Policy. Information Access, Correction, Deletion and Opt-Out
6.1. The Service provides the Client the chance to review and edit the Personal Data which was provided to us by Registering for the Service.
The customer can update or fix the Personal Data at any time by obtaining the account settings page on the Service. Please note that if any modifications the Client makes will be reflected in active user databases instantly or within a reasonable time period, we may retain all of the information the Client submits for backups, archiving, avoidance of fraud and misuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably think that we have a legitimate reason to do so.
Although most changes may occur immediately, data may still be saved in an internet browser cache. We take no responsibility for stored information in the Client’s cache, or from different devices that may store information, and disclaim all liability of such.
Permanently deleting Personal Data is a process that must be managed by our team. We will acknowledge your deletion request within seventy-two (72) hours and then manage it promptly, and when required by legislation. We will keep Clients’ Personal Data for so long as their account remains busy so as to provide our solutions, and we might retain a customer’s Personal Data for up to ninety (90) days after they’ve continued their subscription to the Service, to ensure that no data created and accessed via the Service is lost and could be accessed by the customer at registration renewal, unless asked to delete Personal Data at subscription delivery. We will retain and use the customer’s Personal Data as necessary to comply with our legal obligations, solve disputes and enforce our agreements.
The customer may decline to share certain Personal Data , in which case we might not be able to present the performance of this Service to them.
6.2. Data Processing Opt-Out. We might provide the customer with the chance to”opt out” of having the Personal Data used for certain functions. If the Client decides to go out, we may not be in a position to supply the performance of this Service to the Client.
At any time, the customer may object to the processing of the Personal Data, on valid grounds, except if otherwise allowed by applicable law. In the event the customer considers that their right to privacy given by the applicable data protection laws has been infringed upon, the Client can contact Convify Data Protection Officer in security@Convify.com. The Client also includes a right to lodge a complaint with data protection authorities.
7. The way we share Personal Data
We do not disclose, share, sell or move the Client’s Personal Data except in the following limited circumstances as described in this Policy.
7.1. We work with third party service providers in order to optimize certain processes within our Support like communication with users, advertising, payment processing, analytics, troubleshooting, and maintenance.
The next party services we use may have access to process Clients’ Personal Data and Personal Data commanded by Customers in order to supply their services to people. We make sure to limit the information third party services may gather from the Service and supply just what’s essential for them to function.
These third party service providers have their own privacy policies addressing how they use such information. To ensure that Clients’ Personal Data is processed and stored securely by third parties, we need every third party service provider to provide evidence of GDPR compliance, or signal a contract to ensure the confidentiality of your data.
Therefore, to have the ability to use this Service, the Client hereby agrees to provide the third party solutions we use precisely the very same rights to use and process their Personal Data that the Client affords the Service.
The Client also agrees not to hold us liable for the actions of the third party solutions suppliers, which the Client will take legal actions against them directly if they commit any illegal activities or disclose the Client’s Personal Data. Convify could be held accountable only for the reasons specified in our Data Processing Agreement.
Crisp: Our main channel of communication with users. We use it to answer users’ queries, send automatic announcements and customer lifecycle emails.
Chargebee: We use it to manage subscriptions and billing operations.
MailChimp: Employed for newsletters, digest emails, statements, and offers.
Google Analytics: Our primary source of advice about our website, site traffic origin and client behavior.
Trello: Another job management and workflow optimisation service Convify team is using.
Slack: Main team communication service. We’ve set up stations that automatically notify us of the new users’ messages, so some user private information will be shown.
7.2. Law enforcement. We may disclose Client’s own and/or regulated Personal Data if required to do so by law, in response to a legal court order, if subject to subpoena or other legal proceedings. We may also disclose Personal Data that we believe, in good faith, is essential to:
Take precautions against liability
Protect ourselves or others from fraudulent, abusive, or unlawful uses or activity
Investigate and defend ourselves against any third party claims or allegations
take care of the safety or integrity of the Service and any facilities or equipment used to make the Service available
Shield our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.
7.3. Change of ownership. We may sell or move the company (including any shares in the business ), or some other combination of its products, assets, services and/or businesses. Clients’ own or controlled Personal Data may be one of the things sold or otherwise transferred in these kinds of transactions. The Client will be notified via e-mail or a prominent notice on the Service of any change in possession or use of Personal Data, in addition to any decisions the Client may have about the Personal Data.
7.4. Testimonials. We might disclose Customers’ Personal Data such as title and business name, together with their testimonial or review about the Service, making them public. We’ll do so only after getting a written approval from the customer.
7.5. Reference for prospects. We might share the customer’s Personal Data such as name, company name and email address to prospects that require a reference regarding the Service. We will do this only after getting a written consent from the customer, and after acquiring a written promise that the prospect will use their Personal Data only once and for this specific function.
The safety of Client Personal Data is important to us, and we strive to implement and maintain acceptable, commercially acceptable security procedures and practices suitable to the character of the data we store, so as to safeguard it from unauthorized access, destruction, use, modification, or disclosure.
But, please be aware that no method of transmission over the world wide web, or method of electronic storage is 100% protected and we are unable to guarantee the absolute security of the Personal Data we have collected from the Client.
Please review that our GDPR compliance document for more details about what we do to ensure Personal Data security.
In the event that Personal Data is compromised as a violation of security, we’ll notify the customer up to seventy-two (72) hours after the breach has been discovered (unless the data is encrypted or anonymized), according to applicable law.
We will also take any needed measure to mitigate the consequences of this Personal Data Breach.
10. GDPR compliance
Please review our committed GDPR compliance page to find out more about our strategy to GDPR.
11. Data storage, processing and international transport
The Client’s Personal Data and the Personal Data that they control, which can be collected through the Service will be stored, processed or moved based on their location.
USA. If the Customer is located in the United States, the Personal Data will be saved and processed in the United States. If the Client is situated in the European Union, their Personal Data and the Personal Data they control will be processed and stored on our dedicated servers colocated in the Leaseweb data centres in Amsterdam, Netherlands.
Other Nations. The Client’s Personal Data may be transferred to — and preserved on — computers located out of your state, province, country or other governmental authority in which the data protection laws may differ than people from the Client’s authority. Please note that in order to ensure full efficiency of our processes and also to have the ability to supply you our support, your Personal Data, as well as the Personal Data you control, might be shared with third-party services which are situated in the USA or another country. We take all essential measures to make sure our third-parties comply with GDPR and can also give any other certifications to ensure a secure Personal Data storage and transfer.
12. Do Not Track Disclosure
We don’t support Do Not Track (“DNT”). Don’t Track is a taste the Clients can set from the internet browser to notify websites they do not wish to be tracked.
The Don’t Track option can be enabled or disabled by visiting the Preferences or Settings page of the web browser.
13. Links To Other Websites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
14. Children’s Privacy
Only men age 18 or older have consent to get our services. Our Service does not address anyone under the age of 13 (“Kids”).
When the Customers as parent or guardian understand their Children have provided us with Personal Data, please contact us. If we know that we’ve gathered Personal Data from children under age 13 without verification of parental consent, we will take steps to eliminate that information from our Service.
16. Contact Us
The customer can deal with any queries or comments about the Policy, Personal Data aspects, use and disclosure practices, or consent options by email at privacy@Convify.com.
For any complaints or concerns about this Policy or Personal Data, the customer must contact our Data Protection Officer by email at security@Convify.com.