EFFECTIVE DATE: September 7, 2022
- Who visit https://churnzero.com as well as other websites (“Visitors”) that we operate and that link to this Policy (“Websites”), including those Visitors who fill out a contact form or otherwise reach out to us to learn more about our customer success platform and the other services which we market for commercial use (collectively, the “Services”).
- Who contract with us to use our Services and the end users authorized by a business or individual to use the Services on that business’s or individual’s behalf (each a “User”, together with the individual or business authoring such access “Customer”). Except as otherwise stated and to the context allows, Customer (and your Users) and Visitor may be collectively referred to as “you” or “your” in this Policy.
This Policy describes how we collect, use, share, and secure the personal information that you provide. It also describes your choices regarding use, access, and correction of your personal information. To ensure you well- informed of our practices, we recommend that you read the entire Policy. If you have any questions or concerns about our use of your personal information, then please contact us at email@example.com.
SCOPE OF THIS POLICY.
When this Policy applies. This Policy applies to:
- Any personal information collected or processed of our Visitors through our Websites.
- Any personal information collected or processed of, or submitted by, our Customers through our Services where ChurnZero acts as a controller (or equivalent role under data privacy laws) as to such personal information. For example, where we process personal information to improve the Services or tailor the Services to meet an individual’s preferences.
When this Policy does not apply. Except as detailed otherwise in the above “When this Policy applies” section, this Policy does not apply to:
- Third-party online services or applications (collectively, “Third-Party Offering(s)”) linked to our Websites or integrated (or that interoperate) with the Services. In this instance, the security and privacy of personal information are determined by the privacy statements by the third parties offering such Third-Party Offerings, which we encourage you to review to understand their personal information practices. Examples of such Third-Party Offerings can be found here.
- Any electronic data, text, messages, communications, or other materials processed by us through the Services on behalf of our Customers (“Customer Content”). In such instances, we are acting as a “processor” (or equivalent role under data privacy laws) as to any such personal information and we do so in accordance with our Subscription Service Terms (current version available at https://churnzero.com/subscription-service-terms/) or such other applicable agreement between a Customer and us relating to your access to and your use of our Services (“Terms”) and our Global Data Processing Addendum (“DPA” (current version available at https://churnzero.com/data-processing-addendum/) together with Terms, the “Services Agreement”).
We process Customer Content (and any personal information contained therein) under the direction of our Customers; in addition, we typically have no direct relationship with individuals whose personal information is processed through the Services therefore our Customers are in the best position and are ultimately responsible for establishing policies for, and ensuring compliance with, all applicable laws and regulations, as well as any privacy policies, agreements, or other obligations, relating to the processing of its Customer Content (to include any personal information contained therein) through our Services. Any individual who one of our Customers contact through the Services should direct any questions, concerns, or requests you may have as to the processing of your personal information directly to such Customer instead of ChurnZero.
INFORMATION THAT YOU PROVIDE TO US
Account and Registration Information. We ask for and may collect personal information about our Customers such as your name, address, phone number, email address, instant messaging ID, and credit card information, as well as certain related information like your company name and website name, when you register for an account to access or utilize our Services (an “Account”). We also ask for and collect personal information of your Users, such as an email address and a name or alias from any individual that you authorize to log into and utilize our Services in connection with your Account. We base the processing of your personal information on our legitimate interest, to provide you with the necessary functionality during your use of our Services.
For Previews (e.g., free trials of our Services (as more fully defined in the Services Agreement), no credit card information is necessary unless and until you decide to continue with a paid subscription to our Services. We contractually obligate our third-party payment processors to permit the storage, retention, or use of your billing information only for credit card processing on our behalf. By voluntarily providing us with the above information, you represent that you are the owner of such information or otherwise have the requisite consent to provide it to us.
Other Submissions. We ask for and may collect personal information from you when you submit web forms on our Websites or as you use interactive features of the Websites or the Services, to include participation in webinars, surveys, contests, promotions, sweepstakes, requesting customer support, or otherwise communicating with us. We process your personal information to fulfill our obligations under the Services Agreement; however, where we have not entered into the Services Agreement with you, we base the processing of your personal information on our legitimate interest to operate and administer our Websites or Services and to provide you with the content you access or request.
INFORMATION THAT WE COLLECT FROM YOU.
We may also use web beacons, tags, and scripts on our Websites, Services, or in email or other electronic communications we send to you. These assist us in delivering cookies, counting visits to our Websites or Services, understanding usage, and determining the effectiveness of such communications. We may receive reports based on the use of these technologies by our third-party service providers on an individual or aggregated basis.
We use local storage such as HTML5 and local shared objects (“LSOs,” also known as Flash cookies) to store content information and preferences. Various browsers may offer their own management tools for removing HTML5. Third parties with whom we partner to provide certain features on our Websites or to display advertising based upon your Web browsing activity use HTML5 and Flash to collect and store information. For further information on how to manage Flash cookies, please click here.
Logs. As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and Services. This information may include internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy.
Analytics. We collect analytics information when you use the Websites or Services to help us improve them, including using cookies. We may also share aggregated and/or anonymized data about your actions on our Websites and Services with third-party analytic service providers. We currently use Google® analytics, which you can read about here and here.
INFORMATION COLLECTED FROM OTHER SOURCES. We may also obtain other information, including personal information, from third parties and combine that with information we collect through our Websites or Services. For example, we may have access to certain information from a third-party social media, authentication, or single sign-on services (e.g., Okta, Salesforce) if you log into our Services through such a service or otherwise provide us with access to information from that service. Any access that we may have to such information from a third-party social media or authentication service is in accordance with the authorization procedures determined by that service. If you authorize us to connect with a third-party service or permit the third-party service to prepopulate our webforms or log-in pages, we may have access and store your name, email address(es), current city, profile picture URL, and any other personal information that the third-party service makes available to us and use and disclose it in accordance with this Policy. You should check your privacy settings on these third-party services to understand and change the information sent to us through these services.
HOW WE USE INFORMATION THAT WE COLLECT
General Uses. We may use the information we collect about you (including personal information, to the extent applicable) in order to perform our obligations under our Services Agreement with you and on the basis of our legitimate interest including to (a) provide, operate, maintain, improve, and promote the Websites and the Services; (b) enable you to access and use the Websites and the Services; (c) process and complete transactions, and send you related information, including purchase confirmations and invoices; (d) send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages; (e) send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners (you can opt-out of receiving marketing communications from us by contacting us at and providing the names/email address(es) that you would like removed from our marketing databases and added to our ‘Do Not Contact’ list” or following the unsubscribe instructions included in our marketing communications); (f) monitor and analyze trends, usage, and activities in connection with the Websites and Services and for marketing or advertising purposes; (g) investigate and prevent fraudulent transactions, unauthorized access to the Websites and the Services, and other illegal activities; (h) personalize the Websites and Services, including by providing features or advertisements that match your interests and preferences; and (i) for other purposes for which we obtain your consent.
Legal basis for processing (EEA visitors only). If you are a visitor from the European Economic Area (“EEA”), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we need the personal information to perform a contract with you (e.g., to provide you with our Services), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent. In certain cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information) Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time why we need to use your personal information. If we process personal information in reliance on your consent, you may withdraw your consent at any time.
If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Us” section below.
SHARING OF INFORMATION COLLECTED
Third-Party Service Providers. We share information, including personal information, with our third-party service providers that we use to provide certain services to enable us to provide you with access to and use of our Websites and Services (e.g., hosting, application development, data backup and storage). These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose than in their connection with the services they provide to us.
We may also share aggregated and/or anonymized information regarding your use of the Services with third parties for marketing purposes based on our legitimate interest to develop and promote our Services(s). However, we would never identify you, your Affiliates or your or your Affiliates Users as the source of the information.
We may collect, and we may engage third-party analytics providers to collect, metrics and information regarding your use of the Services (“Resultant Data”) to develop new features, improve existing features or inform sales and marketing strategies, based on our legitimate interest to improve the Services. When we process Resultant Data, any personal information shall be aggregated or anonymized. Any such third-party analytics providers will not share or otherwise disclose Resultant Data, although we may make Resultant Data publicly available from time to time.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights. In certain situations, we may have to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. Please review our Government Data Request Policy (available at https://churnzero.com/govt-data-response-policy/) for further information concerning how we process such requests. We may also share such information if we believe it is necessary to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Services Agreement, or as otherwise required by law.
Case Studies and other Testimonials. From time to time, we may post testimonials or case studies on our Websites that may contain Customer Content, including personal information. We always obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Partner Program. If you choose to become part of our partner program, we will ask you for personal information about you or others (e.g., referrals), including name and email address. For personal information concerning an individual other than you, please only provide such personal information if you have a reasonable belief, they will not object to us contacting them.
Interactive Features. Our Websites may offer publicly accessible blogs or other interactive features that allow you to share such content via various social media platforms. You should be aware that your linking, posting, or commenting on such interactive features is subject to the terms or guidelines of the applicable social media platform, which may allow us access to your account information (e.g., profile, email address, name).
To Market our Services. We may share information, including personal information, with our partners, solely for the purpose of enabling our partners to notify you about our Services. We require our partners to provide an opt-out option within its communications to you. By opting out, you are opting out of receiving future communication from our partner.
With Your Consent. We may also share personal information with third parties when we have your consent to do so.
INTERNATIONAL TRANSFER OF PERSONAL INFORMATION. We do not share your personal information with third parties, unless it is necessary to fulfill your request, for our professional or legitimate business needs, or as required or permitted by law. Where we do transfer your personal information to third parties or service providers, appropriate arrangements are made to ensure correct and secure data processing in compliance with applicable data protection law.
We store personal information about Visitors and Customers within the EEA, the United States, and in other countries and territories as we may designate from time to time. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which our partners or affiliates have operations. Therefore, your personal information may be processed outside of the EEA and in countries which are not subject to an adequacy decision by the European Commission, and which may not provide for the same level of data protection as the EEA. In this event, we will ensure that the recipient of your personal information offers an adequate level of protection, for instance by entering into Standard Contractual Clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
You can obtain more details of the protection given to your personal information when it is transferred outside the EEA (including a sample copy of the model contractual clauses) by contacting us at the information below.
OTHER IMPORTANT PRIVACY INFORMATION
Notice to Users. Our Services are intended for use by commercial enterprises. Where our Customer makes the Services available to you that enterprise is the data controller of your personal information. You should initially submit any data privacy questions and requests to the Customer in its capacity as your data controller. We are not responsible for our Customers’ privacy or security practices which may be different than this Policy. Our Customers are able to:
- Restrict, suspend, or terminate your access to the Services;
- Access and describe your personal information that you provided to them;
- Access and export your personal information processed by them; and
- Amend your personal information, including your end-user profile.
Data retention. Where we are the data controller of personal information, then we retain the personal information we collect where we have an ongoing legitimate business need to do so (for example, to provide you with our Services, to comply with applicable legal, or for tax or accounting requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or aggregate it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
If your personal information is processed within Customer Content, we will process the personal information for as long as we are instructed to do so by the relevant Customer that is the data controller of the Customer Content.
HOW TO EXERCISE YOUR DATA PROTECTION RIGHTS
You may have certain choices available to you when it comes to your personal information, which may be exercised by submitting a request through our Trust Center. Below is a summary of those choices.
- Correcting, updating, and removing your information. An individual who seeks to exercise their data protection rights in respect of personal information stored or processed by us on behalf of a Customer within the Customer Content (including to seek access to, or to correct, amend, delete, port, or restrict processing of such personal information) should direct his/her query to our Customer (the data controller). Upon receipt of a request from one of our Customers for us to remove the personal information, we will respond to their request within thirty (30) days. We will retain personal information that we process and store on behalf of our Customers for as long as needed to provide the Services to our Customers.
- Accessing and updating or deleting your information. Our Services give Customers the ability to access, update, and delete certain personal information from within the Services. In cases where we are a data controller of your personal information, we will inform you whether we hold any of your personal information upon verification of your request. We will respond to such requests within a reasonable timeframe. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
- Request that we stop using your information. You may request that your personal information is no longer be accessed, stored, used, or otherwise processed where you believe that ChurnZero or a Customer do not have the appropriate rights to do so. Where you gave us consent to use your personal information, you can contact us to withdraw that consent. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your personal information until the request is honored or resolution of the dispute.
- Opt-out of communications. We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails. Even after you opt-out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services.
- Other data protection rights. You may have other data protection rights that are available to you under your local data protection laws (such as the right to data portability). For any such request, we will respond in accordance with applicable data protection laws.
You have the right to complain to your local data protection authority if you are unhappy with our data protection practices. Contact details for data protection authorities in the European Economic Area are available here.
CHILDREN’S PERSONAL INFORMATION. We do not knowingly collect any personal information from children under the age of 16. If you are under the age of 16, please do not submit any personal information through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Websites or Services without their permission. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Websites or Services, please contact us at email@example.com, and we will use commercially reasonable efforts to delete that information.
BUSINESS TRANSACTIONS. We may assign or transfer this Policy, as well as your information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge. If we do, we will inform them of the requirement to manage your personal information in accordance with this Policy.
SUPPLEMENTAL TERMS AND CONDITIONS FOR CERTAIN REGIONS
Australia. Personal information collected, stored, used and/or processed by us, as described in this Policy, is collected, stored, used and/or processed in accordance with the Australian Privacy Act 1988 (Commonwealth). Specifically, the Privacy Act establishes the Australian Privacy Principles (APPs) (effective from 12 March 2014) that sets out these key obligations, to include:
- APP 5 (notification of collecting personal information) requires entities to ensure that at before, at the time of, or as soon as practicable after, an entity collects personal information from an individual the entity must take such steps as are reasonable in the circumstances to notify the individual of the collection of the personal information.
- APP 7 (direct marketing) restricts the use or disclosure of personal information for direct marketing unless an exception applies; and
- APP 8 (cross-border disclosure of personal information) requires that before an entity discloses personal information about an individual to a person or entity overseas, the entity must take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.
Personal Information is defined as any information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
This information can include Customer’s name and contact information including postal address, email address and telephone number, billing information, credit or debit card information, and transaction information for any products that may have been purchased.
We adhere to the Australian Privacy Principles for all personal information that we collect from our Customers (i.e., the companies that utilize and pay for our Services) and from any other individuals that we may receive or collect personal information from. In particular:
- We only collect personal information of the individuals who have registered or signed up for our Services (such as credit card information). Where we collect unsolicited information, we deal with this according to the APPs and this Policy;
- We only use personal information for the purposes set out in this Policy and we only disclose such personal information to third-party vendors to whom Customers link from our Services; and
- Where it is reasonably practicable, we will give our Customers access to their personal information, delete the personal information if requested, and retain it only as necessary to provide our Services to our Customers.
If you are dissatisfied with our handling of a complaint or do not agree with the resolution proposed by us, you may make a complaint to the Office of the Australian Information Commissioner (“OAIC”) by contacting the OAIC using the methods listed on their website at http://www.oaic.gov.au. Alternatively, you may request that we pass on the details of your complaint to the OAIC directly.
Brazil. Personal information collected, stored, used and/or processed by us, as described in this Policy, is collected, stored, used and/or processed in accordance with Brazilian Law No. 13,709/2018, as amended (LGPD). Those individuals who use or access our Website or Services expressly consent to the collection, use, storage, and processing of their personal information by us for the purposes described in this Policy.
Canada. Personal information (as the term is defined in the Personal Data Protection and Electronic Documents Act of Canada (“PIPEDA”) will be collected, stored, used and/or processed by us in accordance with our obligations under PIPEDA.
Japan. Personal information collected, stored, used and/or processed by us, as described in this Policy, is collected, stored, used and/or processed in accordance with Japan’s Act on the Protection of Personal Data.
New Zealand. Personal information collected, stored, used and/or processed by us, as described in this Policy, is collected, stored, used and/or processed in accordance with New Zealand’s Privacy Act 2020 and its 13 Information Privacy Principles (“NZ IPPs”). Specifically, New Zealand law lays out 12 information privacy principles (NZ IPPs) for the proper handling of personal information of Kiwi citizens, and these principles can be found at http://privacy.org.nz/information-privacy-principles. The Act and 12 IPPs presume that trans-border data flows are permissible provided the IPPs are preserved. As is the case with Australian privacy laws, ChurnZero acts as the processor, not collector of the data, of its New Zealand’s Customers’ customers. In addition, our handling of personal information under this Policy is perfectly aligned with the 12 NZ IPPs, including those directing that personal information be collected for lawful purposes (e.g., for processing customer service issues), that data should be collected directly from individuals (e.g., Users using the Services), that notice of collection of data and purpose of the data collection is provided, that data be collected in a legal manner, or that individuals have right to access and correct their data.
If you wish to make a complaint about the way we have handled your personal information (including if you think we have breached any applicable privacy laws), you may do so to our Privacy Officer in writing, by mail or email to the address or email address set out in the ‘Contact Us’ section of this Policy. Please include your full name, contact details and a detailed description of your complaint. Our Privacy Officer will acknowledge your complaint and respond to you regarding your complaint within a reasonable period. If you consider that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
United Kingdom. Personal information collected, stored, used and/or processed by ChurnZero, as described in this Policy, is collected, stored, used and/or processed in accordance with our obligations under the UK Data Protection Act 2018.
ChurnZero is a “service provider” under the CCPA. When we act as a service provider (for example, by providing our Services to another company that you interact with), we follow the instructions of the business that engaged us with respect to how we process your personal information. If you would like more information about how your personal information is processed by other companies, including companies that engage us as a service provider, please contact those companies directly.
Information We May Collect:
We may collect the following categories of information:
- Demographic Information
- Commercial Information
- Internet or other electronic network activity information
- Geolocation data
- Audio, electronic, visual, or similar information
- Professional or employment-related information
For each category of information, we collect the information from a variety of sources, including directly from you, from your devices, from your social media profiles, and/or from third-party providers. We collect the information to provide you with Services, protect our Customers and ourselves (including the Services), and to improve the Services. We do not share personal information with “third parties” as the term is defined under the CCPA.
We do not sell personal information of any individual, including personal information of minors under 16 years of age. We have not disclosed any personal information for a business purpose in the 12 months prior to this Policy’s last update, nor have we disclosed any personal information for valuable consideration. We may disclose personal information in the following categories for a business purpose going forward:
- Demographic Information
- Commercial Information
- Internet or other electronic network activity information
- Geolocation data
- Audio, electronic, visual, or similar information
- Professional or employment-related information
- Inferences drawn from any of the above information.
You may have certain rights with respect to your personal information, including:
- The right to access, including the right to know the categories and specific pieces of personal information we collect;
- The right to deletion of your personal information, subject to certain limitations under applicable law;
- The right to request disclosure of information collected;
- The right to disclosure of information disclosed for valuable consideration; and
- The right not to be discriminated against for exercising certain rights under California law.
To exercise these rights, please submit a request through our Trust Center or by emailing firstname.lastname@example.org. Please be as specific as possible in relation to the personal information you wish to access. Once we receive your request, we will review it, determine whether we must forward your request to one of our Customers, or, if applicable, if we can verify your identity, and process the request accordingly. If we need additional information to verify your identity, we will let you know. We will respond to your request within 45 days of receipt or notify you if we require additional time.
If you would prefer, you may designate an authorized agent to make a request on your behalf.
CHANGES TO THIS POLICY. We may update this Policy from time to time to reflect changing legal, regulatory, or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices. If there are any material changes to this Policy, we will notify by posting of a prominent notice on our Websites or Services prior to the change becoming effective. If you do not accept any changes made to this Policy, please discontinue use of the Websites and the Services.
CONTACT US. If you have questions or complaints regarding this Policy or about our privacy practices, please contact us by email at email@example.com or at:
717 D Street NW
Washington, DC 20004
Attn: Data Privacy Officer
ENGLISH VERSION CONTROLS. If applicable, non-English translations of this Policy are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.