Last Updated on October, 14 2020
1. INTRODUCTORY INFORMATION
EFFY is a registered trademark of GET EFFY, Lda.
EFFY respects your privacy and thoroughly protects your personal data.
In this Personal Data Protection Policy (henceforth ‘Policy’), we define the methods of personal data collection, their purpose, security measures, with which personal data are protected, persons, with whom we share them, and your rights concerning the protection of your personal data.
This Policy affects:
· All users of our website (henceforth ‘website’) and its corresponding mobile version
· Ordering and performing subscription contracts for services provided by EFFY
· Registration to notifications about insights, news and updates, product news or events (EFFY E-mail Marketing)
· The use of any technical support or services offered by EFFY
2. DATA CONTROLLER
This Policy is used for all personal data that GET EFFY, Lda., Av. da Liberdade 615, 1º, 4710-251 BRAGA, Portugal (henceforth ‘EFFY’, ‘we’, ‘us’) collects.
As a data controller, EFFY is responsible for the processing and storage of your personal data. If you have any questions about the use of this Policy or about the rights you can exercise arising from this Policy, contact us in any of the following ways:
· Av. da Liberdade 615, 1º, 4710-251 BRAGA, Portugal, with the addendum ‘Personal data protection’
In relation to users of the services that it provides, EFFY is a contractual controller.
3. DEFINITION OF TERMS
A list of terms from this Policy and their explanations can be found in this section. The purpose of each term listed below is defined in this Chapter.
Personal data means any information relating to an individual that can be used to identify that individual (e.g. first name, last name, e-mail, telephone number).
Controller means the legal person which determines the purposes and means of the processing of your personal data.
Processor means a natural or legal person which processes personal data on behalf of the controller. Processing means the collection, storage, access to, and all other forms of use of personal data.
4. PERSONAL DATA PROCESSING
EFFY processes your personal data only for clearly defined purposes, in a secure manner, and transparently.
We acquire your personal data when you provide them (such as when you use our website, order our services, request quotes over e-mail, the phone or in writing to are physical address, or in any other way with which you provide your personal data).
We collect data from 2 types of users, end customers and third-party intermediaries – our partners.
Customers and third-party intermediaries can always exercise their right to request access to, correct, amend, delete, port to another service provider, or object to certain uses of your personal data. Customers and third-party intermediaries are generally over 18 years old.
4.1 Types of Personal Data Collected
EFFY can collect the following information or types of information:
· Basic personal data (first and last name, address and billing address),
· Basic contact data (telephone number, e-mail address),
· Basic data about the company you work for (company name, your role in the company, No. of employees),
· Payment details,
· How and when you access your account and the EFFY platform, including information about the device and browser you use, your network connection and your IP address.
· Information about sessions you initiate,
· ID and type of vehicle.
EFFY follows the principle of data minimization as provided by legislation, which is why we collect only data appropriate, relevant, and limited to what is required for purposes for which they are collected. The purposes for which we collect personal data are defined in chapter 4.3 of this Policy.
4.2 Legal Basis for the Collection and Processing of Personal Data
We collect and process certain types of data on the base of contractual agreement. This mainly applies to processing data operators (instance owners) data that are entrusted to us through Admin accounts in the EFFY ecosystem.
In accordance with personal data protection legislation, we may process your personal data on the following legal bases:
· Where the processing of your personal data is necessary to perform a contract, you’ve entered into
· Where you’ve given your consent to the processing of your personal data for a particular processing purpose. You always have the right to withdraw your consent.
· For instance, creation and setup (contact name, company, company address, billing address, email).
· For invoicing (contact name, company, billing address, e-mail).
· For messaging for informational purposes (insights, new products and services, new features and releases, updates, upgrades…).
· For provision of support (instance owners’ data, end user data).
· Where EFFY has a legitimate interest to process your personal data (when we’re processing data based on a legitimate interest, we’ll specify that explicitly in this Policy)
· Where processing is necessary for compliance with legal obligations (such as data we store for tax-related obligations).
Scope of personal data seen by EFFY’s support:
· third-party intermediate (identification, contract terms)
· end customer’s information (identification, contract terms)
· number of end users
· uploaded documents with information
Only those personal data have to be provided that we collect based on legal requirements.
Providing personal data that we require to perform a contract is voluntary. We would like to remind you that in case you do not provide your personal data that we require to provide our services (e.g. entering into a contract), we will not be able to provide that service.
Giving consent is always voluntary and without any adverse consequences. We would like to remind you that certain services (e.g. e-notifications, targeted advertising) cannot be provided without your consent or after you withdraw your consent.
4.3 Purposes of Processing
EFFY will process your data only for specific, explicit, and legitimate purposes. We undertake to not use your personal data in ways that are incompatible with the purposes defined in this Policy.
The purposes for which we may use your personal data are defined below. EFFY may use your personal data for one or more of the defined purposes.
The purposes for which we will use your personal data are the following:
· Data on third-party intermediates: For the purposes of provide clients or partners (=third-party intermediates) with SaaS services. E.g. to confirm partner’s identity, contact, and invoicing purposes. We also use this information to make sure that we comply with legal requirements.
· Data on end customers: For the purposes of provide clients (=customers) with SaaS services, including supporting and processing sessions, risk and fraud screening, authentication. We also use this information to improve our Services.
· Communicating with you regarding the performance of our services and responding to your requests (especially notifications pertaining to our platform, responding to your requests for quotes made through online or physical forms, filling out satisfaction questionnaires).
· Entering into a contract and performing obligations from that contract. Specifically, the provision of services such as registrations and messages sent through our website. All personal data processed in relation to requests or contacts in on our website is processed with the purpose of entering into and performing contracts that you entered into with us. If you do not provide all data required to complete an order, we reserve the right to delay or cancel the answer or feedback.
· For marketing communications (such as notifications about insights, new products or services,new features, releases or upgrades of existing services or features)
· For marketing communications, based on targeted or individualized offers. The use of some personal data helps us to personalized communication with you so that it’s as interesting and useful to you as possible. Based on certain personal data, we can divide individuals into groups, enabling us to tailor the content of messages to each group. We monitor individuals’ activities when categorizing them. Marketing communication with targeted or individual offers will be conducted only with your explicit consent.
· Transmission of personal data to third parties. We will transmit personal data only to those third parties defined in chapter 6. Your data will be transmitted only when justified by our legitimate interest of ensuring a safe and legitimate business and the performance of legal obligations (such as tax-related obligations, which may include transmitting your personal data to tax authorities). An exception is our contractual partners used for the purpose of remarketing. In this case, we will transmit your personal data only with your explicit consent.
· In relation to any legal claims or for the resolution of disputes. During the course of protecting our business and exercising and/or protecting our rights, personal data may be disclosed. Your personal data will be disclosed only in the manner and under circumstances defined by the law.
· For statistical analyses. To improve the user experience, we conduct analyses of the use of our website, which is our legitimate interest of maintaining and/or improving our business success. You have the right to withdraw your consent for any processing of your personal data at any time. You can communicate the withdrawal of your consent to any of the contacts listed in Chapter 2 of this Policy.
4.4 How Long We Store Your Personal Data
We store your personal data in accordance with applicable legislation and (i) only for as long as it is necessary to achieve the purpose for which the data is processed, or (ii) for a period prescribed by law (such as 10 years for storing issued invoices), or (iii) for a period that is necessary to complete a contract, which includes warranty periods and periods during which any claims can be made based on the concluded contract (e.g. 5 years after the end of the contractual obligations).
Personal data acquired based on your consent is stored permanently or until you withdraw your consent (you can read more about how to withdraw your consent in Chapter 9 of this Policy). Data collected based on your consent will be deleted even before you withdraw your consent if the purpose for which the data were collected has been achieved.
Personal data for which the storage period has expired (e.g. because the purpose for which they were collected has been achieved, or because the legal deadline has been reached) will be erased, destroyed, or rendered anonymous to prevent the personal data from being reconstructed.
If you need more information about the storage periods of your personal data, please use one of the contacts listed in Chapter 2 of this Policy.
5. PERSONAL DATA PROTECTION
EFFY has taken the appropriate technical and organizational measures to protect your personal data, especially:
· Regular and effective upgrades to software and hardware where your personal data is stored
· Securing access to personal data
· Backup creation
· Training of employees who are responsible for the processing of personal data
· Informed and thorough decision-making when selecting the processors of your personal data
· Monitoring employees and other processors of your personal data, including conducting audits
· Control and adequate action in the event of a security breach, with which we prevent or limit the damage to personal data
EFFY protects your personal data from illegal or unauthorized processing and/or access, and from unintentional loss, destruction, or damage. All measures we take are within our technical capacities (including the costs of taking certain measures) and at the discretion of the effects they have on your privacy.
In the event of a personal data breach, EFFY will inform the competent supervisory authority about the breach without hesitation. The supervisory authority in Europe is the European Data Protection Supervisor,agency within each European Union country that is responsible for GDPR (General Data Protection Regulation) assistance and enforcement.
In the event a suspicion that a criminal act was committed, EFFY will also report the breach to the police.
In the event a personal data breach occurs that could pose a great risk to the rights and freedoms of data subjects, EFFY will inform you of such breach immediately.
6. TRANSFERRING PERSONAL DATA
Your personal data – for the expressed purpose for which they were collected – can be transferred, consulted or access to certain third parties listed below. Each user with whom we share the personal data may process the data only for the purposes for which they were collected. Additionally, all users are required to follow applicable legislation and the provisions of the Personal Data Protection Policy.
Your personal data can be transferred to:
· Business partners that help us provide certain services, such as advertising and marketing agencies. For remarketing purposes, we use Google AdWords and Google Analytics, LinkedIN, Instagram, Twitter and Facebook Ads, which help us show you relevant advertisements. For e-mail newsletters and notifications, we use Mailchimp service and for ensuring the adequate support as well knowledge base, we use Hubspot CR .
· Other contractual partners that provide services to EFFY.
· Partner companies that help us provide our services.
· Conform to legal requirements, or to respond to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).
· Prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service or any other agreement related to the Services, or as otherwise required by law.
· Personal information may also be shared with a company that acquires our business or the business of a merchant whose store you visit or access, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding.
Your personal data may be transferred to third parties (listed above) outside of the European Economic Area (EEA), where these data can be processed by us or third parties. For each transfer outside of the EEA, we’ll take additional steps to ensure the security of your personal data.
Such steps include agreements with third parties about creating binding personal data protection rules, verification of the existence of approved certification mechanisms in line with our personal data protection standards, and defining contractual provisions that cover personal data protection.
WHAT ARE COOKIES?
Cookies are small text files that most websites store on devices with which users access the Internet. They are designed to recognized individual devices that users used to access a website. Their storage is completely controlled by the user’s web browser. Users can freely restrict or block the storage of cookies. Cookies are not harmful and always expire.
WHY ARE THEY USED?
Some examples on how cookies are used:
· Improving the user experience of a website by adjusting the way content of the website is displayed based on past visits
· Storing choices, the user made when displaying a selection of devices and offers, and displaying comparisons
· Recognizing your device (computer, tablet, smartphone), which allows us to adjust how the content is displayed to fit the device.
· Tracking visits, which allows us to check how effective the content we display is, to make sure ads are relevant, and to continuously improve our websites.
1. STRICTLY NECESSARY COOKIES
Necessary cookies enable the use of components necessary for the website to function correctly. Without these cookies, the services that you’d like to use on this website wouldn’t work correctly.
2. PERFORMANCE COOKIES
These cookies collect data on how users behave on the website in order to improve the performance component of a website (e.g. which content on our website you visit most often). These cookies do not collect information which could identify the users. They ensure that using the website is a pleasant experience.
3. FUNCTIONALITY COOKIES
These cookies enable the website to remember some of your settings and choices (e.g. language, region) and enable advanced, personalized functions. These cookies may allow your actions on the website to be tracked.
4. ADVERTISING OR TARGETED COOKIES
These cookies are most commonly used by advertising and social networks (third parties) with the goal to show you more targeted ads, reduce repetition of ads, or measure the effectiveness of advertising campaigns. These cookies enable your actions on the Internet to be tracked.
For more information about the options available for each browser, we recommend you to check their settings.
· Internet Explorer 9
· Internet Explorer 7 and 8
Using cookies allows us to adapt online content to make it more attractive to individuals. Additionally, we conduct website use analyses which allow us to improve and edit our website to make it more userfriendly.
Some cookies are strictly necessary, because our website couldn’t work without them, whereas you can refuse all other cookies. We use strictly necessary cookies to store statistical data about the use of our website and to store information necessary for contact forms available on our website.
In addition to strictly necessary cookies, we use other cookies that allow us to get to know our users better and to provide you with targeted advertising on the basis of the data we collect. Refusing cookies can cause certain content or functions of the website to not function properly (especially features that allow the website to adapt to the interests of the user).
Overview of all cookies:
In addition to first-party cookies, we use the following third-party cookies: Google Analytics, Google Search Console, Google Tag Manager, Google Data Studio, Google AdWords, Display Advertising extension for Google Analytics (all listed cookies by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA), LinkedIN (all listed cookies by LinkedIN Corporation, Silicon Valley, Sunny Valley, CA, USA) Instagram and Facebook Custom Audience in Facebook remarketing (by Facebook Inc, 1 Hacker Way, Menlo Park, CA 9420), Twitter (all listed cookies by Twitter Inc, 1355 Market St #900, San Francisco, CA 94103, USA)
· You can refuse all third-party cookies listed above or delete them from your browser at any time.
We want to remind users that the service providers listed above may collect certain personal data, which is not connected to the data collection done by EFFY. Any such independent personal data collection is not covered by this Policy, but is covered by the privacy policies of each cookie provider.
You can read more about personal data protection for third-party cookies in the privacy policies of each third-party cookie provider:
8. WEB PLUGINS AND ACCESS TO SOCIAL NETWORKS
Our website uses the YouTube plugin (controller YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA), while YouTube is controlled by Google. If you visit our website’s content that contains a YouTube plugin, a connection with YouTube’s servers is established, which means that YouTube is made aware of your visit to our website.
More about how YouTube handles user data can be found on their website.
EFFY assumes no responsibility for any activities related to social media.
9. RIGHTS OF DATA SUBJECTS
You have the following rights in relation to the processing of personal data:
· Access to personal data: You can request information from EFFY about whether they process your personal data. If they do, you can request access to your personal data and information about the processing (which data is being processed and where the data come from).
· Rectification of personal data: You can request that EFFY rectifies or amends imperfect or inaccurate data about you which is being processed.
· Restriction of processing of personal data: You can request that EFFY limits the processing of your personal data (e.g. when the accuracy or completeness of your personal data is being verified)
· Erasure of personal data: You can request from EFFY that they erase your personal data (we cannot erase those personal data that we control due to legal obligations or based on a contractual relationship).
· Copy of personal data: You can request from EFFY that they provide a copy of the personal data that you sent in a structured, commonly used, and machine-readable format.
· Withdrawing consent: You have the right to withdraw your consent about the use of personal data that we collect and process with your consent at any time. You can withdraw consent in any way listed in Chapter 2 of this Policy. Withdrawing consent has no drawbacks, but it is possible that EFFY will not be able to provide certain services to you after you withdraw consent.
· Objecting to processing of personal data: You have the right to object the processing of your personal data when the purpose of the processing is direct marketing or transferring your personal data to third parties with the purpose of direct marketing. Additionally, you can object the processing when your data is being used with the purpose of indirect marketing with the use of personalized or individual offers (profiling). You can communicate your objection in any way listed in Chapter 2 of this Policy.
You can exercise all your rights by contacting us through any channel listed in Chapter 2 of this Policy. Additionally, these contacts are available to you if you need any additional information regarding your rights.
You have the right to lodge a complaint against us with European Data Protection Supervisor, which is the supervisory authority for personal data protection in Europe.
EFFY ensures that the personal data being processed is up to date and complete. Please communicate any changes of your personal data to firstname.lastname@example.org. We will correct or amend your personal data as soon as possible.
EFFY reserves the right to request certain personal data (e.g. first name, last name, e-mail address) when you exercise any of your rights from this chapter to facilitate the identification of the data subject.
10. FINAL PROVISIONS
EFFY reserves the right to change this Policy. If any changes do occur, we will notify you about that in advance. You agree to the new version of this Policy if you continue using our website and other services defined in this Policy after a new version of the Policy is published.