We are committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.
The California Consumer Privacy Act, also referred to as CCPA, is a privacy-centric bill aimed at protecting the privacy of California consumers that is effective from January 1, 2020.
Because of the many product and process enhancements we made in preparation for the 2018 General Data Protection Regulation (GDPR), when the CCPA was signed we were already well-positioned to support customers needing to comply.
We are committed to protecting your privacy and see CCPA as an opportunity to strengthen our commitment even further. We don’t collect & process users’ personal information beyond what is required for the functioning of our services, and this will never change.
We have put in place processes and procedures to comply with the various provisions of CCPA—consumer rights, data protection addendum, data deletion, data retention, and pseudonymization, which align with our core values of customer trust and data privacy.
Brazil passed its own GDPR-like law in 2018 (Lei Geral de Proteção de Dados (or LGPD)), and is effective from August 2020. We are committed to provide secure services to all our Brazilian customers by implementing and adhering to prescribed compliance policies.
To prepare for LGPD, we worked with vendors to ensure they are compliant. We are continuing to review our security measures, as we always do, to stay at the forefront of evolving industry standards and best practices.
To comply with E.U. data protection laws around international data transfer mechanisms, we self-certify under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
We make it easy for our customers to formalize and share with their stakeholders, including employees, customers and potential auditors, that they use Convert Experiences in a way that meets GDPR data processing obligations.
The Data Processing Agreement (DPA) is an easy-to-execute document that only requires an electronic signature from the customer.
For reference, please visit this page.
We have a very balanced mutual Non-Disclosure Agreement (NDA).
We sign NDAs with potential and current users/customers and suppliers as needed free of charge. In doing so we commit to safeguarding their confidential information as laid down in the provisions of the NDA. In return we seek the same commitment via this mutual agreement.
Contact firstname.lastname@example.org to sign your NDA
As part of Convert’s GDPR Project, we developed guidance for staff and a template to be used to carry out Data Privacy Impact Assessments (DPIAs). You can find the template with the pre-filled screening questions here.
For further information, please visit this page.
If you want to rely on legitimate interests as your lawful basis for a particular processing activity, you will need to carry out a Legitimate Interests Assessment (LIA) to help you to decide if this lawful basis is the most appropriate for the type of processing you want to carry out, or if you should look at the other options (consent, contract, legal obligation, vital interest).
We have carried out our LIA where we show that the processing of personal data does not override the fundamental rights and freedoms of the individual to whom the data relates.
If you wish to conduct a Legitimate Impact Assessment exercise, please download our LIA template.
You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
We honor the Do Not Track header, this means that if a viewer has the DNT header installed, Convert Experiences will not track that user.
The Opt-Out option we provide is a further measure to set a third-party cookie that specifically tells the Convert Experiences script not to track a user. With or without this, we still honor the Do Not Track header.
We have several data policies in place.
This policy is a statement of our commitment to protect the rights and privacy of individuals in accordance with the GDPR.
The purpose of this policy is to enable access to data and information held by us, to the greatest extent possible, consistent with legislation and relevant policies, whilst ensuring that electronic data is protected from unauthorised use, access and breaches of privacy.
The purpose of these procedures is to provide a framework for reporting and managing data security breaches affecting personal data held by us. These procedures are a supplement to the Data Protection Policy which affirms its commitment to protect the privacy rights of individuals in accordance with Data Protection legislation.
The purpose of this schedule is to define the minimum data retention periods and disposal mechanism.
Want to access any of these policies? Please contact us at email@example.com.
We employ dedicated legal and compliance professionals with extensive expertise in data privacy and security. These professionals are embedded in the development lifecycle and review products and features for compliance with applicable legal and regulatory requirements. We also have a business code of conduct that makes legal, ethical and socially responsible choices and actions fundamental to our values and standards for meeting those goals.