WHAT THIS POLICY COVERS
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:
● What information we collect about you
● How we use information we collect
● How we share information we collect
● How we secure information we collect
● How to access and control your information
● Other important privacy information
This Privacy Policy covers the information we collect about you when you use our products or otherwise interact with us (for example, via our support channels), unless a different policy is displayed. We offer a range of products. We refer to all of these products, together with our other services and websites as "Services" in this policy. This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you.
1.
Definitions
a. "Approved Jurisdiction" means a member state of the EEA, or other jurisdiction as may be approved pursuant to the applicable Data Protection Legislation as having adequate legal protections for data by the European Commission
b. "Breach Incident" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
c. "Data Protection Legislation" means any and/or all applicable domestic and foreign laws, rules, directives and regulations, on any local, provincial, state or deferral or national level, pertaining to data privacy, data security and/or the protection of Personal Data, including the Data Protection Directive 95/46/EC and the Privacy and Electronic Communications Directive 2002/58/EC (and respective local implementing laws) concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), including any amendments or replacements to them, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR").
d. “Data Controller”, “Data Processor”, “Data Subject”, "Personal Data", “Process” and “Processing” shall have the meanings ascribed to them in the Data Protection Legislation.
e. "EEA" means those countries that are member of the European Economic Area.
f. “Security Measures” mean commercially reasonable security-related policies, standards, and practices commensurate with the size and complexity of Company’s business, the level of sensitivity of the data collected, handled and stored, and the nature of Company’s business activities.
g. "Standard Contractual Clauses" mean the standard contractual clauses for the transfer of personal data to data processors established in third countries adopted by the European Commission Decision C(2010)593.
h. “Sub-Processors” mean any Affiliate, agent or assignee of Company that may process Personal Data pursuant to the terms of the Agreement, and any unaffiliated processor engaged by Company.
2.
Compliance with Laws
a. Each Party shall comply with its respective obligations under the Data Protection Legislation.
b. Company shall provide reasonable cooperation and assistance to Customer in relation to Company’s processing of Personal Data in order to allow Customer to comply with its obligations as a Data Controller under the Data Protection Legislation.
c. Company agrees to notify Customer promptly if it becomes unable to comply with the terms of this Addendum and take reasonable and appropriate measures to remedy such non-compliance.
d. Throughout the duration of the Addendum, Customer agrees and warrants that:
i. Personal Data has been and will continue to be collected, processed and transferred by Customer in accordance with the relevant provisions of the Data Protection Legislation;
ii. the processing of Personal Data by Customer, as well as any instruction to Company in connection with the processing of the Personal Data (“Processing Instructions”), has been and will continue to be carried out in accordance with the relevant provisions of the Data Protection Legislation; and that
iii. The Customer has informed Data Subjects of the processing and transfer of Personal Data pursuant to the Addendum and obtained the relevant consent thereto (including without limitation any consent required in order to comply with the Processing Instructions and those purposes detailed herein).
3.
Processing Purpose and Instructions
a. The duration of the processing under the Agreement is determined by the parties, as set forth in the Agreement.
b. Company shall process Personal Data only to deliver the Services in accordance with Customer’s written Processing Instructions (unless waived in a written requirement), the Agreement and the Data Protection Legislation. Unless permitted under the Agreement or this Addendum, Company shall not otherwise modify, amend, disclose or permit the disclosure of any Personal Data to any third party unless authorized or directed to do so by Customer.
c. Company will not use Personal Data for any use other than as expressly provided in the Agreement or this Addendum. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Company and Customer by way of written agreement, and will include any additional fees that may be payable by Customer to Company for carrying out such instructions.
d. Notwithstanding the foregoing, Company shall be entitled to use the Personal Data for statistical and financial purposes provided however that any personal attributes shall be removed from such Personal Data or otherwise if such is maintained on an aggregated basis.
4.
Reasonable Security and Safeguards
a. Company represents, warrants, and agrees to use Security Measures
(i) to protect the availability, confidentiality, and integrity of any Personal Data collected, accessed, used, or transmitted by Company in connection with this Agreement, and
(ii) to protect such data from Breach Incidents.
b. The Security Measures are subject to technical progress and development and Company may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by Customer.
c. Company shall take reasonable steps to ensure the reliability of its staff and any other person acting under its supervision which has access to and processes Personal Data. Company shall ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
d. Customer is responsible for using and configuring the Services in a manner which enables Customer to comply with Data Protection Legislation, including implementing appropriate technical and organizational measures.
5.
Breach Incidents
Upon becoming aware of a Breach Incident, Company will notify Customer without undue delay and will provide information relating to the Breach Incident as reasonably requested by Customer.
Company will use reasonable endeavors to assist Customer in mitigating, where possible, the adverse effects of any Breach Incident.
6.
Security Assessments and Audits
Company audits its compliance with data protection and information security standards on a regular basis.
Such audits are conducted by Company’s internal audit team or by third party auditors engaged by Company.
Company shall, upon reasonable and written notice and subject to obligations of confidentiality, allow its data processing procedures and documentation to be inspected, no more than once a year, by Customer (or its designee), at Customer's expense, in order to ascertain compliance with this Addendum. Company shall cooperate in good faith with audit requests by providing access to relevant knowledgeable personnel and documentation.
7.
Cooperation and Assistance
a. If Company receives any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement, including requests from individuals seeking to exercise their rights under EU Data Protection Law, Company will promptly
b. redirect the request to Customer. Company will not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If Company is required to respond to such a request, Company will promptly notify Customer and provide Customer with a copy of the request, unless legally prohibited from doing so.
c. If Company receives a legally binding request for the disclosure of Personal Data which is subject to this Addendum, Company shall (to the extent legally permitted) notify Customer upon receipt of such order, demand, or request. It is hereby clarified however that if no such response is received from Customer within three (3) business days (or otherwise any shorter period as dictated by the relevant law or authority), Company shall be entitled to provide such information.
d. Notwithstanding the foregoing, Company will cooperate with Customer with respect to any action taken by it pursuant to such order, demand or request, including ensuring that confidential treatment will be accorded to such disclosed Personal Data.
e. Upon reasonable notice, Company shall provide reasonable assistance to Customer in:
i. allowing Data Subjects to exercise their rights under the Data Protection Legislation,
including (without limitation) the right of access, right to rectification, restriction of
processing, erasure (“right to be forgotten”), data portability, object to the processing, or the right not to be subject to an automated individual decision making;
ii. ensuring compliance with any notification obligations of Breach Incidents to the
supervisory authority and communication obligations to Data Subjects, as required under Data Protection Legislation;
iii. Ensuring Customer’s compliance with its obligation to carry out Data Protection Impact Assessments (“DPIA”) or prior consultations with data protection authorities with respect to the processing of Personal Data. Any assistance to Customer with regard to DPIA or prior consultations will be solely at Customer's expense.
8.
Use of Sub-Processors
Customer provides a general consent to Company to engage onward Sub-Processors, provided that Company has entered into an agreement with the Sub-Processor containing data protection obligations that are at least as restrictive as the obligations under this Addendum (to the extent applicable to the services provided by the Sub-processor).
Company will be responsible for any acts, errors or omissions by its Sub-Processors, that may cause Company to breach any of its obligations under this Addendum.
9.
Transfer of EEA resident Personal Data outside the EEA
a. Company may transfer and process Personal Data of residents of the EEA or Switzerland outside the EEA ("Transfer"), only subject to the following:
I. The Transfer is necessary for the purpose of Company carrying out its obligations under the Agreement;
And
II. One (or more) of the following applies:
1. The Transfer is done to an Approved Jurisdiction;
2. The Transfer is done subject to appropriate safeguards (for example, the Privacy Shield as referred to in the COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EUU.S. Privacy Shield, or other applicable frameworks);
3. Customer and Company will sign the Standard Contractual Clauses attached to this Addendum as Appendix A.
4. The Transfer is done in accordance with any of the exceptions listed in the Data Protection Legislation. Customer will inform Company which exception applies to each Transfer and will assume complete and sole liability to ensure that the exception applies.
10.
Data Retention and Destruction
a. Company will only retain Personal Data for as long as Services are provided to Customer in accordance with this Agreement. Following expiration or termination of the Agreement, Company will delete or return to Customer all Personal Data in its possession as provided in the Agreement except to the extent Company is required by applicable law to retain some or all of the Personal Data (in which case Company will implement reasonable measures to prevent the Personal Data from any further processing). The terms of this Addendum will continue to apply to such Personal Data.
b. Notwithstanding the foregoing, Company shall be entitled to maintain Personal Data following the termination of this Agreement for statistical and/or financial purposes provided always that Company maintains such Personal Data on an aggregated basis or otherwise after having removed all personally identifiable attributes from such Personal data.
11.
General
a. Any claims brought under this Addendum will be subject to the terms and conditions of the Agreement, including the exclusions and limitations set forth in the Agreement.
b. In the event of a conflict between the Agreement (or any document referred to therein) and this Addendum, the provisions of this Addendum shall prevail.
c. Company may modify the terms of this Addendum in circumstances such as (i) if required to do so by a supervisory authority or other government or regulatory entity, (ii) if necessary to comply with
d. Data Protection Legislation, or (iii) to implement or adhere to standard contractual clauses, approved codes of conduct or certifications, binding corporate rules, or other compliance mechanisms, which may be permitted under Data Protection Legislation. Company will provide notice of such changes to Customer, and the modified Addendum will become effective, in accordance with the terms of the Agreement.
What information we collect about you:
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
Information you provide to us
We collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and Profile Information:
We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services.
For example, you provide your contact information and, in some cases, billing information when you register for the Services.
You also have the option of adding a display name, photos, and other details to your profile information to be displayed in our Services.
We keep track of your preferences when you select settings within the Services.
Content you provide through our products: The Services include the ALL4GO products you use, where we collect and store content that you post, send, receive and share.
This content includes any information about you that you may choose to include: we collect feedback you provide directly to us through the product and we collect clickstream data about how you interact with and use features in the Services.
Content you provide through our websites: The Services also include our websites owned or operated by us.
We collect other content that you submit to these websites, which include social media or social networking websites operated by us.
For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, activities or events.
Payment Information: We collect certain payment and billing information when you register for certain paid Services.
For example, we ask you to designate a billing representative, including name and contact information, upon registration.
You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
We have only one billing representative that has access to all the payments.
All online payments are done via bank 3D secured platform.
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services.
This information includes the features you use; the links you click on and how you interact with others on the Services.
We also collect information about the teams and people you work with and how you work with them, like who you collaborate with and communicate with most frequently.
Device and Connection Information: We collect information about the computer you use to access the Services.
This device information includes your connection type and settings when you install, access, update, or use our Services.
We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data.
We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience.
How much of this information we collect depends on the type and settings of the device you use to access the Services.
Cookies: ALL4GO and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices.
How we use the information that we collect
Below are the specific purposes for which we use the information we collect about you.
To provide the Services and personalize your experience:
We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services.
For example, we use the name and pictures you provide in your account to identify you to other Service users.
Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to collaborate effectively with others by automatically analyzing the activities of your team to provide activity feeds and notifications that are relevant for you and your team.
We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive on our websites.
Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you travel across our websites.
For research and development: We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful to you.
We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services.
We also test and analyze certain new features with some users before rolling the feature out to all users.
To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of products expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages.
We also send you communications as you onboard to a particular Service to help you become more proficient in using that Service.
These communications are part of the Services and in most cases you cannot opt out of them.
If an opt out is available, you will find that option within the communication itself or in your account settings.
To market, promote and drive engagement with the Services:
We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email and by displaying ALL4GO’s ads.
These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you.
We also communicate with you about new product offers, promotions and contests.
You can control whether you receive these communications by sending an email at unsubscribe@all4go.com
For Customer support:
We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.
For safety and security:
We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights:
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent:
We use information about you where you have given us consent to do so for a specific purpose not listed above.
For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
LEGAL BASES FOR PROCESSING (FOR EEA USERS):
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws.
The legal bases depend on the Services you use and how you use them.
This means we collect and use your information only where:
● We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
● It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
● You give us consent to do so for a specific purpose; or
● We need to process your data to comply with a legal obligation. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
For collaboration:
You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select.
Managed accounts and administrators:
If you register or access the Services using an email address with a domain that is owned by your employer or organization, and such organization wishes to establish an account or site, certain information about you including your name, pictures, contact info, content and past use of your account may become accessible to that organization’s administrator and other Service users sharing the same domain.
If you are an administrator for a particular site or group of users within the Services, we may share your contact information with current or past Service users, for the purpose of facilitating Service-related requests.
Sharing with third parties
We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.
Service Providers:
We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you.
If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Third Party Apps:
You, your administrator or other Service users may choose to add new functionality or change the behavior of the Services by enabling integrations with third party apps within the Services.
Doing so may give third- party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps.
Third-party app policies and procedures are not controlled by us, and this privacy policy does not cover how third-party apps use your information.
We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices.
If you object to information about you being shared with these third parties, please let us know.
Compliance with Enforcement Requests and Applicable Laws:
Enforcement of Our Rights:
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect ALL4GO, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
How long we keep information:
How long we keep information we collect about you depends on the type of information, as described in further detail below.
After such time, we will either delete or anonymize your information.
Account information:
We retain your account information for as long as your account is active and up to twelve months thereafter in case you decide to re-activate the Services.
We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services.
Information you share on the Services:
If your account is deleted, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your ALL4GO account.
We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
A title goes here. Click to edit and add your own.
This is a paragraph. Use this area to add any information you want to share with users. Just click "Edit Text" or double click here to change the text and make it your own. You can also adjust the paragraph's font, size and color so it fits your website’s theme.
This is a great place to tell users a story about your website and let them know more about what you offer. You may want to share information about your company's background, your team, or the services you provide. Be sure to keep the tone and voice consistent throughout the site so users become familiar with your brand.