COLLECTION OF INFORMATION FROM CUSTOMER SITE END USERS
This section describes our policies for internet users that visit Customer Sites.
INFORMATION COLLECTED BY ITERABLE
In the course of providing the Services to our customers, Iterable collects both non-PII and PII about end users of Customer Sites. Iterable will not collect your password for any Customer Site or credit card information you have supplied to any Customer Site. We do not purchase or receive information about you from third parties (other than our customers).
Iterable also collects non-PII from Customer Sites you visit, including the following types of data:
Clickstream Data – Iterable can infer how you use our Customer Sites and various pages on the internet.
Most browsers allow you to prevent new cookies from being accepted, to be notified when you receive a new cookie, or to disable cookies.
Cookies set on behalf of Iterable expire after three years and the expiration date updates every time you encounter our server.
CONSUMER CHOICE AND ACCESS
The process for individual internet users to review and/or request changes to their PII collected by Iterable is outlined in the Additional Policies section below.
COLLECTION OF INFORMATION FROM ITERABLE CUSTOMERS
This section describes our policies for end users of the Iterable Site and Services, Iterable customers, and corporate partners.
INFORMATION YOU PROVIDE TO US
We receive and store any information you enter on the Site, through the Services or provide to us in any other way, with your consent. You have the option not to provide us with certain information. We use PII provided by you for such purposes as responding to your Service requests, customizing your content, communicating with you about our products and marketing our Services to you.
Further information may be required if you choose to purchase paid components of the Services, such as billing information. Iterable uses third party partners, Stripe and Zuora, for credit card processing which may require and store your billing information.
We receive and store certain types of information whenever you interact with us. Iterable automatically receives and records “traffic data” on our server logs from your computer, including your geographical location and Internet Protocol (“IP”) address, Iterable cookie information, and pages you request. Iterable uses this traffic data to analyze trends and administer the Site. Our service automatically collects usage information, such as the frequency of visitors to our Site and their components. This data is only used in the aggregate. This type of collective data enables us to figure out how often users utilize different parts of the Site and Services.
Customers may be contacted via email regarding the Iterable Service or Site. For any requests or inquiries made through the Iterable Support Center, a record of information you provide will be retained in our response message(s). Additionally, we may receive a confirmation when you open an email from us.
Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser to enable our systems to recognize your browser, tell us how and when pages in our Site are visited and by how many people. Iterable.com cookies do not collect PII, and do not combine information collected through cookies to obtain PII.
SHARING OF PII BY ITERABLE
This section describes our policies for sharing PII received from either Customer Site end users or Iterable end users or customers.
We neither rent nor sell PII to anyone. Except as provided for in any additional agreement you enter into with Iterable, we share your personal information only as described below:
THIRD PARTY USE OF PII
Iterable may engage third party companies or individuals to provide the Services. In doing so, we may share PII for the following reasons; billing, processing payments, providing marketing assistance and customer service. These third party companies and individuals provide the same level of privacy protection as Iterable. Additionally, these third parties do not have any right to use PII collected from our Site or Services, beyond what is necessary to assist us.
We may send offers to our customers on behalf of other businesses or provide our customers with the opportunity to notify end users directly of promotions by text message or e-mail.
If Iterable, or substantially all of its assets, were acquired, PII would be an asset that is reviewed and transferred. You acknowledge that such transfers may occur, and that any acquirer of Iterable may continue to use your PII as set forth in this policy.
PROTECTION OF ITERABLE AND OTHERS
We may release PII when we, in our sole discretion, believe in good faith that release is necessary or appropriate to comply with the law (including to meet national security or law enforcement requirements), enforce or apply our conditions of use and other agreements, protect the rights, property, or safety of Iterable, our employees, our customers, or others.
Your Iterable account information is protected by a password for your privacy and security. Iterable uses Transport Layer Security (“TLS”) to encrypt all data communication over Hypertext Transfer Protocol (“HTTP”), otherwise known as HTTP Secure (“HTTPS”) . Only employees who need personal information to perform a specific job are granted access to it. All Iterable employees are provided regular privacy and security awareness training. While Iterable uses commercially reasonable means to secure your information, we do not guarantee that your PII will not be improperly accessed, disclosed, or destroyed by breach of any of our safeguards.
CONDITIONS OF USE
For end users and Site visitors outside of the United States, please note that any data or PII you enter into the Services or Site will be transferred out of your country and into the United States.
EU-U.S. PRIVACY SHIELD
Iterable certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for any PII submitted to us in participating European countries through the Services. We may also process PII relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
We provide the Services so that customers can enable the deployment of email, SMS, push notifications, in-app messages, and web push messaging to customers’ users. In providing these Services, Iterable processes data that the customer submits to the Services or instructs us to process on their behalf, in connection with the Services (“Customer Data”).
PURPOSES OF DATA PROCESSING
Iterable processes Customer Data submitted for the purpose of providing the Services to the customer. To fulfill this purpose, we may access Customer Data to prevent or address service or technical problems, to respond to customer support matters, to carry out customer instructions, or in response to contractual requirements with the customer.
THIRD PARTIES WITH WHOM ITERABLE SHARES CUSTOMER DATA
Iterable may use a limited number of third party providers to assist us in providing the Services to customers. As of the date hereof, these third parties provide Infrastructure As a Service (“IaaS”) hosting and Software As a Service (“SaaS”) operations for systems monitoring, data queuing and statistical and scientific activities. These third parties may access, process or store Customer Data in the course of providing these services, but based on our instructions only.
We may receive Customer Data, subject to the Privacy Shield and the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”). Iterable will be liable for all transfers of this Customer Data to a third-party service provider, acting as an agent on our behalf, if both (i) the agent processes the Customer Data in a manner inconsistent with the Privacy Shield and the GDPR, and (ii) we are responsible for the event giving rise to the damage.
RIGHT OF ACCESS
Some international users (including those whose PII is within the scope of the Privacy Shield and the GDPR) have certain legal rights to access their PII stored through the Site and Services. Those users have the ability to obtain a correction, amendment or deletion of that PII by contacting email@example.com. If you wish to request access to, limit use or to limit disclosure, we will first refer your request to the customer who submitted your PII, and we will support them as needed in responding to your request.
REQUIREMENT TO DISCLOSE
We may disclose PII when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.
PRIVACY COMPLAINTS BY INTERNATIONAL USERS
If you are an international user and believe we maintain your PII within the scope of the Privacy Shield and the GDPR, you may direct any questions or complaints concerning our compliance to firstname.lastname@example.org or at our mailing address:
71 Stevenson St, #300
San Francisco, CA, 94105
We will work with you to resolve your issue.
Iterable has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the ICDR/AAA, operated by the International Centre for Dispute Resolution. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Iterable, please visit the Privacy Shield website for more information and to file a complaint. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.
In the event that a resolution or agreement cannot be reached through the independent dispute resolution mechanism, Iterable commits to binding arbitration at the request of the Subscriber to fully address any complaints.
USE OF ITERABLE BY CHILDREN
Iterable is not intended for children. If you are under 18, you may use the Site and Services only with the supervision of your parent or guardian.
THIRD PARTY SITES
The Site and Services may permit you to link to other websites on the Internet, and other websites may contain links to the Site or Services. These other websites are not under Iterable’s control and Iterable is not responsible for the privacy, security practices or the content of such websites, nor is Iterable liable for any PII data that is transferred.
QUESTIONS OR CONCERNS
If you have any questions or concerns regarding privacy at Iterable, please send us a detailed message to email@example.com or to Iterable, Inc. at 71 Stevenson St, #300, San Francisco, CA, 94105. Your privacy is important to us and we will make every effort to resolve your concerns.
Updated: May 1, 2019