|The subject matter and duration of the Processing
||Subject matter: performance based marketing and analysis carried out by the Subscriber using the Service Provider’s Services.
The Subscriber uses the Services in relation to its own website or (if it is an agency) in relation to its client’s website.
The Services (called ActiveDEMAND) do not track across websites. The features may include (depending on package selected by the Subscriber) email marketing, call tracking, appointment scheduling, dynamic website content, autoresponders, exit intent popups, landing pages, drip campaigns, dashboards and reports, call forensics, multivariate testing, event marketing, behavioural segmentation, lead scoring, social media and web forms, as may be updated from time to time.
The Service Provider’s software is stored on Amazon Web Services, Inc.’s servers in the USA. The Service Provider’s email service is provided by SendGrid, Inc. If calls are recorded, the Service Provider’s call recording service is provided by Twilio Inc. (the Service Provider downloads the recording and deletes it from Twilio). If calls are transcribed, then the recording is sent to Voicebase, Inc. The Service Provider sends emails to Olark for anyone who logs into the Service Provider’s platform, or anyone who uses the Service Provider’s support portal. The Service Provider also sends email addresses to Olark if the other person has Olark installed on their own site (their own Olark account).
The Relevant Data are accessed:
- by the Service Provider’s support personnel in Canada for the sole purpose of support, with the Subscriber’s prior consent, and
- without the Subscriber’s consent, by the Service Provider’s Chief Technical Officer and DevOps member of staff in Canada for the sole purpose of managing the Service Provider’s infrastructure.
The Service Provider aggregates anonymous statistics across its subscribers’ accounts but this does not use or reveal any Relevant Data or other Personal Data.
As at April 2018, Amazon Web Services, Inc., Habla, Inc (trading name Olark), SendGrid, Inc., Twilio Inc and Voicebase, Inc. are in the EU-US and Swiss-US Privacy Shield Frameworks.
Duration: from the Addendum Effective Date for the Term.
|The nature and purpose of the Processing
||Nature: activities initiated by the Subscriber and/or enabled by the Service Provider’s software. The software collects, organizes, records, structures, modifies, presents, aggregates, calculates inferences, appends, and may delete/rewrite/update the Relevant Data.
Purpose: the provision of marketing automation and reporting software as a service and related services (more particularly, the Services) by the Service Provider to the Subscriber.
|The type of Personal Data
||Employees: contact details, financial details, employment details, user details and email address, platform/support portal usage details.
- Provided/observed/obtained data. Personal Data provided by the Data Subject or observed from the Data Subject’s interactions with the website or obtained from third party sources: online identifiers (cookie IDs, IP address), user agent string (browser and operating system), location data, personal details inserted into forms or shared with the Subscriber during a telephone call or email exchange.
- Transactional data. Transactional data from interactions between the Subscriber and the Data Subject.
- Derived data. Derived data including preferences or personal interests from analytics on the Personal Data provided or observed; calls are recorded, changed from voice to text, and the conversation analysed.
- Imported data. The Subscriber may elect to import the following Personal Data into ActiveDEMAND:
- its own CRM data if imported using a third party product, e.g. Zapier (https://zapier.com/) (the Subscriber may export data from ActiveDEMAND in the same way, or to a CSV file)
- website chat (if the third party product (https://www.olark.com/) is licensed in by the Subscriber)
- Data Subject’s publicly available information which may include a social media profile (if the third party product (https://clearbit.com/) is sublicensed in by the Subscriber from the Service Provider). As at April 2018, Zapier, Inc., Habla, Inc (trading name Olark) and APIHub Inc (trading name Clearbit) are each in the EU-US and Swiss-US Privacy Shield Frameworks.
Special categories of Personal Data: None unless volunteered by the Data Subject or obtained by the Subscriber from a third party source. The Service Provider does not track any of this data. The Subscriber can upload whatever data it wishes to the Service Provider’s platform (so could upload this type of data), but the Service Provider does not collect the data from any source.
|The categories of Data Subjects
||Employees: Data Subjects who are the Subscriber’s:
- contact points for the Service Provider, or
- users of the Services
and whose Personal Data are collected by the Services or stored through the Services.
Customers: Data Subjects who are website visitors, prospects or customers/clients of the Subscriber, and whose Personal Data are collected by the Services or stored through the Services.