CircleBack Privacy Policy
Effective Date: December 18, 2019Introduction
CircleBack provides cutting-edge solutions to manage business contacts. We are committed to making sure your contacts are up-to-date, in a unified address book, and accessible on every device. With CircleBack, you will always have everything you need to maintain and strengthen your relationships. We do this by using the power of crowdsourcing, in which users of our apps and services contribute their contact data to our Business Contact Database. We use this data, anonymize it, and match it with billions of other data points from millions of other users who have contributed their data as well, to determine the best business contact data for each individual.
The CircleBack family includes the CircleBack websites and web-based and mobile apps and APIs, which include CircleBack, ContactSaver, ScanBizCards, Card Scan, CleanUp Suite, CleanupDuplicate Contacts and Cleanup: remove multiple contacts fast, CircleBack Business-to-Business Portal & APIs, such as Email Capture API and People and Company Append API.
This Privacy Policy is provided to inform you how CircleBack collects, uses, shares and secures your information when you use our apps, visit our website, or use other products and services (collectively, the “Services”). When you visit our website or use our Services, you agree to this Privacy Policy and to our Terms of Use.
We may update this Privacy Policy from time to time and any changes will become effective upon posting. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices. We will notify you about material changes in the way we treat your Personal Information either by email, if you have provided your email address to us, or by prominently posting the revised policy on our websites and/or apps.
Information We Collect
If you use our email signature capture functionality, including ContactSaver, you must authorize CircleBack to automatically collect header information and signature blocks contained in the emails. This includes any emails stored in your email account, and any future emails. As explained below, CircleBack captures the email headers and signature block information from the email. We then immediately purge the rest of the email from the CircleBack system. By using the email signature functionality, you consent to CircleBack having access to your email messages in order to gather new contact information.
If you use a third party application(s), our APIs or website(s) to integrate your information into CircleBack and its Services, you agree to transmit your information with the API and/or also authorize the third party application(s) to transmit your information to CircleBack, and for CircleBack to return information back to you or the third party application(s) as necessary.
When you register for and use our services, you may provide to us the following types of Personal Information about yourself and your contacts:
- Registration Information. To open a CircleBack Account, you must provide your name, email address, and a password.
- Credit Card Information. When you purchase some of our services, you must provide your payment card information.
- Social Networking and Email Platform Information. For some of our services, you must link your CircleBack account with another email, network, or social network account. When you link accounts with your CircleBack account, you provide your email account or network credentials, including your passwords, and other account information. More information about Social Networking and Email Platform Information is provided below.
- Referral Information. When you use CircleBack to refer our Services to your contacts or friends, we will collect and use any contact information you choose to provide to automatically generate an invitation to the contacts and friends you select. The contact information you may choose to provide may include information from your address books, online email services, and other mobile or online services. We do not use or store Referral Information for any other purposes.
- Feedback Information. You may provide additional information through online forms, surveys, contests, and communications or by other means. We store this information and associate it with your Registration Information. You are not required to provide such information to us, but some Services may not be available to you unless you do.
- Application Data. When you choose to install and use our Services, you consent to our collection of contact information about you and your contacts on your mobile device and in the various address books that you choose to link to your account. Application Data includes Personal Address Book Information and communication information. You may also choose to grant us additional permissions at any other time.
- Personal Address Book Information. We collect the contacts included on your mobile device and in your address books linked to your CircleBack account (your “Personal Address Books”). This may include both personal and business contacts.
- Business Card Information. When you use our Services to scan business cards, extracted business contact information is added to the Business Contact Database.
- Email Capture Information. When you use our Email Capture Functionality (described in detail below).
- Personal Address Book Information. We collect the contacts included on your mobile device and in your address books linked to your CircleBack account (your “Personal Address Books”). This may include both personal and business contacts.
- Communication Information. We collect limited communication information about the contacts you choose to include in your Personal Address Book, including information about the number, recency, frequency, location, and methods of interaction and communication that you may have with your contacts from time to time. Communication information does not include the content of your messages or communications, but it does include contact information from your email messages. We treat communication information as Personal Information under this Privacy Policy.
In addition, we may automatically collect information about your use of the Services, including:
- Information about your smart device, including unique device identifiers, the manufacturer of your device, the phone model, the operating system used, mobile network information, screen usage data, and the version of the Application or Services.
- Information about your browser, including log information, Internet protocol (“IP”) address, browser type, browser language, referring URL and the date and time of the request, hardware settings, and other system information, such as system activity and crashes.
- Screen usage data and other aggregate, or statistical data.
We may receive personal data about you from various third parties and public sources, including third parties that sell us data, analytics providers and social media pages.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How We Use Your Information
We may use your Personal Information:
- for registration;
- to help serve you relevant and meaningful content;
- to provide, maintain and improve our Services;
- to contact you as described below;
- to charge your payment card if you have opted into certain premium Services;
- to populate our Business Contact Database;
- to determine, promote and enhance the accuracy, completeness and freshness of the contact information in our users’ Personal Address Books through automated decisions;
- to improve the accuracy of our OCR processing for the individual and collective benefit of our users and the contacts represented; and
- for our own business purposes.
We may use your Personal Information to contact you:
- regarding the Services;
- in response to your inquiries and requests;
- with alerts or newsletters;
- with updates about your Personal Address Books;
- with opportunities to participate in polls, quizzes, and surveys or contest and reward programs; and
- with promotional messages on our behalf or on behalf of our trusted partners.
You can opt-out of receiving promotional messages by following the instructions in each communication, by changing your email settings in your Account Settings, or by contacting us through the CircleBack Privacy Contact Form.
We also may use Personal Information with your consent or as otherwise required by law.
We use the information we automatically collect about your use of the Services to evaluate the performance of the Services, and to generate aggregate statistics for our benefit or for our service providers and trusted partners.
The Business Contact Database
The business contact information we collect from you and your address books when you use our Services (including name, company, business title, work address, work phone number, work mobile phone number, work fax number, and business email address) is stored in our central database (the “Business Contact Database”). When you use our Services to capture email signatures or scan business cards, extracted business contact information is added to the Business Contact Database, and we retain the scanned images. The Business Contact Database may also contain data from publicly available sources and from our trusted business partners.
We apply our patented algorithms on the data housed in the Business Contact Database to identify the most up-to-date business information for each contact. We may provide the up-to-date business contact information that we derive to our users, clients, and business partners to ensure their business address books and business contacts are always kept current. More information about how we share the information in the Business Contact Database is provided below.
We make best efforts to remove any non-business information, such as home address, home phone numbers, personal email addresses and personal mobile phone numbers from the contact information we collect from you before populating the Business Contact Database. These personal data elements are not permitted in the Business Contact Database.
Email Signature Capture Functionality, including ContactSaver
Our email signature capture functionality offers a quick and convenient way to keep your Address Books up-to-date by allowing us to capture new contact information from email signature blocks and header information. To accomplish this, we must access and monitor your email account. We do not read your emails. With your authorization, we automatically capture email header information and any signature blocks contained in any email stored in or sent from your email account. We will collect the following information, if available, for each person from their signatures in your emails:
- Name
- Email address
- Job title and department
- Business phone numbers (general, direct and fax)
- Company name
- Postal address of company
- Business related postal address of person
- Corporate website URLs
- Social Networking URLs
- Manager’s Name
- Assistant’s Name
From the headers of your emails, we collect:
- The date the email message was sent or received
- Email addresses and names of recipients and senders
As soon as we have captured the email addresses and signature block information from your emails, we immediately purge the rest of the email content from our system.
Third Parties
We use various third parties to help provide the most valuable Services to you as possible. The provisions that follow set out our relationships with the following third parties as they relate to your information:
- Service Providers
- App Analytics
- Social Networks and Email Platforms
- Ad Servers
In addition, we sometimes provide links to other websites, applications, social media platforms or other similar locations or services operated and controlled by third parties for your convenience and such action does not signify our endorsement of such other locations or services, their contents or practices. Except as set out below, we have no control over, do not review, and cannot be responsible for these outside websites or their content. This Privacy Policy does not apply to third parties. Third parties do not have access to the Personal Information that CircleBack stores about you unless you choose to share it with them.
Service Providers. Our service providers may include network advertisers, ad agencies, third-party traffic measurement services, and other vendors. We use these third-party service providers:
- to collect and store data regarding use of our website and Services;
- to serve our advertisements on other websites, within third party applications, and across the Internet;
- to provide us with information regarding the effectiveness of our advertisements; and
- to build and maintain user profiles.
To provide these analytics and advertisement services, our service providers may collect certain information about your visits to our websites and use of our Services. They also may store the information we collect about you.
App Analytics. We currently use third-party analytics services to collect and process information about the use of our mobile applications. We use the collected information to improve our Services, to evaluate your use of our mobile applications, for compiling metrics on activity and for providing other services relating to activity usage. By using our Services, you consent to the collection, processing and disclosure of the above information by us and our analytics providers as described in this Privacy Policy.
These analytics provide insights about our Services, including key metrics that help us manage and improve those Services. Our Analytics partners may collect your information including:
- Device and network information, including platform information, a uniquely generated ID, operating system version, IP address, network carrier, and a country code.
- Application information, such as which CircleBack applications you use, how you use them, and the frequency and duration of usage.
- Personal Information that you share with our applications.
- Available Personal Information from third parties used for authentication when you login to, or create accounts on, our applications using platforms like Facebook, Twitter, Google, or Microsoft, including your name, email address, location, gender, interests, device, application usage, user ID, and contact information.
- Device location information if location services are enabled for our applications.
By creating an account or using our Services and linking to your social networks or your email services, you authorize us to collect, store, and use certain information from those platforms in accordance with this Privacy Policy. We collect only the information that you request those platforms to share with us. You may also choose to grant us additional permissions (or remove permissions) at any time.
These third parties will provide information to us subject to their privacy policies and terms of use. We encourage you to read those policies. We are not responsible for the information practices or terms of other platforms. You can prevent collection of Personal Information from social networks and email platforms by not linking those accounts with our Services.
CircleBack’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Ad Servers. We may use third-party ad servers to serve ads that may interest you. These third-party ad-servers may automatically collect information about your visit to our websites and to other websites. They do this by using Cookies, Web Beacons and other technologies. The information ad servers collect may be used, among other things, to deliver advertising targeted to your interests and to better understand the usage of the Services and visits to the Sites and the other websites tracked by these third parties. Third-party ad servers may collect and use Personal Information from other sources as part of their ad serving.
This Privacy Policy does not cover the collection methods or use of the information collected by Third-Party Ad-Servers, and CircleBack is not responsible for Cookies, Web Beacons, or other technologies in third party ads. We encourage you to review the privacy policies of these third-party ad servers to learn more about their use of Cookies and other technologies.
If you would like more information about ad servers and to know your choices about not having this information used by third-party ad servers, please visit http://www.networkadvertising.org and http://www.aboutads.info.
Your Choices
You may choose to unsubscribe from our Services at any time. To request to unsubscribe from our Services, please send a request through the CircleBack Privacy Contact Form. Additional verification information may be required to process your requests. We will respond to your verified requests within thirty (30) days. We will retain information you previously provided.
You also may update your Registration Information through your Account on our Services. You also may stop using our Services by removing our applications from your device. For Services that access or link to any other account you may have (e.g., email or social media accounts), you must deactivate the links between your CircleBack account and your other accounts to stop using our Services. Please note that we may retain certain information associated with your account in our archives prior to you unsubscribing. To help ensure data quality and accuracy, business professionals whose business contact information may be listed in the Business Contact Database may access their own business information upon request.
You can prevent collection of Personal Information from third-party email and social networking services (such as Facebook, Twitter, Google, or Microsoft) by not linking your email or social networking accounts with your CircleBack account.
In addition to the choices outlined above, you may adjust any settings and permissions on your device(s), browser(s), and social networking and email accounts. Please refer to information from your device manufacturer and other services providers to determine how to make these changes.
How We Retain Information
We keep your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy and our Terms of Use. We may retain your Personal Information for a longer period for legal and accounting purposes and where required by law. Unless otherwise required under applicable law, we retain your Business Contacts in our Business Contact Database for as long as that information is useful.
How We Protect Information
We maintain commercially reasonable security measures to protect the security of your information against unauthorized access and disclosure both online and offline. These measures include the implementation of reasonable technical, physical and administrative data security safeguards that are consistent with our business operations and industry standards. For example, we use secure socket layer (“SSL”) or other encryption technology when transmitting your Personal Information between your system and ours.
We also employ firewalls and intrusion detection systems to help prevent unauthorized persons from gaining access to your information. Access to Personal Information is restricted so that only certain of our employees are granted access to information as appropriate to perform specific jobs and tasks. Some information is also stored in an encrypted form within our own databases. We use appropriate security measures to store payment card information.
While we take reasonable precautions against possible security breaches of our systems, no applications, website or Internet transmission is completely secure, and we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your Personal Information safe (including your username and password), and to log out of your account after each use.
Regarding Children
Our Services are not intended for or directed to children. Children under 18 are not eligible to use our Services. By using the Services, you represent that you are at least 18 years old and understand that you must be at least 18 years old in order to create an account and purchase the Services advertised through our websites and applications. We do not knowingly collect or maintain Personal Information from children under the age of 13. If we learn that we have inadvertently gathered Personal Information from children younger than the age of 13, we will take reasonable measures to delete or destroy such information from our records.
International Users and Onward Transfer
If you are a user, member or visitor who resides outside the United States, you understand that your Personal Information may be transferred to and processed in countries (including the United States) where laws regarding processing of Personal Information may be different than the laws in your country. We may store, process and/or transfer Personal Information to countries outside of the country or region of origin, including outside the EU and EEA, and especially to servers in the United States. By using our Services, or providing us with any information, you fully understand and unambiguously consent to this onward transfer, processing, and storage of your information in the United States for our legitimate business purposes as outlined in this Privacy Policy. If you do not agree to our transfer, processing, and storage of your information in the United States, you should not use our Services, or provide us with any information.
Compliance
The CircleBack Leads database profiles decision makers and key influencers that are based in the United States. The use of the contact information for business purposes is subject to local and federal privacy restrictions, and as a data controller CircleBack is compliant with all such regulations, most prominently CAN-SPAM, which addresses electronic mail standards and opt-out clauses. That compliance does not extend to our clients whether a direct user, channel partner, or distribution partner using CB APIs, and the onus is on them to ensure they follow any and all applicable privacy standards.
Contact Us
If you have questions or concerns regarding this Privacy Policy, you should contact us through the CircleBack Privacy Contact Form.
Circleback has appointed a lead for data protection (data protection officer) for you to contact should you have any questions regarding our use of personal data: support@circleback.com
If you have general questions or comments, or would like to learn more about us, please contact us at https://circleback.com, or at our mailing address:
CircleBack, Inc.
4040 Fairfax Drive, Suite 700A
Arlington, VA 22203
Your California Privacy Rights
California Shine the Light
California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us through the CircleBack Privacy Contact Form. Please allow 30 days for us to respond to any such request.
California “Do Not Track” Rights
We do not collect Personal Information about a consumer’s online activities over time and across third-party websites or online services as a Third-Party Ad Server. Therefore, “do not track” signals transmitted from web browsers do not apply to the Sites, and we do not alter any of our data collection and use practices upon receipt of such a signal. Where a user or web browser transmits a “do not track” signal, third parties that place cookies and collect information on the Sites will be able to see that such a signal has been transmitted.
California Consumer Privacy Act
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
Summary of Personal Information Collected, Disclosed & Sold
Category of PI collected | Category of Sources | Business Purpose for Collection | Categories of Third Parties with which PI Disclosed for Business Purpose | Is the PI Sold to a Third Party for a Commercial Purpose? | Categories of Third Parties to whom the PI is sold for Commercial Purpose |
Identifiers (such as name, address, email address, social network info) | You Your use of our Services/ automatically collected from you Affiliates Agents/ Service Providers Third Parties Publicly Available Sources | Providing you with access to or use of the Services or any functionality thereof Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service Communicating with you Managing the Services and our business Marketing and advertising | Affiliates Agents/ Service Providers Third Parties CRM Providers Advertising Partners | Yes | Business Clients |
Commercial Information (such as transaction data) | Your use of our Services/ automatically collected from you Affiliates Agents/Service Providers | Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service | Affiliates Agents/ Service Providers | No | N/A |
Financial Data (such as credit card information) | Your use of our Services/ automatically collected from you Affiliates Agents/Service Providers | Charge your credit card if you have opted into certain premium Services | Affiliates Agents/ Service Providers | No | N/A |
Internet or other network or device activity (such as IP address, screen usage data) | Your use of our Services/ automatically collected from you Affiliates Agents/Service Providers Third Parties | Providing you with access to or use of the Services or any functionality thereof Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service Communicating with you Managing the Services and our business Marketing and advertising | Affiliates Agents/ Service Providers Third Parties CRM Providers Advertising Partners | No | N/A |
Communication Information (such as the number, recency, frequency that you communicated with your contacts) | Your use of our Services/ automatically collected from you Affiliates Agents/Service Providers | Providing you with access to or use of the Services or any functionality thereof Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users | Affiliates Agents/ Service Providers Third Parties CRM Providers | No | N/A |
Professional or Employment Information (such as your employer and job title) | Your use of our Services/ automatically collected from you Affiliates Agents/Service Providers Third Parties Publicly Available Sources | Providing you with access to or use of the Services or any functionality thereof Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service Communicating with you Managing the Services and our business Marketing and advertising | Affiliates Agents/ Service Providers Third Parties CRM Providers Advertising Partners | Yes | Business Clients |
Categories of Personal Information Collected: See the “Information We Collect” section above regarding the personal information we collect. Also see the chart above for a list of the categories of personal information we have collected during the past 12 months.
Business Purposes: See the “How We Use Your Information” section above regarding our use of your personal information. In addition, we or our service providers may use your personal information for the following business purposes (as defined in the CCPA):
• Our or our service provider’s operational purposes;
• Auditing consumer interactions on our site (e.g., measuring ad impressions);
• Detecting, protecting against, and prosecuting security incidents and malicious, fraudulent or illegal activity;
• Bug detection and error reporting;
• Providing the Services (e.g., account servicing and maintenance, order processing and fulfillment, customer service, advertising and marketing, analytics, and communication about the Services);
• Improving our existing Services and developing new services (e.g., by conducting research to develop new products or features) ;
• Other uses that advance our commercial or economic interests, such as third party advertising and communicating with you about relevant offers from third party partners;
• Other uses about which we notify you.
See the “When We Share Your Information” section above regarding when we may share or disclose your personal information. In addition, see the chart above for a list of the categories of personal information we have disclosed in furtherance of a business purpose during the past 12 months.
Third Party Sale of Personal Information: We may sell your personal information to third parties (as those terms are defined in the CCPA). See the chart above for a list of the categories of personal information we have sold to a third party during the past 12 months. You have the right to “opt out” of having your personal information sold to a third party by clicking the “Do Not Sell My Personal Information” link or contacting us through the CircleBack Privacy Contact Form.
Other Uses: Please note that we do use third-party cookies for our advertising purposes as set forth in the “How We Use Cookies and Other Technologies” section above. We may also use the above categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.
CCPA Rights
If you are a California resident, you may have certain rights. California law may permit you to request that we:
• Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
• Provide access to and/or a copy of certain information we hold about you.
• Delete certain information we have about you.
You have the right to “opt out” of having your personal information sold to a third party by clicking the “Do Not Sell My Personal Information” link on our homepage or contacting us through the CircleBack Privacy Contact Form. You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you. If you ask us to delete it, you may no longer be able to access or use the Services.
If would like to exercise any of your California consumer rights, please submit a request to support@circleback.com or contact us through the CircleBack Privacy Contact Form. You will be required to verify your identify before we fulfill your request. To do so, you may need to provide us with certain information, such as your full name and email address. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization for the agent to act on your behalf. You will still need to verify your identity directly with us.
CPRA Rights
In addition to the CCPA Rights listed above, the CPRA grants California residents with the “Right to Correct” and the “Right to Limit Use.” CircleBack does not gather, store, share, or sell Sensitive Personal Information.
If you would like to exercise your Right to Correct or your Right to Limit Use, please submit a request to support@circleback.com or contact us through the CircleBack Privacy Contact Form. You will be required to verify your identify before we fulfill your request. To do so, you may need to provide us with certain information, such as your full name and email address. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization for the agent to act on your behalf. You will still need to verify your identity directly with us.
The EU General Data Protection Regulation (GDPR)
In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) went into effect. The GDPR requires CircleBack to provide more information about the processing of personal data.
CircleBack as Data Controller
CircleBack, Inc., a Delaware corporation whose registered office is at 4040 Fairfax Drive, Suite 700A, Arlington, VA 22203 is the controller and responsible for the Services.
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the following details:
Full name of legal entity: CircleBack, Inc.
Name of DPO: Gary Holtz
Email address: support@circleback.com
Postal address: 4040 Fairfax Drive, Suite 700A, Arlington, VA 22203
Legal grounds for processing your personal data
The GDPR requires us to tell you about the legal ground we’re relying on to process any personal data about you. The legal grounds for us processing your personal data for the purposes set out in the “How We Use Your Information” section above will typically be because:
• you provided your consent;
• it is necessary for our contractual relationship;
• the processing is necessary for us to comply with our legal or regulatory obligations; and/or
• the processing is in our legitimate interest (for example, to protect the security and integrity of our systems and to provide you with customer service, etc.).
When we rely on your consent as a legal basis for processing your personal data (including to disclosing your personal data to third parties), you have the right to withdraw such consent at any time by contacting us at support@circleback.com.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data. Please contact us at support@circleback.com if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of Personal Data | Purpose | Lawful basis for processing including basis of legitimate interest |
Identifiers (such as name, address, email address, social network info) | Providing you with access to or use of the Services or any functionality thereof
Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service Communicating with you Managing the Services and our business Marketing and advertising Selling data to third parties for commercial purpose |
Performance of contract
Necessary to comply with a legal obligation Necessary for our legitimate interests Consent (inc marketing activities, profile creation and sale to third parties) |
Commercial Information (such as transaction data) | Analyzing your use of the Services or any functionality thereof
Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service |
Performance of contract
Necessary to comply with a legal obligation Necessary for our legitimate interests |
Financial Data (such as credit card information) | Charge your credit card if you have opted into certain premium Services | Performance of contract
Necessary to comply with a legal obligation Necessary for our legitimate interests |
Internet or other network or device activity (such as IP address, screen usage data) | Providing you with access to or use of the Services or any functionality thereof
Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service Communicating with you Managing the Services and our business Marketing and advertising |
Performance of contract
Necessary to comply with a legal obligation Necessary for our legitimate interests Consent (inc acceptance of our cookie policy) |
Communication Information (such as the number, recency, frequency that you communicated with your contacts) | Providing you with access to or use of the Services or any functionality thereof
Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users |
Performance of contract
Necessary to comply with a legal obligation Necessary for our legitimate interests Consent (inc acceptance of our cookie policy) |
Professional or Employment Information (such as your employer and job title) | Providing you with access to or use of the Services or any functionality thereof
Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service Communicating with you Managing the Services and our business Marketing and advertising Selling data to third parties for commercial purpose |
Performance of contract
Necessary to comply with a legal obligation Necessary for our legitimate interests Consent (inc marketing activities, profile creation and sale to third parties) |
Education Information (such as university attend, date of graduation and degree) | Providing you with access to or use of the Services or any functionality thereof
Analyzing your use of the Services or any functionality thereof Improving the Services – including populating our Business Contact Database and improving the accuracy of our OCR processing and individual Personal Address Books Better understanding our users Protecting against, identifying or address wrongdoing or enforcing our terms of service Communicating with you Managing the Services and our business Marketing and advertising Selling data to third parties for commercial purpose |
Performance of contract
Necessary to comply with a legal obligation Necessary for our legitimate interests Consent (inc marketing activities, profile creation and sale to third parties) |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at support@circleback.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data with the following entities for the purposes set out in the table above (i) internal third parties – CircleBack affiliates acting as joint controllers or processors and who are based in the EU and US and provide IT and system administration services and undertake leadership reporting and (ii) external third party service providers – service providers acting as processors based in the EU and US who provide IT and system administration services, including without limitation, (i) payment processors such as Stripe, (ii) marketing analytics providers such as Mailgun and MailChimp and (iii) user experience analytics providers such as Customer.io
In addition, we may disclose your personal data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Where indicated above and upon receipt of your consent, we may also sell your personal data for commercial purposes to third parties who are business clients of CircleBack. These third parties may use your personal data for their internal business purposes or to further re-sell the data. For a list of the specific third parties that we have sold your personal data to, please contact us at support@circleback.com. You may withdraw your consent at any time by contacting us at support@circleback.com.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions
International transfers
When we share your personal data with third parties, it may involve transferring your data outside the European Economic Area (EEA). Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy.
Whenever we transfer your personal data to third parties based outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us at support@circleback.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, unless you consent otherwise, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
See the “How We Retain Information” section above. You can ask us to delete your data: see Request erasure below for further information. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at support@circleback.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Privacy Policy Updated: July 26, 2022