Privacy Notice
Last modified: 05.09.2026
Last modified: 05.09.2026
1. Introduction and scope of this Privacy Notice
1. Introduction and scope of this Privacy Notice
Consvert ("we", "us", "our" or the "Company") is committed to protecting personal data and respects your privacy rights. This Privacy Notice explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, and the rights you have in relation to it when Consvert acts as a Data Controller.
This Privacy Notice applies to you irrespective of your location. Additional provisions in Sections 11-12 apply if you are resident in the EEA, the United Kingdom, or California.
This Notice applies to you if you fall into any of the following categories:
Website visitors - anyone who visits www.consvert.com or any other Company website or social media page;
Inbound prospects - individuals who contact us, request a demo, fill in a form, download content, subscribe to our newsletter, or register for our events or webinars through interactions with our website, social media or advertising;
Outbound prospects - business contacts whom we contact by email or LinkedIn as part of our sales development activity, typically because your professional contact details are publicly available and the outreach is relevant to your professional role;
Customers – business customers and/or individuals acting on behalf of our business customers (who might also have entered into a service agreement with us) -including administrators, billing contacts, and authorized signatories- for the management of our commercial relationship with the customer;
Users of our product (Platform/Service) – people who are registered users of the Platform typically an employee, contractor or authorized user of a business customer ("Customers") that has entered into a service agreement with us;
Suppliers and partners – suppliers and/or or individuals acting on behalf of our suppliers, vendors, advisors or commercial partners;
Scope exclusion - processing as a Processor. When providing our Service to our Customers, personal data that those customers or their end-users submit to the Service ("Customer Data") is processed by us on behalf of the customer, who is the controller of that data. The processing of Customer Data is not governed by this Notice; it is governed by our Data Processing Agreement.
Cookies and similar technologies. How cookies and similar technologies are used on our website, including categories, retention, and how to manage preferences, is explained in our Cookie Notice.
Consvert ("we", "us", "our" or the "Company") is committed to protecting personal data and respects your privacy rights. This Privacy Notice explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, and the rights you have in relation to it when Consvert acts as a Data Controller.
This Privacy Notice applies to you irrespective of your location. Additional provisions in Sections 11-12 apply if you are resident in the EEA, the United Kingdom, or California.
This Notice applies to you if you fall into any of the following categories:
Website visitors - anyone who visits www.consvert.com or any other Company website or social media page;
Inbound prospects - individuals who contact us, request a demo, fill in a form, download content, subscribe to our newsletter, or register for our events or webinars through interactions with our website, social media or advertising;
Outbound prospects - business contacts whom we contact by email or LinkedIn as part of our sales development activity, typically because your professional contact details are publicly available and the outreach is relevant to your professional role;
Customers – business customers and/or individuals acting on behalf of our business customers (who might also have entered into a service agreement with us) -including administrators, billing contacts, and authorized signatories- for the management of our commercial relationship with the customer;
Users of our product (Platform/Service) – people who are registered users of the Platform typically an employee, contractor or authorized user of a business customer ("Customers") that has entered into a service agreement with us;
Suppliers and partners – suppliers and/or or individuals acting on behalf of our suppliers, vendors, advisors or commercial partners;
Scope exclusion - processing as a Processor. When providing our Service to our Customers, personal data that those customers or their end-users submit to the Service ("Customer Data") is processed by us on behalf of the customer, who is the controller of that data. The processing of Customer Data is not governed by this Notice; it is governed by our Data Processing Agreement.
Cookies and similar technologies. How cookies and similar technologies are used on our website, including categories, retention, and how to manage preferences, is explained in our Cookie Notice.
Consvert ("we", "us", "our" or the "Company") is committed to protecting personal data and respects your privacy rights. This Privacy Notice explains what personal data we collect, why we collect it, how we use and share it, how long we keep it, and the rights you have in relation to it when Consvert acts as a Data Controller.
This Privacy Notice applies to you irrespective of your location. Additional provisions in Sections 11-12 apply if you are resident in the EEA, the United Kingdom, or California.
This Notice applies to you if you fall into any of the following categories:
Website visitors - anyone who visits www.consvert.com or any other Company website or social media page;
Inbound prospects - individuals who contact us, request a demo, fill in a form, download content, subscribe to our newsletter, or register for our events or webinars through interactions with our website, social media or advertising;
Outbound prospects - business contacts whom we contact by email or LinkedIn as part of our sales development activity, typically because your professional contact details are publicly available and the outreach is relevant to your professional role;
Customers – business customers and/or individuals acting on behalf of our business customers (who might also have entered into a service agreement with us) -including administrators, billing contacts, and authorized signatories- for the management of our commercial relationship with the customer;
Users of our product (Platform/Service) – people who are registered users of the Platform typically an employee, contractor or authorized user of a business customer ("Customers") that has entered into a service agreement with us;
Suppliers and partners – suppliers and/or or individuals acting on behalf of our suppliers, vendors, advisors or commercial partners;
Scope exclusion - processing as a Processor. When providing our Service to our Customers, personal data that those customers or their end-users submit to the Service ("Customer Data") is processed by us on behalf of the customer, who is the controller of that data. The processing of Customer Data is not governed by this Notice; it is governed by our Data Processing Agreement.
Cookies and similar technologies. How cookies and similar technologies are used on our website, including categories, retention, and how to manage preferences, is explained in our Cookie Notice.
2. Categories of personal data we process, by category of data subject
2. Categories of personal data we process, by category of data subject
We only collect personal data that is necessary for the purposes described in Section 3. What personal data we process depends on who you are and how you interact with us. The tables below describe, for each category of data subject, the categories of personal data we process and the source from which we obtain them.
We only collect personal data that is necessary for the purposes described in Section 3. What personal data we process depends on who you are and how you interact with us. The tables below describe, for each category of data subject, the categories of personal data we process and the source from which we obtain them.
We only collect personal data that is necessary for the purposes described in Section 3. What personal data we process depends on who you are and how you interact with us. The tables below describe, for each category of data subject, the categories of personal data we process and the source from which we obtain them.
2.1 Website visitors
2.1 Website visitors
Category of Data | Examples | Source |
|---|---|---|
| Device/connection data | IP address, browser type and version, device type, operating system, referring URL, screen resolution, language preferences, time-zone, access timestamps. | Directly from your device when you access the website. |
| Usage data | Pages visited, content viewed or downloaded, time spent on each page, click paths, search queries on our site, interactions with forms and videos. | Collected automatically via first- and third-party cookies and similar technologies (see Cookie Notice). |
| Cookie-based identifiers | Cookie IDs, analytics identifiers, advertising identifiers (where you have consented to non-essential cookies). | Collected via cookies subject to your consent (see Cookie Notice). |
2.2 Inbound prospects (forms, demos, downloads, webinars)
2.2 Inbound prospects (forms, demos, downloads, webinars)
Category of Data | Examples | Source |
|---|---|---|
| Identification and contact data | First and last name, business email address, business phone number, employer, job title, country, professional social-media handle. | Directly from you when you submit a form, request a demo, register for an event, or subscribe to content. |
| Enquiry content | Free-text fields or multiple choice fields you complete (your message, your specific request, your use case) on our forms, content you download on our website, social media or advertising. | Directly from your interactions with our website(s), social media or advertising. |
| Interaction data | Whether you opened our marketing emails, clicked links, attended a webinar, returned to the website after our email, your engagement score. | Collected through our marketing automation and analytics tools. |
2.3 Outbound Prospects
2.3 Outbound Prospects
Category of Data | Examples | Source |
|---|---|---|
| Identification and professional contact data | First and last name, business email address, business phone number, employer, job title, seniority, department, business address, country, professional social-media URL (LinkedIn). | Third-party B2B data providers. Publicly accessible professional sources (for example, LinkedIn professional profiles, company websites, industry directories). |
| Firmographic and technographic data | Company size, industry, technologies used, funding stage, buying-signal data, approximate location. | Same third-party data providers listed above and publicly available sources. |
| Interaction data | Whether and when you opened our emails, clicked links in them, replied, visited our website after receiving our email, or engaged with our LinkedIn message. | Collected by us via our outreach and analytics tools. |
Your right to object. You can opt-out at any time by replying to any message with the word "unsubscribe" or "stop", by using any unsubscribe link we include, or by writing to privacy@consvert.com . Once you object, we will cease contacting you and add your contact data to a suppression list so that we do not approach you again.
Your right to object. You can opt-out at any time by replying to any message with the word "unsubscribe" or "stop", by using any unsubscribe link we include, or by writing to privacy@consvert.com . Once you object, we will cease contacting you and add your contact data to a suppression list so that we do not approach you again.
Your right to object. You can opt-out at any time by replying to any message with the word "unsubscribe" or "stop", by using any unsubscribe link we include, or by writing to privacy@consvert.com . Once you object, we will cease contacting you and add your contact data to a suppression list so that we do not approach you again.
2.4 Customer and contacts
Where you act on behalf of a business that has entered into a commercial relationship with us (or is evaluating such a relationship), we process the following:
Where you act on behalf of a business that has entered into a commercial relationship with us (or is evaluating such a relationship), we process the following:
Where you act on behalf of a business that has entered into a commercial relationship with us (or is evaluating such a relationship), we process the following:
Category of Data | Examples | Source |
|---|---|---|
| Company data | Business name, email, business phone, VAT/EIN number | Directly from you. |
| Identification and contact data | Name, business email, business phone, job title, signatory role, business address. | Directly from you, or from your employer (our customer). |
| Contractual and commercial data | Contract details, order information, invoice addressee, purchase orders, correspondence history, support tickets you raise, meeting notes and CRM entries about you in your professional capacity. | Directly from you or generated by us in the course of the relationship. |
| Billing and payment data | Billing contact, VAT/EIN number, payment method reference (full card/account details are not stored by us; see Section 5 on recipients). | Directly from you or from our payment-service provider. |
2.5 Suppliers and partners and contacts
Where you act on behalf of a supplier, vendor, advisor or commercial partner, we process the following:
Where you act on behalf of a supplier, vendor, advisor or commercial partner, we process the following:
Where you act on behalf of a supplier, vendor, advisor or commercial partner, we process the following:
Category of Data | Examples | Source |
|---|---|---|
| Company data | Business name, email, business phone, VAT/EIN number | Directly from you. |
| Identification and contact data | Name, business email, business phone, job title, role in the relationship. | Directly from you or from your employer. |
| Payment data | Payment details including bank account number, routing number, and SWIFT code. | Directly from you. |
| Contractual and due-diligence data | Contract details, correspondence history, due-diligence responses (security questionnaires, compliance documentation), invoice data. | Directly from you or generated by us in the course of the relationship. |
2.6 Users of our Platform/service
Where you are a registered users of the Platform(s) typically an employee, contractor or authorized user of a business customer (the "Customer") that has entered into a service agreement with us, we process the following:
Where you are a registered users of the Platform(s) typically an employee, contractor or authorized user of a business customer (the "Customer") that has entered into a service agreement with us, we process the following:
Where you are a registered users of the Platform(s) typically an employee, contractor or authorized user of a business customer (the "Customer") that has entered into a service agreement with us, we process the following:
Category of Data | Examples | Source |
|---|---|---|
| Account and profile data | First and last name, business email, password hash, profile picture, job title, time-zone, language preference, role / permissions within the workspace. | Directly from you, from your Customer's administrator, or via single-sign-on (SSO) provider where applicable. |
| Authentication and session data | Login timestamps, IP addresses used to access the Service, session identifiers, two-factor authentication status, device fingerprints, authentication failures. | Collected automatically when you access the Platform. |
| Security and audit-log data | Security events, anomalous-activity flags, administrative actions performed in the workspace, access control changes, API-key usage. | Generated automatically by the Platform. |
| Support data | Support tickets you raise, chat transcripts with our support team, feedback surveys. | Directly from you when you contact support. |
| Billing-contact data (where you are the billing or admin contact) | Billing contact name, business email, billing address, purchase-order references. Payment card / bank account details are not stored by us; they are handled directly by our payment service provider. | Directly from you or from the Customer. |
| Integration data | Metadata relating to integrations you connect to your workspace (e.g., Linkedin, CRM), including identifiers, scopes you granted, and metadata needed to operate the integration. | Directly from you when you authorize an integration. |
3. How we use your data
Below is how and why we use your data. If you are an EEA or UK data subject, we use your personal data only where we have a valid legal basis pursuant with GDPR / UK GDPR. The legal basis depends on the purpose. Where a purpose relies on our legitimate interests (Article 6(1)(f)), we have assessed that our interest is not overridden by your rights and freedoms.
Below is how and why we use your data. If you are an EEA or UK data subject, we use your personal data only where we have a valid legal basis pursuant with GDPR / UK GDPR. The legal basis depends on the purpose. Where a purpose relies on our legitimate interests (Article 6(1)(f)), we have assessed that our interest is not overridden by your rights and freedoms.
Below is how and why we use your data. If you are an EEA or UK data subject, we use your personal data only where we have a valid legal basis pursuant with GDPR / UK GDPR. The legal basis depends on the purpose. Where a purpose relies on our legitimate interests (Article 6(1)(f)), we have assessed that our interest is not overridden by your rights and freedoms.
Why | How | If you are a data subject from the EEA or UK - Legal basis (GDPR / UK GDPR) |
|---|---|---|
| Operating and securing our website | Serving our website, preventing fraud, detecting abuse, monitoring performance, maintaining audit logs. | Legitimate interest - Art. 6(1)(f) (security of our services). |
| Analysing website usage | Understanding traffic, measuring campaign performance, improving content via non-essential analytics cookies. | Consent - Art. 6(1)(a) (via cookie banner). |
| Responding to enquiries | Handling your contact-form, demo, or support request and any follow-up correspondence. | Fulfilling a request made by you - Art. 6(1)(b); or legitimate interest - Art. 6(1)(f). |
| Marketing to inbound prospects | Sending you marketing communications after you have expressed interest (form fill, event registration, content download). | “Existing-customer soft opt-in under Article 13(2) of Directive 2002/58/EC where applicable; Legitimate interest - Art. 6(1)(f) for B2B marketing to business contacts; Consent - Art. 6(1)(a) |
| Outbound prospecting | Contacting business professionals by email or LinkedIn with a message relevant to their professional role, and following up where appropriate. | National implementation and Data Protection Authorities interpretation of e-Privacy directive where B2B outbound is allowed; Legitimate interest - Art. 6(1)(f) (promoting our B2B services), subject to your right to object (Art. 21) - see Section 2.3. |
| Managing the customer relationship | Negotiating, executing and performing contracts; providing support; billing; collection; account management; renewals. | Performance of a contract - Art. 6(1)(b). |
| Managing supplier and partner relationships | Onboarding vendors and partners; conducting due diligence; managing procurement; paying invoices. | Performance of a contract - Art. 6(1)(b); compliance with legal obligations - Art. 6(1)(c) (e.g., tax and anti-money-laundering). |
| Complying with legal obligations | Responding to lawful requests from public authorities, meeting tax, accounting, anti-money-laundering and similar statutory duties. | Legal obligation - Art. 6(1)(c). |
| Establishing, exercising or defending legal claims | Litigation, arbitration, regulatory proceedings, dispute resolution. | Legitimate interest - Art. 6(1)(f). |
Automated decision-making. Unless specifically notified to you, we do not make decisions about you based solely on automated processing that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR / UK GDPR.
Automated decision-making. Unless specifically notified to you, we do not make decisions about you based solely on automated processing that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR / UK GDPR.
Automated decision-making. Unless specifically notified to you, we do not make decisions about you based solely on automated processing that produce legal effects concerning you or similarly significantly affect you within the meaning of Article 22 GDPR / UK GDPR.
4. How and Why we use your data when you are a user of the Platform/Service
Below is how and why we use your data when you are a registered user of the Platform, typically an employee, contractor or authorized user of a business customer (the "Customer"), that has entered into a service agreement with us.
Below is how and why we use your data when you are a registered user of the Platform, typically an employee, contractor or authorized user of a business customer (the "Customer"), that has entered into a service agreement with us.
Below is how and why we use your data when you are a registered user of the Platform, typically an employee, contractor or authorized user of a business customer (the "Customer"), that has entered into a service agreement with us.
Why | How | If you are a data subject from the EEA or UK - Legal basis (GDPR / UK GDPR) |
|---|---|---|
| Providing the Platform | Authenticating you, provisioning and managing your account, routing you to your workspace, making the features of the Platform available. | Performance of the contract between us and the Customer (Art. 6(1)(b)). |
| Security of the Platform | Detecting and preventing unauthorised access, account take-over, fraud, abuse, malware, API misuse; maintaining security and audit logs; incident investigation. | Our legitimate interest in securing the Platform (Art. 6(1)(f)) and compliance with our obligations under Art. 32 (Art. 6(1)(c)). |
| Service administration and support | Sending service-related messages; responding to support tickets; diagnosing and repairing bugs; managing outages. | Performance of the contract (Art. 6(1)(b)) and fulfilling a request of help and support from the user. |
| Product improvement and analytics | Understanding aggregate usage of the Platform, identifying popular / unused features, improving the user experience. Analytics related to in-product behaviour use pseudonymised or aggregated data where feasible. | Our legitimate interest in improving the Service (Art. 6(1)(f)). |
| Billing and account management | Invoicing, credit-control, account renewal, managing subscriptions. | Performance of the contract (Art. 6(1)(b)); compliance with tax and accounting obligations (Art. 6(1)(c)). |
| Service-related communications | Sending administrative, technical or security-related messages concerning your account (these are not marketing). | Performance of the contract (Art. 6(1)(b)); legitimate interest (Art. 6(1)(f)). |
| Enforcement and legal claims | Enforcing the terms of service, protecting our rights, investigating violations of our acceptable-use policy, defending legal claims. | Legitimate interest (Art. 6(1)(f)); compliance with legal obligations (Art. 6(1)(c)). |
| Product-related marketing (where separately consented) | Sending you information about new features, tips, best practices, or related products. You can opt out at any time. | Your consent where required (Art. 6(1)(a)); legitimate interest (Art. 6(1)(f)) for business-user marketing where permitted under existing-customer soft opt-in (Article 13(2) of Directive 2002/58/EC). |
5. Who we share your personal data with
We only share your personal data with recipients who have a legitimate need to receive it and who are bound to protect it. The categories of recipients are:
Service providers acting as our processors - cloud infrastructure and hosting providers; outbound and email tool providers; CRM and marketing-automation providers; analytics providers; email and communications providers; customer-support tools; LLMs providers; payment and billing providers; outbound outreach providers; professional advisors (lawyers, auditors, tax advisors). If you are an EEA/UK data subject these processors act under written contracts in line with Article 28 GDPR.
Public authorities - only where we are required by law or a lawful request to disclose personal data, or to protect our legal rights.
Sub-processor list. A current list of our sub-processors (those who process personal data on our behalf in connection with the Service) will be sent to you as an annex to the DPA if you are a Customer and is updated in line with our Data Processing Agreement.
We do not sell your personal data. We do not sell your personal data to third parties in exchange for monetary or other valuable consideration.
We only share your personal data with recipients who have a legitimate need to receive it and who are bound to protect it. The categories of recipients are:
Service providers acting as our processors - cloud infrastructure and hosting providers; outbound and email tool providers; CRM and marketing-automation providers; analytics providers; email and communications providers; customer-support tools; LLMs providers; payment and billing providers; outbound outreach providers; professional advisors (lawyers, auditors, tax advisors). If you are an EEA/UK data subject these processors act under written contracts in line with Article 28 GDPR.
Public authorities - only where we are required by law or a lawful request to disclose personal data, or to protect our legal rights.
Sub-processor list. A current list of our sub-processors (those who process personal data on our behalf in connection with the Service) will be sent to you as an annex to the DPA if you are a Customer and is updated in line with our Data Processing Agreement.
We do not sell your personal data. We do not sell your personal data to third parties in exchange for monetary or other valuable consideration.
We only share your personal data with recipients who have a legitimate need to receive it and who are bound to protect it. The categories of recipients are:
Service providers acting as our processors - cloud infrastructure and hosting providers; outbound and email tool providers; CRM and marketing-automation providers; analytics providers; email and communications providers; customer-support tools; LLMs providers; payment and billing providers; outbound outreach providers; professional advisors (lawyers, auditors, tax advisors). If you are an EEA/UK data subject these processors act under written contracts in line with Article 28 GDPR.
Public authorities - only where we are required by law or a lawful request to disclose personal data, or to protect our legal rights.
Sub-processor list. A current list of our sub-processors (those who process personal data on our behalf in connection with the Service) will be sent to you as an annex to the DPA if you are a Customer and is updated in line with our Data Processing Agreement.
We do not sell your personal data. We do not sell your personal data to third parties in exchange for monetary or other valuable consideration.
6. Customer Content
What is Customer Content. Customer Content is the personal data that the Customer or Users of our Platform/Service upload, input, import, generate, or otherwise make available to the Platform for processing in the course of the Customer's own business. This can include, for example, prospect records the Customer loads into the Platform, email content the Customer sends through the Platform, CRM data, and any personal data about the Customer's own customers or leads.
Who controls Customer Content. The Customer, not us, is responsible for the data that gets uploaded and/or generated and its processing from a data protection compliance point of view. If you are an EEA or UK data subject the Customer determines the purposes and means of processing Customer Content and is therefore the Data Controller. We process Customer Content solely as a Data Processor, on the documented instructions of the Customer, under the Data Processing Agreement between the Customer and us (the "DPA").
What the DPA covers. The DPA sets out, among other things: the subject matter, nature, purpose and duration of the processing, security measures, sub-processor engagement, assistance we provide to the Customer with data-subject requests (Articles 15–22), deletion or return of Customer Content at the end of the service and the mechanisms used for international transfers.
Data subject rights in relation to Customer Content. If you believe we process personal data about you as Customer Content and you wish to exercise a right, please contact the Customer directly. The Customer is the decision-maker for the purposes of responding to your request. If you contact us directly, we will forward your request to the Customer, as required by the DPA; we cannot act on the request independently, because doing so would conflict with our processor obligations.
Independent processing of Customer Content we do not perform. We do not use Customer Content for our own purposes. In particular, we do not: use Customer Content to train our own artificial-intelligence models other than as expressly instructed by the Customer under the DPA; sell Customer Content; or combine Customer Content from multiple Customers for our own business purposes.
What is Customer Content. Customer Content is the personal data that the Customer or Users of our Platform/Service upload, input, import, generate, or otherwise make available to the Platform for processing in the course of the Customer's own business. This can include, for example, prospect records the Customer loads into the Platform, email content the Customer sends through the Platform, CRM data, and any personal data about the Customer's own customers or leads.
Who controls Customer Content. The Customer, not us, is responsible for the data that gets uploaded and/or generated and its processing from a data protection compliance point of view. If you are an EEA or UK data subject the Customer determines the purposes and means of processing Customer Content and is therefore the Data Controller. We process Customer Content solely as a Data Processor, on the documented instructions of the Customer, under the Data Processing Agreement between the Customer and us (the "DPA").
What the DPA covers. The DPA sets out, among other things: the subject matter, nature, purpose and duration of the processing, security measures, sub-processor engagement, assistance we provide to the Customer with data-subject requests (Articles 15–22), deletion or return of Customer Content at the end of the service and the mechanisms used for international transfers.
Data subject rights in relation to Customer Content. If you believe we process personal data about you as Customer Content and you wish to exercise a right, please contact the Customer directly. The Customer is the decision-maker for the purposes of responding to your request. If you contact us directly, we will forward your request to the Customer, as required by the DPA; we cannot act on the request independently, because doing so would conflict with our processor obligations.
Independent processing of Customer Content we do not perform. We do not use Customer Content for our own purposes. In particular, we do not: use Customer Content to train our own artificial-intelligence models other than as expressly instructed by the Customer under the DPA; sell Customer Content; or combine Customer Content from multiple Customers for our own business purposes.
What is Customer Content. Customer Content is the personal data that the Customer or Users of our Platform/Service upload, input, import, generate, or otherwise make available to the Platform for processing in the course of the Customer's own business. This can include, for example, prospect records the Customer loads into the Platform, email content the Customer sends through the Platform, CRM data, and any personal data about the Customer's own customers or leads.
Who controls Customer Content. The Customer, not us, is responsible for the data that gets uploaded and/or generated and its processing from a data protection compliance point of view. If you are an EEA or UK data subject the Customer determines the purposes and means of processing Customer Content and is therefore the Data Controller. We process Customer Content solely as a Data Processor, on the documented instructions of the Customer, under the Data Processing Agreement between the Customer and us (the "DPA").
What the DPA covers. The DPA sets out, among other things: the subject matter, nature, purpose and duration of the processing, security measures, sub-processor engagement, assistance we provide to the Customer with data-subject requests (Articles 15–22), deletion or return of Customer Content at the end of the service and the mechanisms used for international transfers.
Data subject rights in relation to Customer Content. If you believe we process personal data about you as Customer Content and you wish to exercise a right, please contact the Customer directly. The Customer is the decision-maker for the purposes of responding to your request. If you contact us directly, we will forward your request to the Customer, as required by the DPA; we cannot act on the request independently, because doing so would conflict with our processor obligations.
Independent processing of Customer Content we do not perform. We do not use Customer Content for our own purposes. In particular, we do not: use Customer Content to train our own artificial-intelligence models other than as expressly instructed by the Customer under the DPA; sell Customer Content; or combine Customer Content from multiple Customers for our own business purposes.
7. International transfers of personal data
We are established in Italy. Personal data is usually processed within the EEA. In some residual cases, personal data processed under this Notice might be transferred to, or accessed from, countries outside the EEA, the UK and, including the United States and other jurisdictions where our service providers are located.
Safeguards we rely on. If you are an EEA/UK data subject and your personal data may be transferred to a destination country which is not the subject of a European Commission adequacy decision (for EEA transfers) or a UK adequacy regulation (for UK transfers), we implement one or more of the following safeguards under Article 46 GDPR / UK GDPR before the transfer takes place:
EU-U.S. Data Privacy Framework ("DPF") - where the destination is a U.S. organisation that is self-certified under the DPF, we rely on Commission Implementing Decision (EU) 2023/1795.
EU Standard Contractual Clauses ("SCCs") - the SCCs adopted by the European Commission in Implementing Decision (EU) 2021/914, in the module appropriate to the transfer.
UK International Data Transfer Addendum - for transfers subject to the UK GDPR, the UK Addendum to the EU SCCs or the UK International Data Transfer Agreement.
Transfer Impact Assessment. Where we rely on SCCs or the UK Addendum, we have performed a Transfer Impact Assessment in line with EDPB Recommendations 01/2020 (for EEA) and the ICO Transfer Risk Assessment Tool (for the UK).
Obtaining a copy of the safeguards. You may access those safeguards by checking our Data Processing Agreement along with its annexes (which include the SCCs and UK Addendum) and you can request your signed copy by contacting us at privacy@consvert.com
We are established in Italy. Personal data is usually processed within the EEA. In some residual cases, personal data processed under this Notice might be transferred to, or accessed from, countries outside the EEA, the UK and, including the United States and other jurisdictions where our service providers are located.
Safeguards we rely on. If you are an EEA/UK data subject and your personal data may be transferred to a destination country which is not the subject of a European Commission adequacy decision (for EEA transfers) or a UK adequacy regulation (for UK transfers), we implement one or more of the following safeguards under Article 46 GDPR / UK GDPR before the transfer takes place:
EU-U.S. Data Privacy Framework ("DPF") - where the destination is a U.S. organisation that is self-certified under the DPF, we rely on Commission Implementing Decision (EU) 2023/1795.
EU Standard Contractual Clauses ("SCCs") - the SCCs adopted by the European Commission in Implementing Decision (EU) 2021/914, in the module appropriate to the transfer.
UK International Data Transfer Addendum - for transfers subject to the UK GDPR, the UK Addendum to the EU SCCs or the UK International Data Transfer Agreement.
Transfer Impact Assessment. Where we rely on SCCs or the UK Addendum, we have performed a Transfer Impact Assessment in line with EDPB Recommendations 01/2020 (for EEA) and the ICO Transfer Risk Assessment Tool (for the UK).
Obtaining a copy of the safeguards. You may access those safeguards by checking our Data Processing Agreement along with its annexes (which include the SCCs and UK Addendum) and you can request your signed copy by contacting us at privacy@consvert.com
We are established in Italy. Personal data is usually processed within the EEA. In some residual cases, personal data processed under this Notice might be transferred to, or accessed from, countries outside the EEA, the UK and, including the United States and other jurisdictions where our service providers are located.
Safeguards we rely on. If you are an EEA/UK data subject and your personal data may be transferred to a destination country which is not the subject of a European Commission adequacy decision (for EEA transfers) or a UK adequacy regulation (for UK transfers), we implement one or more of the following safeguards under Article 46 GDPR / UK GDPR before the transfer takes place:
EU-U.S. Data Privacy Framework ("DPF") - where the destination is a U.S. organisation that is self-certified under the DPF, we rely on Commission Implementing Decision (EU) 2023/1795.
EU Standard Contractual Clauses ("SCCs") - the SCCs adopted by the European Commission in Implementing Decision (EU) 2021/914, in the module appropriate to the transfer.
UK International Data Transfer Addendum - for transfers subject to the UK GDPR, the UK Addendum to the EU SCCs or the UK International Data Transfer Agreement.
Transfer Impact Assessment. Where we rely on SCCs or the UK Addendum, we have performed a Transfer Impact Assessment in line with EDPB Recommendations 01/2020 (for EEA) and the ICO Transfer Risk Assessment Tool (for the UK).
Obtaining a copy of the safeguards. You may access those safeguards by checking our Data Processing Agreement along with its annexes (which include the SCCs and UK Addendum) and you can request your signed copy by contacting us at privacy@consvert.com
8. How we store and retain your personal data
We retain your personal data only for as long as necessary to fulfil the purposes described in Sections 3 and 4, including meeting legal, accounting and reporting requirements and enabling us to establish, exercise or defend legal claims. We may retain certain data for shorter or longer periods where specifically required or permitted by law.
We use a range of security technologies and procedures to protect your Personal Data against unauthorized access, use, or disclosure. The Personal Data you provide is stored on computer servers in a controlled and secure environment that is safeguarded from unauthorized access, use, or disclosure. All Personal Data is protected through appropriate physical, technical, and organizational measures.
The period for which we keep information collected about you depends on the nature of that information and the way in which we collect and store it. After a reasonable amount of time, we will either delete or anonymize your information or, where that is not possible, securely store it and isolate it from any further use until deletion becomes possible.
We retain the Personal Data you provide to us where we have an ongoing legitimate business need to do so, including where necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where we no longer have an ongoing legitimate business need to process your Personal Data, we will securely delete it or anonymize it or, where that is not possible, securely store your Personal Data and isolate it from any further processing until deletion becomes possible.
If you have chosen to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period from the date you last showed interest in our content, products, or services, such as when you last opened one of our emails or stopped using your account. We retain information obtained through cookies and other tracking technologies for a reasonable period from the date that information was created.
We retain your personal data only for as long as necessary to fulfil the purposes described in Sections 3 and 4, including meeting legal, accounting and reporting requirements and enabling us to establish, exercise or defend legal claims. We may retain certain data for shorter or longer periods where specifically required or permitted by law.
We use a range of security technologies and procedures to protect your Personal Data against unauthorized access, use, or disclosure. The Personal Data you provide is stored on computer servers in a controlled and secure environment that is safeguarded from unauthorized access, use, or disclosure. All Personal Data is protected through appropriate physical, technical, and organizational measures.
The period for which we keep information collected about you depends on the nature of that information and the way in which we collect and store it. After a reasonable amount of time, we will either delete or anonymize your information or, where that is not possible, securely store it and isolate it from any further use until deletion becomes possible.
We retain the Personal Data you provide to us where we have an ongoing legitimate business need to do so, including where necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where we no longer have an ongoing legitimate business need to process your Personal Data, we will securely delete it or anonymize it or, where that is not possible, securely store your Personal Data and isolate it from any further processing until deletion becomes possible.
If you have chosen to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period from the date you last showed interest in our content, products, or services, such as when you last opened one of our emails or stopped using your account. We retain information obtained through cookies and other tracking technologies for a reasonable period from the date that information was created.
We retain your personal data only for as long as necessary to fulfil the purposes described in Sections 3 and 4, including meeting legal, accounting and reporting requirements and enabling us to establish, exercise or defend legal claims. We may retain certain data for shorter or longer periods where specifically required or permitted by law.
We use a range of security technologies and procedures to protect your Personal Data against unauthorized access, use, or disclosure. The Personal Data you provide is stored on computer servers in a controlled and secure environment that is safeguarded from unauthorized access, use, or disclosure. All Personal Data is protected through appropriate physical, technical, and organizational measures.
The period for which we keep information collected about you depends on the nature of that information and the way in which we collect and store it. After a reasonable amount of time, we will either delete or anonymize your information or, where that is not possible, securely store it and isolate it from any further use until deletion becomes possible.
We retain the Personal Data you provide to us where we have an ongoing legitimate business need to do so, including where necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where we no longer have an ongoing legitimate business need to process your Personal Data, we will securely delete it or anonymize it or, where that is not possible, securely store your Personal Data and isolate it from any further processing until deletion becomes possible.
If you have chosen to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period from the date you last showed interest in our content, products, or services, such as when you last opened one of our emails or stopped using your account. We retain information obtained through cookies and other tracking technologies for a reasonable period from the date that information was created.
9. Cookies and Similar Technologies
When you visit our websites, register for an account, attend a virtual event, or request additional information about our service, we automatically collect information through tracking technologies such as cookies and tracking pixels. For further details, including how to opt out, please refer to our Cookie Notice.
We may use cookies and similar technologies, to analyze trends, manage the website, track how visitors move through the websites, and collect demographic information about our user base. Cookie preferences (including any non-essential cookies) are managed through our cookie banner at the point of consent. For more information about how we use cookies on our websites and how you can manage your cookie preferences, please refer to our Cookie Notice.
We work with third-party advertising networks to display advertising on our website and to manage our advertising on other websites. Our advertising network partner uses cookies and web beacons to collect information about your activities on this website and other websites in order to provide targeted advertising based on your interests. If you do not want this information to be used for targeted advertising purposes, you may opt out by using these services: https://optout.networkadvertising.org/ or https://optout.aboutads.info/ or, if you are located in the European Union, by clicking here: http://www.youronlinechoices.eu.
When you visit our websites, register for an account, attend a virtual event, or request additional information about our service, we automatically collect information through tracking technologies such as cookies and tracking pixels. For further details, including how to opt out, please refer to our Cookie Notice.
We may use cookies and similar technologies, to analyze trends, manage the website, track how visitors move through the websites, and collect demographic information about our user base. Cookie preferences (including any non-essential cookies) are managed through our cookie banner at the point of consent. For more information about how we use cookies on our websites and how you can manage your cookie preferences, please refer to our Cookie Notice.
We work with third-party advertising networks to display advertising on our website and to manage our advertising on other websites. Our advertising network partner uses cookies and web beacons to collect information about your activities on this website and other websites in order to provide targeted advertising based on your interests. If you do not want this information to be used for targeted advertising purposes, you may opt out by using these services: https://optout.networkadvertising.org/ or https://optout.aboutads.info/ or, if you are located in the European Union, by clicking here: http://www.youronlinechoices.eu.
When you visit our websites, register for an account, attend a virtual event, or request additional information about our service, we automatically collect information through tracking technologies such as cookies and tracking pixels. For further details, including how to opt out, please refer to our Cookie Notice.
We may use cookies and similar technologies, to analyze trends, manage the website, track how visitors move through the websites, and collect demographic information about our user base. Cookie preferences (including any non-essential cookies) are managed through our cookie banner at the point of consent. For more information about how we use cookies on our websites and how you can manage your cookie preferences, please refer to our Cookie Notice.
We work with third-party advertising networks to display advertising on our website and to manage our advertising on other websites. Our advertising network partner uses cookies and web beacons to collect information about your activities on this website and other websites in order to provide targeted advertising based on your interests. If you do not want this information to be used for targeted advertising purposes, you may opt out by using these services: https://optout.networkadvertising.org/ or https://optout.aboutads.info/ or, if you are located in the European Union, by clicking here: http://www.youronlinechoices.eu.
10. Security measures
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, loss, destruction or alteration, taking into account the state of the art, the cost of implementation, and the nature, scope, context and purposes of the processing.
A summary of our current technical and organisational measures ("TOMs") is annexed to our Data Processing Agreement.
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, loss, destruction or alteration, taking into account the state of the art, the cost of implementation, and the nature, scope, context and purposes of the processing.
A summary of our current technical and organisational measures ("TOMs") is annexed to our Data Processing Agreement.
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, loss, destruction or alteration, taking into account the state of the art, the cost of implementation, and the nature, scope, context and purposes of the processing.
A summary of our current technical and organisational measures ("TOMs") is annexed to our Data Processing Agreement.
11. Your rights
Depending on your location and subject to the conditions and limits set out in applicable law, you may have the following rights in relation to your personal data:
Right of access (Art. 15) - to obtain a copy of the personal data we hold about you and information about how we process it.
Right to rectification (Art. 16) - to have inaccurate or incomplete personal data corrected.
Right to erasure (Art. 17) - to have your personal data deleted in the circumstances set out in the GDPR / UK GDPR.
Right to restriction of processing (Art. 18) - to have our processing restricted in certain circumstances.
Right to data portability (Art. 20) - to receive personal data you provided to us in a structured, commonly used, machine-readable format and to have it transmitted to another controller, where technically feasible and where processing is based on consent or a contract.
Right to object (Art. 21) - you can object to our processing of your Personal Data in certain circumstances;
Right to withdraw consent (Art. 7) - where we process your personal data on the basis of your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Rights in relation to automated decision-making (Art. 22) - where applicable, to obtain human intervention and contest decisions based solely on automated processing that significantly affect you.
How to exercise your rights. You can exercise any of these rights by contacting us at privacy@consvert.com We will respond within one month of receipt of your request (extendable by a further two months for complex requests, in which case we will inform you of the extension). We may ask you for information to verify your identity before we act on your request, to protect your personal data from unauthorised disclosure. We will not charge a fee to respond to your request, unless the request is manifestly unfounded or excessive (in particular, because of its repetitive character), in which case we may charge a reasonable fee or refuse to act on the request, as permitted by Article 12(5) GDPR / UK GDPR.
Right to lodge a complaint. If you are an EEA or UK data subject and are not satisfied with how we have handled your personal data or your request, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement:
EEA: a list of EEA data protection authorities is available on the EDPB website at edpb.europa.eu. You can also complain through our EU Representative.
United Kingdom: the Information Commissioner's Office (ICO), ico.org.uk.
We appreciate the opportunity to address your concerns before you lodge a formal complaint; you are however not required to contact us first.
Depending on your location and subject to the conditions and limits set out in applicable law, you may have the following rights in relation to your personal data:
Right of access (Art. 15) - to obtain a copy of the personal data we hold about you and information about how we process it.
Right to rectification (Art. 16) - to have inaccurate or incomplete personal data corrected.
Right to erasure (Art. 17) - to have your personal data deleted in the circumstances set out in the GDPR / UK GDPR.
Right to restriction of processing (Art. 18) - to have our processing restricted in certain circumstances.
Right to data portability (Art. 20) - to receive personal data you provided to us in a structured, commonly used, machine-readable format and to have it transmitted to another controller, where technically feasible and where processing is based on consent or a contract.
Right to object (Art. 21) - you can object to our processing of your Personal Data in certain circumstances;
Right to withdraw consent (Art. 7) - where we process your personal data on the basis of your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Rights in relation to automated decision-making (Art. 22) - where applicable, to obtain human intervention and contest decisions based solely on automated processing that significantly affect you.
How to exercise your rights. You can exercise any of these rights by contacting us at privacy@consvert.com We will respond within one month of receipt of your request (extendable by a further two months for complex requests, in which case we will inform you of the extension). We may ask you for information to verify your identity before we act on your request, to protect your personal data from unauthorised disclosure. We will not charge a fee to respond to your request, unless the request is manifestly unfounded or excessive (in particular, because of its repetitive character), in which case we may charge a reasonable fee or refuse to act on the request, as permitted by Article 12(5) GDPR / UK GDPR.
Right to lodge a complaint. If you are an EEA or UK data subject and are not satisfied with how we have handled your personal data or your request, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement:
EEA: a list of EEA data protection authorities is available on the EDPB website at edpb.europa.eu. You can also complain through our EU Representative.
United Kingdom: the Information Commissioner's Office (ICO), ico.org.uk.
We appreciate the opportunity to address your concerns before you lodge a formal complaint; you are however not required to contact us first.
Depending on your location and subject to the conditions and limits set out in applicable law, you may have the following rights in relation to your personal data:
Right of access (Art. 15) - to obtain a copy of the personal data we hold about you and information about how we process it.
Right to rectification (Art. 16) - to have inaccurate or incomplete personal data corrected.
Right to erasure (Art. 17) - to have your personal data deleted in the circumstances set out in the GDPR / UK GDPR.
Right to restriction of processing (Art. 18) - to have our processing restricted in certain circumstances.
Right to data portability (Art. 20) - to receive personal data you provided to us in a structured, commonly used, machine-readable format and to have it transmitted to another controller, where technically feasible and where processing is based on consent or a contract.
Right to object (Art. 21) - you can object to our processing of your Personal Data in certain circumstances;
Right to withdraw consent (Art. 7) - where we process your personal data on the basis of your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Rights in relation to automated decision-making (Art. 22) - where applicable, to obtain human intervention and contest decisions based solely on automated processing that significantly affect you.
How to exercise your rights. You can exercise any of these rights by contacting us at privacy@consvert.com We will respond within one month of receipt of your request (extendable by a further two months for complex requests, in which case we will inform you of the extension). We may ask you for information to verify your identity before we act on your request, to protect your personal data from unauthorised disclosure. We will not charge a fee to respond to your request, unless the request is manifestly unfounded or excessive (in particular, because of its repetitive character), in which case we may charge a reasonable fee or refuse to act on the request, as permitted by Article 12(5) GDPR / UK GDPR.
Right to lodge a complaint. If you are an EEA or UK data subject and are not satisfied with how we have handled your personal data or your request, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement:
EEA: a list of EEA data protection authorities is available on the EDPB website at edpb.europa.eu. You can also complain through our EU Representative.
United Kingdom: the Information Commissioner's Office (ICO), ico.org.uk.
We appreciate the opportunity to address your concerns before you lodge a formal complaint; you are however not required to contact us first.
12. Your California Privacy Rights
12.1 Applicability. This section applies only to California persons, if you fall within of one of the aforementioned categories within section 1 and are a California resident as well. For purposes of this section, "Personal Information" has the meaning given in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"). It describes how we collect, use, disclose and share California residents' Personal Information in our role as a "business" under the CCPA, and the rights that apply. This section is in addition to, and supplements, the rest of this Privacy Notice.
12.2 Categories of Personal Information we collect. We may collect the following statutory categories of Personal Information:
(i) Identifiers: such as name, email address, mailing address, phone number, account identifiers, IP address and device identifiers. Collected directly from you or from the third-party sources described in Section 2;
(ii) Customer records (Cal. Civ. Code §1798.80(e)): such as name, contact information, employer and job title. Collected directly from you or from your employer.
(iii) Commercial information: such as records of products or services purchased or evaluated, subscription records, and customer-interaction history. Collected directly from you.
(iv) Internet or other electronic network activity information: such as search queries on our site, interactions with our website, emails and our outbound messages. Collected automatically from your device.
(v) Geolocation data: approximate location derived from IP address. Collected from your device.
(vi) Professional or employment-related information: such as job title, company, seniority and department. Collected directly from you or from third-party sources.
(vii) Financial information, such as Payment Information or financial account numbers in the process of providing you with the service you requested. We collect this information from you.
We do not collect biometric information, precise geolocation, or the contents of non-work communications, and we do not process Personal Information about racial or ethnic origin, religious or philosophical beliefs, health, sex life, sexual orientation, trade-union membership or similar special categories.
The business and commercial purposes for which we collect this Personal Information are described in Sections 3 and 4 (How we use your data). The categories of third parties to whom we disclose Personal Information for a business purpose are described in Section 5 (Who we share your personal data with).
12.3 "Sale" and "Sharing" of Personal Information. The CCPA defines "sell" and "share" broadly. "Sale" includes any disclosure of Personal Information to a third party for monetary or other valuable consideration. "Share" is limited to disclosures for cross-context behavioral advertising (advertising based on Personal Information obtained from a consumer's activity across distinctly-branded websites or services).
(i) We do not "sell" your Personal Information within the meaning of the CCPA.
(ii) We "share" certain categories of your Personal Information -specifically, online identifiers (cookie IDs, device identifiers, IP address) and internet activity information- with third-party advertising partners (for example, advertising networks, social-media advertising platforms) for the purpose of serving you advertisements for our services on third-party websites and platforms. A list of these advertising partners is maintained in our Cookie Notice.
We do not knowingly "sell" or "share" the Personal Information of California residents under 16 years of age.
12.4 Your California rights. Subject to the conditions and limits set out in applicable law, you have the following rights regarding the Personal Information we collect or maintain about you. These rights are not absolute; there may be cases where we decline or limit your request as permitted by law.
(i) The right of access: means that you have the right to request that we disclose what Personal Data we have collected and maintained about you in the past 12 months;
(ii) Right to delete: to request that we delete Personal Information collected from you, subject to the exceptions set out in the CCPA;
(iv) Right to correct: to request that we correct inaccurate Personal Information we maintain about you;
(v) The right to limit the use of sensitive personal information: means that you have the right to direct businesses to only use your sensitive personal information for limited purposes. We only collect sensitive personal information (such as your payment information), as defined by applicable laws for the purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you;
(vi) Right of non-discrimination: we will not discriminate against you for exercising any of your California privacy rights, including by denying services, charging different prices or providing a different level or quality of service;
(vii) The right to request information concerning the categories of Personal Data (if any) that we disclose to third parties or affiliates for their direct marketing purposes.
12.5 How to exercise your California rights. How to Exercise Your California Rights. You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Data, we will verify your identity by a method appropriate to the type of request you are making. Depending on your request, we will ask for information such as your name and your email address. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Data. We may deny a request from an agent that does not submit proof that they have been authorized to act on your behalf.
We will respond within the time frame permitted by applicable law. Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law.
Please use the contact details below if you would like to:
(i) Access this Notice in an alternative format;
(ii) Exercise any of your rights described above;
(iii) Learn more about your rights or our privacy practices; or
(iv) Designate an authorized agent to make a request on your behalf.
12.6 Right to opt out of "sale" or "sharing". You can opt out of the sharing of your Personal Information for cross-context behavioral advertising purposes by:
(i) Submitting a request by email to privacy@consvert.com;
(ii) Rejecting advertising and non-essential cookies via our cookie preference center (in our footer, the “cookie” icon): - see our Cookie Notice; and
(iii) Using industry opt-out tools such as www.optout.networkadvertising.org and www.optout.aboutads.info
12.7 Sensitive Personal Information. Under the CCPA, "sensitive Personal Information" includes account log-in credentials in combination with passwords or access codes, precise geolocation, and certain other categories. Our use of sensitive Personal Information is limited to what is reasonably necessary to provide our services and to purposes permitted under CCPA §1798.121(a), and we do not use sensitive Personal Information to infer characteristics about you. We do not disclose sensitive Personal Information to third parties for purposes beyond those permitted by CCPA.
12.8 Children's Personal Information. Our services are directed at business users and are not intended for minors. We do not knowingly "sell" or "share" (as defined by the CCPA) the Personal Information of California residents under 16 years of age. If we become aware that we have collected Personal Information from a California resident under 13 without parental consent, or from a California resident aged 13–15 without their affirmative opt-in, we will delete the information promptly.
12.1 Applicability. This section applies only to California persons, if you fall within of one of the aforementioned categories within section 1 and are a California resident as well. For purposes of this section, "Personal Information" has the meaning given in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"). It describes how we collect, use, disclose and share California residents' Personal Information in our role as a "business" under the CCPA, and the rights that apply. This section is in addition to, and supplements, the rest of this Privacy Notice.
12.2 Categories of Personal Information we collect. We may collect the following statutory categories of Personal Information:
(i) Identifiers: such as name, email address, mailing address, phone number, account identifiers, IP address and device identifiers. Collected directly from you or from the third-party sources described in Section 2;
(ii) Customer records (Cal. Civ. Code §1798.80(e)): such as name, contact information, employer and job title. Collected directly from you or from your employer.
(iii) Commercial information: such as records of products or services purchased or evaluated, subscription records, and customer-interaction history. Collected directly from you.
(iv) Internet or other electronic network activity information: such as search queries on our site, interactions with our website, emails and our outbound messages. Collected automatically from your device.
(v) Geolocation data: approximate location derived from IP address. Collected from your device.
(vi) Professional or employment-related information: such as job title, company, seniority and department. Collected directly from you or from third-party sources.
(vii) Financial information, such as Payment Information or financial account numbers in the process of providing you with the service you requested. We collect this information from you.
We do not collect biometric information, precise geolocation, or the contents of non-work communications, and we do not process Personal Information about racial or ethnic origin, religious or philosophical beliefs, health, sex life, sexual orientation, trade-union membership or similar special categories.
The business and commercial purposes for which we collect this Personal Information are described in Sections 3 and 4 (How we use your data). The categories of third parties to whom we disclose Personal Information for a business purpose are described in Section 5 (Who we share your personal data with).
12.3 "Sale" and "Sharing" of Personal Information. The CCPA defines "sell" and "share" broadly. "Sale" includes any disclosure of Personal Information to a third party for monetary or other valuable consideration. "Share" is limited to disclosures for cross-context behavioral advertising (advertising based on Personal Information obtained from a consumer's activity across distinctly-branded websites or services).
(i) We do not "sell" your Personal Information within the meaning of the CCPA.
(ii) We "share" certain categories of your Personal Information -specifically, online identifiers (cookie IDs, device identifiers, IP address) and internet activity information- with third-party advertising partners (for example, advertising networks, social-media advertising platforms) for the purpose of serving you advertisements for our services on third-party websites and platforms. A list of these advertising partners is maintained in our Cookie Notice.
We do not knowingly "sell" or "share" the Personal Information of California residents under 16 years of age.
12.4 Your California rights. Subject to the conditions and limits set out in applicable law, you have the following rights regarding the Personal Information we collect or maintain about you. These rights are not absolute; there may be cases where we decline or limit your request as permitted by law.
(i) The right of access: means that you have the right to request that we disclose what Personal Data we have collected and maintained about you in the past 12 months;
(ii) Right to delete: to request that we delete Personal Information collected from you, subject to the exceptions set out in the CCPA;
(iv) Right to correct: to request that we correct inaccurate Personal Information we maintain about you;
(v) The right to limit the use of sensitive personal information: means that you have the right to direct businesses to only use your sensitive personal information for limited purposes. We only collect sensitive personal information (such as your payment information), as defined by applicable laws for the purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you;
(vi) Right of non-discrimination: we will not discriminate against you for exercising any of your California privacy rights, including by denying services, charging different prices or providing a different level or quality of service;
(vii) The right to request information concerning the categories of Personal Data (if any) that we disclose to third parties or affiliates for their direct marketing purposes.
12.5 How to exercise your California rights. How to Exercise Your California Rights. You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Data, we will verify your identity by a method appropriate to the type of request you are making. Depending on your request, we will ask for information such as your name and your email address. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Data. We may deny a request from an agent that does not submit proof that they have been authorized to act on your behalf.
We will respond within the time frame permitted by applicable law. Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law.
Please use the contact details below if you would like to:
(i) Access this Notice in an alternative format;
(ii) Exercise any of your rights described above;
(iii) Learn more about your rights or our privacy practices; or
(iv) Designate an authorized agent to make a request on your behalf.
12.6 Right to opt out of "sale" or "sharing". You can opt out of the sharing of your Personal Information for cross-context behavioral advertising purposes by:
(i) Submitting a request by email to privacy@consvert.com;
(ii) Rejecting advertising and non-essential cookies via our cookie preference center (in our footer, the “cookie” icon): - see our Cookie Notice; and
(iii) Using industry opt-out tools such as www.optout.networkadvertising.org and www.optout.aboutads.info
12.7 Sensitive Personal Information. Under the CCPA, "sensitive Personal Information" includes account log-in credentials in combination with passwords or access codes, precise geolocation, and certain other categories. Our use of sensitive Personal Information is limited to what is reasonably necessary to provide our services and to purposes permitted under CCPA §1798.121(a), and we do not use sensitive Personal Information to infer characteristics about you. We do not disclose sensitive Personal Information to third parties for purposes beyond those permitted by CCPA.
12.8 Children's Personal Information. Our services are directed at business users and are not intended for minors. We do not knowingly "sell" or "share" (as defined by the CCPA) the Personal Information of California residents under 16 years of age. If we become aware that we have collected Personal Information from a California resident under 13 without parental consent, or from a California resident aged 13–15 without their affirmative opt-in, we will delete the information promptly.
12.1 Applicability. This section applies only to California persons, if you fall within of one of the aforementioned categories within section 1 and are a California resident as well. For purposes of this section, "Personal Information" has the meaning given in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"). It describes how we collect, use, disclose and share California residents' Personal Information in our role as a "business" under the CCPA, and the rights that apply. This section is in addition to, and supplements, the rest of this Privacy Notice.
12.2 Categories of Personal Information we collect. We may collect the following statutory categories of Personal Information:
(i) Identifiers: such as name, email address, mailing address, phone number, account identifiers, IP address and device identifiers. Collected directly from you or from the third-party sources described in Section 2;
(ii) Customer records (Cal. Civ. Code §1798.80(e)): such as name, contact information, employer and job title. Collected directly from you or from your employer.
(iii) Commercial information: such as records of products or services purchased or evaluated, subscription records, and customer-interaction history. Collected directly from you.
(iv) Internet or other electronic network activity information: such as search queries on our site, interactions with our website, emails and our outbound messages. Collected automatically from your device.
(v) Geolocation data: approximate location derived from IP address. Collected from your device.
(vi) Professional or employment-related information: such as job title, company, seniority and department. Collected directly from you or from third-party sources.
(vii) Financial information, such as Payment Information or financial account numbers in the process of providing you with the service you requested. We collect this information from you.
We do not collect biometric information, precise geolocation, or the contents of non-work communications, and we do not process Personal Information about racial or ethnic origin, religious or philosophical beliefs, health, sex life, sexual orientation, trade-union membership or similar special categories.
The business and commercial purposes for which we collect this Personal Information are described in Sections 3 and 4 (How we use your data). The categories of third parties to whom we disclose Personal Information for a business purpose are described in Section 5 (Who we share your personal data with).
12.3 "Sale" and "Sharing" of Personal Information. The CCPA defines "sell" and "share" broadly. "Sale" includes any disclosure of Personal Information to a third party for monetary or other valuable consideration. "Share" is limited to disclosures for cross-context behavioral advertising (advertising based on Personal Information obtained from a consumer's activity across distinctly-branded websites or services).
(i) We do not "sell" your Personal Information within the meaning of the CCPA.
(ii) We "share" certain categories of your Personal Information -specifically, online identifiers (cookie IDs, device identifiers, IP address) and internet activity information- with third-party advertising partners (for example, advertising networks, social-media advertising platforms) for the purpose of serving you advertisements for our services on third-party websites and platforms. A list of these advertising partners is maintained in our Cookie Notice.
We do not knowingly "sell" or "share" the Personal Information of California residents under 16 years of age.
12.4 Your California rights. Subject to the conditions and limits set out in applicable law, you have the following rights regarding the Personal Information we collect or maintain about you. These rights are not absolute; there may be cases where we decline or limit your request as permitted by law.
(i) The right of access: means that you have the right to request that we disclose what Personal Data we have collected and maintained about you in the past 12 months;
(ii) Right to delete: to request that we delete Personal Information collected from you, subject to the exceptions set out in the CCPA;
(iv) Right to correct: to request that we correct inaccurate Personal Information we maintain about you;
(v) The right to limit the use of sensitive personal information: means that you have the right to direct businesses to only use your sensitive personal information for limited purposes. We only collect sensitive personal information (such as your payment information), as defined by applicable laws for the purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you;
(vi) Right of non-discrimination: we will not discriminate against you for exercising any of your California privacy rights, including by denying services, charging different prices or providing a different level or quality of service;
(vii) The right to request information concerning the categories of Personal Data (if any) that we disclose to third parties or affiliates for their direct marketing purposes.
12.5 How to exercise your California rights. How to Exercise Your California Rights. You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Data, we will verify your identity by a method appropriate to the type of request you are making. Depending on your request, we will ask for information such as your name and your email address. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Data. We may deny a request from an agent that does not submit proof that they have been authorized to act on your behalf.
We will respond within the time frame permitted by applicable law. Please note that we may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law.
Please use the contact details below if you would like to:
(i) Access this Notice in an alternative format;
(ii) Exercise any of your rights described above;
(iii) Learn more about your rights or our privacy practices; or
(iv) Designate an authorized agent to make a request on your behalf.
12.6 Right to opt out of "sale" or "sharing". You can opt out of the sharing of your Personal Information for cross-context behavioral advertising purposes by:
(i) Submitting a request by email to privacy@consvert.com;
(ii) Rejecting advertising and non-essential cookies via our cookie preference center (in our footer, the “cookie” icon): - see our Cookie Notice; and
(iii) Using industry opt-out tools such as www.optout.networkadvertising.org and www.optout.aboutads.info
12.7 Sensitive Personal Information. Under the CCPA, "sensitive Personal Information" includes account log-in credentials in combination with passwords or access codes, precise geolocation, and certain other categories. Our use of sensitive Personal Information is limited to what is reasonably necessary to provide our services and to purposes permitted under CCPA §1798.121(a), and we do not use sensitive Personal Information to infer characteristics about you. We do not disclose sensitive Personal Information to third parties for purposes beyond those permitted by CCPA.
12.8 Children's Personal Information. Our services are directed at business users and are not intended for minors. We do not knowingly "sell" or "share" (as defined by the CCPA) the Personal Information of California residents under 16 years of age. If we become aware that we have collected Personal Information from a California resident under 13 without parental consent, or from a California resident aged 13–15 without their affirmative opt-in, we will delete the information promptly.
13. Children's personal data
Our services are directed at business users and are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we may have inadvertently collected personal data from a child, please contact us at privacy@consvert.com and we will take steps to delete it.
Our services are directed at business users and are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we may have inadvertently collected personal data from a child, please contact us at privacy@consvert.com and we will take steps to delete it.
Our services are directed at business users and are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we may have inadvertently collected personal data from a child, please contact us at privacy@consvert.com and we will take steps to delete it.
14. Changes to this Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our processing activities or legal requirements. Where we make material changes, we will notify you by a prominent Notice on our website, by email where we have your address, or by another reasonable means before the changes take effect. The "Effective date" at the top of the Notice indicates when it was last updated.
We may update this Privacy Notice from time to time to reflect changes in our processing activities or legal requirements. Where we make material changes, we will notify you by a prominent Notice on our website, by email where we have your address, or by another reasonable means before the changes take effect. The "Effective date" at the top of the Notice indicates when it was last updated.
We may update this Privacy Notice from time to time to reflect changes in our processing activities or legal requirements. Where we make material changes, we will notify you by a prominent Notice on our website, by email where we have your address, or by another reasonable means before the changes take effect. The "Effective date" at the top of the Notice indicates when it was last updated.
15. Contact us
If you have any question you may contact us at: privacy@consvert.com
If you have any question you may contact us at: privacy@consvert.com
If you have any question you may contact us at: privacy@consvert.com