Privacy Statement

Personal information we collect

Information you provide to us . Personal information you may provide to us through the Service or otherwise includes:

• Contact data, such as your first and last name, salutation, email addresses, phone number, billing and mailing addresses, and your professional titles and organizational affiliations.
  
• Profile data , such as the username and password that you may set to establish an online account on the Service, profile photos, and any other information that you add to your account profile.
  
• Transaction data , such as information relating to your orders on or through the Service, including order numbers and transaction history.
• Communications that we exchange with you, including when you contact us through the Service, social media, or otherwise.
• Marketing data , such information about your participation in promotions and your preferences for receiving our marketing communications.
• Financial data , such as your payment card information, which is handled by our payment processors.
• User-generated content , such as profile pictures, photos, images, videos, comments, questions, messages and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
• Invitee data. We offer features that help users invite their friends or contacts to use the Service and may collect contact details about these invitees so that we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.
• Other data not specifically listed here, which we will use as described in this Privacy Statement or as otherwise described at the time of collection.

In most cases, providing your data is voluntary (e.g., providing user-generated content, contact information to receive marketing communications, invitee data). In other cases providing the information is required in order for CTD to provide our Service, complete our contract or comply with our legal obligations (e.g., contact data, transaction data, financial data).

Third-party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

• Third-party accounts to which you choose to connect your Service account. For example, when you connect an email account to the Service, we will collect and process the headers (e.g., date, to, from, cc, bcc fields), metadata and settings associated with the emails in the account, including contact details in email signatures (collectively, “ email metadata ”). We do not store email body information and process it only in a transitory manner as necessary to extract email metadata.
  
• Enterprise customers that give us access to the email accounts of their personnel.
  
• Other users of the Service who choose to grant you access to information in their Service accounts.
• Public data , including information in government records and that individuals have made publicly accessible on the web.
• Licensed data that we obtain from data licensors to help us update and enrich information about CTD users’ contacts.
• Third party services , such as social media services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

Automatic data collection.  We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

• Device data , such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, and general location information such as city, state or geographic area.
  
• Online activity data , such as pages you viewed, how long you spent on a page, the website you visited before browsing to the Service, navigation paths between pages, information about your activity on a page, access times and duration of access, and whether you have opened our emails or clicked links within them.
  

Cookies and other tracking technologies . Like many online services, we use the following technologies:

• Cookies , which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences and login status as they navigate a site. Cookies used on our sites include both "session cookies" that are deleted when a session ends, "persistent cookies" that remain longer, “first party” cookies that we place and “third party” cookies that our third party business partners and service providers place.
  
• Web beacons , also known as pixel tags or clear GIFs, which are clear images placed in web content or HTML emails to record when a user visits a web page or interacts with an email.
  
• Local storage technologies , like HTML5 , that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
  
• Session replay technologies. We use third-party services provided by FullStory that employ software code to record users’ interactions with the Services in a manner that allows us to watch DVR-like replays of those user sessions. The replays include users’ clicks, mouse movements, scrolls and keystrokes during those sessions. These replays help us diagnose usability problems and identify areas for improvement. You can learn more about FullStory at https://www.fullstory.com/legal/privacy-policy and you can opt-out of session recording by FullStory at https://www.fullstory.com/optout/ .
  
• Chat. We use chat technologies provided by a third-party vendor that employs cookies and software code to operate the chat features you can use to communicate with us through the Service. We and such third-party vendors may access and use information about webpages visited on our website, your IP address, your general geographic information (e.g., city, state), and other personal information you share through online chats for the purposes described in this Privacy Policy.
  

These cookies and other technologies may be employed for the following purposes:

• Technical operation . To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
  
• Functionality. To provide enhanced functionality and personalization on the Service.
  
• Analytics . These technologies help us understand how our services are performing and being used.
  

Google user data 

If you connect the Service to a Gmail account, this Privacy Statement will apply to Google user data collected as well as to other categories of personal information. Notwithstanding anything else in this Privacy Statement, if you provide the Service access to the following types of your Google data, the Service’s use of that data will be subject to these additional restrictions:

• The Service will only use access to read Gmail message bodies (including attachments), metadata, headers, and settings to help you organize the contact details of the people with whom you exchange email, measure the strength of your connections with them, help you make the information you see in your Service account accessible to other Service users to whom you choose to make your information available, and enable CTD to send emails on your behalf.
  
• The App will not use this Gmail data for serving advertisements.
  
• The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Service’s internal operations and even then only when the data have been aggregated and anonymized.
  

How we use your personal information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Service delivery.  We may use your personal information to:

• provide, operate and improve the Service and our business.
  
• facilitate your invitations to contacts who you want to invite to join the Service.
  
• communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages.
  
• understand your needs and interests, and personalize your experience with the Service and our communications; and
  
• provide support for the Service, and respond to your requests, questions and feedback.
  

Research and development.  We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated or de-identified data from personal information we collect. We de-identify personal information by removing information that makes the data personally identifiable to you. We may use this data and share it with third parties for our lawful business purposes, including to analyze, improve and promote the Service and our business.

Compliance and protection.  We may use your personal information to:

• comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  
• protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims).
  
• audit our internal processes for compliance with legal and contractual requirements and internal policies.
  
• enforce the terms and conditions that govern the Service; and
  
• prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
  

How we share your personal information

We do not share your personal information, unless this is necessary for the performance of our Service, for the compliance with a legal obligation, for the purpose of our legitimate interest or if you have given your consent. We may share your personal information with the following recipients:

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, payment processing, consumer research and website analytics).

Payment processors . Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors. Payment processors will use your personal information as described in their own privacy policies, so we encourage you to read them.

Third-party platforms and social media networks. . If you have enabled features or functionality that connect the Service to a third-party platform (such as by logging in to the Service using your account with the third-party, providing your API key or similar access token for the Service to a third party, or otherwise linking your account with the Service to a third party’s services), we may disclose the personal information that you authorized us to share. We do not control the third party’s use of your personal information.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations and due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in CTD (including in connection with a bankruptcy or similar proceedings).

Other users. You can choose to give other users of the Service access to your profile, contact network, strength and existence of your relationships, communication history and other user-generated content. We are not responsible for other users’ use of this information.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

European Data Protection Rights

We will only process your personal information if and to the extent we have a legal basis for doing so. The following are the legal bases that we rely upon to justify our processing:

• Your consent – We will process your personal information with your prior consent, which you may give directly to us, or to other organizations (e.g., our third party data providers).
  
• Performance of a contract – We will process your personal information where necessary to enter into, or for the performance of a contract. For example, we process your personal information to:
  - provide, operate and improve the Service and our business;
  - facilitate your invitations to contacts who you want to invite to join the Service;
  - communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
  - provide support for the Service, and respond to your requests, questions and feedback;
  - enforce the terms and conditions that govern the Service.
  
• Legitimate interests – We will process your personal information for the purposes of our legitimate interests, or the legitimate interests of third parties we work with, as long as these interests are not overridden by your interest or fundamental rights and freedoms. For example, we may process your personal information for the following legitimate interests:
  - providing and operating our Service, (e.g., processing your contact details that are included in the header or message body of an email because you exchanged emails with someone that is using our Service or because your employer is using our service);
  - carrying out direct marketing activities, unless consent is required in which case, we would obtain consent;
  - analyzing and improving the Service and our business;
  - creating aggregated, de-identified or other anonymous data from personal information we collect;
  - preventing, identifying, investigating and detecting fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft;
  - auditing our internal processes for compliance with legal and contractual requirements and internal policies;
  - disclose or transfer personal information in the event of a business transactions (or negotiations and due diligence for such transactions) involving a corporate, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interest).In all of the above cases, we carefully strike a balance between our legitimate business interests and your interests or fundamental rights. For more information in the individual case, you can contact our Privacy Officer.
  
• Compliance with legal obligations – We will process your personal information if it is necessary to comply with legal obligations. For example, we may process your personal information to:
  - comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  - protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims).
  

When CTD processes your personal data and such processing is subject to European Union (EU GDPR) or United Kingdom (UK GDPR, UK Data Protection Act 2018) data protection law, depending on the applicable law, you may have certain rights with respect to that data, namely:

• Right of Access. You have the right to request confirmation as to whether or not we process your personal data. If so, you also have the right to request access to the personal and further information as specified under the applicable data protection law.
  
• Right to Rectification. You have the right to request that we correct inaccurate or incomplete personal data that we store about you.
  
• Right to Erasure. Under certain conditions, you have the right to request that we erase the personal data we may hold about you
  
• Right to Data Portability. Under certain conditions, you have the right to receive the personal data, which you have provided us in a structured, commonly used, and machine-readable format and to transfer those data to another controller.
  
• Right to Withdraw Your Consent. If the processing of personal data is based on your consent, you can withdraw consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal.
  
• Right to Object. Under certain conditions, you have the right to object to the processing of your personal data, in case the processing is based on legitimate interests or in case your personal data are processed for direct marketing purposes
  
• Right to Restriction of Processing. Under certain conditions, you have the right to request the restriction of the processing of your personal data.
  

To exercise any of these rights (if they are available to you under the applicable law), please contact us at [email protected] . When another entity is the data controller (such as your employer when you use the Platform), CTD will refer your request to the third-party data controller and/or provide you with the information you need to contact the data controller directly.

You can also lodge a complaint with a competent data protection supervisory authority if you consider that the processing of your personal data infringes the applicable data protection law.

To the extent permitted by applicable law, we reserve the right to charge a fee or decline requests: (i) that are unreasonable or excessive; (ii) where providing the data would be prohibited by law or could adversely affect the privacy or other rights of another person; or (iii) where we are unable to authenticate you as the person to whom the data relates. Also, please note that we often need to retain certain data for reasons such as recordkeeping and/or to complete any transaction that you began prior to requesting a change or deletion of your data.

When you contact CTD about exercising any of the rights available to you under the applicable data protection law, CTD will ask you for information to verify your identity. In your request, please clearly identify the personal data that is the subject of your inquiry. We will comply with your request as soon as reasonably practicable and within any time frames prescribed by law.

International data transfer

We are headquartered in the United States and may use service providers that also operate in the US or in other countries outside the country in which you reside. Therefore, your personal information may be transferred to countries which may not provide for the same level of data protection as guaranteed under the applicable data protection laws of the country in which you reside (e.g., the EU GDPR). For all such transfers we ensure that these countries are either considered adequate according to the applicable data protection law (e.g., by way of an adequacy decision of the EU commission) or that appropriate safeguards are in place such as standard contractual clauses. If you want to obtain a copy of these safeguards, you can contact us at [email protected] .

Storage period

We generally only store your personal information for the time necessary to fulfill the purpose for which it was collected or processed. We may retain the data for a longer period if required for compliance with a legal obligation according to applicable law (e.g., to meet tax or commercial law retention obligations) or to the extent required for establishment, exercise, or defense of legal claims.

Your choices

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.

Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us . Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org .

Do Not Track.  Some Internet browsers may be configured to send “Do Not Track” signals to the onlineservices that you visit. We currently do not respond to “Do Not Track” signals. To find out more about“Do Not Track,” please visit http://www.allaboutdnt.com .

Linked third-party platforms. If you choose to connect to the Service through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

Other sites and services

The Service may contain links to websites and other online services operated by third parties and our content may be integrated into other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control any online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other online services you use.

Children

The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Statement

We reserve the right to modify this Privacy Statement at any time. If we make material changes to this Privacy Statement, we will notify you by updating the date of this Privacy Statement and posting it on the Service. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service. Any modifications to this Privacy Statement will be effective upon our posting the modified version (or as otherwise indicated at the time of posting).

How to contact us

Individuals and data protection supervisory authorities in the EU and the UK may contact our data protection representatives according to Article 27, GDPR.

Name and contact details of the controller
Connect The Dots, Inc.
548 Market Street, PMB 77624
San Francisco CA 94104-5401
United States
[email protected]

Name and contact details of our legal representative
EU: DP-Dock GmbH, Attn: Connect The Dots, Ballindamm 39, 20095 Hamburg, Germany
UK: DP Data Protection Services UK Ltd., Attn:  Connect The Dots, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
‍ www.dp-dock.com
‍ [email protected]

Name and contact details of the data protection officer
Attention: Data Protection Officer
548 Market Street, PMB 77624
San Francisco CA 94104-5401
United States
[email protected] .

State law privacy rights

Scope. This section applies to residents of California and Virginia, except that provisions identifying a specific state apply only to that state. If you are not a resident of the state in which these rights are granted, you may not be able to exercise these rights.

For purposes of this section, “personal information” has the meaning given to “personal data”, “personal information” or similar terms under the applicable privacy laws of the state in which you reside, but does not include information exempted from such laws.

In some cases, we may provide a different privacy notice to certain categories of residents of these states, in which case that notice will apply with respect to the activities it describes instead of this section.

Your privacy rights. You have the rights listed below.

• Right to know. You can request confirmation about whether or not we have collected your personal information, and information about the categories of personal information that we have collected, the categories of sources from which we collected personal information, the business or commercial purpose for collecting, sharing and/or selling personal information, the categories of third parties with whom we share personal information, the categories of personal information that we sold, shared or disclosed for a business purpose, and the categories of third parties with whom the personal information was sold, shared or disclosed for a business purpose.
  
• Right to access. You can request a copy of certain personal information that we have collected about you.
  
• Right to delete. You can ask us to delete certain personal information that we maintain about you.
  
• Right to correct. You can ask us to correct inaccurate personal information that we have collected about you.
  
• Right to nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the privacy laws of the state where you reside.
  

How to exercise your rights. You can exercise the privacy rights described above by submitting a request to [email protected] . The rights described above are subject to limits and exemptions and in certain cases we may decline your request as permitted by law. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. You can ask to appeal any denial of your request in the same manner that you may submit the request.

Verification of identity. We may need to verify your identity to process your requests to exercise your rights to know, access, deletion, and correction, and we reserve the right to confirm your residency. To verify your identity, we may require you to log into your Service account if you have one, provide information we can match against information we may have collected from you previously, confirm your request using the email address we have on file, provide government identification, or provide a declaration under penalty of perjury, where permitted by law.

Authorized agents. If you have not provided your agent with such a power of attorney, we may ask you and/or your agent to take steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request. If you are a California resident, your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable California law.

Additional information for California residents. The following describes our practices currently and during the past 12 months:

• Sensitive personal information. We do not use or disclose sensitive personal information for restricted purposes that California residents have a right to limit under the CCPA.
  
• Deidentified data. We do not to attempt to reidentify deidentified information that we derive from personal information, except that we may do so to test whether our deidentification processes comply with applicable law.
  
• Sources and purposes. We collect all categories of personal information from the sources and use them for the business purposes described in the How we use your personal information section above, and we disclose them for the business purposes described in the How we share your personal information section above.
  
• Categories and disclosure. The chart below describes the personal information we collect by reference to the categories of personal information specified in the CCPA (Cal. Civ. Code §1798.140), and the categories of third parties to whom we disclose it. The terms in the chart refer to the data types and third parties described above in the Personal information we collect section in more detail. Information you voluntarily provide to us, such as in emails or free-form webforms, may contain other categories of personal information not described below. We may also disclose personal information to professional advisors, authorities and others, and business transferees as described above in the How we share your personal information section of this Privacy Policy.
  

Additional information for Virginia residents. You have the right to opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

Additional information for Nevada residents. You may submit a request to [email protected] directing us not to sell your personal information that we have collected or will collect for money. We reserve the right to verify the authenticity of the request and your identity.