Privacy Policy via ResponseTap Customers’ Websites

1. Introduction

Thanks for visiting ResponseTap. ResponseTap is an analytics provider whose software allows website owners to understand the usability of their websites and the effectiveness of their marketing (the “Services”). This information enables a website owner which is a customer of ResponseTap to improve the service that they provide to their website visitors (a “Customer”).

This privacy policy aims to give you information about how ResponseTap collects and processes your personal data when you visit websites of our Customers who use our analytics software and services.

If you are a user of ResponseTap’s website or a user of one of our Customers, and you would like information about how we process your data, please click here for a link to our ‘Privacy Policy for ResponseTap website and ResponseTap customers’

2. About us and the services we provide

ResponseTap is made up of ResponseTap Limited, a company registered in England and Wales (company number 06613420), with registered office at 7^th Floor, Building 8, Exchange Quay, Salford Quays, Manchester M5 3EJ, and ResponseTap Inc, a Delaware corporation, with principle offices located at 79 Madison Ave, New York, NY 10016. This privacy notice is issued on behalf of the ResponseTap group, so references to “we”, “us”, “our” or “ResponseTap”, are references to the relevant company in the ResponseTap group responsible for processing your data.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, or about how we process your data, please contact us using the contact details set out in the ‘Contact Us’ section below.

3. Information collected and how we use such information

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

For users of a ResponseTap Customer website, ResponseTap is acting as a service provider to the Customer, in providing the ResponseTap Services (described above).

ResponseTap tracks the online activity of a visitor to the ResponseTap Customer’s website. This enables the Customer to analyse a website visitor’s journey through the Customer’s website.

We do this by using cookies (via our Customers’ websites) to collect certain information from your device regarding your use of our Customer’s website.

The information we may collect on our Customer’s behalf (via our Customers’ websites) as described above could include your IP address and other information relating to your web browser or operating system configuration (such as screen resolution and browser version), cookie IDs, and telephone number. We may also process recordings of calls made to our Customers, on our Customer’s behalf.

The collection of such information is designed to enable the Customer to analyse a website visitor’s journey through the Customer’s website and analyse the effectiveness of the Customer’s marketing initiatives. However, please note that our Customer determines the purpose for which such information is used and is responsible for determining the legal basis for processing such data. ResponseTap processes such information on behalf of the Customer.

Please refer to our Customer’s privacy policy to find out more about how they will use your personal data. ResponseTap will only process your personal information for the purpose of providing the Services to our Customer, and as required under applicable laws.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate information about the number of users accessing a website or a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

4. What basis do we have for processing your personal data

We will process your personal data where we have a lawful basis for doing so. In general, our lawful basis will be:

(i) That the processing is necessary for the purposes of pursuing our legitimate interests or the legitimate interests of our Customers (as explained above);

(ii) That the processing is necessary for compliance with our legal obligations.

We may also process personal data on the basis of your consent.

5. Disclosure of your personal data

We will never sell your data to third parties.

We may share your personal data with:

• other group companies within the ResponseTap group for the purpose of providing the Services;
• our suppliers and service providers who we use in connection with and for the purposes of providing the Services, including for example providers of cloud storage, data centres and telecommunication providers.

We require our suppliers to respect the security of your personal data and treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data to the extent required to provide the Services.

We may also share your personal data with:

• Our legal and other professional advisors, our insurers and insurance brokers;
• Government agencies, regulators and other authorities.

In some cases, we may choose to buy or sell business assets. In these types of transactions, user information is typically one of the transferred business assets. If ResponseTap, or substantially all of its assets, were acquired, user information is likely to be one of the assets that is transferred or acquired by a third party, and the acquirer may continue to use your personal data for the purposes set out in this policy.

Release of your information for legal purposes

We may disclose personal data about you:

• when required to do so in order to comply with any applicable laws, regulations or enforceable governmental or public authority request;
• where such disclosure is reasonably necessary to (i) enforce applicable terms of service, including investigation of potential breaches; (ii) detect, prevent, or otherwise address fraud, security or technical issues; (iii) respond to user support requests; or (iv) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organisations for fraud protection and spam/malware prevention.

6. Right to access, edit, and remove your information

The European Union’s General Data Protection Regulation provides you with rights in relation to your personal data in certain circumstances:

• The right to request access to personal data we hold about you.
• You may have the right in accordance with applicable data protection law to have personal data we hold about you rectified or restricted.
• You may, in some circumstances, have the right to have personal data we hold about you deleted (although note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request).
• In some circumstances, you may have the right to receive or ask for your personal data to be transferred to a third party.
• You have the right to object to how we process your personal data in certain circumstances.
• Where we are processing personal data relating to you on the basis that we have your consent to do so, you may withdraw your consent at any time (this will not affect the lawfulness of any processing carried out before you withdraw your consent).

When you request access to personal information that we hold about you, we may ask you to verify your identity before providing such information to you, or making any requested changes. We may also contact you to ask you for further information in relation to your request. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you wish to exercise any of the rights set out above in respect of our processing of your personal data, please contact us at dpo@responsetap.com.  If you wish to access, or correct, amend, or delete inaccurate data held by one of our Customers, or no longer want to be contacted by one of our Customers, please direct your enquiry to the relevant Customer because the Customer is the data controller.

You may have the right to lodge a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we shall endeavour to resolve your complaint.

7. Security Measures

We adopt a wide range of appropriate technical and organisational measures designed to protect the security of our site and the ResponseTap Services. Our data storage facilities have extensive protection and detection systems. Further details of these, and our other measures designed for security and privacy are available upon request.

8. International Transfer

ResponseTap Limited stores and processes personal data on servers based in the European Union.

In respect of Customers who have contracted with ResponseTap Inc in the USA, the data will be processed by ResponseTap Inc in the USA, and we may therefore store information on servers in the United States.

We may also share personal data within the ResponseTap group which will involve transferring data outside the European Economic Area (“EEA”) to ResponseTap Inc in the USA. As the USA has not been deemed to provide an adequate level of protection for personal data by the European Commission, we have put in place specific contractual provisions which have been approved by the European Commission which give personal data the same protection as it has in Europe.

Some of our telecommunication providers are based outside the European Economic Area and to the extent that the services that they provide to us involves any processing of personal data, we will ensure that appropriate measures are in place.

For transfers of personal data outside the EEA, as described above, we will ensure that appropriate safeguards are implemented, including:

• Transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
• Putting in place specific contracts approved by the European Commission which give personal data the same protection as it has in Europe.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the EEA.

9. Children and Special Categories of Personal Data

We do not knowingly collect personal data from children, nor do we seek to collect or anticipate that we will collect any data that would be considered to be ‘special categories of data’ (meaning details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, genetic or biometric data).

10. Cookies

Use of cookies by ResponseTap

Cookies are small data files placed on your computer by the websites you visit and can be used to help recognise you when you return to a website. Cookies can be used to, among other things, measure activity, personalise your experience, or remember your viewing preferences. For some of these purposes, cookies may be tied to personal data.

Use of cookies on our Customer’s websites

In particular, the ResponseTap Services use first-party cookies to analyse a user’s session across multiple pages on a Customer’s website. These cookies do not track the same user across unrelated domains and ResponseTap does not attempt to identify the same person across disparate, unrelated domains.

Please see our cookies policy for more information about cookies.

Blocking Cookies

You can set your browser to reject cookies, or to alert you when websites set or access cookies. You can also manually delete individual or all of the cookies on your computer by following your browser’s help file directions.

11. Retention of data

We will only retain your personal data for as long as necessary to provide the Services to our Customer or for the purposes of satisfying any legal or reporting requirements.

12. Links to third party websites

Our site may include links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their websites.

13. Changes

We may amend this Privacy Policy from time to time. When there are changes to this Privacy Policy, we will update this page. The date on the bottom will always indicate when we last made changes.

14. Contact Us

If you have any questions or concerns regarding the way in which we process personal data, please contact us at dpo@responsetap.com or via postal mail at:

ResponseTap Limited 
7th Floor, Building 8 
Exchange Quay 
Salford Quays 
Manchester, UK
M5 3EJ

or

ResponseTap Inc.
79 Madison Avenue
New York
NY10016

We will make every effort to address your concerns.

Effective Date

This Privacy Policy is effective from: 25^th May 2018