Privacy Policy
Effective: September 2023
About our Privacy Policy
Calldrip Inc. (“Calldrip”, “Colynk” “we”, or “us”) and it’s subsidiaries Colynk Inc. and Calldrip Enterprises Inc., recognizes the importance of privacy. We take seriously our responsibilities in relation to the processing of personal data. We do not collect or process personal data unnecessarily. This privacy policy (the “Policy”) together with our terms of service (the “Terms of Service”) sets out important information about your rights in relation to the processing of your personal data, and the basis on which any personal data we collect from you, or that you provide to us, will be processed in connection with your use of this website (“our Site” or “the Site”) and/or the Calldrip platform, app or service (the “Services”). We do not knowingly attempt to solicit or receive information from children.
Controller
Under this Policy, and unless the circumstances otherwise require, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us. An example of such other circumstances would be where you enter into a contract with us to subscribe to the Services, in which case we would normally be the processor and you would be the controller within the meaning of the GDPR and this would be set out in more detail in the Terms of Service or other relevant contracts between us.
The information we collect
We will collect and process the following data about you for the following purposes:
Information you give us
Your Data. This is information about you that you give us by filling in forms on our Site or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you use our Site, register for, subscribe to or use the Services, search for a product, place an order on our Site, participate in discussion boards or other social media functions on our Site and/or when you participate in and respond to our sign-up or other surveys or report a problem with our Site and/or the Services.
The information you give us may include:
- Identity Data: your full name, address, e-mail address, phone number, address, age, title and personal description.
- Financial Data: your financial and credit card information, including bank account and payment card details, billing contact email address and VAT number.
Your End Customer Data. When using the Site and/or the Services, you may input or store the personal data of your customers, clients, suppliers or other existing or prospective sales, sales leads or business contacts or partners, including for example, their names, email address, company name, job title, phone number and other contact details, appointments and other meeting arrangements (“Your End Customer Data”). We have no direct relationship with the individuals whose personal data we host as part of Your End Customer Data. You are responsible for providing notice to your customers and third persons concerning the purpose for which you collect their personal data and how this personal data is processed in or through the Services as part of Your End Customer Data. You are also responsible for the completeness and accuracy of Your End Customer Data.
The information we collect about you
Automatically Collected Information. With regard to each of your visits to our Site we will automatically collect the following information:
- Technical Data: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, how often you use the application and other performance data which may be subject to analytics software such as Fabric.io (“Fabric”) and New Relic Inc (“New Relic”);
- Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call us; and
- Public Data: publicly available data in order to create a more complete customer profile and provide a better customer support. “Public Data” is defined as information received from a third party partner named FullContact. Public Data may be claimed, edited or discarded from their systems and is subject to their privacy policy.
No special categories of personal data: We do not require or collect any personal data that is your sensitive personal data or any special category of personal data under the GDPR, unless you decide to provide this information to us.
Cookies
What are cookies and why we use them
The Site may use cookies from time to time. “Cookies” are small text files which are stored by your browser on your computer and are normally used to gather statistical information and to analyze trends of use or access to a website. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies may be used to save your personal preferences so you do not have to re-enter them each time you access the Site.
What we do with your information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We have set out below a description of the ways we plan to use your personal data and the legal basis we rely only on to do so. We have also identified our legitimate interests where appropriate:
Purpose/Activity | Type of data | Legal basis for processing |
To respond to your queries and to provide you with the information you request from us in relation to our products or Services. | • Identity Data
•Technical Data •Usage Data •Public Data |
• Necessary for our legitimate interests (to respond to new or existing customer queries and grow our business)
•Performance of a contract with you |
To set up and administer your account for the Services. | Identity Data | • Performance of a contract with you |
To provide the Services and perform our obligations arising from any contracts entered into between you and us. | • Identity Data
•Financial Data •Technical Data •Usage Data •Public Data |
• Performance of a contract with you |
To manage payments, fees and charges and to collect and recover money owed to us. | • Identity Data
•Financial Data |
• Performance of a contract with you
•Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you, including notifying you about changes to the Services, our Terms of Services or Privacy Policy. | • Identity Data
•Technical Data •Usage Data •Public Data |
• Performance of a contract
•Necessary to comply with a legal obligation •Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services). |
To provide you with information about goods and services we offer that are similar to those that you have already purchased or enquired about. | • Identity Data
•Technical Data •Usage Data •Public Data |
• Necessary for our legitimate interests (to develop our products or Services and grow our business) |
Where you have given us your consent to do so, to provide you with information about other goods or services we feel may interest you. | • Identity Data
•Technical Data •Usage Data |
• Consent |
To ensure that content is presented in the most effective manner for you and for your computer or device. | • Identity Data
•Technical Data •Usage Data •Public Data |
• Necessary for our legitimate interests (to keep our Site and the Services updated and relevant and to develop and grow our business). |
To administer and protect our business, our Site, the Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. | • Identity Data
•Technical Data •Usage Data •Public Data |
• Necessary for our legitimate interests (for running our business and as part of our efforts to keep our Site and the Services safe and secure) |
To use data analytics to improve or optimise our Site, Services, marketing, customer relationships and experiences | • Technical Data
•Usage Data |
• Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site and the Services updated and relevant, to develop and grow our business and inform our marketing strategy). |
To allow you to participate in interactive features of the Services (including surveys), when you choose to do so. | • Identity Data
•Technical Data •Usage Data |
• Performance of a contract with you
•Necessary for our legitimate interests (to study how customers use our products or Services, to develop them and grow our business |
To measure or understand the effectiveness of advertising we serve to you and others, and, where applicable, to deliver relevant advertising to you. | • Identity Data
•Technical Data •Usage Data |
• Necessary for our legitimate interests (to study how customers use our products or Services, to develop them, to grow our business and to inform our marketing strategy). |
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at support@calldrip.com If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.
How long we keep your information
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, we may hold personal data as needed for our accounting or tax compliance purposes for a period of 6 years or for 5 years where needed for our compliance with anti-money laundering regulations. For more information about our data retention policies please contact us at support@calldrip.com
Disclosure of your information
We do not sell your personal information (or Your End Customer Data) to third parties for marketing purposes. We may disclose information to third parties if you consent to us doing so as well as in the following circumstances:
You agree that we have the right to share your personal information with the following recipients or categories of recipients.
- Any department or authorized person within our company or any member company within our group, which means any subsidiary or holding company within the meaning of sections 7 and 8 of the Companies Act 2014.
- Selected third parties including:
- business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you in relation to the Services, including but not limited to:
- to Stripe for payment and delivery services;
- to Chargify for payment and delivery services;
- to HubSpot and Intercom Inc for content management platforms;
- to Xero for accounting purposes;
- to HubSpot for customer support helpdesk services;
- to Google (GCP) for server and web hosting;
- to Amazon (AWS) for servera and web hosting;
- to opencnam for Caller ID services;
- to Twilio for call handling and email notifications;
- to HubSpot for customer chat line services;
- to HubSpot for internal customer relations;
- business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you in relation to the Services, including but not limited to:
- Where we have your consent to do so, email marketing service providers, including Intercom, to send information to you from time to time by email about promotions, competitions, updates and new products or services that may be of interest to you;
- Analytics and search engine providers that assist us in the improvement and optimization of our Site.
- Credit reference agencies for the purpose of assessing your credit score to the extent this is a condition of us entering into a contract with you.
We will disclose your personal information to third-party recipients.
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of our business or assets.
- If Calldrip Inc. or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or to apply our Terms of Service and other agreements.
- To protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organizations for the maintenance and security of the Site and Services.
International Transfers
Personal Data may be transferred to our trusted partners and service providers who maintain their servers outside of the European Economic Area (“EEA”), where the privacy and data protection laws may not be as protective as those in your jurisdiction. This is only for the purposes of providing, and to the extent necessary to provide, the Services to you. There are special requirements set out under Chapter V of the GDPR (with which we would comply) to regulate such data transfers and ensure that adequate security measures are in place to safeguard and maintain the integrity of your personal data on transfer. For more information about this and the safeguards in place relating to the transfer, please contact us by email at support@calldrip.com
Security Measures
Acknowledgement and Disclaimer
We take our security responsibilities seriously, using the most appropriate physical and technical measures and require our hosting partner to use the same standard of care. Unfortunately, the transmission of information via the internet is not completely secure. Although we will always do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. These are described in more detail below.
Location of Servers and Accessibility
The Services are a SaaS based lead management system and, as such, your personal data is not stored locally but on a secure server. No installs are required on your PC or laptop. Our web application is only accessible via HTTPS, which helps ensure your interactions with our app are secure and private.
Data Storage
Your personal data is stored on secure servers hosted on the Google Cloud Platform, a service provided by Google. These servers are located in the USA, UK, and Netherlands. The Google Cloud Platform participates in and has certified its compliance with the EU-US Privacy Shield Framework. You can read more about Google’s security policy on Google Cloud Security.
Data Backup
Your personal data is backed up on a nightly basis. The Google server data centres are protected by physical barriers and guarded 24/7.
Data Encryption
Data is encrypted using SSL Certification when transmitted from our servers to your browser. The connection from us to the server is secured using a 256 BIT ENCRYPTION key.
Restricted Access
Our servers in Google’s data centre are run in an isolated private network (Google Virtual Private Cloud Service). Access to the production environment where your personal data is stored is limited and is held by us. Only our authorized staff have access to our servers and this is on a ‘need to access’ basis. Access to personal data is limited to specific IP address.
Development and Operations
New features and updates are developed and released on development servers prior to being pushed live to the main production environment. Extensive testing is undertaken by our Quality Team to ensure all new features are working correctly and the performance of the Site and Services is maintained.
Performance Monitoring Applications
The overall performance of the Site and Services is very important. Stackdriver is a performance management solution used for tracking and monitoring the Site and Services. To help avoid or minimize service interruptions, our servers are constantly monitored and a dedicated team are alerted immediately in case of any service disruptions.
Passwords and Authentication
Connection to the Services environment is via TLS cryptographic protocols, using global step-up certificates, ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified verified using a unique token created at login. Email address is the unique identifier in the Services.
Your Personal Data and Your Rights
Accessing your Personal Data
You may request access at any time to a copy of the personal data we hold about you. Any such request should be submitted to us in writing and sent to support@calldrip.com. We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.
Right of Restriction
You may restrict us from processing your personal data in any of the following circumstances:
- You have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;
- The processing of your personal data is unlawful and you request the restriction of the use of personal data instead of its erasure;
- We no longer require your personal data for the purpose of processing but you require this data for the establishment, exercise or defence of legal claims; or
- Where you have contested the processing (under Article 21(1) of the GDPR) pending the verification of our legitimate grounds.
Corrections or Erasure (Right to Rectification and Right to Be Forgotten)
If we hold personal data concerning you which are no longer necessary for the purposes for which they were collected or if you withdraw consent for us to process your personal data, you can request the deletion of this personal data. This right, however, will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health. If the personal information we hold about you is inaccurate, you may request to have your personal information updated and corrected. To do so at any time, please contact us by email at support@calldrip.com.
Your Right to Object
You have the right to object to the processing of your personal data at any time:
- For direct marketing purposes
- For profiling to the extent it relates to direct marketing
- Where we process your personal data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights, and freedoms or in connection with the enforcement or defence of a legal claim
To exercise your right to object at any time, please email support@calldrip.com. Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above. For more information about our marketing practices, please see the Marketing Communications section below.
Data Portability
Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.
Profiling
Profiling is an automated form of processing of personal data often used to analyze or predict personal aspects about an individual person. This could relate to a person’s performance at work, economic situation, health, personal preferences, reliability, behavior, location or movements. An example of this would be where a bank uses an automated credit scoring system to assess and reject a loan application.
You have the right to be informed if your personal data will be subject to automated decision making, including profiling. You also have the right not to be subject to a decision based solely on automated process, including profiling, where that decision impacts on your legal rights. There are some exceptions to this rule, where, for example, the decision is necessary in connection with the performance of a contract between us, is authorized by law or where you have given your explicit consent to this automated processing. In this case, however, we do not engage in profiling or automated processing for profiling purposes.
Personal Rights
The rights described in this section are personal rights and are exercisable only by the individual person (or data subject) concerned. If we receive any such request or communication directly from your customers and/or in relation to Your End Customer Data, we will refer the matter to you and cooperate in providing such reasonable assistance as may be required to enable you, as a controller, to respond to the matter. This will be described in more detailed in the Terms of Service or the other relevant contract between us.
Marketing Communications
We will not use your data to send marketing communications to you about promotions, competitions, updates and new products or services that may be of interest to you, unless we have your permission to do so.
Your Right to Object
You have the right to object to the processing of your personal data for our marketing purposes. To object or if you change your mind at any later time, you can withdraw your consent to the processing of your personal data for such marketing purposes by contacting us at support@calldrip.com You may also opt out of receiving marketing communications at any time by selecting the unsubscribe option when you receive an electronic marketing communication from us. The withdrawal of your consent will not impact upon the lawfulness of processing based on your consent prior to the withdrawal.
Supervisory Authority
We are committed to complying with the terms of the GDPR and to the processing of personal data in a fair, lawful and transparent manner. If, however, you believe that we have not complied with our obligations under the GDPR, you have the right to lodge a complaint with the Office of the Data Protection Commissioner.
We use HubSpot and other email marketing service providers
Some of our communications may be sent by email using HubSpot. HubSpot's servers and offices are located in the USA so if you choose to receive marketing communications from us by email, this means that your personal data may be transferred to, stored, or processed in the USA and you consent to the transfer, storing and processing of your personal data in this way.
Third Party Material
We always endeavor to deal with vendors and other third parties who are GDPR compliant or, in the case of the third parties located outside of the EEA, who are certified as compliant with the EU-US Privacy Shield, as applicable, or who have adequate security measures in place to safeguard the security of personal data. That said, we, our employees, agents, holding company and subsidiaries, accepts no liability howsoever arising for the content or reliability of any third party materials or websites referenced by hyperlink or other means on the Site or for the data collection and use practices or security measures used by such third parties. If you submit personal data to any of those sites, your personal data is governed by their privacy policy. We encourage you to carefully read their privacy policies.
Is Calldrip EU-U.S Data Privacy Framework (DPF) program compliant?
EU-U.S Data Privacy Framework (DPF) program Framework
Calldrip complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Calldrip has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Calldrip has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
With respect to personal data received or transferred pursuant to the EU-U.S Data Privacy Framework (DPF) program Frameworks, Calldrip is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the EU-U.S Data Privacy Framework (DPF) program, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under EU-U.S Data Privacy Framework (DPF) program, should direct their query to support@calldrip.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to support@calldrip.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Calldrip’s accountability for personal data that it receives in the United States under the EU-U.S Data Privacy Framework (DPF) program and subsequently transfers to a third party is described in the EU-U.S Data Privacy Framework (DPF) program Principles. In particular, Calldrip remains responsible and liable under the EU-U.S Data Privacy Framework (DPF) program Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Calldrip proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S Data Privacy Framework (EU-U.S DPF), the UK Extension to the EU-U.S DPF, and the Swiss-U.S Data Privacy Framework (Swiss-U.S DPF) Principles, Calldrip commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU-U.S DPF, the UK extension to the EU-U.S DPF, and the Swiss-U.S Data Privacy Framework Principles. European Union, United Kingdom, and Swiss individuals with inquiries or complaints should first contact Calldrip by email at support@calldrip.com .
Calldrip has further committed to refer unresolved privacy complaints under the Data Privacy Framework program to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2
Rights offered to California residents
The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. You have the right to request that businesses subject to the CCPA disclose certain information to you about their collection and use of your Personal Information over the past 12 months. In addition, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Finally, a business cannot discriminate against you for exercising a CCPA right.
When offering services to our Customers, Calldrip acts as a “service provider” under the CCPA and our receipt and collection of any consumer Personal Information is completed on behalf of our Customers in order for us to provide the Service. Please direct any requests for access or deletion of your Personal Information under the CCPA to the Calldrip Customer with whom you have a direct relationship.
Changes to this policy
Any changes made to this Policy from time to time will be published at the Site.
Any material or other change to the data processing operations described in this Policy which is relevant to or impacts on you or your personal data will be notified to you in advance by email. In this way, you will have an opportunity to consider the nature and impact of the change and exercise your rights under the GDPR in relation to that change (e.g., to withdraw consent or to object to the processing) as you see fit.
Questions or Concerns
Should you have any queries or complaints relating to this Privacy Policy, please contact us at:
Calldrip Inc.
1466 N Highway 89 Suite 200
Farmington, UT, 84025
USA
email: support@calldrip.com
Supervisory Authority
We are committed to complying with the terms of the GDPR and to the processing of personal data in a fair, lawful and transparent manner. If, however, you believe that we have not complied with our obligations under the GDPR, you have the right to lodge a complaint with the Office of the Data Protection Commissioner.