How we share your information We may share your information with our business units, affiliates, subsidiaries, business partners, service providers and/or your representatives, in order to provide or improve our Services to you. We do not share information with third parties so that they can independently market their own products or services to you unless we have explicitly given you the option to opt-in such disclosures. We will never sell your Personal Information to any third party.
Your Rights Regarding Your Personal Information We provide you with the opportunity to be informed of whether we are processing your information and to access, correct, update, oppose, delete, block, limit or object, upon request and free of charge, to our use of your Personal Information to the extent required by applicable law.
Retention of your information We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. We keep your account data until you use your account settings or tools to delete the data or your account because we use this data to provide you Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Your Information and How We Share Your Information sections.
Security of your information We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to protect the confidentiality, integrity and availability of your data. This includes using Transport Layer Security ("TLS") to encrypt data transmission and Advanced Encryption Standard ("AES") to encrypt data storage. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact Customer Support or our Security team.
We rely on multiple legal bases to lawfully transfer personal data around the world which could include EU approved Standard Contractual Clauses (SCC), Privacy Shield, or other similar laws, clauses, or certifications. PrestoSuite} complies with the GDPR principles regarding the collection, use, sharing, and retention of personal information as described in our Policies https://policy.PrestoSuite.com or Privacy Shield certifications (which company may seek once a successor to the now invalidated EU-US Privacy Shield is introduced)
Third Party Tracking Technologies
If you have questions, suggestions, or concerns about this policy, or about our use of your information, including filing a complaint, please contact our Data Protection Officer or Privacy Officer at support@PrestoSuite.com.
INFORMATION WE COLLECT ABOUT YOU
When you use our Services, we collect the following types of information.
INFORMATION YOU PROVIDE US ("PERSONAL INFORMATION")
ACCOUNT INFORMATION. Some information is required to create an account on Services, such as your
• email address,
• company, and company details,
• phone number,
• any survey questions on use of Services
ADDITIONAL INFORMATION. To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information, such as
• a profile photo,
• mailing address,
• country information,
• date of birth,
• additional contact phone numbers such as your mobile telephone number,
• community or social media username, and
• messages on discussion boards or to your social contacts on the Services.
You may also connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, accessing social networking accounts or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for adding contacts as friends.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, email address, contact information, and message.
INFORMATION FROM THIRD-PARTY SERVICES. If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Facebook or Google, we may receive information like your name, profile picture, age range, language, email address and friend list. You may also choose to grant us access to your personal information such as activity data or health data from other services. You can stop sharing the information from the other services with us by removing our access to each other service.
PAYMENT AND CARD INFORMATION. Some PrestoSuite Services support payments and transactions with third parties. If you activate this feature, you must provide certain information for identification and verification, such as your name, billing address, credit, debit or other card number, card expiration date and CVV code. This information is used solely to check your financial qualifications and collect payment from you. We do store your payment information. We use third-party service provider(s) or gateway(s) for payment card processing using your stored payment information. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.
INFORMATION WE RECEIVE FROM YOUR USE OF OUR SERVICES
USAGE AND DEVICE INFORMATION. When you use our Services, we receive certain usage data ("Usage and Device Information"). This includes information about your interaction with the Services, for example, when you view or search content, install or open applications or software, create or log into your account, import data into your account, or integrate a third-party service to your account. We may also collect data about the devices and computers model and version, device identifier, and OS version you use to access our Services, including IP addresses, browser type, language, operating system, or mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
We use Customer Data in an anonymized manner for machine learning that supports certain product features and functionality within the Services.
When you use the Service, we automatically collect log files. These log files contain information about a Users’ IT system, a User’s IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses.We use this information to ensure the optimal operation of the Services and for security purposes. We may link log files to Personal Data such as name, email address, address, and phone number for these purposes. We are required under PCI DSS 3.2.1 to retain these records for security reasons for 1 year which may be available to immediate analysis and processing by a third party even if the information collected is not related to an online payment transaction. After the 1 year retention period these log files records will be purged within 60 days.
HEALTH AND OTHER SPECIAL CATEGORIES OF PERSONAL DATA. To the extent that information we collect directly from you is health data or another special category of sensitive personal data subject to the European Union’s General Data Protection Regulation ("GDPR"), we ask for your explicit consent to process such sensitive personal data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you activate the activity tracking features in any Mobile Apps or grant us access to your health or activity data from another service. You can use your account settings or contact us to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, requesting deletion your data or closing your account.
HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes.
PROVIDE AND MAINTAIN THE SERVICES
We use the information we collect to deliver the Services to you and honor our Terms of Service for each Service or business contract with you. For example,
• to administer, operate, maintain and secure our Services;
• to monitor and analyze trends, usage and activities in connection with our Services;
• for accounting, record-keeping, backup and administrative purposes;
• to customize and improve the content of our communications, websites and social media accounts;
• to provide customer service and support;
• to communicate with you, including responding to your comments, questions and requests regarding our Services;
• to process and complete transactions, and send you related information, including alerts and notifications about your service, purchase confirmations and invoices; and
• to educate and train our workforce in data protection and customer support.
For the Services’ social features, we may use your information to help you find and connect with other users and to allow other users to find and connect with you. For example, your account contact information allows other users to add you as a friend. When another user has your email or mobile phone number in their contact list or in their friend network on a connected service, we may show that user that you are a user of the Services.
IMPROVE, PERSONALIZE, AND DEVELOP THE SERVICES
We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys and develop new features and Services.
COMMUNICATE WITH YOU
We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the "Unsubscribe" link in an email.
PROMOTE SAFETY AND SECURITY
We use the information we collect to promote the safety and security of the Services, our users and other parties. For example, we may use the information
• to authenticate users;
• to facilitate secure payments;
• to respond to a legal request or claim, conduct audits, and enforce our terms and policies;
• to investigate and protect against fraud, malicious or unauthorized access, and other illegal activities; and
• to demonstrate and verify compliance with our internal policies and procedures, and applicable privacy and data security laws and regulations, such as Health Insurance Portability and Accountability Act (HIPAA), California's Confidentiality of Medical Information Act (CMIA), and General Data Protection Regulation (GDPR), and Payment Card Industry Data Security Standard (PCI DSS).
USE AND DISCLOSURE OF DE-IDENTIFIED INFORMATION
"De-identified" means that we have removed, or rendered unreadable through complex computational algorithms, your personally-identifiable information, such as your name, address, or birthdate. We may use de-identified information that we have obtained from our Services for various purposes, including for example:
• In accordance with regulatory requirements, we may de-identify, store and use your information for internal quality control, validation and research and development. This is important for PrestoSuite to maintain high quality Services. We may use de-identified information as permitted by law.
For personal data subject to the GDPR, we rely on several legal bases to process the data. These include when you have given your consent, which you may withdraw at any time using your account settings and/or other tools or methods; when the processing is necessary to perform a contract with you, like the Terms of Service; and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
USE OF SERVICES BY OUR CUSTOMERS
HOW WE SHARE YOUR INFORMATION
We do not share your personal information except in the limited circumstances described below.
WHEN YOU AGREE OR DIRECT US TO SHARE
You may direct us to disclose your information to others, such as when you use our social features in any Mobile Apps. For certain information, you may change your privacy preferences in account settings and use other provided tools to control how your information is visible to other users of the Services.
You may also authorize us to share your information with others, for example, with a third-party application when you give it access to your account, or with your employer company or other organizations and provide consent to each organization. Remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party applications or employee wellness programs using your account settings.
FOR EXTERNAL PROCESSING
We transfer information to our corporate affiliates, service providers and other partners who process it for us, based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research and surveys.
FOR LEGAL REASONS OR TO PREVENT HARM
We may preserve or disclose information about you to comply with a law, regulation, legal process or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect or investigate illegal activity, fraud, abuse, violations of our terms or threats to the security of the Services or the physical safety of any person. Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person. We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us or as part of the community benchmarking information we provide to users of our services. If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice for the transferring of any personal information to a new entity.
YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION
You can access and control your personal information via account settings and/or our tools we provide to you, regardless of where you live. If you live in the European Economic Area, United Kingdom and Switzerland (the “Designated Countries”), you have a number of legal rights with respect to your information, as outlined below.
Accessing and Exporting Data. By logging into your account, you can access much of your personal information. Using your account settings or by contacting us, you can also request a download information in a commonly used file format, including data about your activities, body, foods and sleep.
Editing and Deleting Data. Your account settings and certain platform APIs let you change and delete your personal information and/or account data. For instance, you can edit or delete the profile data you provide and delete your account if you wish.
If you choose to delete your account, please note that while most of your information will be deleted within 14 days, it may take up to 90 days to delete all of your information, such as the data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How We Share Your Information section.
Objecting to Data Use. You can control usage of your data via account settings or other application APIs or tools. For example, you can
• limit how your information is visible to other users of the Services;
• limit the notifications you receive from us; and
• revoke the access of third-party applications that you previously connected to your account.
Restricting or Limiting Data Use. In addition to the various controls that we offer, if you reside in a Designated Country, you can seek to restrict our processing of your data in certain circumstances. Please note that you can always delete your account at any time.
Further Assistance. If you need further assistance regarding your rights, please contact our Data Protection Officer at privacy@PrestoSuite.com, and we will consider your request in accordance with applicable laws. If you reside in a Designated Country and you are not satisfied with our response, you will have a prompt, no-cost way of asserting your claim by contacting our chosen independent dispute resolution body JAMS. If you reside in a Designated Country, you may have the right, under certain conditions, to invoke binding arbitration, and, alternatively, you also have a right to lodge a complaint with your local data protection authority or with the Irish Data Protection Commissioner, our lead supervisory authority.
PRODUCT SPECIFIC PRIVACY DISCLOSURES
i. Third Parties
We may provide links within our sites and services to the sites or services of third parties. We are not responsible for the collection, use, monitoring, storage or sharing of any Personal Data by such third parties, and we encourage you to review those third parties' privacy notices and ask them questions about their privacy practices as they relate to you.
If you choose to use the shared inbox feature of our Conversations functionality you understand that any User may have access to or visibility into the contents of this inbox.
iii. Data Practices and Service Data
We automatically collect metrics and information about how Users interact with and use the Services. We use this information to develop and improve the Services and the Consulting Services, and to inform our sales and marketing strategies. We may share or publish this service data with third parties in an aggregate and anonymous manner, but we will not include any Customer Data or identify Users.
If you access the Services via any mobile applications, we may also collect your device model and version, device identifier, and OS version. We may send you push notifications from time to time in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
We use Customer Data in an anonymized manner for machine learning that supports certain product features and functionality within the Services.
When you use the Services, we automatically collect log files. These log files contain information about a Users’ IT system, a User’s IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. We use this information to ensure the optimal operation of the Services and for security purposes. We may link log files to Personal Data such as name, email address, address, and phone number for these purposes.
You can log in to our site using a Single Sign-on (SSO) service like your Google account. This service will authenticate your identity and provide you the option to share certain Personal Data with us such as your name.
iv. Enrichment Data
When you add data records to the System, we populate certain fields with company level Enrichment Data. You’ll recognize Enrichment Data in the System because it is flagged with a gray information icon (or highlighted in some other way), which on hover, identifies the property as being filled from system’s Insights database. These properties may include information such as company name, company location, and company address. This data is obtained from public and third party sources. We do not use Customer Data to populate Enrichment Data.
iiv. Integrations with the PrestoSuite Platform
You may choose to connect any number of applications or integrations, including our partner applications, with your PrestoSuite account. Your use of these integrations is subject to the privacy terms made available by that integrator. For more information on our partners, please see the application directory of PrestoSuite in the logged in section of the website. For any custom integrations added via API please see the website and policies of the API provider for more information.
iiiv. Email Template Tools
In addition to the Inbox Integration described above, if you opt to use our template building tools, the Services will scan the content of your sent emails to identify possible templates for use by Users of your PrestoSuite account.
x. Call Transcription
The ‘Call Transcription’ feature allows you to transcribe calls that you record. We use Google Cloud Platform’s Cloud and Amazon Web Services Speech-to-Text API and Google Cloud Storage storage to provide Call Transcription, which requires us to share call data with Google for use, analysis, and storage by Google. In order to use the Call Transcription feature you must consent to Google’s use of your call data via an in-app modal. If you do not consent, we are unable to provide the Call Transcription service to you. You are responsible for compliance with all call recording laws and obtaining any required consents from callers.
ix. Tracking Integrations Ad Network Pixel and Tags
The Services will receive the selected ad network (for all Ad Network) pixel/tag identification as part of connecting you account to that network. The Services will automatically place this pixel/tag on the user’s website pages where PrestoSuite tracking code is present. This pixel/tag sends and tracks information about your website visitors back to the network, enabling conversion tracking and website audience creation.
x. Google User Data
The Services allows for connection of your email account to provide you with full email functionality. PrestoSuite will only access your Google User Data after your have provided PrestoSuite permission to do so with Google. Once permission is granted you will have enabled email management functionality and integration with your contacts in PrestoSuite. PrestoSuite will store your OAuth credentials created when granting PrestoSuite access to your Google account and will not share or store and emails from this API. The Services use, transfer, and processing of all information received from Google fully complies with the Google API Services User Data Policy including the Limited Use requirements.
CALIFORNIA PRIVACY RIGHTS
For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act (“CCPA”).
How We Collect, Use, and Share your Personal Information
We have collected the following statutory categories of Personal Information in the past twelve (12) months:
• Identifiers, such as name, e-mail address, mailing address, phone number. We collect this information directly from you or from third party sources.
• Commercial information, such as subscription records. We collect this information directly from you.
• Internet or network information, such as browsing and search history. We collect this information directly from your device.
• Geolocation data, such as IP address. We collect this information from your device.
• Financial information, such as Payment Information or financial account numbers in the process of providing you with a subscription. We collect this information from you.
• Other personal information, in instances when you interact with us online, by phone or mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests; or in providing the Services.
Your California Rights
You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.
The right of access means that you have the right to request that we disclose what Personal Information we have collected, used and disclosed about you in the past 12 months.
The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
We do not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).
How to Exercise your California Rights
You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information.
Please use the contact details below, if you would like to:
• Access this policy in an alternative format;
• Exercise your rights;
• Learn more about your rights or our privacy practices; or
• Designate an authorized agent to make a request on your behalf.
Email the Data Protection Officer at privacy@PrestoSuite.com