Last Updated: August 1st, 2021
A Note to Customers Outside the United States. Campaign Deputy is based in the United States. The Sites and Service are controlled and operated by us from the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Sites and Service you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
A Note to California Residents. Please see our “Notice to California Residents” section related to your rights under the California Consumer Privacy Act (“CCPA”).
A Note to European Economic Area Residents. Please see our “Notice to EU Data Subjects” section related to your rights under the General Data Protection Regulation (“GDPR”).
Note that Campaign Deputy is the controller of your personal information, except where we process personal information on behalf of our Integrators in connection with the provision of our Service, in which case we are the processor of personal information, and those Integrators are the controllers of the personal information.
Processing of EU Data Subject data operates under the legal basis of the Standard Contractual Clauses (SCCs) integrated within the Data Processing Addendum to our Terms of Service or Data Processing Agreements with our Integrators.
If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this data. We will, however, provide assistance to our Integrators to address any concerns you may have, in accordance with the terms of our contract with them.
Information We Collect
We collect information from individuals who interact with our Sites and Services, including those who incorporate our Service into their website (“Integrators”), those who utilize our services for the CRM (“Customers”), and the end users who interact with the our Service through the websites of our Integrators (“End-Users”).
We collect the following categories of information:
- Information that can be used to identify or contact an individual (“Personal Information”), such as name, email address, and country. We collect Personal Information from our current and prospective Integrators and Customers when they give it directly to us (for example, by filling in a form when signing up for an account, or applying to receive email notifications from us). We may also verify the identity of our Integrators and Customers by comparing personal information against third party databases or official legal documents.
- Information collected automatically as a result of an Integrator’s or Customer’s use of the our Sites or the Services (“Analytics Information”), such as IP addresses, browser type, Internet service provider, platform type, device type, operating system, date and time stamp of access, and other similar information. Some Analytics Information is collected on our behalf by third parties we engage for that purpose, and some Analytics Information is collected through a variety of tracking technologies, including cookies (see “Third Party Analytics and Tracking Technologies” below).
- Information collected as a result of End-Users using the Service (“Activity Data”), such as survey response data, email open data, and other data that our End-Users store.
- Other information collected from End-Users as part of the Service to that is required to determine whether they are human, such as IP address, browser version, mouse movements, scroll position, keypress events, touch events, and gyroscope / accelerometer information as applicable.
How We Use Information
We use the information we collect for the following purposes:
- To administer Integrator and Customer accounts and provide the Service. We use Personal Information in order to associate specific accounts with Integrators and Customers and to provide them the Service, to respond to requests or inquiries, to provide support or technical assistance, and to facilitate payments.
- To improve to Site and the Service. We use Analytics Information to improve our existing and develop new services and offerings and to customize existing and future product offerings.
- To derive market insights. We use Analytics Information to analyze the market and conduct business analyses related to the Site and our Services, and for other research purposes.
- To secure our services and systems. We use Analytics Information to secure our systems by identifying potential threats and vulnerabilities, and to otherwise protect the information we collect.
- For any legitimate business purpose, provided that the information is de-identified or aggregated such that it cannot be reasonably tied to an individual.
How We Share Information
We share or disclose personal information in the following cases:
- Upon direct request from an Integrator as part of the Data Process Agreement.
- Upon direct request from a Customer to provide the data to an Integrator.
- With vendors we engage to provide essential aspects of the Sites and the Service, such as data storage, hosting, email and analytics, and only for those purposes.
- As necessary to comply with applicable law, including governmental requests, law enforcement requests, and otherwise to public and private entities in order to protect the rights, privacy, safety, or property of you, us, or others.
- With others for any legitimate business purpose, provided the information is de-identified or aggregated such that it cannot be reasonably tied to an individual.
Third Party Analytics and Tracking Technologies
- We use PostHog to collect debugging data when a user experiences an error. For information on how Heap collects and processes data, please click here.
- We use LogDNA to collect debugging data when a user experiences an error. For information on how Heap collects and processes data, please click here.
To the fullest extent permitted by law, the Site and the Service (and any other associated services, information, data, features, and other content or materials) are provided on an “as-is” and “as-available” basis. To the fullest extent permitted by law, Campaign Deputy excludes all warranties, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
How We Secure Information
We implement appropriate technical and organizational measures to protect the information we collect and store, and require all agents who carry out our processing on our behalf to do the same. Unfortunately, no security measures are 100% foolproof, and as such no network or system (including ours) can be guaranteed to be 100% secure against destruction, loss, alteration, unauthorized disclosure of, or access to information we collect and store. If you believe your information may not be secure for any reason, please contact us immediately at email@example.com.
Managing Your Information (Your Rights)
You may access, correct, amend, or delete certain Personal Information you may have provided us through your Integrator, Customer, or Accessibility User account (if you are an Integrator, Customer, or Accessibility User). If you are unable to do so, or have any questions about Personal Information we have collected and/or shared about you, or would like to withdraw your consent for our processing (i.e. entirely delete your account) please contact us at firstname.lastname@example.org. For legal reasons, we may not be able to delete all of your data if you donated, gave a donation, or the Customer has a legal responsibility to report your activity to a Goverment entity. We will notify you if that is the case.
If you would prefer to block cookies or other tracking technologies, most browsers and mobile devices all you to change your settings so as to notify you when you receive cookies or other tracking technologies are being used, and to choose whether or not to accept/allow it. Most browsers also allow you to disable or delete existing cookies or to automatically reject future cookies. You may also use third party tools, including browser plug-ins, to control your cookie preferences. Note, however, that if you disable all cookies, some portions of our Sites may not function properly.
Information from Children
Our Sites and Service are not directed to children under the age of 13 and we do not knowingly collect Personal Information from children under the age of 13. If we learn that we have collected Personal Information of a child under the age 13, we will take reasonable steps to delete such information from our files as soon as is practicable, unless we have a legal obligation to retain it. Please contact us at email@example.com if you believe we have any information from or about a child under the age of 13.
Notice to California Residents
Under California Civil Code Section 1789.3, California users are entitled to the following consumer rights notice: California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
For the categories of personal information we have collected from you in the preceding 12 months, please see the “Information We Collect” section above. We collect this information for the business and commercial purposes described in the “How We Use Personal Information” section above. In the preceding 12 months, we have shared the following categories of information with third parties for a business purpose:
|Category of Personal Information||Examples of Personal Information Shared||Categories of Third-Party Recipients|
|Identifiers.||A real name, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||Service Providers|
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, credit card number, debit card number, or any other financial information.||Service Providers|
|Commercial information.||Records of products or services purchased, obtained, or considered.||Service Providers|
|Internet or other electronic network activity.||Browsing history, information on a consumer’s interaction with an internet website, application, or advertisement.||Service Providers|
The Company does not “sell” (as this term is defined in the CCPA) the personal information we collect. Please refer to the “Third Party Analytics and Tracking Technologies” section above for more information regarding the types of third-party cookies, if any, that we use.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, as well as the right to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. Please note that you must verify your identity and request before further action is taken, such as by providing your government identification. Consistent with California law, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government issued identification, and the authorized agent’s valid government issued identification.
Notice to EU Data Subjects
Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents.
Legal Bases for Processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described below. If you have questions about the legal bases under which we process your personal information, contact us at email@example.com.
To communicate with you
To optimize our platform
For compliance, fraud prevention, and safety
To provide our service
These processing activities constitute our legitimate interests. We attempt to consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
With your consent
Where our use of your personal information is based upon your consent, you have the right to withdraw it at any time in the manner indicated in the Service or by contacting us at firstname.lastname@example.org.
Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
Stop sending you direct marketing communications which you have previously consented to receive. We may continue to send you Service-related and other non-marketing communications.
Provide you with information about our processing of your personal information and give you access to your personal information.
Update or correct inaccuracies in your personal information.
Delete your personal information.
Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict the processing of your personal information.
Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
Data Subject Access Rights Requests
We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at email@example.com or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator at this location.
Cross-Border Data Transfer
Use for New Purposes
We store your Personal Data securely throughout the life of your account with us. We will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. The criteria we use to determine storage periods include the applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements, and industry standards.
While retention requirements vary by jurisdiction, information about our typical retention periods for different aspects of your personal data are described below.
Contact information for marketing purposes is retained on an ongoing basis until you un-subscribe. Thereafter we will add your details to our suppression list indefinitely. Email information collected from Accessibility Users will never be used for marketing purposes.
Records of communications with you (e.g. support tickets opened via email or Twitter) may be kept indefinitely.
Information collected via technical means such as cookies, webpage counters and other analytics tools is discarded as soon as practical, but may be kept for a limited period of up to one year from expiry of the cookie, typically in a de-identified and aggregated form unless we detect potential abuse of our service, in which case we will retain that information to aid us in preventing future abuse. We are unable to link this anonymized and aggregated information to you, your household, an IP address, or any personal information based on the information stored.