Effective March 19th, 2019
Introduction and Scope
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Conversica complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the processing of PII transferred from the European Union, the European Economic Area, the United Kingdom, and Switzerland to the United States (or that Conversica otherwise receives) in reliance on Privacy Shield. Conversica commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Categories of PII Processed
Conversica acts as an agent, also known as a data processor, for the PII we process for our customers through the Service. This means that Conversica’s customers determine the type of PII they provide to the Service for Conversica to process on their behalf. Conversica has no direct relationship with the individuals whose PII it receives from its customers and Conversica’s customers are responsible for providing notice to the individuals whose PII will be collected and provided to Conversica.
Conversica processes full email and SMS messages, including the header and body of each message, along with any PII contained therein. As a result, it is not possible to list all types of PII that may be processed, however, the PII typically includes:
- First names;
- Last names;
- Email addresses;
- Phone numbers; and
- Physical addresses.
Purpose of Processing PII
We process PII submitted by our customers for the purposes of providing the Service to our customers, which typically entails personalizing and facilitating communication with our customers’ sales and marketing leads.
We retain PII for as long as instructed by the applicable customer, unless applicable law requires a different retention period, or for legal compliance purposes.
Sharing PII with Third Parties
We share PII with our affiliates and our service providers, who process PII on behalf of Conversica, and who agree to use the PII only to perform the Services for us or as required by law. Our service providers include those providing the following services:
- data analytics;
- API integration software;
- cloud-based web and application hosting;
- contact data verification;
- communications/SMS integration software;
- database performance forecasting software;
- data loss prevention software;
- security software; and
- translation software.
Our service providers may be located within or outside of the United States and we will require that those third parties maintain at least the same level of data security that we maintain for such PII. Conversica remains liable if its service providers process PII on behalf of Conversica in a manner inconsistent with the Privacy Shield Principles if we are responsible for the event giving rise to the damage. We may also share PII with select business partners that our customers have contracted with and authorized us to disclose the PII in connection with customer’s use of the Service.
Other Disclosure of PII
We may disclose PII (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, provided that in such instances we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, (iii) to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above, or (iv) to protect an individual’s vital interests.
We also use and may transfer, sell, and share anonymous data, which does not include any PII, about individuals whose PII we process in our Service, as a group, for any legal business purpose, such as analyzing usage trends and seeking compatible business opportunities.
Data Integrity & Security
Conversica has implemented and will maintain technical, administrative, and physical measures that are reasonably designed in reference to generally accepted industry standards to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.
Access & Review
If we store PII about you, you may have a right to request access to, and the opportunity to update, correct, or delete, such PII. Requests should be sent to us at firstname.lastname@example.org or contact the Conversica customer who provided your PII to Conversica. Conversica has limited rights to access PII our customers submit to our Service. Therefore, if you contact us with such a request, please provide the name of the Conversica customer who submitted your PII to our Service. We will forward your request to that customer, and provide any needed assistance as they respond to your request.
VeraSafe Privacy Program
Conversica is a member of the VeraSafe Privacy Program, meaning that with respect to PII processed in the scope of this Notice, VeraSafe has assessed Conversica’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute cannot be resolved through Conversica’s internal processes, Conversica has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.
If you have any questions about this Notice or our processing of your PII, please write to our privacy contact, and please allow up to four weeks for a reply.
Attn: Privacy Officer
950 Tower Lane, 12th Floor
Foster City, CA 94404
GDPR Article 27 EU Representative
VeraSafe Czech Republic s.r.o.
Prague 1, 11002
VeraSafe Ireland LTD
Unit 3D North Point House
North Point Business Park
New Mallow Road
Data Protection Officer
Matthew Joseph, CIPP/E, CIPP/US
22 Essex Way #8203
Essex, VT 05451
If your dispute or complaint can’t be resolved by us, nor through VeraSafe’s dispute resolution program, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
Conversica is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.