Effective Date: January 1, 2021
Email & Contact Information. Users may optionally provide their email address and/or other contact information (e.g., name, company name, job title) to DataGrail to contact us through the Platform with questions about our Platform and Services, or to request a Demo. Users may also optionally subscribe to our newsletters and may unsubscribe at any time through the opt-out link contained within those communications.
Log-File Information. Log file information is automatically reported by your browser each time you access a web page. Server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. Log-File data will be used for debugging purposes and to improve our products and services. Log-file data will be encrypted using AES-256 (or equivalent).
How You Can Control Advertising Cookies. Cookies are also utilized to deliver advertising on our site. Among other uses, they allow us to show more relevant advertising to people who visit the site by showing you ads that are based on your browsing patterns and the way you have interacted with our sites. You can find information about how to opt out of the cookies provided by our advertising partners here:
Even if you opt out of cookies/ads personalization, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based aboutads.info choices page or the European Union (“EU”)-based Your Online Choices.
DataGrail does not sell Personal Data collected through your use of the Platform. Information is collected to facilitate the Services offered, for marketing of our services and products, or for internal analysis relating to product improvements. However, under the California Consumer Privacy Act, some sharing of personal information necessary to provide you with personalized ads may be considered a “sale,” even if no money is exchanged. Please see Section 7 for additional information.
As required by applicable law, including, but not limited to, GDPR & CCPA, Datagrail has in place Data Processing Addendum(s) with those subprocessors that process end-user Personal Data to ensure compliance with DataGrail’s obligations under applicable data protection laws and regulations. Personal Data collected is processed by the following service providers to facilitate provision of the Services on the Platform as follows:
Social Plug-Ins: Users may optionally follow DataGrail Twitter and LinkedIn. Users should click on the hyperlinks for each site to review the applicable privacy policies for more detail about information collected and processed by these sites.
Sales & Marketing.
Drift. DataGrail utilizes Drift for automated chatbot support and conversational marketing purposes. Draft may collect a User’s name, contract information, IP address and cookies when a User opts to provide such information for customer support purposes. Please see the Drift GDPR Policy for more information on their data collection and use practices.
Hosting Services . DataGrail hosts customer and services data through Amazon Web Services and WPEngine . Customers should click on the hyperlinks for more information about their data collection and privacy policies.
Google Analytics. DataGrail utilizes Google Analytics to access anonymised and/or pseudo anonymised data to help us understand how our Services are used. Google Analytics is a web analytics tool that helps us understand how users engage with our Platform, so that we can review and improve our Services. Google Analytics provides a report to us with website trends without identifying the Personal Data of individual users. Please see Google’s Data Privacy and Security Policy. However, if you decide to withdraw your consent to such data collection, you may opt-out by installing Google Analytics Opt-out Browser Add-on.
Other Potential Third-Party Disclosures. Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if DataGrail is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law.
Please see Section 7 for a more specific disclosure of the applicable categories of personal information collected and processed under the CCPA.
Only persons age 18 or older are authorized to create a DataGrail account. We do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that his or her minor child (as defined by the applicable privacy rules or regulations pertaining to the minor child) has provided us with Personal Data without their consent, he or she should contact DataGrail at email@example.com. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s state and/or country of residence.
We will retain account and purchase data as long as it is necessary to provide our Services to our Customers. When a Customer’s account is terminated or expires, Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law. Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a Visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as DataGrail determines such data is commercially necessary for its legitimate business interests.
Data Processor. DataGrail is the processor of all Customer Data (as defined in the applicable Terms of Service), including Personal Data input by a Customer, and its Authorized Users, in connection with a Customer’s use of the DataGrail Services.
Data Controller. The Personal Data input by (a) visitors in general, and (b) Customer for purposes of establishing a commercial account with Customer, is controlled by DataGrail,
Attention: Privacy Department, 60 E Third Ave, Suite 270 San Mateo CA 94401. You may contact us at any time by emailing us at firstname.lastname@example.org.
For applicable EU Users, we will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you, and “legitimate interests.” Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at email@example.com.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
How to Review, Transfer, Restrict the Use of or Request Erasure of Personal Data
IF YOU WOULD LIKE TO:
Please email DataGrail at firstname.lastname@example.org. We will respond in the timeframes required under applicable law. For all requests made pursuant to this section, DataGrail will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and/or (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law
A verifiable Consumer Request may be submitted to DataGrail effective January 1, 2020 by emailing DataGrail at email@example.com or through Customer’s account within the Platform.
Additionally, verifiable Consumer Requests can be submitted through DataGrail’s Privacy Request Form.
For each request, DataGrail will initially verify the email address on file with the email address submitted in the applicable request. Further verification will be based upon confirmation of data correlating to information maintained by DataGrail, as applicable. Consumers may designate an authorized agent to make a request on the Consumer’s behalf at firstname.lastname@example.org. Requests by authorized agents are subject to additional verification requirements pursuant to the rules and regulations set forth in the CCPA. Please see the Notice for additional information.
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration.
All data is securely encrypted utilizing AES-256-bit encryption. Please review the AWS Cloud Security Policy for more information on AWS’ security practices. DataGrail utilizes only PCI-DSS compliant third party payment processors to ensure the security of your personal information. Users should review Stripe’s Security Policy for more information on their security practices.
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-Platform user tracking. At present, DataGrail does not respond to or alter its practices when a Do Not Track signal is received.
If you have any additional questions about our practices, please contact DataGrail as follows:
Attention: Privacy Department
60 E Third Ave, Suite 270
San Mateo CA 94401
By Email: email@example.com.