EU – U.S. PRIVACY SHIELD AND SWISS – U.S. PRIVACY SHIELD
Uptick participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Uptick is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification visit the U.S. Department of Commerce’s Privacy Shield List.
Uptick is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Uptick complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Uptick is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Uptick may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our Alternative Dispute Resolution third party provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield
Under certain conditions, more fully described on the Privacy Shield website you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
PERSONAL DATA COLLECTION, USE, AND SHARING
We collect information about you and your use of the Website and Service through various means, including when you provide information to us and when we automatically collect information about you when you access, use or interact with the Website and Service.
Generally, such collection is performed to provide you with the Services. In some instances, you may be able to choose what information to provide, but sometimes we require certain information from you to provide you the Website and Service.
We rely on a number of legal bases to collect or otherwise process the Personal Data we receive about you from your use of the Website or Service, including where:
- you have consented to the processing,
- the processing is necessary to perform the contractual obligations in order to provide the Website or Service to you, including those of the Uptick Terms of Service,
- necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims,
- necessary to protect your vital interests or those of others;
- necessary in the public interest,
- necessary for the purposes of our or a third party’s legitimate interests, such as those of visitors, users, or partners, and
- you have expressly made the information public.
Where we process your Personal Data on the basis of consent, we will clearly obtain your opt-in consent. Where given, you may withdraw your consent at any time by contacting us at firstname.lastname@example.org
THIRD PARTY PROVIDERS AND CHILDREN UNDER 13
WE COLLECT THE FOLLOWING TYPES OF INFORMATION
Personal Data You Provide to Us: We receive and store any information you provide to us. For example, we collect various personal information, such as your name, email address, browser information, and other data that can identify you (“Personal Data”). You can choose not to provide us with certain Personal Data, but then you may not be able to register with us or to take advantage of some of our features. We may anonymize your Personal Data so that you cannot be individually identified and provide that information to our partners.
Your customers’ Personal Data: In order to provide you with the Website or Service we may receive and store any information you choose to provide to us with respect to your customers (“Your Customers”). In order to provide the Service to you, however, your information with respect to the Service will consist of any information, including any of Your Customers’ Personal Data, you choose to provide to us. Uptick has audited security controls to keep your customers data safe.
Support Information: You may provide information to us via a support request submitted through the Service. We will use this information only to assist you with your support request and may maintain this information to assist you or other users with support requests. Please do not submit any information to us via a support submission, including confidential or sensitive information that you do not wish us or our Providers to have access to or use in the future.
Form Information: We may use forms to request certain information from you on the Services, such as your contact information to assist with contacts or service requests. This information may include your Personal Data.
E-mail and Other Communications: We may contact you, by email or other means; for example, we may communicate with you about your use of the Website or Service. If you do not want to receive email or other mail from us, please indicate your preference by using the opt-out link contained in the email, or contact us at email@example.com. Please note that we will send you legal notices governing your use of the Website or Service and any other legally required notices for as long as you are a user of the Website or Service, even if you elect not to receive other kinds of communications from us
PERSONAL DATA COLLECTED AUTOMATICALLY
Social Login Data: Certain Services may allow you to log in using social media accounts, such as those available via Facebook, Twitter, and Google. For those Services users that choose social login, we may receive information from your social account which makes it easier for you to create an account or login, such as your email address. We currently also collect first name, last name, and profile photos for all social logins, as well as gender and birthdate from those using Facebook as a social login. We use the information to help you connect and share public content with your friends and followers, to register you for a Services account, and to contact you via our newsletters if you opt-in.
IP Addresses: We automatically collect IP addresses of users of certain Services, such as website visitors, those that log in to the Services, and those who post messages to the communities and forums. We process this information on the basis of our legitimate interests in protecting the Services and providing the Services to you.
Unique Identifiers: When you use or access the Services, we may access, collect, monitor, store on your device, and/or remotely store one or more “Unique Identifiers,” such as a universally unique identifier (“UUID”). A Unique Identifier may remain on your device persistently, to help you log in faster and enhance your navigation through the Services. Some features of the Services may not function properly if use or availability of Unique Identifiers is impaired or disabled.
Analytics Information: We use data analytics to ensure Website and Services functionality and improve the Website and Service. We also use mobile analytics software to allow us to understand the functionality of the Website and Service on your phone. This software may record information such as how often you use the Website and Service, what happens within the Website and Service, aggregated usage, performance data, app errors and debugging information, and where the Website and Service were downloaded from. We do not link the information we store within the analytics software to any personally identifiable information that you submit within the mobile application.
HOW DOES UPTICK USE YOUR PERSONAL DATA
We collect the above-described categories of Personal Data from our users to:
- personalize and improve the Website and Service,
- allow our users to set up a user account and profile,
- contact users, to fulfill users’ requests for the Service,
- respond to your inquiries and fulfill your requests, such as to send you requested materials and newsletters, as well as information and materials regarding our products and services,
- send administrative information to you, for example, information regarding the services and changes to our terms, conditions, and policies,
- provide you with customer service, which may include, pursuant to your specific request, use of Your Customer data in a de-aggregated, identifiable form,
- send you marketing communications, including via email, mobile, and in-application messages in compliance with applicable laws that we believe may interest you,
- to personalize your experience of the Service and our marketing websites by presenting products and offers tailored to you,
- for our business purposes, such as data analysis; audits; fraud monitoring and prevention; developing new products; enhancing, improving or modifying our Website and Service; identifying usage trends; determining the effectiveness of our promotional campaigns and operating and expanding our business activities. Such use may include subscriber data used in testing, but we will mask or replace all confidential or private data before loading to a test environment. Any use of unmasked subscriber data in testing must be appropriately authorized in writing by the customer.
We do not use your data in a de-aggregated or identifiable form, except with your consent to provide you customer service. We do not use data that identifies a customer for marketing or advertising without explicit consent.
HOW DOES UPTICK SHARE YOUR PERSONAL DATA
Third-Party Business Partners: Uptick partners with a variety of businesses and works closely with them to market or sell products or services (“Partners”). We may disclose Personal Data to our Partners for the purposes described above. Some of our Partners may co-sponsor events and other offerings with Uptick. We may share Personal Data you provide to us when you sign up for events or other offerings with these Partners so they can send you marketing communications and information that may interest you, as permitted under applicable law. If required by the applicable law, we will request your permission to share your Personal Data with our Partners. Otherwise, you will be notified, prior to sharing any Personal Data, that the event for which you are signing up is co-sponsored and that our Partner may use the information shared to communicate with you or market to you. At such time, you may elect not to provide your Personal Data to us or to our Partner for such purposes.
Our Partners: None at this time
Blog and Social Media Pages: You may disclose Personal Data through the Uptick Website, on message boards, chat, profile pages, blogs and other services to which you are able to post information and materials (including, without limitation, our Uptick blog and the Uptick’s social media pages). This information may appear publicly, such as through search engines or other publicly available platforms and maybe “crawled” or searched by third parties. Please do not post any information that you do not want to reveal to the public at large.
Testimonials: We post customer testimonials, comments, and reviews on our Website that may contain Personal Data. We obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial.
Legal Reasons: We may share your Personal Data outside of Uptick if reasonably necessary to (i) comply with applicable laws, regulations, legal process or enforceable governmental requests; or (ii) protect against harm to the rights, property, or safety of Uptick, our customers, or the public as permitted by law.
WHERE DOES UPTICK STORE MY PERSONAL INFORMATION?
The United States, European Economic Area (“EEA”) Member States, and other countries all have different laws relating to privacy and data protection. When your information is moved from your home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country in which you live. For example, the circumstances in which law enforcement can access personal information may vary from country to country. In particular, if your information is in the United States, it may be accessed by government authorities in accordance with U.S. law.
Please be advised information Uptick collects about you via the Services may be transferred, processed and/or accessed by us in the United States, or another country where we, or our Providers operate. Please be aware that the privacy laws and standards in certain countries, including the rights of authorities to access your personal information, may differ from those that apply in the country in which you reside. If you are located outside the United States and choose to allow us to collect information about you, please be aware that Uptick may transfer your personal data to the United States and process and store it there. We will transfer personal information only to those countries to which we are permitted by law to transfer personal information, and we will take steps to ensure that your personal information continues to enjoy appropriate protections.
IS THE PERSONAL INFORMATION SECURE?
Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. We endeavor to protect the privacy of your account and other Personal Data we hold in our records, but we cannot guarantee complete security. The transmission of information via the internet is not completely secure. Unauthorized entry or use, hardware or software failure and other factors may compromise the security of user information at any time.
All data hosted by Uptick is encrypted. Uptick uses industry-accepted encryption products to protect data at rest, with 256 bit AES encryption. All data transfers within the data center are secured by TLS with the strongest cipher suits. If the Service is accessed via TLS, then all of the customer data Uptick collects is transmitted over TLS (Data in Transit).
HOW DOES UPTICK USE MY PERSONAL INFORMATION?
We will share your Personal Data and, if applicable, Your Customers’ data in the following circumstances:
Within Uptick: We may share and process information internally within Uptick and with our subsidiaries and affiliates. Uptick’s personnel may have access to your information as needed to provide and operate the Website and Service in the normal course of business. This includes information regarding your use and interaction with the Website and Service.
Affiliated Businesses: Uptick may also provide services or sell products jointly with affiliated businesses, including providing information to such partners to allow them to more effectively market to you. When an affiliated business assists in facilitating your transaction, we may need to share information related to the transaction with that affiliated business in order to facilitate your transaction, and this forms part of the Website and Service we provide in accordance with our Terms of Service. We rely on your consent (which can be withdrawn at any time) to send marketing messages and for third-party sharing relating to advertising.
Providers: We work with various Providers, such as website and data hosting companies and companies providing analytics information, like Google Analytics and other enumerated above. We need to engage such third-party Providers to help us operate, provide, and market the Website and Service. These third parties have only limited access to your information and may use your information only to perform these tasks on our behalf. Information we share to our Providers may include both information you provide to us and information we collect about you, including Personal Data and information from data collection tools like cookies, web beacons, and log files. We take reasonable steps to ensure that our Providers are obligated to reasonably protect your information on our behalf. If we become aware that a Provider is using or disclosing information improperly, we will take commercially reasonable steps to end or correct such improper use or disclosure.
Business Transactions: Uptick may purchase other businesses or their assets, sell our business assets, or be involved in a bankruptcy, merger, acquisition, reorganization or sale of assets (a “Business Transaction”). Your information, including personal data, may be among assets sold or transferred as part of a Business Transaction. In some cases, Uptick may choose to buy or sell assets. Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enable our organization to develop over the long term.
Aggregated Non-Personal Data: We may disclose aggregated, non-personal data received from providing the Website and Service, including information that does not identify any individual, without restriction. Uptick may share demographic information with business partners, but it will be aggregated and de-personalized, so that personal information is not revealed.
HOW CAN I ACCESS, CORRECT, AMEND OR REMOVE INFORMATION ABOUT ME?
If you would like to access, correct, amend, remove or limit the use or disclosure of any of your Personal Data that has been collected and stored by Uptick, please notify us at firstname.lastname@example.org so that we may consider and respond to your request. We will respond to your request within 10 days. Please be aware that because Uptick has limited ability to identify Your Customers’ individually, we will refer any requests from Your Customers to you and support you as needed in responding to Your Customer’s request.
To request removal of your Personal Data from testimonials or comments please contact us at email@example.com.
HOW LONG DOES UPTICK KEEP MY DATA?
We will retain your information in the Uptick application as long as your account is active or is needed to provide you the Service in accordance with Uptick’s Terms of Service. You may request deletion of your account by contacting us at firstname.lastname@example.org. Please note that some information may remain in our private business records after deletion of such information from your account. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may use any aggregated data derived from or incorporating your Personal Data after you update or delete it, but not in a manner that would identify you personally.
If a request to delete Your Customer’s Personal Data is received by Uptick directly from a data subject, we will log the request for tracking, but will not confirm the request until you approve it.
For non-registered visitors to our website, we will retain your information for up to three years after your last contact with Uptick. You may request deletion of your Personal Data, as described in section above.
Uptick aims to comply with The General Data Protection Regulation (GDPR). Where required, before we send you emails promoting our products and services we will ask you for your consent, and for an audit trail, we will record when you gave consent and from what IP address.
GDPR is intended to offer protections for you or any identifiable natural person (the “Data Subject”) regarding your information (your “Personal Data”). You, as a Data Subject, have broad rights, whether you are identified directly or indirectly through interaction context in which your information was captured.
YOUR RIGHTS PURSUANT TO THE GDPR
Unless specifically authorized, GDPR prohibits processing of certain special categories of data such as race, ethnicity, political and religious beliefs, sexual orientation, genetic and biometric data. Uptick does not acquire or process any data belonging to these categories.
You may benefit from a number of rights in relation to your information that we process. Some rights apply only in certain limited cases, depending on your location. If you would like to manage, change, limit, or delete your personal information, you can do so by contacting us. Upon request, Uptick will provide you with information about whether we hold any of your personal information. In certain cases where we process your information, you may also have a right to restrict or limit the ways in which we use your personal information. In certain circumstances, you also have the right to request the deletion of your personal information, and to obtain a copy of your personal information in an easily accessible format.
To the extent that such rights are mandated by the laws applicable to the individual data subject, such as all data subjects residing in the European Union (“EU”), the following rights may apply:
- the right to access (GDPR, Article 15);
- the right to rectification (GDPR, Article16);
- the right to erasure (GDPR, Article 17);
- the right to restrict processing (GDPR, Articles 18);
- the right of object (GDPR, Article 21);
- and if applicable, the right to data portability (GDPR, Article 20);
- the right not to be a subject to a decision based solely on automated processing and profiling (GDPR, Article 22).
In case of data breach and(or) you Personal Data is compromized, You may also have a right to lodge a complaint with an appropriate data privacy regulatory authority (GDPR, Article 77).
Where you have provided consent to certain data processing, you have the right to withdraw that consent at any time by contacting Uptick at: email@example.com. A withdrawal of consent will not affect the validity of our use of your personal data up until the point you have withdrawn your consent.
If you no longer wish to use the Services or receive service-related messages (except for legally required notices), then you may contact us using the information above.
Your personal data may enter Uptick processing scope in multiple ways. Based on how your personal data is consented to, who has control over the data and has responsibility for protecting and administering your rights, Uptick could be a Data Controller or a Data Processor.
UPTICK AS A DATA CONTROLLER
When you interact with Uptick via its Marketing and Sales Department outreach programs as a website visitor or demo session participant, Uptick is the primary Data Controller from GDPR perspective. In these cases, Uptick is responsible for obtaining your consent and providing means for exercising your data rights.
Personal data we collect:
- Information you provide during the request of demo/presentation, such as: first name, last name, email, company name and job title;
- any other information that Uptick may obtain from sources to which you already provided consent. Uptick may use data from these sources for data identification and enrichment. As an example, if you provided only email and company name to Uptick, Uptick may use another service to identify your business contact phone, or your title, so long as such information was submitted by you to the third-party service.
You provide the consent:
- When you interact with web forms at Website (or partners that we collaborate with), we will request explicit consent prior to you submitting your Personal Data.
- When Sales Department Representatives contact you and you provide information to us, and you consent to us for using the information we obtained from you.
- When your colleague from your organization volunteers your personal data to us via email, or other information channels. We will follow up to obtain consent using the email provided to us, or we will indicate in our email communication that we do not yet have consent, but you provide us consent to continue our use of your personal data.
If you had previously provided consent to Uptick to collect your personal data, you may choose to withdraw that consent at a later point. Please send an email request to firstname.lastname@example.org and we will implement the request and provide a confirmation of your consent withdrawal via a reply email to your email address. The acknowledgement email will also provide you consequences of withdrawing your consent.
Uptick does not sell your Personal Data to any other third-party organization. Uptick also does not transfer the rights to your personal data to any other party nor does it use the data other than the original intent. Any transfer to a third party is solely intended for the processing of data and Uptick has secured agreements with downstream Data Processors to protect Personal Data and enforce GDPR data rights for you.
You may submit a request via email@example.com to delete all data about you. Uptick will comply with this request but will use your email to send a confirmation notice that we performed the requested action.
You may submit a request via firstname.lastname@example.org to update Personal Data that we have about you. Uptick will perform this and will use your email to send a confirmation notice that we performed the requested action. If email itself was requested to be changed, Uptick will send a confirmation to both the old and new email.
You may also submit a request email@example.com to request an export of all your data for data portability. Uptick will provide this information via a CSV or JSON file. Such a report will include meta-data such as when particular data was added, any updates to the data etc. – i.e., an audit trail of the data.
Uptick has put in place security and privacy best practices for providing you the rights to your personal data, per GDPR guidelines. In the event that you are not satisfied with our resolution of your requests, you have the right to file a complaint. Please submit a request via firstname.lastname@example.org to file a complaint. You also have a right to file a similar complaint with a supervisory authority for the jurisdiction you are in and seek appropriate remediation.
We will notify you if your Personal Data was compromised via a breach using all contact information, we have about you, within 72 hours. This includes any breach that was caused by a Data Processor that Uptick has authorized to process your data.
UPTICK AS A DATA PROCESSOR
When Uptick processes and displays your personal data, that data was acquired from your employer or organization that you interact with.
Under these circumstances, our customer may act as a data controller or data processor itself, and Uptick acts as a data processor or sub-processor. Uptick may provide GDPR-compliant Data Processing Addendum (DPA) that incorporates Uptick’s commitments as data processor.
To request your Personal Data, please send a request to email@example.com. For data processed by Uptick, we will forward your request to the Data Controller, who will then initiate a request to provide that information. Since Uptick’s role is only that of a Data Processor, Uptick will not be able to provide your Personal Data directly.
To update/export/delete your Personal Data, please send a request to firstname.lastname@example.org. For data processed by Uptick, we will forward your request to the Data Controller, who will then initiate a request to complete your request. Since Uptick’s role is only that of a Data Processor, Uptick will not be able to provide your Personal Data directly.
In the event of data breach Uptick as a data processor is required to notify the Data Controller that there was a data breach. Then the Data controller will notify you about the breach, criticality, impact and remediation process.
WHAT CHOICES DO I HAVE?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features. You may be able to add, update or delete information by contacting us at email@example.com. When you update any information we may maintain a copy of the unrevised information in our records.
Our Website offers publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, there may be legal or business record reasons, including maintenance of internal customer service records, that we may not remove your Personal Data, in which case we will notify you.
Neither the Website nor the Service responds to do not track signals.
QUESTIONS OR CONCERNS
If you have any questions or concerns regarding our privacy policies, please send us a detailed message at email@example.com. We will make every effort to resolve your concerns.
Data Protection Officer
Effective: 14th of November 2019