When we refer to “Targetprocess”, we mean the Targetprocess entity that acts as the Controller or Processor of your information, as explained in more detail below.
If you have any questions, please feel free to contact us at: firstname.lastname@example.org
- Targetprocess website and Service
- Targetprocess mobile applications
- Vizydrop website and Service
- Vizydrop add-ons and plugins for external tools - Jira, Trello, Google Analytics
- Fibery website and Service
- Tauboard View sharing Service for Targetprocess.
It also applies to other interactions (e.g. customer support inquiries, webinars, user conferences, feedback sharing, etc.) you may have with Targetprocess.
The scope of the data processing will differ for the services and websites mentioned above, but this document covers the most comprehensive examples.
If you do not agree with the terms, you should not access or use the Services, websites, or any other aspect of Targetprocess business.
Information we receive and collect
Targetprocess may collect and receive Customer Data (including Personal Data) and other information and data:
Information you provide to us:
Account and Profile Information: We collect information about you and your company as you register an Instance, create or modify your user account, make purchases, as well as use, access, or interact with the Services and websites (including but not limited to when you upload, download, collaborate on, or share Content). Information we collect includes:
- Contact information such as full name, email address, mailing address, and phone number
- Billing information such as billing address (note: credit card information is processed by a third party - our Payment Processor)
- Profile information such as your login, profile picture, and job title
- Preferences information such as notification and marketing preferences
You may provide this information directly when you enter it in Services.
Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our Services or websites. Such Content includes any Personal Data that you choose to include.
Other submissions: We collect other data that you submit to our websites, or as you participate in any interactive features of our Services, participate in surveys, contests, promotions, activities or events, apply for a job, request customer support, communicate with us via third party social media sites, share feedback or otherwise communicate with us. For example, information regarding a problem you are experiencing with a Targetprocess product could be submitted to our Support Services or posted in our public forums.
Information we collect from your use of the Services and websites.
Web Logs: As with any website and Service delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and SaaS Products. This information includes internet protocol (IP) addresses as well as browser type (User Agent), URLs of referring/exit pages, date/time stamp, information you search for, locale and language preferences, information about browser configuration and plugins, language preferences and cookie data, identification numbers associated with your Devices (where available), and system configuration information (where available).
As of the date this policy went into effect, we use:
- An internal and owned by us instance of Piwik analytics service for the Targetprocess Website
- Google Analytics as an additional analytics provider for Targetprocess website and as the main analytics provider for Vizydrop and Fibery Websites, as well as the Vizydrop Service
- An internal and owned-by-us custom analytics engine for Targetprocess Service
- Pardot, LinkedIn, and Pingdom analytics for Targetprocess website User Experience improvements
- Live Chat for customer support and visitors engagement in Targetprocess Service
- Intercom for customer support and visitors engagement in Fibery Service and Fibery Website
Analytics Information Derived from Customer Data: Analytics information also consists of data we collect as a result of running queries against Data across our user base for the purposes of generating Usage Data. "Usage Data" is aggregated data about a group or category of features or users that does not contain Personal Data or any Confidential Information submitted to the Service. For example, we may query Customer Data to determine the number of Projects created in Accounts or the number of Processes created in the Account.
You may be able to opt out of receiving personalized advertisements as described below under "Your Choices."
Information from third party services: We also obtain information from third parties and combine that with Information we collect through websites. For example, we may have access to certain information from a third party social media or authentication service if you browse our Websites. Any access that we may have to such Information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. You should check your privacy settings on these third party services to understand and change the information sent to us through these services.
How we use information we collect
Customer Data will be used by Targetprocess in accordance with Customer instructions, including any applicable terms in the Agreement and Customer use of Services functionality, and as required by applicable law. Targetprocess is a Processor of Customer Data, and the Customer is the Controller. Customer may, for example, use the Services to grant and remove access to an Instance, assign roles and configure settings, access, modify, export, share, and remove Customer Data, and otherwise use the Services.
We use the Information we collect about you (including Personal Data to the extent applicable) for multiple purposes, including:
- Provide, operate, maintain, improve, prevent, or address service errors, security, or technical issues in Services.
- Enable you to access and use Services, including uploading, downloading, collaborating on, and sharing Content.
- Process and complete transactions, as well as send you related information, including purchase confirmations and invoices.
- As required by applicable law, legal process, or regulation.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and payment notices. These communications are considered part of the Services, and you may not opt out of them unless you cancel the service completely.
- In addition, we sometimes send emails about new product features, promotional communications, or other news about Targetprocess Services and products. These are marketing messages so you can control whether you receive them. You have the ability to opt out of receiving any of these communications as described below under "Your Choices."
- Investigate and prevent fraudulent transactions, unauthorized access to Services, and other illegal activities.
- Personalize Services and websites, including by providing content, features, or advertisements (for the Websites) that match your interests and preferences.
- Enable you to collaborate, and share Data with users you designate.
- For other purposes for which we specifically obtain your consent.
Notwithstanding the foregoing, we will not use the Personal Data that appears in our Analytics Data or Web logs for any purpose. The use of Information collected through our Services and websites shall be limited to the purposes disclosed in this policy.
Information sharing and disclosure
We will not share or disclose any of your Personal Data or Other Data with third parties except as described in this Policy. We do not sell your Personal Data or other Data.
Your Use: When you use Targetprocess Services, Data you have provided will be displayed back to you. Certain features of Targetprocess Services, such as the Tauboard.com service (owned and operated by Targetprocess), allow your Instance Administrators or users to make some of your Data be only protected by a unique hash in URL, and not requiring explicit authentication (in which case it will become readily accessible to anyone with the URL). We urge you to consider the sensitivity of any data you input into Targetprocess Services and share with the Tauboard.com service.
Third Party Services: Customer can choose to connect Third Party Services using Plugins, Mashups or other tools such as Tasktop Integration Hub to their instance. Typically, Third Party Services are software that integrate with our Services, and Customer can permit its Instance Users and/or Administrators to enable and disable these integrations for their Instance. Once enabled, the provider of a Third Party Service may share certain information with Targetprocess. For example, if a Source Control integration is enabled to permit Source code commits to be linked to Targetprocess Entities in the Instance, we will receive repository access credentials and source code along with additional information that the application has made available to Targetprocess. Administrators and Users should check the settings and additional details for these Third Party Services to understand what data may be disclosed to Targetprocess. When a Third Party Service is enabled, Targetprocess is authorized to connect and access Data made available to Targetprocess
Generally, no one is under a statutory or contractual obligation to provide any Customer Personal Data or other Data (collectively, “Data”). However, certain Information is collected automatically and, if some Information such as Instance setup details is not provided, we may be unable to provide the Services.
Third Party Service Providers and Partners: We may engage third party companies or individuals as service providers or business partners to process Data and support our business. These third parties may, for example, provide server hosting and storage services. Additional information about the the sub-processors we use to support delivery of our Services is available as part of our Data Processing Addendum (additional details below).
Corporate Affiliates: Targetprocess may share Other Information with its corporate affiliates, parents, and/or subsidiaries with such access governed by this Policy in any case.
During a change to Targetprocess business: if Targetprocess engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Targetprocess’ assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some Data may be shared or transferred, subject to standard confidentiality arrangements and this Policy’s provisions.
Aggregated or obfuscated Data: We may disclose or use aggregated and/or obfuscated Data for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Targetprocess customer the average size of the Instance database.
To comply with Law: if we receive a request for information from a Law Enforcement Agency, we may disclose Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. We will notify you about such a request immediately upon receiving it.
With Consent: Targetprocess may share Data with third parties when we have consent to do so.
Targetprocess will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Terms of Service and as required by applicable law. Targetprocess may retain Personal Information for Instance Administrators and Owners after you have deactivated your account for the period of time needed for Targetprocess to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements — usually for no longer than 6 years. Other Instance Data submitted to the Service will be removed or obfuscated within 6 months after the Service License expiration, unless we're explicitly instructed by the Customer to remove data immediately. To deactivate an organization account, please contact support or sales.
You may opt out of receiving promotional communications from Targetprocess by using the unsubscribe link within each email or emailing us to have your contact information removed from our email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving any promotional or supporting messages from us, you will continue to receive important technical transactional messages from us regarding Service until your Instance is deactivated or removed.
You may be able to opt out of receiving personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info and http://www.networkadvertising.org/choices/.
Targetprocess takes security of data very seriously and works hard to protect Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Information we collect, process and store, and the current state of technology. To learn more about current practices and policies regarding security and confidentiality of the Services, please see our Security Notes for Targetprocess, Security Cloud Statement for Vizydrop and Security Cloud Statement for Fibery. You're also welcome to request additional information about pentests and certificates via email to email@example.com. Given the nature of communications and information processing technologies, Targetprocess cannot guarantee that Information, during transmission through the Internet or while stored on our systems and services, will be absolutely safe from any intrusion by others.
To the extent prohibited by applicable law, Targetprocess does not allow use of our Services and websites by anyone younger than 16 years old unless there is a custom agreement in place. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us via firstname.lastname@example.org or email@example.com, and we will take the necessary steps to delete such information.
International data transfers and model clauses
Targetprocess may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if Targetprocess transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:
- Strict security measures mentioned above as well as in other documents
- European Union Model Clauses and Data Processing Addendum. Targetprocess offers Data Processing Addendum as well as European Union Model Contractual Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. You may have already received your copy of our standard Data Processing Addendum and Model Clauses as part of Service Purchase process, and we welcome you to request your copy via email at firstname.lastname@example.org
Data Controller and Processor definition
Data protection law in certain jurisdictions differentiates between the “Controller” and “Processor” of information. In general, the Customer is the Controller of Customer Data. In general, Targetprocess is the Processor of Customer Data and the Controller of Other Information or individual Leads who just created a Service instance or signed up for information such as a mail list, webinar, etc. Different Targetprocess entities control some aspects of the services in different parts of the world. Targetprocess Cyprus Limited, a Cyprus company based in Nicosia, Cyprus, is the controller of aforementioned other Information, and a Processor of Personal Data of users who use Instances established for Customers in the EEA (European Economic Area). Targetprocess Inc., a US company based in Amherst, New York is the Controller of aforementioned other Information, and a Processor of Personal Data of users who use Instances established for Customers outside of the EEA (European Economic Area).
Your rights and updating your information
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to access, update, delete, or correct this Information.
Regardless of your country of residence, you can accomplish this using the settings and tools provided in your Instance user account or Customer Center account. If you cannot use the settings and tools, contact your Instance Administrator as mentioned above or our Customer Support via email@example.com for additional access and assistance.
If your account is managed by an Administrator, that account administrator may have control with regards to how your account information is retained and deleted.
To the extent that Targetprocess processing of your Personal Data is subject to the GDPR, Targetprocess relies on its legitimate interests, described above, to process your data. Targetprocess may also process other Information that constitutes your Personal Data for direct marketing purposes. You have a right to object to Targetprocess use of your Personal Data for this purpose at any time by opting out; do this by contacting us via firstname.lastname@example.org or email@example.com
Data Protection Authority
Subject to applicable law, you also have the right to:
- Restrict Targetprocess use of Other Information that constitutes your Personal Data
- Raise a question or lodge a complaint with your local data protection authority or the Cyprus Data Protection Commissioner, which is Targetprocess' supervisory authority in the European Union.
If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our supervisory authority:
Office of the Cyprus Commissioner for Personal Data Protection ('Commissioner')
1, iasonos Str. 2nd Floor, 1082 Nicosia, Cyprus
P.O. BOX 23378, 1682 Nicosia
For Customers outside European Economic Area:
1325 Millersport Hwy, Suite 201,
Amherst, NY 14221
For Customers in European Economic Area and Switzerland:
Targetprocess Cyprus Limited,
28 Oktovriou 2, 1st Floor, Flat/Office 101
Last update date: October 25th 2019.