Privacy Policy & GDPR

Respond.io (“We”, “Us” or “Our”) respect your privacy and are committed to protect it through our compliance with this policy. Below you will find details of the information that will be collected during your use of our web site (respond.io).

Users may be subject to different protection standards and broader standards may therefore apply to some. In order to learn more about the protection criteria, Users can refer to the applicability section.

This document contains a section dedicated to Brazilian Users and their privacy rights.

This document can be printed for reference by using the print command in the settings of any browser.

We may update this privacy policy from time to time to reflect new technologies and/or due to changes in the law. Any such changes will be brought to your attention in an appropriate manner.

A. Definitions

Personal data (Article 4 No. 1 GDPR)

Means any information relating to an identified or identifiable natural person ("data subject"). An identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Identifiability can also be given by linking such information or additional knowledge. The form or embodiment of the information does not matter (e.g., photos, video, or audio recordings can contain personal data).

Processing (Article 4 No. 2 GDPR)

It means any operation or set of operations performed on personal data, whether or not by automated means. This includes collection (i.e., procurement), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction of personal data as well as the alteration of a purpose or objective originally underlying data processing.

Usage data

Information collected automatically through respond.io (or third-party services employed in respond.io), which can include: the IP addresses or domain names of the computers utilized by the Users who use respond.io, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User

The data subject who is using respond.io.

Data subject

The natural person to whom the personal data refers.

Data Processor (Article 4 No. 8 GDPR)

The natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller, as described in this privacy policy.

Data Controller (Article 4 No. 7 GDPR)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of respond.io. The Data Controller, unless otherwise specified, is the Owner of respond.io.

Service

The service provided by respond.io as described in the relative terms (if available) and on this site/application.

European Union (EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

B. General information on data processing

1. Data Controller

The controller under data protection law is the entity that decides on the purposes and means of the processing of personal data. We are responsible for the technical setup, administration and distribution of the website.

Please do not hesitate to contact us if you have any questions about privacy policy, the information we hold about you, or if you wish to exercise any of your privacy rights.

You can reach us at:

ROCKETBOTS LIMITED

Unit 2406B, 24/F, Low Block, Grand Millennium Plaza,

181 Queen's Road Central, Sheung Wan, Hong Kong

contact email: legal@rocketbots.io

Our EU/UK representatives can be contacted in addition or instead of the controller by supervisory authorities and data subjects, on all issues related to processing and for the purposes of ensuring compliance with EU/UK data protection laws.

Rickert Rechtsanwaltsgesellschaft mbH

ROCKETBOTS LIMITED

Colmantstraße 15

53115 Bonn, Germany

art-27-rep-rocketbots@rickert.law

Rickert Services Ltd UK

ROCKETBOTS LIMITED

PO Box 1487

Peterborough

PE1 9XX

United Kingdom

art-27-rep-rocketbots@rickert-services.uk

2. Data Processing

Legal Basis for the Processing of Personal Data

We process your personal data when you are a user of our website or a user of our services. We only process data where we have a legal basis to do so. We specify the legal basis in the data processing sections, but generally we may process your personal data if one of the following conditions applies:

The data subject has given their consent for one or more specific purposes. Note: Under some legislations we may be allowed to process personal data until the data subject objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of personal data is subject to European data protection law (please see the corresponding section below);
provision of data is necessary for the performance of an agreement with the data subject and/or for any pre-contractual obligations thereof;
processing is necessary for compliance with a legal obligation to which the respond.io is subject;
processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

3. Data processing when you are based in the EU/EEA/UK

a) Legal Basis for the Processing of Personal Data

We process your personal data when you are a user of our website. We only process data where we have a legal basis to do so. We specify the legal basis in the data processing sections, but generally we may process your personal data if one of the following conditions applies:

The data subject’s consent for the processing of personal data, Article 6 (1) (a), Article 7 GDPR / UK GDPR.
Processing personal data as a necessity for the fulfilment (performance) of a contract in return for payment or free of charge, Article 6 (1) (b) GDPR/ UK GDPR. This shall also apply to processing operations necessary for the implementation of pre-contractual measures.
The processing is necessary for the fulfilment of a legal obligation to which we are subject, Article 6 (1) (c) GDPR / UK GDPR.
The processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and fundamental freedoms of the data subject do not outweigh the above-mentioned interests, Article 6 (1) (f) GDPR / UK GDPR.

b) Rights under the GDPR / UK GDPR

You are entitled to exercise the following free rights against anyone responsible for processing your personal data:

Right to withdraw your consent (Article 7 (3) GDPR)/ UK GDPR;
Right of access by the data subject (Article 15 GDPR / UK GDPR);
Right to rectification and erasure (Article 16 and Article 17 GDPR/ UK GDPR);
Right to restriction of processing on the processing of your personal data (Article 18 GDPR/ UK GDPR);
Right to data portability (Article 20 GDPR/ UK GDPR);
Right to object to the processing of your personal data at any time for reasons relating to your special situation (Article 21 GDPR/ UK GDPR)

You can assert claims under the GDPR/ UK GDPR against the individual controllers.

Should you wish to contact us by e-mail, please use an address used to access our system so that we can identify you.

You also have the right to lodge a complaint with a supervisory authority/ the Commissioner, Article 77 GDPR/ UK GDPR.

4. Third country transfer

Where we process data in a third country (i.e. outside the European Union (EU), United Kingdom (UK) or the European Economic Area (EEA)), or in connection with the use of third party services or disclosure or transfer of data to other persons, bodies or companies, we do so in accordance with the following legal requirements: (a) If we process data in a third country (i.e. outside the European Union (EU), United Kingdom (UK) or the European Economic Area (EEA)), or if we process data in a third country (i.e. outside the European Union (EU) United Kingdom (UK) or the European Economic Area (EEA)), we do so in accordance with the following legal requirements:

Subject to express consent or transfer required by contract or law (Article 49 GDPR/ UK GDPR), we only process data in third countries with a recognized level of data protection (Article 45 GDPR/ UK GDPR),
in the presence of and compliance with contractual obligations through so-called EU standard contractual clauses of the EU Commission (Article 46 GDPR) or in the presence of certifications or legally binding internal data protection regulations (Article 44 to 49 GDPR/ UK GDPR).

As part of the Data Privacy Framework, the EU Commission has recognised the data protection level of certain US companies as secure Framework (UK-US Data Bridge for the US Data Privacy Framework).

The July 10, 2023, adequacy decision includes the list of certified companies and further information on the Data Privacy Framework.

You can find them here: https://www.dataprivacyframework.gov/.

We inform you of our certified service providers in the relevant sections of our data protection information.

Processors bound by our data protection instructions include service providers. These contractors assist with the processing of data, e.g. for this website. They have been carefully selected and authorised, and are monitored regularly; their authorisations are based on processing agreements. They do not process data independently.

5. Recipients, third country transfer, linked third party websites

Some data may be accessible to certain internal staff (such as administration, sales, marketing, legal, and IT) and to external parties. We generally share data with hosting and cloud services, security tools, billing and payment providers, telecommunications providers, public authorities (upon justified request), credit institutions, accountants, auditors, and legal counsel.

We use third-party services to ensure our website is functional, secure, visually appealing, and continuously optimized. Links to third-party websites may be provided; please review their privacy policies before sharing personal data, as we are not responsible for their data processing.

Data may be processed outside the EU/EEA/UK only when legally permitted, such as with your consent, contractual necessity, or in countries with adequate data protection.

We use EU standard contractual clauses and the UK addendum to the EU SCCs or other legal safeguards where required.

Some U.S. providers are certified under the Data Privacy Framework; details are available on the US Department of Commerce website https://www.dataprivacyframework.gov/.

All processors act on our instructions, are carefully selected, and regularly monitored. They do not process data for their own purposes. An updated list of these parties is available upon request.

Please review each privacy policy before disclosing personal information to these controllers.

6. Data security

We use technical and organizational measures to protect personal data from accidental or unauthorized access, loss, or manipulation. Our security is continuously updated, and we use TLS encryption to secure data transfers on our website.

7. Children

In order to use our website, Users must be at least 16 years old. We do not knowingly collect personal information from children under the age of 16 and we do not allow anyone under the age of 16 to use the Site.

8. Automated decision making

We do not use automated decisions-making that have legal or similarly significant implications for you. However, we do use profiling techniques to analyse user behaviour in order to predict and improve the reach of content distributed through our services.

9. Retention periods

In line with Articles 17 and 18 GDPR / UK GDPR, we delete or restrict processing of data when it is no longer needed for its intended purpose. Server log files are deleted after 30 days. Data may be retained beyond this period only if required for lawful reasons or legal retention obligations, such as tax and company law documentation.

C. Data Collection and processing of User data when using our website

The data collected by respond.io is either directly or indirectly provided by you. The information is either automatically collected in the course of the user’s view of our website

We collect and process the following User data:

This includes

the date and time of accessing one of our Internet pages; -
your browser type;
the browser settings;
the operating system used;
the last page you visited;
the amount of data transferred and the access status (file transferred, file not found, etc.) and;
your IP address.

Information additionally provided by you, through contact form:

first name and last name;
your Company’s size /employees;
company Name / website;
work- email address;
phone number.

Information additionally provided by you, during the account sign-up

first and last name;
email;
password;
data communicated while using the service.

The data will be stored on our servers. However, we do not store this data together with any personal data other than that mentioned above. A temporary storage of the IP address by the system is necessary in order to be able to deliver the website to your computer. We do not evaluate the data on a personal basis, in particular for marketing purposes.

The aforementioned data processing is technically necessary for the provision of the website in accordance, with our legitimate interest (Article 6 (1) (b) GDPR/ UK GDPR) in order to correctly display the website to our Users. We store log files with your anonymised IP address for a period of 30 days to prevent threats and for our IT security and to detect possible attacks. The legal basis for this is our legitimate interest.

The storage and hosting of our website is on the servers of our host provider. Specifically, the host provider processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of visitors or customers of the website. The legitimate interest in the efficient and secure provision of the website in accordance with our legitimate interest. In accordance with Article 28 GDPR, the host provider is contractually bound by a data processing agreement to process personal data only on our instructions.

Further information on each type of personal data collected is provided in the relevant sections of this Privacy Policy or by specific explanatory text displayed prior to the data collection.

1. Social Login

You can use the Google Social Login service to sign in to our platform instead of setting up an account directly. This method of logging in generates an account that is functionally identical to one created through manual registration. You will have the same access, permissions and user experience.

You will find the Google login option on the registration or login page of the platform. When you select it, you will be redirected to the Google website where you can enter your login credentials.

Google will then share certain profile information with us. We only receive your name and email address. This enables us to identify you and create your account in our system. We never receive your Google password. If you choose to provide additional information, it will be linked to your account.

We use this service based on our legitimate interest under Article 6(1) (f) of the GDPR and UK GDPR, in order to make accessing our platform more convenient.

You can also find out how to exercise your rights with Google here: (https://myaccount.google.com/permissions)

And information on the privacy policy here: https://www.google.com/policies/privacy/partners/

2. Security and performance

a) Hosting

Our website utilizes hosting and cloud services provided by Webflow (Webflow, Inc. 398 11^th. Floor2, San Francisco, CA 94103, USA.)

Your data is processed and stored on Webflow servers when you visit our website. This results in Webflow receiving your IP address and browser and system information. In accordance with our legitimate Interest (Article 6 (1) (b) GDPR/ UK GDPR) and Art. 28 GDPR/ UK GDPR.

Data may be transferred to and processed in the USA. Webflow Inc. has joined the EU-US Data Privacy Framework, Swiss-U.S. Data Privacy Frameworks and the UK Extension to the EU-U.S. Data Privacy Framework. If data is transferred to the USA, this is done on the basis of the European Commission's new adequacy decision on the EU-US Data Privacy Framework, Article 45 GDPR/ UK GDPR. This certification confirms that Webflow Inc. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

b) Content Delivery Network

(1) JsDelivr

In order to safeguard our website and optimise loading times, this website uses

JsDelivr (service provider Volentio JSD Limited Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB) to protect our website with a Web Application Firewall and optimise loading times with a Content Delivery Network.

When you load our website, your requests are routed by the JsDelivr Server and statistical data about your visit is being collected and stored on a cookie on your device. This data includes your IP-address, accessed websites, type and version of your browser, your operating system, the referrer-URL (the site, from where you reached us), the length of your stay and the frequency of requests on our pages. The analysis based on this data is necessary to detect and defend attacks. Cookies are used to recognise your device. An analysis for the purpose of statistical evaluation or for advertising purposes is not performed.

For further information see https://www.jsdelivr.com/terms/privacy-policy.

(2) Amazon CloudFront

We also use Amazon CloudFront CDN to safeguard our website and optimise loading times. The provider Amazon Web Services, Inc. 410 Terry Avenue North, Seattle WA 98109, USA.

When you load our website, your requests are routed by the CloudFront Server and statistical data about your visit is being collected and stored on a cookie on your device. This data includes your IP-address, accessed websites, type and version of your browser, your operating system, the referrer-URL (the site, from where you reached us), the length of your stay and the frequency of requests on our pages. The analysis based on this data is necessary to detect and defend attacks. Cookies are used to recognise your device. An analysis for the purpose of statistical evaluation or for advertising purposes is not performed.

In addition, we keep log files to ensure optimise the stability and security of our website

Further information on Amazon CloudFront CDN can be found here:

https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

(3) Zapier

We use Zapier, a service provided by Zapier (Zapier Inc, 548 Market Street 6241, San Francisco, CA 94102, USA , to automate workflows and connect different applications. When you use our services, certain personal data may be transferred to and processed by Zapier for the purpose of providing automation between our systems. We use Zapier on the basis of your consent (Article 6 (1) (a), 7 GDPR/ UK GDPR) , which you can withdraw at any time with effect for the future.

We have concluded a data processing agreement in accordance with Article 28 GDPR/ UK GDPR with Zapier, on the basis of which Zapier may only process and delete your personal data on our instruction. Zapier. has joined the EU-US Data Privacy Framework and Swiss-U.S. Privacy Shield Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Article 45 GDPR/ UK GDPR. This certification confirms that Functional Software Inc. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

For further details, please see https://partnerportal.zapier.com/home/privacy/.

3. Contact, CRM

Depending on the content of the enquiry, the processing of your data in the context of contacting us by telephone or e-mail is carried out on the basis of your (presumed) consent (Article 6 (1) (a), 7 GDPR/ UK GDPR) in the case of purely informative enquiries, or pursuant to Article 6(1) (b) GDPR/ UK GDPR if the contact is made in connection with (pre-)contractual performance obligations. In any case, you agree that we may contact you in order to respond to you, unless you have previously withdrawn your consent.

When you contact us via our form, we need the following data to answer your request and so that we can address you personally and assign your request:

Company Name and information
First and last name
Work e-mail-address
Telephone-number

After final processing, we will delete your contact requests from our active systems immediately, unless legal permission (in particular your consent, which can be withdrawn at any time) or retention obligations permit or require further storage.

We may store your contact data in a customer relationship management system ("CRM system") if a business relationship exists, or if a business relationship can be expected based on previous communications. Our legal basis for this is our legitimate interest, which is based on our legitimate economic interest in being able to systematically manage the contact data of our customers and prospective customers. Where personal data is stored in the CRM system, it will be reviewed after two years at the end of each calendar year to determine whether further storage is necessary. Should this not be the case, or if there are no further legal storage obligations, the data will be deleted.

The customer relationship management system is provided by HubSpot (HubSpot, Inc.) of the provider HubSpot Ireland Ltd, One Dockland Central, Guild Street, Dublin 1, Co. Dublin, Ireland (US parent company HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA). The legal basis for the processing is our legitimate interest on the basis of our legitimate economic interests in being able to systematically manage customer and prospective customer contact data.

1) HubSpot Forms

We also use forms from the service provider HubSpot on our website to enable you to contact us, register for events or download content. If you fill out such a form, the data you enter (e.g. name, e-mail address, company, message) will be transmitted to HubSpot and processed there on our behalf.

The processing of your data is based on your consent (Art. 6 (1) (a), 7 GDPR/ UK GDPR), which you give by submitting the form. You can withdraw your consent at any time with effect for the future. Your data will only be used to process your enquiry, to contact you or to provide you with the requested information.

We have concluded a data processing agreement in accordance with Article 28 GDPR, under which the processors undertake to process personal data exclusively in accordance with our instructions. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Article 45 GDPR/ UK GDPR. If a data privacy framework does not or does not yet exist, the data exchange during the transition period is based on the concluded EU standard contractual clauses to ensure an adequate EU data protection level.

Further information on data processing by HubSpot can be found in HubSpot's privacy policy: https://legal.hubspot.com/de/privacy-policy

4. Newsletter

Your personal data is used to send you newsletters related to the services you have subscribed to via e-mail. We use third-party services to send you these newsletters.

We use the service customer.io of the provider Peaberry Software, Inc., P921 SW Washington Street Suite 820, Portland, OR 97205, USA.

By registering on the mailing list or for the newsletter, you need to sign up to the newsletter with your e-mail address. To ensure that you have explicitly consented to subscribe our newsletter, we use a double opt-in process. After submitting your e-mail address via our subscription form, you will receive an e-mail asking you to confirm your subscription. You must click the confirmation link in this e-mail to complete your subscription. If you do not confirm your subscription, you will not receive any newsletters from us.

Analysing our newsletter campaigns is possible. Each time an email is opened, a file contained within it (known as a web beacon) connects to our newsletter server. This allows us to determine whether the newsletter has been opened and which links, if any, have been clicked on. Technical information is also recorded, such as the time of retrieval, IP address, browser type and operating system. This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to adapt future newsletters to better suit the interests of recipients. If you do not want your data to be analysed, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message.

Your data will be stored and processed in an electronic newsletter system for the duration of your subscription. Since we base our processing on your consent, this means that you have the right to withdraw your consent at any time or to object to the processing of your personal data for the purpose of sending the newsletter. If you do so, we will immediately remove you from our newsletter distribution list to comply with your request. You can withdraw your consent at any time by sending an e-mail to us or by following the instructions at the end of a promotional/newsletter e-mail. If you send us an e-mail, please let us know what your withdrawal should refer to so that we can assign your request.

These service providers act as processors for us and we have concluded a data processing agreement in accordance with Article 28 GDPR/ UK GDPR. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Article 45 GDPR/ UK GDPR. If a data privacy framework does not or does not yet exist, the data exchange during the transition period is based on the concluded EU standard contractual clauses to ensure an adequate EU data protection level.

5. Social media

Buttons for social media profiles

In the absence of an explicit objection, we process your data in accordance with our legitimate interests (Article 6 (1) (f) GDPR/ UK GDPR), with the objective of enhancing the content and rendering it more accessible for your convenience. If cookies are used when integrating social media content, this is done on the basis of your consent (Article 6 (1) (a), 7 GDPR/ UK GDPR), and you can withdraw this consent at any time, with effect for the future.

We also link to our presence on various social networks on our website. The integration takes place via a linked graphic of the respective network. This means that a connection to the server of the respective network is not automatically established when our website is called up, but the user is merely forwarded to the service of the respective social network by clicking on the corresponding graphic. If you click on the graphic while you are logged into your social media account, the network operator may be able to assign the information collected from the respective visit to your personal account. If you interact via a "Share" button or e.g. the "Like" button of the respective network, this information can be stored in your personal account and possibly published. If you want to prevent the information collected from being directly assigned to your user account, you must log out before clicking on the graphic or the respective button.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by the social media platforms.

Following the forwarding, information is collected by the respective network, whereby it cannot be ruled out that the data collected in this way is processed in the USA.

Unless otherwise mentioned the social media platforms have joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Article 45 GDPR/ UK GDPR.

This certification confirms that the social media platform complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

The data collected is initially the IP address, date, time and page visited.

The following social networks are integrated into our site via links:

a) X (formerly Twitter)

X Corp., Market Square, 1355 Market Street, Suite 900 San Francisco, CA 94103, USA

Privacy Policy: https://twitter.com/de/privacy.

b) YouTube

Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Privacy Policy: https://policies.google.com/privacy

c) Meta (formerly Facebook)

Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA

Privacy Policy: https://www.facebook.com/about/privacy/

d) LinkedIn

LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

e) Instagram

Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA

Privacy Policy: https://www.facebook.com/about/privacy/

6. Cookies and integrated third-party offers

Our website uses cookie technology. A cookie is a small text file sent to your browser by our web server when you visit our website. It is stored on your computer and can be retrieved later. You can choose whether to allow cookies to be set and retrieved using your browser settings. For example, you can deactivate cookie storage completely, restrict it to certain websites, or configure your browser to notify you automatically as soon as a cookie is about to be set and ask for your feedback. You can delete cookies at any time using your browser's security settings. Please note, however, that this may affect how our website displays.

Unless otherwise stated, the processing described in this section is based on your consent (Article 6 (1) (a), 7 GDPR/ UK GDPR), and you can withdraw this consent at any time with effect for the future.

Further information on how you can withdraw your consent can be found in our cookie policy. The cookie policy can be found in the footer of our website.

Cookie Consent Manager

Our website uses the consent technology of CookieYes to obtain your consent to the storage of certain cookies on your device or for the use of certain technologies and to document them in a data protection compliant manner. The provider of this technology is CookieYes Limited of 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom

We have concluded a data processing agreement with CookieYes in accordance with Article 28 GDPR/ UK GDPR.

CookieYes is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 (1) (c) GDPR/ UK GDPR.

Further information on data processing can be found here https://www.cookieyes.com/privacy-policy/

7. Statistics, Web-Analytics, Advertising based on Tracking and Retargeting – Use of Cookies

Occasionally, we or our partners use cookies or handle your information in a manner that necessitates your consent. Cookies are small text files that can be stored on your device when you visit our website. Various technologies can be used for tracking, such as pixel technology or log file analysis. You give your consent via the cookie banner, which you must actively click. Unless otherwise stated, the processing described in this section is based on your consent (Article 6 (1) (a), 7 GDPR/ UK GDPR). You can withdraw your consent at any time with effect for the future. You can learn more about how to withdraw your consent in our cookie settings.

a) Web-Analytics, Statistics

In order to ascertain the content of our website that is of most interest to you, we undertake continuous measurement of the number of visitors and the most viewed content. Therefore, we process your personal data.

to record the number of visitors to our websites;
to record the visiting times of our website visitors; and
to record the sequence of visits to different websites and product sites, in order to optimise our website.

We also record the sequence of visits to different websites and product sites in order to optimise our website.

(1) Web Analysis through Google Analytics 4

For the purposes of analysis and optimisation of our website, we use the service Google Analytics 4 (service provider is Google LLC,1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

In Google Analytics 4, the anonymisation of IP addresses is activated by default. With IP anonymisation on our website, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.

The following data may be processed when you visit our website

IP address (in abbreviated form, a clear assignment is not possible);
approximate location (country and city);
Technical information such as browser, internet provider, end device and screen resolution;
Behaviour on the page (pages viewed, clicks and scrolling behaviour);
Source of origin of the visit (via which website or advertising medium the page was reached)
Session duration and whether the page was left without interaction;
Adding to favourites;
Sharing content (social media);
Clicked links to other websites;
Achievement of certain goals (conversions).

Google uses the aforementioned information on our behalf to analyse your use of our website, to compile reports on website activity for us and to provide us with other services related to the use of websites and the internet. As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning to automatically analyse and enrich the data. Information on this can be found on the following website https://support.google.com/analytics/answer/10710245. The analyses are carried out automatically with the help of artificial intelligence or on the basis of specific, individually defined criteria.

Google Analytics 4 stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website. The information collected by the cookies about the use of our website (including your anonymised IP address) may be transferred to a Google server in the USA and stored there under Google's responsibility. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there.

The logged data is stored by Google together with the randomly generated user ID, which is stored in a cookie on your device, enabling the evaluation of pseudonymised user profiles. This user-related data is automatically deleted after 14 months.

We have made the following data protection settings for Google Analytics 4:

Anonymization of the IP address;
deactivated advertising function;
deactivated personalized advertising;
deactivated remarketing;
Retention period of 2 months (and no resetting of the retention period for new activity);
deactivated cross-device and cross-page tracking (Google Signals);
deactivated data sharing (in particular Google products and services, benchmarking, technical support, account specialist).

Further information on Google Analytics 4 can be found on the following pages at https://policies.google.com/privacy?hl=de, in the terms of use at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://support.google.com/analytics/answer/6004245?hl=de.

We have concluded a data processing agreement with Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in accordance with Article 28 GDPR/ UK GDPR. Google LLC has joined the EU-US Data Privacy Frameworks, as well as the UK Extension to the EU-US Data Privacy Framework. If data is transferred to the USA, this is done on the basis of the European Commission's new adequacy decision on the EU-US Data Privacy Framework and Article 45 GDPR/ UK GDPR. This certification confirms that Google complies with the required data protection regulations and practices.

Further information on the cookies used by Google Analytics 4 can also be found at https://support.google.com/analytics/answer/11397207?hl=de

Google Analytics 4 uses the special ‘demographic characteristics’ function to compile statistics about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and will be deleted after being stored for a period of two months.

(2) Dreamdata

We use the ‘Dreamdata’ service for analytical and statistical analyses. Dreamdata is operated by Dreamdata Købmagergade 22, 2nd Floor, 1150 Copenhagen, Denmark. With the help of Dreamdata, we can determine how visitors to our website and customers interact with our website, which channel they used to reach our website and which pages are of particular relevance to them.

The following data is processed by Dreamdata IP addresses, browser information, usage data, date and time of visit, location information, cookie ID.

We have concluded a data processing agreement with Dreamdata Købmagergade 22, 2nd Floor, 1150 Copenhagen, Denmark in accordance with Article 28 GDPR/ UK GDPR.

Further information can be found here: https://dreamdata.io/privacy-policy.

(3) Google Tag Manager

We use Google Tag Manager from Google LLC. We have concluded a data processing agreement in accordance with Article 28 GDPR with Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The Tag Manager allows us to implement and manage so-called tags, which are small code elements, on our website through a central interface. The Tag Manager itself does not use cookies. However, it triggers other tags that may collect data, potentially via cookies. Google does not access this data. Through the Tag Manager, we integrate services such as Google Analytics and Microsoft Ads.

Google LLC has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA, Article 45 GDPR/ UK GDPR. This certification confirms that Google LLC complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

Further information can be found here: https://www.google.com/intl/de/tagmanager/faq.html.

(4) Microsoft Clarity

We use the service Microsoft Clarity on our website (service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA).

We use the Microsoft Clarity service to analyse how our website is used.

Information relating to usage and users, such as IP addresses, locations, times and frequencies of visits to our website, is transferred to and stored on a Microsoft server in the USA.

We have concluded a data processing agreement in accordance with Article 28 GDPR with Microsoft.

Microsoft has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA, Article 45 GDPR/ UK GDPR. This certification confirms that Microsoft complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

Further information can be found here https://clarity.microsoft.com/privacy

(5) HubSpot

We use the service HubSpot on our website, a service provided by HubSpot Ireland Ltd, One Dockland Central, Guild Street, Dublin 1, Co. Dublin, Ireland (US parent company HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA) for analysis and tracking purposes. HubSpot enables us to evaluate user behaviour on our website in order to optimise our offering and target marketing measures. In particular, cookies are set and personal data such as IP address, pages visited, interactions and, if applicable, contact information are processed

We have concluded a data processing agreement in accordance with Article 28 GDPR/ UK GDPR with HubSpot.

HubSpot has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA, Article 45 GDPR/ UK GDPR. This certification confirms that HubSpot complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

Further information can be found here https://www.hubspot.com/data-privacy/gdpr.

b) Advertising based on Tracking and Retargeting

We use tracking and retargeting technologies to ensure that the advertising shown on our websites and those of our advertising partners is tailored to the interests of the data subjects. This helps us to ensure that we only show advertising that is of interest to our visitors. Cookies are generally used for this purpose, but other technologies, such as 'fingerprinting', are also employed in certain cases.

Cookies cached for this purpose enable our retargeting partners to recognise visitors to our website under a pseudonym and show them products that are likely to interest them. Fingerprinting recognises devices based on the data subject's computer hardware, software, add-ons and browser settings.

In the absence of an explicit stipulation to the contrary, the processing delineated in this section is contingent upon the consent of the data subject, as enshrined in Articles 6(1) (a), 7 GDPR/ UK GDPR. This consent may be rescinded at any time, with the consequence that it shall no longer be valid for the future.

The controller uses the collected data for statistical and advertising purposes and in detail:

for targeted advertising, including via advertising networks in cooperation with partners,
for measuring the success and billing of advertising measures between advertising partners and us,
to track which advertising the data subjects have already seen in order to prevent them from seeing the same advertising again, and
to assess which parts of our website need to be optimized.

Unless otherwise stated, we use the following services as processors and contractually oblige them to process data only on our behalf.

(1) Meta Pixel /Business Ads

We use Meta Pixel on our website, provided by Meta Platforms Ireland Ltd (parent company Meta Platforms Inc. 1601 Willow Road Menlo Park California 94025, USA). This service helps us identify target groups for Meta advertising based on website visits and behavior and measure the effectiveness of our online marketing. When you visit our site, Meta Pixel may store a cookie on your device and log your visit to your Facebook profile if you are logged in. The data we receive is anonymous, but Meta may link it to user profiles.

For more information, visit https://www.facebook.com/business/tools/meta-pixel/ and https://www.facebook.com/about/privacy/.

It cannot be ruled out that Meta Platforms Ireland Limited will transfer personal data to the parent company Meta Platforms Inc. (USA) as part of the commissioned processing. Meta Platforms Inc. has joined the EU-US Data Privacy Framework and EU-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Article 45 GDPR/ UK GDPR. This certification confirms that Meta Platforms Inc. complies with the required data protection regulations and practices.

If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

(2) Google Ads Remarketing

We use Google Ads, an ad service by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), and also conversion tracking as part of Google Ads. Google Ads stores a conversion tracking cookie on your computer's hard drive ("conversion cookie") when you click on an advertisement placed by Google. If you visit certain pages of our website, Google can recognise that you have clicked on the advertisement and were referred to this web page.

The information obtained using conversion cookies is used to generate statistics for Ads customers who use conversion tracking. These statistics show us the total number of users who clicked on the Google advertisement and viewed a web page with a conversion tracking tag.

Further information can be found here https://policies.google.com/privacy.

(3) Microsoft Ads (Bing Ads)

Our website uses the online advertising programme 'Microsoft Ads', a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ('Microsoft'). Microsoft Ads enables advertisers like us to place ads in Bing search engine results and in the Microsoft Advertising network based on your interests. Microsoft processes information about your usage behaviour to create pseudonymous usage profiles. These usage profiles analyse your browsing behaviour and are used to display interest-based advertisements. This is done by means of a cookie set by Microsoft which is valid for 180 days. This cookie is also set via our website if you have previously agreed to this in our cookie settings.

We can see how many users clicked on a Bing ad and were then redirected to our conversion page — the page linked to in the ad. However, we do not receive any information that could be used to identify individual users personally.

The legal basis for transferring data to the USA is also your consent (Article 6 (1) (a),7 GDPR/ UK GDPR and Art. 49 (1) (a)GDPR/ UK GDPR.

You can withdraw your consent at any time via the settings without disadvantage.

If you have a user account with Microsoft, you will be shown personalized advertisements based on data from Microsoft Ads. You can prevent this by declaring your objection at the following link https://choice.microsoft.com/en-US/opt-out .

Microsoft has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Article 45 GDPR. This certification confirms that Microsoft complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

Further information can be found at https://privacy.microsoft.com/en-US/privacystatement.

8. Chat Widget

We offer a chat widget on our website to give you the opportunity to get in touch with us quickly and easily and to receive information about our products and services. The chatbot is provided and operated directly by our company.

When you interact with the chat widget, we process personal data you provide, such as:

Name
Email address
Other contact details
Orders
Chat history

Additionally, the chat widget may collect your IP address, log files, location information, and other metadata. We may store which users interact with the chat widget and when, as well as the content of conversations and records of registration and consent processes for legal compliance.

The processing is carried out on the basis of our legitimate interest in the efficient processing of your enquiry (Art. 6 (1) (f) GDPR/ UK GDPR) or, if it concerns (pre-) contractual enquiries (Art. 6 (1) (b) GDPR/ UK GDPR).

The data collected in the chatbot will only be used to process your enquiry and will not be passed on to third parties without your express consent. The data will only be stored for as long as is necessary to process your enquiry or for as long as there are statutory retention obligations.

9. Payment Service

We use payment providers to process your transactions when you purchase services from us. This is based on our contractual obligations, which relate to the processing of data for the performance of a contract. If a credit check is performed, this is conducted under our legitimate interest, which relates to the processing of data for the legitimate interests (Article 6 (1) (f) GDPR/ UK GDPR) of the controller. We prioritise the protection of your personal data and ensure that all processing activities comply with the relevant legal requirements. We use Stripe (354 Oyster Point Blvd, Suite 201, South San Francisco, United States) for the processing of payments. If you use Stripe to make a purchase or payment on our website, you will provide your personal information to them.

When you make a payment using Stripe, the following personal data may be collected and processed: name, email address, billing and shipping addresses, payment information (e.g. credit card number, expiration date, CVV), and transaction details.

The data is used for the purpose of processing your payment, verifying your identity, preventing fraud, and to comply with legal obligations. We do not share your payment information with third parties, except as necessary to process your payment via your selected Payment Provider.

Stripe may share your data with their affiliated companies and service providers as described in their privacy policy. Stripe use industry-standard security measures to protect your personal data during the transaction process. We also take appropriate measures to ensure the security of your data in our systems. You have the right to access, correct, and delete your personal data held by Stripe. To exercise these rights, you should contact Stripe directly.

Further information can be found here https://stripe.com/gb/privacy.

10. Partner Referral links

We also use partner referral links . If you click on one of these links and purchase a product, our partners will receive a commission from us. This means we need to be able to identify you, verify that you accessed the product via our partners' advertising link, and confirm that you made a subsequent transaction. To this end, we and our partners use cookies or similar recognition technologies (e.g. device fingerprinting) on our websites.

We use PartnerStack Inc.'s service (1000 Brickell Avenue, Suite #715 (PMB-315), Miami, FL 33131) to support our affiliate referral programme and track users who click on affiliate links. When you click on the link, certain personal data (e.g. IP address and browser information) may be transferred to and processed by PartnerStack to provide the service. We use PartnerStack based on your consent (Article 6(1) (a), 7 GDPR/UK GDPR), which you can withdraw at any time with effect for the future. We have concluded a data processing agreement with PartnerStack in accordance with Article 28 GDPR/ UK GDPR.

Further information can be found here https://partnerstack.com/legal/privacy-policy

A list of our affiliate partners can be found here https://respond.io/partner-directory.

D. Information for Users Residing in Brazil

This part of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the entity running respond.io and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as “we”, “us”, “our”).

The provisions contained in this section apply to all Users who reside in Brazil, according to the "Lei Geral de Proteção de Dados" (Users are referred to below, simply as “you”, “your”, “yours”). For such Users, these provisions supersede any other possibly divergent or conflicting provisions contained in the privacy policy.

This part of the document uses the term “personal information“ as it is defined in the Lei Geral de Proteção de Dados (LGPD).

The Grounds on Which we Process your Personal Information

We can process your personal information solely if we have a legal basis for such processing. Legal bases are as follows:

your consent to the relevant processing activities;
compliance with a legal or regulatory obligation that lies with us;
the carrying out of public policies provided in laws or regulations or based on contracts, agreements and similar legal instruments;
studies conducted by research entities, preferably carried out on anonymized personal information;
the carrying out of a contract and its preliminary procedures, in cases where you are a party to said contract;
the exercising of our rights in judicial, administrative or arbitration procedures;
protection or physical safety of yourself or a third party;
the protection of health – in procedures carried out by health entities or professionals;
our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests; and
credit protection.

To find out more about the legal bases, you can contact us at any time using the contact details provided in this document.

Categories of Personal Information Processed

To find out what categories of your personal information are processed, you can read the section titled “Detailed information on the processing of Personal Data” within this document.

Why we Process Your Personal Information

To find out why we process your personal information, you can read the sections titled “Detailed information on the processing of Personal Data” and “The purposes of processing” within this document.

Your Brazilian Privacy Rights, how to File a Request and our Response to our Request

Your Brazilian Privacy Rights

You have the right to:

obtain confirmation of the existence of processing activities on your personal information;
access to your personal information;
have incomplete, inaccurate or outdated personal information rectified;
obtain the anonymization, blocking or elimination of your unnecessary or excessive personal information, or of information that is not being processed in compliance with the LGPD;
obtain information on the possibility to provide or deny your consent and the consequences thereof;
obtain information about the third parties with whom we share your personal information;
obtain, upon your express request, the portability of your personal information (except for anonymized information) to another service or product provider, provided that our commercial and industrial secrets are safeguarded;
obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions provided for in art. 16 of the LGPD apply;
revoke your consent at any time;
lodge a complaint related to your personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies;
oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law;
request clear and adequate information regarding the criteria and procedures used for an automated decision; and
request the review of decisions made solely on the basis of the automated processing of your personal information, which affect your interests. These include decisions to define your personal, professional, consumer and credit profile, or aspects of your personality.
you will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.

How to File your Request

You can file your express request to exercise your rights free from any charge, at any time, by using the contact details provided in this document, or via your legal representative.

How and when we will respond to your Request

We will strive to promptly respond to your requests.

In any case, should it be impossible for us to do so, we’ll make sure to communicate to you the factual or legal reasons that prevent us from immediately, or otherwise ever, complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests, if we are in the position to do so.

In the event that you file an access or personal information processing confirmation request, please make sure that you specify whether you’d like your personal information to be delivered in electronic or printed form.

You will also need to let us know whether you want us to answer your request immediately, in which case we will answer in a simplified fashion, or if you need a complete disclosure instead.

In the latter case, we’ll respond within 15 days from the time of your request, providing you with all the information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.

In the event that you file a rectification, deletion, anonymization or personal information blocking request, we will make sure to immediately communicate your request to other parties with whom we have shared your personal information in order to enable such third parties to also comply with your request – except in cases where such communication is proven impossible or involves disproportionate effort on our side.

Transfer of Personal Information outside of Brazil permitted by the Law

We are allowed to transfer your personal information outside of the Brazilian territory in the following cases:

when the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, according to the legal means provided by the international law;
when the transfer is necessary to protect your life or physical security or those of a third party;
when the transfer is authorized by the ANPD;
when the transfer results from a commitment undertaken in an international cooperation agreement;
when the transfer is necessary for the execution of a public policy or legal attribution of public service;when the transfer is necessary for compliance with a legal or regulatory obligation, the carrying out of a contract or preliminary procedures related to a contract, or the regular exercise of rights in judicial, administrative or arbitration procedures.

This privacy policy relates solely to respond.io, if not stated otherwise within this document.

Latest update: September 20, 2022