We are committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.
To comply with E.U. data protection laws around international data transfer mechanisms, we self-certify under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
We make it easy for our customers to formalize and share with their stakeholders, including employees, customers and potential auditors, that they use Convert Experiences in a way that meets GDPR data processing obligations.
The Data Processing Agreement (DPA) is an easy-to-execute document that only requires an electronic signature from the customer.
For reference, please visit this page.
We have a very balanced mutual Non-Disclosure Agreement (NDA).
We sign NDAs with potential and current users/customers and suppliers as needed free of charge. In doing so we commit to safeguarding their confidential information as laid down in the provisions of the NDA. In return we seek the same commitment via this mutual agreement.
Contact email@example.com to sign your NDA
As part of Convert’s GDPR Project, we developed guidance for staff and a template to be used to carry out Data Privacy Impact Assessments (DPIAs). You can find the template with the pre-filled screening questions here.
For further information, please visit this page.
If you want to rely on legitimate interests as your lawful basis for a particular processing activity, you will need to carry out a Legitimate Interests Assessment (LIA) to help you to decide if this lawful basis is the most appropriate for the type of processing you want to carry out, or if you should look at the other options (consent, contract, legal obligation, vital interest).
We have carried out our LIA where we show that the processing of personal data does not override the fundamental rights and freedoms of the individual to whom the data relates.
If you wish to conduct a Legitimate Impact Assessment exercise, please download our LIA template.
You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
We honor the Do Not Track header, this means that if a viewer has the DNT header installed, Convert Experiences will not track that user.
The Opt-Out option we provide is a further measure to set a third-party cookie that specifically tells the Convert Experiences script not to track a user. With or without this, we still honor the Do Not Track header.
We have several data policies in place.
This policy is a statement of our commitment to protect the rights and privacy of individuals in accordance with the GDPR.
The purpose of this policy is to enable access to data and information held by us, to the greatest extent possible, consistent with legislation and relevant policies, whilst ensuring that electronic data is protected from unauthorised use, access and breaches of privacy.
The purpose of these procedures is to provide a framework for reporting and managing data security breaches affecting personal data held by us. These procedures are a supplement to the Data Protection Policy which affirms its commitment to protect the privacy rights of individuals in accordance with Data Protection legislation.
The purpose of this schedule is to define the minimum data retention periods and disposal mechanism.
Want to access any of these policies? Please contact us at firstname.lastname@example.org.
We employ dedicated legal and compliance professionals with extensive expertise in data privacy and security. These professionals are embedded in the development lifecycle and review products and features for compliance with applicable legal and regulatory requirements. We also have a business code of conduct that makes legal, ethical and socially responsible choices and actions fundamental to our values and standards for meeting those goals.