Updated April 11, 2022
Conversica, Inc. (“Conversica”, “we,” “us,” or “our”) is committed to respecting your privacy, protecting your personal information, and being transparent about its treatment of your personal information.
As further discussed in the Cross-Border Data Transfers and Privacy Shield Notice section below, we participate in and adhere to the Privacy Shield frameworks.
California residents using this Site should be sure to read the information below under Additional Information for California residents.
Site users from the European Union should be sure to read the information provided below under Additional Information for European Union Users.
Data Controller and DPO
With regard to personal information submitted to our Site, the data controller is Conversica, Inc., 950 Tower Lane, #1200, San Mateo, CA 94404. Our data protection officer may be contacted using the contact information provided below.
What does Conversica do?
Click on one of the links below to jump to the listed section:
- Personal Information We Collect
- How We Use Your Personal Information
- How We Share Your Personal Information
- Your Choices
- International Transfer
- Other Sites and Services
- Social Media Widgets
- User Generated Content
- How to Contact Us
Personal Information We Collect
While operating the Site, we may collect the following types of information (collectively, the “Information”).
Information you give us
Personal information you may provide through the Site or otherwise communicate with us:
- Identity information, such as your first name, last name, user name or similar identifier, title, and date of birth;
- Contact information, such as your business postal address, email address and telephone number;
- Feedback and correspondence, such as information you provide in survey responses, when you participate in market research, report a problem, receive customer support or otherwise correspond with us;
- Transaction information, such as your credit card or other payment and billing details;
- Usage information, such as information about how you use the Service and interact with us; and
- Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them.
Information we collect
Apps, browsers and devices
We may automatically record certain information about how you use our Site (we refer to this information as “Activity Data“), including both Clients and casual visitors.
Activity Data may include information such as a user’s Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Site to which a user browsed and the time spent on those pages or features, the frequency with which the Site is used by a user, search terms, the links on our site that a user clicked on on or used, and other statistics. We use this information to administer the Service and we analyze (and may engage third parties to analyze) this information to improve and enhance the Service by expanding its features and functionality and tailoring it to our users’ needs and preferences.
Sensitive personal information
Subject to the following paragraph, we ask that you not send or disclose to us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise.
Information we get from others
We may obtain additional information about you from third party sources to enrich your experience on the Site and provide you with more relevant information related to our service offerings.
Changes to your personal information
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your organization’s relationship with us by updating your account information or emailing your customer success manager.
How We Use Your Personal Information
To provide the Service
If you have a Conversica account, we use your personal information:
- To operate, maintain, administer, and improve the Service;
- To manage and communicate with you regarding your Service account, if you have one, including by sending you Service announcements, technical notices, updates, security alerts, and support and administrative messages;
- To process payments you make through the Service;
- To better understand your needs and interests, and personalize your experience with the Service; and
- To respond to your Service-related requests, questions, and feedback.
To communicate with you
If you request information from us, register for the Service or participate in our surveys, promotions, or events, we may send you Conversica-related marketing communications if permitted by law, but will provide you with the ability to opt out.
To comply with law
We use your personal information, as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
With your consent
We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Site, you instruct us to take a specific action with respect to your personal information or you opt into third party marketing communications.
To create anonymous data for analytics
We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.
For compliance, fraud prevention and safety
We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Service; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How We Share Your Personal Information
- Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- Compliance with Laws and Law Enforcement; Protection and Safety. Conversica may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern the Service; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Access, Update, Correct or Delete Your Information
Conversica account holders may review, update, correct or delete the personal information in their registration profile by logging into their account. Conversica account holders may also contact us at [email protected] to accomplish the foregoing or if you have additional requests or questions.
Access to Data Controlled by our Clients
Conversica has no direct relationship with the individuals whose personal information is contained within the Client User Data processed by our Service. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Clients should direct their request to the Client. You may also contact us at [email protected] if you have additional questions or concerns.
You may opt out of marketing-related emails by logging in and changing your account settings or by clicking on a link at the bottom of each such email. You may continue to receive Service-related and other non-marketing emails.
If you gave us consent to post a testimonial to our site, but wish to update or delete it, please contact us.
Tracking and Targeted Advertising
Choosing not to share your personal information
Where we need to collect your personal information by law, or to be able to provide the Service to you and you do not provide that information when requested (or you later ask to delete it), we may not be able to provide you with the Service and may need to close your account. We will tell you what information you must provide to receive the Service by designating it as required in the Service or through other appropriate means.
The security of your personal information is important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.
Conversica is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. European Union users should read the important information provided further below under the “Cross Border Transfer” Section about transfer of personal information outside of the European Economic Area.
Other Sites and Services
The Service may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third-party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
Social Media Widgets
User Generated Content
We may make available on our Site, or link to, features that allow you to share information with third parties online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use; storage or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.
Conversica does not knowingly acquire or receive personal information from children under 13. If we later learn that any user of our Service is under the age of 13, we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.
How to Contact Us
If you have any questions about this Policy, please contact our Data Protection Officer by emailing [email protected] or by writing to us at the following address: Conversica, 950 Tower Lane, #1200, San Mateo, CA 9440, USA, Attention: Data Protection Officer.
Additional Information for California Residents
1. Information We Collect
Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information“). In particular, our website has collected data within the following categories of personal information from its consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, physical characteristics or description, address, telephone number, education, employment, and employment history.Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES in website only|
|G. Geolocation data||Physical location or movements||YES no movements|
|H. Sensory data.||Audio and video information.||YES|
|I. Professional or employment-related information.||Current or past job history.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like certain health or medical information and other categories of information protected by different laws.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete.
- Indirectly from you. For example, from observing your actions on our website.
2. Use of Personal Information
3. Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We share your personal information with the following category of third parties: Service providers.
4. Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Please note that during 2021 under a “business to business” exception, access, portability, and deletion rights will not apply to personal information reflecting a written or verbal communication or a transaction between Conversica and you, if you are a natural person who is acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government agency and whose communications or transaction with Conversica occur solely within the context of the your business conducting due diligence regarding, or providing or receiving a product or service to or from Conversica.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we’ve collected about you.
- The categories of sources for the personal information we’ve collected about you. Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we’ve collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: – sales, identifying the personal information categories that each category of recipient purchased; and – disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
- Provide sufficient information that allows us to reasonably verify you are the person about whom we’ve collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales
We will not sell your personal information to any party as the word sell or sale is used in the context of the CCPA.
We will not discriminate against you (or your employer) for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share or sell information to third parties for their direct marketing purposes.
Additional Information for European Union Users
Controller and Data Protection Officer
Conversica, Inc. is the controller of your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at [email protected]. See the “Questions” section above for additional contact details.
Legal bases for processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at [email protected].
|Processing Purpose||Legal Basis|
|To provide you with requested information, provide personalized content on the Site, and communicate with you about the Service.||Legitimate interests in conducting our business.|
|To enter into Service agreements with you, establish your business account and Service account, and to provide you with technical support and other Service support and communicate with you||Processing is necessary for performance of our contract with your organization.|
|Fraud prevention and data protection||Processing is necessary to comply with our legal obligations or required for performance of our contract with your organization.|
|To comply with law||Processing is necessary to comply with our legal obligations.|
|With your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at [email protected].|
Use for new purposes
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about our customers (including contact, identity, financial and transaction information) for six years after they cease being customers for tax purposes. In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to [email protected] or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at [email protected] or submit a complaint to the data protection regulator in your jurisdiction.
Cross-Border Data Transfers and Privacy Shield Notice
Individuals in the EEA, the UK, and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have committed to respect those rights. We process service data only on behalf of our Clients in accordance with their instructions. This means that if you wish to access your personal data we have processed on behalf of a Client and request that we correct, amend, or delete it if it is inaccurate or processed in violation of Privacy Shield, you should contact that Client with your request we will then help them to fulfill that request in accordance with their instructions.
If we have processed your personal data as a data controller, you can request access to that data and request that we correct amend or delete it if it is inaccurate or processed in violation of Privacy Shield by emailing your request to [email protected]. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your personal data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].
Conversica’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. Conversica remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Conversica proves that it is not responsible for the event giving rise to the damage.
In certain situations, Conversica may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
For purposes of this Policy, the following definitions shall apply:
“Personal information” means any information or set of information that identifies or could be used by or on behalf of Conversica to identify an individual. Personal information does not include information that is anonymized or publicly available information that has not been combined with non-public personal information.
“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, Conversica will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
Conversica is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Should an EU or Swiss individual be unable to resolve a complaint through the Council of Better Business Bureau’s complaint process, they may contact the FTC at the following address: Federal Trade Commission Attn: Consumer Response Center 600 Pennsylvania Avenue NW Washington, DC 20580. www.ftc.gov.