Targetprocess 3 | Privacy policy

Privacy Policy

Overview

On May 25, 2018, the most significant piece of European data protection legislation in 20 years came into force when the European Union's (EU) General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/EC . This Privacy Policy (Privacy Notice) is meant to help you understand what data we collect, why we collect it, and what we do with it.

This updated version of our Privacy Policy reflects changes in data protection law. In addition, we have worked to make the Privacy Policy more coherent and understandable by reorganizing its sections (listed in the Table of Contents below), providing additional important details, and defining a few terms.

Please, take the time to read our Privacy Policy carefully. We want to be clear on how we’re using information, and the ways in which you can protect your privacy.

When we refer to “Targetprocess”, we mean the Targetprocess entity that acts as the Controller or Processor of your information, as explained in more detail below.

If you have any questions, please feel free to contact us at: gdpr@targetprocess.com

Applicability of Privacy Policy

This Privacy Policy applies to your Personal Data when you use:

  • Targetprocess website and Service
  • Targetprocess mobile applications
  • Vizydrop website and Service
  • Fibery website and Service
  • Tauboard Service.

It also applies to other interactions (e.g. customer support inquiries, webinars, user conferences, feedback sharing, etc.) you may have with Targetprocess.

The scope of the data processing will differ for the services and websites mentioned above, but this document covers the most comprehensive examples.

If you do not agree with the terms, you should not access or use the Services, websites, or any other aspect of Targetprocess business.

This Privacy Policy does not apply to any third party applications or software that integrate with the Services through plugins, mashups or external tools. The organization (e.g., your employer or another entity) that entered into the Service Agreement (“Customer”) controls their instance of the Services (their “Instance”) and any associated Customer Data. If you have any questions about specific Instance settings and privacy practices, please contact the Administrator of the Customer whose Instance you use. If you have a user, you can check the "People" or "Users" view in your Account (https://YOUR-INSTANCE.tpondemand.com/) for contact information of your Instance Administrator(s). If you have received an invitation to join Instance but have not yet created an user account, you should request assistance from the Customer that sent the invitation.

Information we receive and collect

Targetprocess may collect and receive Customer Data (including Personal Data) and other information and data:

Information you provide to us:

Account and Profile Information:  We collect information about you and your company as you register for an Instance, create or modify your user account, make purchases, as well as use, access, or interact with the Services and websites (including but not limited to when you upload, download, collaborate on, or share Content). Information we collect includes:

  • Contact information such as full name, email address, mailing address, and phone number
  • Billing information such as billing address (note: credit card information is processed by a third party - our Payment Processor)
  • Profile information such as your login, profile picture, and job title
  • Preferences information such as notification and marketing preferences

You may provide this information directly when you enter it in Services.

In some cases, another user (such as a system Administrator) may create a user account on your behalf and may provide your information, including Personal Data (most commonly when your company requests that you use our Services). We collect Information under the direction of our customers, and usually have no direct relationship with the individuals (Data Subjects) whose personal data we process. If you are providing information (including Personal Data) about someone else, you must have the authority to act for them and to consent to the collection and use of their Personal Data as described in this Privacy Policy.

Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our Services or websites. Such Content includes any Personal Data that you choose to include.

Other submissions: We collect other data that you submit to our websites, or as you participate in any interactive features of our Services, participate in surveys, contests, promotions, activities or events, apply for a job, request customer support, communicate with us via third party social media sites, share feedback or otherwise communicate with us. For example, information regarding a problem you are experiencing with a Targetprocess product could be submitted to our Support Services or posted in our public forums.

Information we collect from your use of Services and websites.

Web Logs: As with any website and Service delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and SaaS Products. This information includes internet protocol (IP) addresses as well as browser type (User Agent), URLs of referring/exit pages, date/time stamp, information you search for, locale and language preferences, information about browser configuration and plugins, language preferences and cookie data, identification numbers associated with your Devices (where available), and system configuration information (where available).

Services Metadata and Analytics: We collect analytics information when you use our Websites and SaaS Products to help us improve our websites and Services. In the Services, this analytics information consists of the feature and action of the Service being used, the associated account name, the user ID and IP address of the individual who is using the feature or function, as well as additional information required to detail the operation of the function and which parts of the Service are being used. Occasionally, we connect Personal Data to information gathered in our log files and analytics as necessary to improve Services for individual customers or resolve issues when requested by users. This combined Information is then treated in accordance with this Privacy Policy.

As of the date this policy went into effect, we use:

  • And internal and owned-by-us instance of Piwik analytics service for the Targetprocess website
  • Google Analytics as an additional analytics provider for Targetprocess website and as the main analytics provider for Vizydrop and Fibery websites, as well as the Vizydrop Service
  • An internal and owned-by-us custom analytics engine for Targetprocess Service
  • Pardot, LinkedIn, and Pingdom analytics for Targetprocess website User Experience improvements

Analytics Information Derived from Customer Data: Analytics information also consists of data we collect as a result of running queries against Data across our user base for the purposes of generating Usage Data. "Usage Data" is aggregated data about a group or category of features or users that does not contain Personal Data or any Confidential Information submitted to the Service. For example, we may query Customer Data to determine the number of Projects created in Accounts or the number of Processes created in the Account.

Cookies and Other Tracking Technologies: Targetprocess and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies. Cookies are small data files stored on your hard drive or in device memory. We use cookies to to allow you to access and use the Websites or SaaS Products without re-entering your username or password (authentication), improve and customize Services and your User Experience, to count visits, and understand which areas and features of the Websites and Services are most popular. You can instruct your browser by changing its options to stop accepting cookies, or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, you may not be able to use all aspects of our Websites or Services. Targetprocess and our third party partners also collect information using web beacons (also known as "tracking pixels"). Web beacons are electronic images that may be used in our Websites or in emails that help us to deliver cookies and count visits, to understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.

Targetprocess and our third party partners also use javascript, e-tags, and HTML5 local storage to collect information about your online activities over time and across different websites or online services (other than our Services). Many browsers include their own management tools for removing HTML5 local storage objects.

For more details about how we use these technologies, please see our Cookie Policy.

You may be able to opt out of receiving personalized advertisements as described below under "Your Choices."

Information from third party services: We also obtain information from third parties and combine that with Information we collect through websites. For example, we may have access to certain information from a third party social media or authentication service if you browse our Websites. Any access that we may have to such Information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. You should check your privacy settings on these third party services to understand and change the information sent to us through these services.

How we use information we collect

Customer Data will be used by Targetprocess in accordance with Customer instructions, including any applicable terms in the Agreement and Customer use of Services functionality, and as required by applicable law. Targetprocess is a Processor of Customer Data, and the Customer is the Controller. Customer may, for example, use the Services to grant and remove access to an Instance, assign roles and configure settings, access, modify, export, share, and remove Customer Data, and otherwise use the Services.

We use the Information we collect about you (including Personal Data to the extent applicable) for multiple purposes, including:

  • Provide, operate, maintain, improve, prevent, or address service errors, security, or technical issues in Services.
  • Enable you to access and use Services, including uploading, downloading, collaborating on, and sharing Content.
  • Process and complete transactions, as well as send you related information, including purchase confirmations and invoices.
  • As required by applicable law, legal process, or regulation.
  • To send emails and other communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and payment notices. These communications are considered part of the Services, and you may not opt out of them unless you cancel the service completely.
  • In addition, we sometimes send emails about new product features, promotional communications, or other news about Targetprocess Services and products. These are marketing messages so you can control whether you receive them. You have the ability to opt out of receiving any of these communications as described below under "Your Choices."
  • Investigate and prevent fraudulent transactions, unauthorized access to Services, and other illegal activities.
  • Personalize Services and websites, including by providing content, features, or advertisements (for the websites) that match your interests and preferences.
  • Enable you to collaborate, and share Data with users you designate.
  • For other purposes for which we specifically obtain your consent.

Notwithstanding the foregoing, we will not use the Personal Data that appears in our Analytics Data or Web logs for any purpose. The use of Information collected through our Services and websites shall be limited to the purposes disclosed in this policy.

If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Targetprocess may use it for other purposes such as sharing usage statistics in our blogposts. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

Information sharing and disclosure

We will not share or disclose any of your Personal Data or Other Data with third parties except as described in this Policy. We do not sell your Personal Data or other Data.

Your Use: When you use Targetprocess Services, Data you have provided will be displayed back to you. Certain features of Targetprocess Services, such as the Tauboard.com service (owned and operated by Targetprocess), allow your Instance Administrators or users to make some of your Data be only protected by a unique hash in URL, and not requiring explicit authentication (in which case it will become readily accessible to anyone with the URL). We urge you to consider the sensitivity of any data you input into Targetprocess Services and share with the Tauboard.com service.

Third Party Services: Customer can choose to connect Third Party Services using Plugins, Mashups or other tools such as Tasktop Integration Hub to their instance. Typically, Third Party Services are software that integrate with our Services, and Customer can permit its Instance Users and/or Administrators to enable and disable these integrations for their Instance. Once enabled, the provider of a Third Party Service may share certain information with Targetprocess. For example, if a Source Control integration is enabled to permit Source code commits to be linked to Targetprocess Entities in the Instance, we will receive repository access credentials and source code along with additional information that the application has made available to Targetprocess. Administrators and Users should check the settings and additional details for these Third Party Services to understand what data may be disclosed to Targetprocess. When a Third Party Service is enabled, Targetprocess is authorized to connect and access Data made available to Targetprocess

Generally, no one is under a statutory or contractual obligation to provide any Customer Personal Data or other Data (collectively, “Data”). However, certain Information is collected automatically and, if some Information such as Instance setup details is not provided, we may be unable to provide the Services.

Third Party Service Providers and Partners: We may engage third party companies or individuals as service providers or business partners to process Data and support our business. These third parties may, for example, provide server hosting and storage services. Additional information about the the sub-processors we use to support delivery of our Services is available as part of our Data Processing Addendum (additional details below).

Corporate Affiliates: Targetprocess may share Other Information with its corporate affiliates, parents, and/or subsidiaries with such access governed by this Policy in any case.

During a change to Targetprocess business: if Targetprocess engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Targetprocess’ assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some Data may be shared or transferred, subject to standard confidentiality arrangements and this Policy’s provisions.

Aggregated or obfuscated Data: We may disclose or use aggregated and/or obfuscated  Data for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Targetprocess customer the average size of the Instance database.

To comply with Law: if we receive a request for information from a Law Enforcement Agency, we may disclose Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. We will notify you about such a request immediately upon receiving it.

With Consent: Targetprocess may share Data with third parties when we have consent to do so.

Data Retention

Targetprocess will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Terms of Service and as required by applicable law. Targetprocess may retain Personal Information for Instance Administrators and Owners after you have deactivated your account for the period of time needed for Targetprocess to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements — usually for no longer than 6 years. Other Instance Data submitted to the Service will be removed or obfuscated within 6 months after the Service License expiration, unless we're explicitly instructed by the Customer to remove data immediately. To deactivate an organization account, please contact support or sales.

Your Choices

You may opt out of receiving promotional communications from Targetprocess by using the unsubscribe link within each email or emailing us to have your contact information removed from our email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving any promotional or supporting messages from us, you will continue to receive important technical transactional messages from us regarding Service until your Instance is deactivated or removed.

You may be able to opt out of receiving personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info and http://www.networkadvertising.org/choices/.

Security

Targetprocess takes security of data very seriously and works hard to protect Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Information we collect, process and store, and the current state of technology. To learn more about current practices and policies regarding security and confidentiality of the Services, please see our Security Notes. You're also welcome to request additional information about pentests and certificates via email to support@targetprocess.com. Given the nature of communications and information processing technologies, Targetprocess cannot guarantee that Information, during transmission through the Internet or while stored on our systems and services, will be absolutely safe from any intrusion by others.

Age Limitations

To the extent prohibited by applicable law, Targetprocess does not allow use of our Services and websites by anyone younger than 16 years old unless there is a custom agreement in place. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us via gdpr@targetprocess.com or support@targetprocess.com, and we will take the necessary steps to delete such information.

Changes To This Privacy Policy

Targetprocess may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make significant changes that alter your privacy rights, Targetprocess will provide additional notice via email or through the Service. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account.

International data transfers and model clauses

Targetprocess may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if Targetprocess transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:

  • Strict security measures mentioned above as well as in other documents
  • European Union Model Clauses. Targetprocess offers European Union Model Contractual Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. You may have already received your copy of our standard data processing addendum and Model Clauses, and we welcome you to request your copy via email at gdpr@targetprocess.com

Data Controller and Processor definition

Data protection law in certain jurisdictions differentiates between the “Controller” and “Processor” of information. In general, the Customer is the controller of Customer Data. In general, Targetprocess is the Processor of Customer Data and the Controller of Other Information or individual Leads who just created a Service instance or signed up for information such as a mail list, webinar, etc. Different Targetprocess entities control some aspects of the services in different parts of the world. Targetprocess Cyprus Limited, a Cyprus company based in Nicosia, Cyprus, is the controller of aforementioned other Information, and a Processor of Personal Data of users who use Instances established for Customers in the EEA (European Economic Area). Targetprocess Inc., a US company based in Amherst, New York is the Controller of aforementioned other Information, and a Processor of Personal Data of users who use Instances established for Customers outside of the EEA(European Economic Area).

Your rights and updating your information

Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to access, update, delete, or correct this Information.

Regardless of your country of residence, you can accomplish this using the settings and tools provided in your Instance user account or Customer Center account. If you cannot use the settings and tools, contact your Instance Administrator as mentioned above or our Customer Support via support@targetprocess.com for additional access and assistance.

If your account is managed by an Administrator, that account administrator may have control with regards to how your account information is retained and deleted.

To the extent that Targetprocess processing of your Personal Data is subject to the GDPR, Targetprocess relies on its legitimate interests, described above, to process your data. Targetprocess may also process other Information that constitutes your Personal Data for direct marketing purposes. You have a right to object to Targetprocess use of your Personal Data for this purpose at any time by opting out; do this by contacting us via support@targetprocess.com or gdpr@targetprocess.com

Data Protection Authority

Subject to applicable law, you also have the right to:

  • Restrict Targetprocess use of Other Information that constitutes your Personal Data
  • Raise a question or lodge a complaint with your local data protection authority or the Cyprus Data Protection Commissioner, which is Targetprocess' supervisory authority in the European Union.

If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our supervisory authority:

Office of the Cyprus Commissioner for Personal Data Protection ('Commissioner')
1, iasonos Str. 2nd Floor, 1082 Nicosia, Cyprus
P.O. BOX 23378, 1682 Nicosia
T +35722818456
F +35722304565
commissioner@dataprotection.gov.cy

Contacting us

Please feel free to contact Targetprocess if you have any questions about this Privacy Policy or our practices, or if you are seeking to exercise any of your statutory rights. You can contact us at support@targetprocess.com or at our mailing address below:

For Customers outside European Economic Area:
Targetprocess Inc.
1325 Millersport Hwy, Suite 201,
Amherst, NY 14221
USA

For Customers in European Economic Area and Switzerland:
Targetprocess Cyprus Limited,
28 Oktovriou 2, 1st Floor, Flat/Office 101
Egkomi, Makedonitissa,
2414, Nicosia
Cyprus

Last update date: May 24th 2018.