Last revised: November 4, 2019
Under the GDPR, an organization that determines the purposes and means of processing personal data is considered as a “controller” of data, and an organization that handles the data (on behalf of a controller) is considered as a “processor”. Any organization that is a controller or processor or an organization that monitors the behavior of EU residents is required to comply with the GDPR.
Most of our customers fall into the “controller” category since they are collecting and using personal data about their prospects. Connectleader falls under the “processor” category since we handle our customer’s data and therefore we are required to treat our customers’ data in compliance with GDPR regulations.
“Applications” as our Sales Engagement Software platform comprising the various products listed in the “Product” section of our website at connectleader.com (the “ConnectLeader Public Site”);
“Customer” as our customer with whom we have entered into an agreement to provide the Services;
“Digital Properties” as the ConnectLeader Public Site, each ConnectLeader Private Site and the Applications within an Integrated CRM Solution on a CRM Partner Site;
“Integrated CRM Solution” as those CRM solutions designated on the ConnectLeader Public Site that we have integrated one or more of our Applications with;
“Integrated Email Solution” as those email solutions (such as Gmail and Office 365) that Connectleader has integrated one or more of our Applications with;
“Services” as the various software-as-a-service (SaaS) offerings that we make available to our Customers for their authorized user’s access to and use of the Applications online through a password-protected, customer-specific site that we make available (a “ConnectLeader Private Site”). In addition to the ConnectLeader Private Site, a Customer may have elected in its agreement with ConnectLeader to enable (i) ConnectLeader’s integration with an Integrated CRM Solution, (ii) Connectleader’s integration with an Integrated Email Solution, and (iii) access to certain Applications from within an Integrated CRM Solution (a “CRM Partner Site”).
Information that we collect and how we use that information
(a) Information we collect from the ConnectLeader Public Site
Voluntarily Provided Information - We collect the following information on the ConnectLeader Public Site if you voluntarily provide this information to us from the various web submission forms on the ConnectLeader Public Site (collectively “Voluntarily Provided Information”): your first name, your last name, your company name, the state or region of your location, your email address, your phone number, your comments to us, your LinkedIn_address, our products that you indicate you are interested in learning more information about, the CRM type that you indicate you are interested in learning more information with regard to how our products integrate with that CRM type. These web submission forms on the ConnectLeader Public Site include, but are not limited to, demo requests, datasheet requests, contact requests, survey requests, and job application requests. We collect Voluntarily Provided Information to respond to your requests to contact you regarding demos, product information or product integration information or your requests regarding job opportunities at ConnectLeader. ConnectLeader may use Voluntarily Provided Information to contact you about our products and services or about job opportunities at ConnectLeader, depending on the nature of your inquiry to ConnectLeader. We will never provide your Voluntarily Provided Information to third party product or service providers to market their products and services to you. You may opt out of ConnectLeader using your Voluntarily Provided Information by contacting us at firstname.lastname@example.org. Within ten (10) days after our receipt of your opt out request, we will delete all of your Voluntarily Provided Information in our possession or control and cease any further attempt to contact you about our products and services or job opportunities at ConnectLeader.
(b) Information that we collect from the Digital Properties
With respect to each active Customer, we logically partition and store the Customer’s information using a customer identifier and that information is accessible through a ConnectLeader Private Site that is specific to that Customer. The following are the types of information that we collect on the ConnectLeader Private Site (collectively, the “Customer Provided Information”): (i) the Customer’s account information such as the Customer’s name, mailing address, website address, and phone number; (ii) name, email address and mailing address for each of Customer’s principal contacts; (iii) name, username and password specific to the ConnectLeader Private Site, job title, organization department, phone number and email address for each Customer’s authorized user for the ConnectLeader Private Site; (iv) Customer prospect information to enable use of our Services which information includes, but is not limited to: account name, contact name, title, phone number and email address; (v) metadata relating to communication with Customer prospect via one or more modes of communication (for example call, email, etc) initiated through the Applications; and (vi) any information necessary to enable integration of an Application with Customer’s designated Integrated CRM Solution, if any.
With respect to our Customers who enable integration of an Application with an Integrated Email Solution, each Customer user may configure the connectivity between Connectleader Private Site and the Integrated Email Solution. The following limitations are applicable to the integration with an Integrated Email Solution:
- Allowed Use: Connectleader will use restricted scope data to provide or improve user-facing features that are prominent from the requesting Application's user interface. It will be clear to Customer users why and how Connectleader will use the restricted scope data they've chosen to share with us.
- Allowed Transfer: Connectleader will only transfer restricted scope data to others if that transfer is (a) to comply with applicable laws, or (b) a part of a merger, acquisition or sale of assets of Connectleader. Except the foregoing situations, no other transfers or sales of user data will be performed by Connectleader.
- Prohibited Advertising: Connectleader will never use or transfer restricted scope data to serve Customer users advertisements. This includes personalized, re-targeted and interest-based advertising.
- Prohibited Human Interaction: Connectleader will not allow humans to read restricted scope user data. For example, Connectleader will not allow its employees read through a user's emails. There are four limited exceptions to this rule: (a) Connectleader obtains a user's consent to read specific messages (for example, for tech support), (b) it's necessary for security purposes (for example, investigating abuse), (c) to comply with applicable laws, and (d) Connectleader aggregates and anonymizes the data and only uses it for internal operations (for example, reporting aggregate statistics in an internal dashboard or improving the Services).
During the term of each Customer’s agreement with ConnectLeader, our Customer has the ability to modify, delete and export its Customer Provided Information stored in the Applications. After the end of the term of ConnectLeader’s agreement with its Customer, ConnectLeader will continue to maintain the Customer Provided Information until the earlier of (i) 30 days after the agreement term, or (ii) within 10 days after Customer’s authorized representative has directed ConnectLeader to delete all Customer Provided Information. ConnectLeader does not collect or store login password for Integrated CRM Solutions if single sign-on features are used in the integration of the Applications with an Integrated CRM Solution.
We only retain and use a Customer’s Customer Provided Information to provide that Customer the Services that the Customer has entered into agreement with ConnectLeader to provide, and as described in the “Other disclosures” section below.
(c) Site usage information that we collect on our Digital Properties
With respect to our Customers, we require each Customer’s authorized users to log-in to the Applications to use our Services. We monitor and collect certain usage information in connection with the use of our Services. For example, we track the computer or other device that an authorized user is logging in from, the Applications and Services that are used by the authorized user, and other usage data such as the date and time the Applications and Services were used.
Cookies– When you visit our Digital Properties we send one or more “cookies” to your computer or other devices. Cookies are alphanumeric identifiers stored on your computer or device through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content and serving images or videos from third party websites. Some features on our Digital Properties will not function if you do not allow cookies. We may link the information we store in cookies to any Voluntarily Provided Information or Customer Provided Information that you submit while on any of our Digital Properties. We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interest of our users to enhance their experience on our Digital Properties. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file. Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and login credential remembrance. Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our Digital Properties and our marketing campaigns. If you reject cookies, you may still use the Digital Property pertaining to the deleted cookie, but some features on that site will not function properly.
Web Beacons– We use Web Beacons alone or in conjunction with cookies to compile information about our Digital Properties. A Web Beacon is a tiny graphic object that is embedded in a web page or email and is usually invisible to the user but allows checking that a user has viewed the page or email. Web Beacons may be used within the Digital Properties to track email open rates, web page visits or form submissions. In some cases, we tie the information gathered by Web Beacons to the Voluntarily Provided Information or the Customer Provided Information. For example, we use clear gifs in our HTML-based emails to let us know which emails to potential respondents have been opened. This allows us to gauge the effectiveness of certain communications and the effectiveness of our services.
Analytics Software– We and our third-party tracking-utility partners use log files on the ConnectLeader Public Site to gather certain information automatically and store it for analytical purposes. This information includes internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to track and aggregate non-personally identifiable information to analyze trends, administer our Digital Properties, track users’ movements around our Digital Properties and to gather demographic information about our user base in the aggregate.
Social Media Features and Widgets– The ConnectLeader Public Site includes social media features such as Twitter and LinkedIn. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social Media Features and widgets are either hosted by a third party or hosted directly on our Digital Properties. Your interactions with these Features are governed by the policy of the company providing it. We do not enable social media features on the ConnectLeader Private Site or the CRM Partner Site unless the Customer enables such social media features on its ConnectLeader Private Site or the CRM Partner Site.
"Do not track" and similar mechanisms– Some web browsers may transmit "do-not-track" signals to websites with which the browser communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Participants in the leading Internet standards-setting organization that is addressing this issue are in the process of determining what, if anything, websites should do when they receive such signals. Connectleader currently does not take action in response to these signals. If and when a final standard is established and accepted, we will reassess how to respond to these signals.
We will take reasonable precautions to prevent the loss, misuse or alteration of your personal information. Data transmission over the Internet is inherently insecure and we cannot guarantee the security of data sent over the Internet. ConnectLeader requires the use of Secure Socket Layer (SSL) encryption while utilizing our Services which ensures that our Customer’s data is encrypted during the transmission between a Customer’s authorized user’s browser and ConnectLeader’s servers. Data encryption mitigates the risk that no unauthorized changes are made to the data during transmission and mitigates the risk that the data will be viewed during transmission by any unauthorized party. Each Customer’s data set in our possession or control is logically partitioned using a customer identifier and stored in our data center. Each Customer’s authorized user is responsible for keeping his or her password to our Applications confidential. In the case of integration with an Integrated CRM Solution using single-sign on we will not ask you for your passwords.
Third party websites
The ConnectLeader Public Site may contain links to other websites. We are not responsible for the privacy policies of third-party websites or such site operators’ actions including the collection or use of your personal information.
Accountability for Onward Transfers
ConnectLeader uses a limited number of third-party service providers to assist us in providing our Services to Customers. These third-party providers assist with the transmission of data, provide data storage services and assist with certain call handling features that require manual intervention (“Call Handlers”). Call Handlers only receive temporary encrypted remote access to a small subset of Customer Provided Information necessary to perform their services and Customer Provided Information is not stored on Call Handler computers or devices. ConnectLeader’s data transmission and data storage service providers all certify compliance with the EU-U.S. Privacy Shield Framework and are restricted from direct access to Voluntarily Provided Information and Customer Provided Information but, if necessary, may be granted access to such information only to the extent necessary to permit them to perform their contracted services, are bound by confidentiality agreements are restricted from using the information for other purposes.
Access and "right to be forgotten"
GDPR provides EU residents the “right to be forgotten” by controllers and processors. If an individual data subject requests their data to be removed, controllers are responsible for deleting the data from their systems and ensuring processors delete data as well. Upon request, ConnectLeader will grant individuals reasonable access to their personal information in ConnectLeader’s possession or control and allow the individual to correct, amend or delete information that is demonstrated to be inaccurate or incomplete, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. In this regard, ConnectLeader depends on its Customers to update and correct personal information to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Individual data subjects and Connectleader customers may contact ConnectLeader as indicated below to request that ConnectLeader update or correct or delete relevant personal information.
Data Protection Officer (DPO)
Or at: email@example.com
Under certain conditions, which are described in greater detail on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
EU-U.S. Privacy Shield Framework (EU Residents)
ConnectLeader processes data submitted by our Customers for the purpose of us providing our Services to our Customers. To fulfill these purposes, ConnectLeader may access the data to provide the Services, to correct and address technical or service problems, or to follow instructions of our Customer who submitted the data, or in response to contractual requirements.
ConnectLeader’s accountability for personal information that it receives under the Privacy Shield framework and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Connectleader remains responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process personal information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
EU residents have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield certification, ConnectLeader has committed to respect those rights. Because ConnectLeader personnel have limited ability to access data our Customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the ConnectLeader Customer who submitted your data to our Services. We will refer your request to that Customer, and will support them as needed in responding to your request.
In addition, Connectleader provides individuals with certain choices regarding how we use and disclose personal information we receive under the Privacy Shield framework. First, if Connectleader uses your personal information for a materially different purpose than that for which it was originally collected or discloses your personal information to a third party (other than third party providers acting on our behalf), we will first provide you with a clear, conspicuous, and readily available mechanism to opt-out of any such use or disclosure (for example, by sending you an email seeking your consent). If you have any questions about your choices regarding how we use and disclose your personal information, or how to exercise these choices, please contact us according to the “Contact” section above.