Conversica SaaS Privacy Shield Notice

Effective March 19th, 2019

Introduction and Scope

Conversica, Inc. and its affiliate Conversica, LLC (“Conversica,” “we,” “us,” “our”) takes the protection of PII very seriously. “PII” means any data, information, or combination of data and information that can be used to identify or locate a specific individual natural person. This SaaS Privacy Shield Notice (the “Notice”) applies to PII we may receive from our Privacy Shield Customers in the Conversica SaaS application, which uses artificial intelligence to classify and respond to inbound messages and includes the web application located at https://my.conversica.com, the Conversica plugin for Salesforce.com, the Conversica API located at https://integrations-api.conversica.com, and the associated system of manual classification of inbound messages in cases where the AI algorithm cannot interpret those messages (the “Service”). “Privacy Shield Customers” are Conversica customers and business partners which have provided PII to Conversica and have opted to benefit from our EU-U.S. and/or Swiss-U.S. Privacy Shield certification(s). This Notice does not apply to PII we collect from customers who are not Privacy Shield Customers or by other means, such as PII that we receive directly through Conversica’s own publicly accessible websites, which are subject to a separate Privacy Policy.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Conversica complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the processing of PII transferred from the European Union, the European Economic Area, the United Kingdom, and Switzerland to the United States (or that Conversica otherwise receives) in reliance on Privacy Shield. Conversica commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield, and to view Conversica’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.

Categories of PII Processed

Conversica acts as an agent, also known as a data processor, for the PII we process for our customers through the Service. This means that Conversica’s customers determine the type of PII they provide to the Service for Conversica to process on their behalf. Conversica has no direct relationship with the individuals whose PII it receives from its customers and Conversica’s customers are responsible for providing notice to the individuals whose PII will be collected and provided to Conversica.

Conversica processes full email and SMS messages, including the header and body of each message, along with any PII contained therein. As a result, it is not possible to list all types of PII that may be processed, however, the PII typically includes:

    • First names;
    • Last names;
    • Email addresses;
    • Phone numbers; and
    • Physical addresses.

Purpose of Processing PII

We process PII submitted by our customers for the purposes of providing the Service to our customers, which typically entails personalizing and facilitating communication with our customers’ sales and marketing leads.

Data Retention

We retain PII for as long as instructed by the applicable customer, unless applicable law requires a different retention period, or for legal compliance purposes.

Sharing PII with Third Parties

We share PII with our affiliates and our service providers, who process PII on behalf of Conversica, and who agree to use the PII only to perform the Services for us or as required by law. Our service providers include those providing the following services:

    • data analytics;
    • API integration software;
    • cloud-based web and application hosting;
    • contact data verification;
    • communications/SMS integration software;
    • database performance forecasting software;
    • data loss prevention software;
    • security software; and
    • translation software.

Our service providers may be located within or outside of the United States and we will require that those third parties maintain at least the same level of data security that we maintain for such PII. Conversica remains liable if its service providers process PII on behalf of Conversica in a manner inconsistent with the Privacy Shield Principles if we are responsible for the event giving rise to the damage. We may also share PII with select business partners that our customers have contracted with and authorized us to disclose the PII in connection with customer’s use of the Service.

Other Disclosure of PII

We may disclose PII (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, provided that in such instances we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, (iii) to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above, or (iv) to protect an individual’s vital interests.

We also use and may transfer, sell, and share anonymous data, which does not include any PII, about individuals whose PII we process in our Service, as a group, for any legal business purpose, such as analyzing usage trends and seeking compatible business opportunities.

Data Integrity & Security

Conversica has implemented and will maintain technical, administrative, and physical measures that are reasonably designed in reference to generally accepted industry standards to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

Access & Review

If we store PII about you, you may have a right to request access to, and the opportunity to update, correct, or delete, such PII. Requests should be sent to us at privacy@conversica.com or contact the Conversica customer who provided your PII to Conversica. Conversica has limited rights to access PII our customers submit to our Service. Therefore, if you contact us with such a request, please provide the name of the Conversica customer who submitted your PII to our Service. We will forward your request to that customer, and provide any needed assistance as they respond to your request.

VeraSafe Privacy Program

Conversica is a member of the VeraSafe Privacy Program, meaning that with respect to PII processed in the scope of this Notice, VeraSafe has assessed Conversica’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

Privacy Seal

Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through Conversica’s internal processes, Conversica has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute.

Changes to this Notice

If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.

Contact Us

If you have any questions about this Notice or our processing of your PII, please write to our privacy contact, and please allow up to four weeks for a reply.

Conversica, Inc.
Attn: Privacy Officer
950 Tower Lane, 12th Floor
Foster City, CA 94404
USA
privacy@conversica.com

GDPR Article 27 EU Representative

VeraSafe Czech Republic s.r.o.
Klimentská 46
Prague 1, 11002
Czech Republic

VeraSafe Ireland LTD
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork 123AT2P
Ireland

Data Protection Officer

Matthew Joseph, CIPP/E, CIPP/US
VeraSafe
22 Essex Way #8203
Essex, VT 05451
USA
Email: experts@verasafe.com

Binding Arbitration

If your dispute or complaint can’t be resolved by us, nor through VeraSafe’s dispute resolution program, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.

Regulatory Oversight

Conversica is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.