Privacy Policy
Effective Date: May 15, 2018
At Hospo CRM, we respect your privacy, and we understand the importance of the information you entrust to us. This Privacy Policy describes our practices concerning the information we collect from you when you use our service via this Website or any Hospo CRM mobile application.
This policy describes the types of information we collect when you use our service as it is described on this Website, how we use and protect that information, how long we retain it, and with whom we share it. It also explains what your rights and options are as they pertain to that information. By visiting this website or using our Service, you consent to our collection and use of your information as described in this Privacy Policy.
This policy is incorporated into and made a part of our Terms of Service .
1. GDPR Compliance Statement: Pursuant to the terms of the EU General Data Protection Regulation (“GDPR”) and is the “Data Controller” with respect to all of the information collected from visitors to our Website and users of our Service. To ensure compliance with the GDPR, we have incorporated the following practices and procedures:
(a) We verify that the third parties with which we share User information are GDPR compliant;
(b) We ensure that data is stored in a manner that facilitates our ability to locate and delete information pertaining to a specific user upon request;
(c) We perform security audits and retain outside consultants to help us ensure that we have employed sufficient measures to protect User information.
(d) Users must affirmatively agree to our Terms of Service and Privacy Policy before they can establish an account;
(e) The manner in which we use the information we collect are limited to those discussed in this Privacy Policy;
(f) If we modify any of the terms of this policy, we inform all of our Users via email and specifically ask EU Users to agree to the modified terms via e-mail or the Hospo CRM dashboard; and
(g) We have appointed an internal Data Protection Officer who is responsible for overseeing our privacy and data protection procedures and will serve as the individual point of contact for information access and deletion requests.
2. Definitions. Unless otherwise defined in our Terms of Service , certain capitalized terms used in this Privacy Policy shall carry the following meanings:
(a) Agency User: A Hospo CRM user that has the ability to create promotions and act on behalf of their Venue Clients
(b) Venue: A business either directly using the Hospo CRM software to manage customer relationships, or indirectly through services provided by an Agency User.
(c) Customer: A visitor to a Venue that submits their personal details to the Venue when registering for promotions, or event.
(d) Users: Either Agency, Venue, or Customer users of the Hospo CRM software.
(e) Viewer: Anyone on the Internet who views a Venue site or promotion.
3. Information We Collect. We collect two basic types of information from our Users:
(a) Personal Data:
(i) What is Personal Data? Personal Data is information that pertains to you specifically, and can help identify you as a person. In some cases, we may ask (or require) you to provide us with some elements of Personal Data (such as your email address and password) when you establish your account. In other cases, you may provide certain types of Personal Data to us (and other users) when you use the Service.
(ii) When and How do we collect it? We collect Personal Data from Users when they establish and use their Hospo CRM account. We do not collect Personal Data from Viewers.
Establishing an Account: When you establish an account you must provide us with an email address and a password. If you sign up for a paid account, you must also provide your name and payment information (i.e., credit card). We do not, however, store or “see” payment information, as it is passed directly to the applicable payment processing company listed in Section 4(a) of this policy.
Using the Service: In the case where you are a User, you may also disclose Personal Data to us (and others) in the content of your notes and other records.
When you (the User) logs on to your Hospo CRM account, we will record your IP address and/or unique mobile device identifier and may tie it to your specific account. Under ordinary circumstances, an IP address recorded in isolation is not Personal Data under the standard definition of the term. However, it may become Personal Data when it is combined with other information.
(iii) How do we use Personal Data? We do not use Personal Data for marketing or advertising purposes, nor do we share it with third parties for that purpose. We use your email and password to enable you to create and log in to your Hospo CRM account, and use the Service. We also use your email address to send you account related notices and other information that we believe may be of interest to our Users. We use your IP address to identify your location in order to provide you with notices and other information that may be required by your local regulatory authority.
(iv) Where is Personal Data Stored? All Personal Data collected from Users outside and within the United States will be transferred to and stored on servers located in the State of California, USA.
(b) General Information: General Information consists of information that is anonymous in nature and does not identify you as an individual. This includes your computer IP address, unique mobile device identifier, browser type, ISP or carrier name, and the URL of the last webpage you visited before visiting our website. This information gives us insights on how our users use our site and our other products. We collect this information by using “cookies”, which are small bits of computer code that are transferred to your computer’s hard drive via a web browser, which enable us to record the general information described above. We use this information to ensure that our service continues to appeal to our users.
(i) How do we use General Information? General Information gives us insights on how people use the Service, and helps us to maintain, modify, and enhance it. We use cookies to help us customize your experience when using the Service. For example: (1) we use “session information” cookies to keep you logged in when using the Service; (2) we use “preferred settings” cookies allow you to retain preferences; and (3) we use “referral user” cookies to enable us to track how a User found our Service, (e.g. whether by referral link, through another feed, or through a reseller). We also use services provided by MaxCDN / StackPath, Google Analytics, and Facebook, which set cookies for each User when they visit our site or use our Service. None of these cookies collect Personal Data.
(ii) Where is General Information Stored? All General Information collected from Users outside and within the United States will be transferred to and stored on servers located in the State of California, USA.
4. How We Share information. We will not share Personal Data with third parties for marketing purposes without your consent. We will share Personal Data with certain third parties in the following ways:
(a) Service Providers: We utilize the following third-party service providers to perform certain functions on our behalf, and must share certain information (including Personal Data) with them in order for them to do so. However, the information that is shared is limited to that which is necessary to perform their specific functions:
(i) Stripe processes credit card payments on our behalf (click here to view their privacy policy);
(ii) SparkPost provides us with email distribution services (click here to view their privacy policy);
(iii) Drip provides us with email distribution services (click here to view their privacy policy);
(iv) Google Analytics provides us with website analytics services (click here to view their privacy policy).
(v) MaxCDN / StackPath is a defended delivery network that balances the website load and provides security (click here to view their privacy policy).
(b) Law Enforcement: If requested or required by law enforcement authorities, courts, or regulators, we may disclose any information we have about our users. We also may disclose your Personal Data to exercise or protect legal rights or defend against legal claims.
(c) Bulk Asset Transfers: In some cases, we may choose to buy or sell assets. In these business transfers, customer information, including Personal Data, is typically one of the business assets that are transferred. Moreover, if all or substantially all of our business assets were acquired, or in the unlikely event that we go out of business or enter into bankruptcy, customer information (including your Personal Data), would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any assets may continue to be used according to your Personal Data as set forth in this policy.
(d) Other Third Parties: We may reserve and have the right to disclose any information about you or your use of our Service without your prior permission, if we in good faith believe that such action is necessary to protect and defend the rights, property or safety of our company or its affiliates, other Users of the Service or the public.
5. How We Protect Information. We take the security of all the information we collect from and about our Users seriously and use appropriate technical and organizational measures to protect it against unauthorized or unlawful access and against accidental loss, destruction or damage. We also limit access to User information to employees who reasonably need access to it in order to do their jobs. However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we may have collected from or about you. In addition, we have no control over the security of other web sites that you might visit even when a link may appear to those web sites site from our Site. If you share your computer or use a computer that is accessed by the general public, remember to log off and close your browser window when you have finished your session.
6. How Long We Keep Information. We retain Personal Data and General Information for as long as necessary to fulfill a business purpose or comply with a legal request. We may also choose to anonymize certain elements of the information you provide to us so that it can no longer be attributed to you if we would like to retain it for longer periods of time. You may also request that we delete your information in the manner described in Section 6.
7. Your Options and Rights. We currently offer Users the following options with respect to the manner in which we collect, use, and maintain information, or to otherwise exercise their rights under applicable privacy statutes:
(a) All Users: You may request that we stop sending you non-account related emails by clicking the “unsubscribe” link that is included at the bottom of non-account related emails. You may also request that we delete the information we collected from and about you by contacting our Data Protection Officer.
(b) EU Citizens: If you are an EU citizen, you may request that we provide you with (or delete) all the information we collected from and about you, or otherwise exercise your rights under the GDPR by contacting our Data Protection Officer. Data reporting and deletion requests will be processed free of charge within thirty (30) days.
(c) California Residents: Under the California Online Privacy Protection Act (“CalOPPA”), if you are a California Resident you may request information regarding the types of Personal Data we share with third parties for direct marketing purposes, and the identities of the third parties with whom we have shared such information during the immediately preceding calendar year. You may request further information about our compliance with CalOPPA by contacting our Data Protection Officer. Please note that under CalOPPA, we are only required to respond to one request per User each year, and we are not required to respond to requests made by means other than through requests submitted to our Data Protection Officer.
8. Tracking Technology and Do-Not-Track Requests. We do not currently employ any technology that enables us to track your online activities over time and across third-party web sites, nor do we plan on doing so in the future. Keep in mind, however, that we have no control over the activities of third parties, and they may employ such technology that tracks your activity on this site. Because we do not employ tracking technology, we offer no response to Do-Not-Track requests transmitted by Web browsers.
9. Children under 13. Our Service is not intended for users under the age of 13, and we do not knowingly collect any personal information from children under 13. If we become aware that a person submitting information is under 13, we will attempt to delete the information as soon as possible. According to our Terms of Service , all users represent that they are at least 13.
10. Modifications to this Privacy Policy. We reserve the right to amend, alter, or otherwise change this Privacy Policy at our sole and absolute discretion. If we modify this Privacy Policy, we will notify all Users via email, and may specifically ask you to agree to the modified terms in order to continue using the Service. Otherwise, further use of the Service following any such change constitutes your agreement to follow and be bound by the modified Privacy Policy.
11. Questions. If you ever have any questions about this policy or the Personal Data and General Information we have collected please contact our Data Protection Officer. We respect your rights and privacy, and will be happy to answer any questions or concerns you might have.
Synergy Technology Engineering Limited t/a Hospo CRM
236A Grahams Rd, Christchurch, New Zealand
Data Protection Officer Contact: support@hospocrm.com