Last updated: Nov 20, 2019
We’re Sovereign Net LTD, located at Craigmuir Chambers, Road Town, Tortola, VG1110, British Virgin Islands d/b/a Convertful (hereafter “we”, “us”, “our” and “Convertful”).
This Policy describes how we handle your personal data if you’re our customer under our Terms of Service (the “Main Agreement”) or a visitor of https://convertful.com/ or https://app.convertful.com/ (the “Sites”).
Your Personal Data
What we collect. We collect certain personal data about our customers and the Sites’ visitors. The types of the collected data include things like:
- contact details, such as email address, username, full name, link to a social media profile, physical address and other;
- company details, such as company name, address and registration number;
- technical data such as IP address, signup and last visit time, timezone, browser language;
- first visit information, such as visit source, UTM parameters, referral;
- payment information, such as payment method, transactional details, and tax information;
- connected websites’ data, such as name, domains, cms platform, other site settings, aggregated visits info;
- connected integrations’ data, such as integration provider, API key, username and password, other connection settings;
- created widgets’ content, display rules, used integrations and other settings;
- behavior and navigation information;
- support data such as support tickets, replies, ticket-related votes and follows, search queries, knowledge base feedbacks, role, occupation and web-related skills.
How we collect it. We collect your personal data:
- Directly when you explicitly provide it on the Sites by completing a sign up, buying, subscribing to an email list, submitting feedback, adding or editing integrations, sites or widgets, creating a support ticket or replying to it, sending us a communication, making a search query, filling a data processing agreement, or submitting any other Sites web form when you’re signed in;
- Indirectly via other people when you use services associated with the Sites. In particular:
- payment method, transactional details and tax information from payment provider located in the UK in order to process a payment and/or provide support regarding it;
- gravatar (publicly available profile image) from a provider located in the US in order to display it at your support tickets, replies and in your profile pages;
- messages, posts, and comments from Facebook, the social network (Facebook) that are located in the US or UK in order to attach this data to your relevant support ticket when this could improve the support we provide to you for this ticket;
- names of email lists, tags and other relevant data from your email service provider that may be located worldwide in order to display them in the relevant provider’s integration settings.
- Automatically as you navigate through the Sites.
How we use it. We use your personal data:
- To fulfill a contract, or take steps linked to a contract: in particular to electronically sign data processing agreement, to provide the services under the Main Agreement and/or a signed data processing agreement, to verify your identity when you sign in, to process your payments.
- Where this is necessary for purposes which are in our, or third parties, legitimate interests. In particular:
- to provide technical support for your requests;
- to improve our products and services and for this purpose to carry out researches based on your behavior on the Sites;
- to manage our relationships with you (without the use of bulk mailing), to ask your feedback or whether you want to participate in a survey;
- to provide general administrative functions and activities.
- Where you give us your explicit consent: in particular to provide you with marketing information regarding about the products and services which we think may interest you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
- For purposes that are required by law: in particular to comply with the applicable data privacy legislation, to respond to requests by government, a court of law, or law enforcement authorities conducting an investigation.
To whom we disclose it. We disclose your personal data:
- to subcontractors and service providers who assist us in connection with the ways we use personal data (as described above), in particular: cloud hosting providers which are located in the US and Germany; web developers which are located in Russia; technical and customer support services which are located in Russia; marketing and analytics services which are located in the US; email service providers which are located in the US; payment processors which are located in the UK. The subcontractors and service providers may also process such data from other countries in which they have operations.
- to our professional advisers (lawyers, accountants etc.) which are located all over the world;
- a third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
- to a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
- to regulators and government authorities in connection with our compliance procedures and obligations and to other recipients where we are authorized or required by law to do so.
Where we use it. We store your data in the US and Germany. We are based in Russia, so it will process your data in Russia and in the US. We transfer your personal data to the above-described subcontractors and services provider which are located in the US, UK, Russia, and may also process this data from other countries where they have operations. We do this on the basis of your consent to this policy and in a binding with confidentiality obligations that we have with such subcontractors and service providers.
How we secure it. The Security Measures applicable to the Services are described on https://convertful.com/legal/data-security/
How you can access it. You can access most of the personal data that we collect about you by logging in to your account. You also have the right to make a request to access other personal data, we hold about you and to request corrections of any errors in that data. You can correct or delete your stored personal data either directly via the Sites, or by creating a separate request via a support ticket for this.
Publicly available data. Certain collected data shall be publicly available to other people. In particular:
- your username and profile image;
- your comments to our blog posts;
- support tickets and replies which you’ve posted publicly.
This data should not contain any information that you wish to keep private or that may allow other people identifying you when you don’t want them to.
Processing duration. We retain your personal information for as long as it’s necessary to provide the services under the Main Agreement and to comply with our legal obligations. If you no longer want us to use your personal data, you can request the agreement termination and data removal via support ticket, and we’ll remove your account and all relevant personal data in 30 days, during which this data will be securely isolated on the backup server.
GDPR compliance. If you’re a visitor or a customer from the European Economic Area, then for the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a data controller of your personal data. You have the right to correct or erase your personal data, or to restrict us from its processing. If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
Your Visitors’ Personal Data
We collect and process the personal data of your visitors on your behalf based on the instructions that you provide to us via the Sites. Except for the data types you explicitly define to collect, we shall also collect data about the first visit (like time and source), technical data (like IP and browser type), behavioral data (like which widgets a visitor viewed, closed and submitted).
You are obligated to comply with any applicable rules on the processing of your visitors’ personal data. In particular:
- when your visitors’ personal data originates from the European Union (“EU”) or your business is located in the EU, you have to comply with the EU’s General Data Protection Regulation and to sign a Data Processing Agreement with us electronically via the Sites;
- when the applicable law requires this, you are obliged to obtain any necessary consent in order to collect and process your visitors’ personal data.
Children protection. Our Sites are not suitable for children under the age of 16 years, so if you are under 16 we ask that you do not use our Sites or give us your personal data. If you are from 16 to 18 years, you can browse the Sites but you’ll need the supervision of a parent or guardian to become a registered user. It’s the responsibility of parents or guardians to monitor their children’s use of our Sites.
Policy updates. We will need to change this policy from time to time on order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices. When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.
Contacts. If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact us via private support ticket or via [email protected]