Effective date: May 13, 2020
Previous versions can be found here: LINK
Table of Contents
- Types of Information
- Non-personal Information
- Personal Information
- What is Personal Information?
- Advertising Information
- What Are the Sources of Personal Information?
- How Do We Use the Information We Collect?
- For Site Visitors and Users
- For Applicants for Employment or Independent Contractor/Vendor
- For Employees, Independent Contractors/Vendors, Shareholders and Others
- For Information Uploaded by Customers
- Categories of Information Convoso Has Acquired in the Last 12 Months
- Types of Information by Type of Individual
- Disclosures in the Last 12 Months
- Required Disclosures
- Where Does This Information Go?
- Your Rights Regarding the Personal Information
- Access to Specific Information and Data Portability Rights
- The Right to Request Deletion
- Exceptions to Deletion
- Exercising Access, Data Portability and Deletion Rights
- What Information a Verifiable Consumer Must Provide
- Response Timing & Format
- Opting Out of Third Party Cookies
- Additional Privacy Matters under California Law
- Links to Other Sites
- Do Not Track Notice
- For Visitors and Users from Outside the US
- Data Security
- Privacy Notice Changes
Types of Information
Like most other companies, Convoso collects, receives and has access to information about and related to quite a few groups, including site visitors, Convoso Services users, job applicants, employees, independent contractors or vendors, potential customers and even those people who provide us with their information (such as people who give us business cards). We explain the information in more detail below.
Non-personal Information. When you visit the Convoso Site, we collect non-personal information, which is information about things like IP address (in situations where we cannot reasonably link the IP address to you), browser and operating system. This is done through “cookies,” which are small files with unique ID numbers to simplify your logging in and staying logged into a website and using services there, such as the Convoso Site and the Convoso Services. Our cookies do not allow us to learn your real name and address. We explain below how you can change that process.
Personal Information. We receive more detailed personally-identifiable information from you when you request a demo, register to use the Convoso Services, authorize payment, sign up for a newsletter or seek technical support. We also receive detailed personal information when you apply for a job or you become an employee or you are an independent contractor or a vendor. Our customers will also upload personal information about other persons. We describe the personal information we have—and have collected—in the past 12 months below.
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information that is no longer capable of reasonably identifying a particular consumer or household.
What Is Personal Information? Applicable law essentially defines personal information as information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Naturally, this information could include your name, email address, credit card information and such other information that could identify you, whether by itself or together with other information.
Advertising Information. Some information created by cookies involves how users such as you navigate the Convoso Site. That information is also used by third party services we use such as Google search and display advertising services. We use Google’s remarketing feature, through the Google Display Network, to inform, optimize and serve relevant and useful ads based on past visits to our website. This service enables us to modify ads presented based on that information. This requires the use of first-party cookies and third-party cookies placed on our Convoso Site. Those services do not enable us to identify you. You can change your browser settings to limit cookies, as described below.
What Are the Sources of Personal Information?
We obtain information in several ways.
- Persons who sign up or login on our Site or request a demo or send us an email or letter or other form of communication provide us with personal information. In addition, our customers provide us with personal information when they open an account, make payments and communicate with us. Applicants provide us personal information when they apply for a position and when they communicate with us. Independent contractors provide us personal information when they make initial contact, when they have an agreement with us, when they perform their services or we request those services and afterwards in further communications. Other individuals provide personal information when they contact us through other means, such as meeting a Convoso representative at a trade show and exchanging business cards. Others might provide personal information when they contact us for other reasons, such as proposing a new product or service or engaging with us on legal matters.
- We also receive personal information when one person or contact provides the personal information of another contact, e.g., the lawyer, accountant or bookkeeper of a customer or a referral by an employee to a potential candidate for a job opening.
- Third Parties. Third parties might provide us with information, such as contact information for leads or employees who provide information about their dependents.
- Public Information. We might obtain information from publicly available sources such databases from or derived from government sources.
- Integrated Analytics and Interactive Tools. We might obtain information through first-party and third-party tools integrated into the Convoso Site and Convoso Services such as lead forms, chat features, or system access logging features.
How Do We Use the Information We Collect?
We do not sell your personal information. We use personal information for one or more of the following business purposes:
- To provide you with information, products or services that you request from us or that are a natural part of providing the Convoso Services (i.e., to alert you of changes, etc.).
- To fulfill and enforce obligations and rights arising from any contracts or other relationships we have with you, including the safety of our team, clients and others.
- To improve the Convoso Services, including research & development, testing, product development, bug fixes and the like.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To develop and analyze our marketing program, including communicating with customers and potential customers.
- To evaluate applicants for employment or contractor positions, such as contacting references, evaluating credentials, implementing aptitude exams, conducting background checks, and conducting drug screening.
- To facilitate your employment, contractor, or vendor relationship, such as processing payroll/payments, providing benefits, or paying taxes.
- To facilitate our day-to-day business operations such as maintaining and improving our IT systems, managing our facilitates, entering into agreements with service providers, and managing our financial operations (payment processing, collections, accounting).
- To consider a business transaction that might involve the sale or other transfer of our assets, which might include personal information.
For Site Visitors and Users. For those who visit the site, register, login, request a demo or additional information or otherwise use the Convoso Services, we use personal information for the following additional purposes: to simplify your login; to improve the Convoso Services, including customizing them to your preferences; to provide you a demo and/or additional information and then follow-up; to respond to technical support requests; to enable payment for your use of the services; and to inform you of certain changes in the Convoso Services, certain procedures, your use and your account(s). For all such persons, we will contact you in the future if your actions require us to do so—e.g., to send you an invoice, notify you of matters regarding your use and so forth—and you give us permission to do so
If you are a customer, then we will keep your personal information for approximately as long as there is legal liability based on our agreement with you. The information received from those visitors who request a demo or additional information will be kept for approximately one year.
For Applicants for Employment or Independent Contractor/Vendor. For those of you who are applying to become an employee, an independent contractor or a vendor, we use the information you provide to help us make the decision about employment or engagement. If we decide not to hire or engage you, then we will keep that personal information to inform you about later opportunities
We usually keep such personal information for up to three (3) years, unless you request that we delete it (you have to follow the procedure for making such request, as described below).
For Employees, Independent Contractors/Vendors, Shareholders and Others. Once you have an established relationship with us—e.g., you are employed by us, providing services to us or you own shares in Convoso—then we will use your personal information to manage that relationship. For example, for employees, we will use your personal information for those purposes normally associated with employment, e.g., pay you, schedule your time of employment, evaluate you, train you, administer benefits and so forth. As such, we will use it to contact you for work-related matters and you give us permission to do so.
We usually keep such information for the longer of the contractually stipulated period or when legal liabilities expire.
For Information Uploaded by Customers. Customers using the Convoso Services might upload personal information of third parties. We do not access such information except in situations where that information has caused, or is involved in, system malfunctions that would require us to access such information to examine it to solve the problem; the supplying customer requests that we access or delete it; or if access is necessary to fulfill a legal or compliance obligations including, but not limited to, responding to a subpoena, civil investigative demand, or traceback request. Each such customer, not Convoso, is responsible for the use of such information in compliance with all relevant rules and regulations. If we receive a request from a consumer to exercise any legal right related to personal information uploaded by a customer, we will inform the consumer of the identity of the relevant customer and require that the customer submit their request directly to the customer for processing.
Categories of Information Convoso Has Acquired in the Last 12 Months
Below we specify the personal information acquired in the last twelve months (updated every year), which we have provided below. Immediately below that table we have provided more detail by type of individual.
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES as to site visitors; YES as to job applicants and employees (and their dependents); YES as to independent contractor applicants and those engaged; YES as to potential and actual Customers.|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES as to potential and actual Customers; YES as to job applicants and employees (and their dependents); YES as to independent contractor applicants and those engaged.|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES as to job applicants and employees (and their dependents)|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES as to potential and actual Customers|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||YES as to job applicants and employees|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES as to site visitors and Customers|
|G. Geolocation data.||Physical location or movements.||YES as to job applicants and employees|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||YES as to job applicants and employees; YES as to potential or actual Customers|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES as to job applicants and employees; YES as to independent contractor applicants and those engaged|
|J. Non-public education information (per the Family Educational Rights & Privacy Act) (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES as to job applicants and employees (and their dependents); YES as to independent contractor applicants and those engaged|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|YES as to job applicants|
Disclosures in the Last 12 Months
In the last twelve months we have disclosed personal information to various third-party service providers who assist us with our business operations, including, but not limited for:
- Payment processing;
- Collection of accounts;
- Providing the Convoso Services;
- Facilitating marketing and non-marketing communications;
- Marketing design and development;
- Business analytics (both marketing and non-marketing related);
- IT, network, and systems administration such as data storage and management, website hosting, and data security;
- Professional services such as legal and accounting;
- Validating authorization to work in the United States;
- Payroll processing;
- Providing employee benefits such as insurance;
- Obtaining background checks and/or drug screenings; and
- Day-to-day business operations such as courier services, facilities management, mailhouse operations, and document destruction.
We only provide our service providers with the information necessary for them to perform their services on our behalf. Each service provider is expected to use reasonable security measures appropriate to the nature of the information involved to protect your personal information from unauthorized access, use, or disclosure. Service providers are prohibited from using personal information other than as authorized by us.
In the past twelve months, we have shared the following categories of information with at least one service provider:
- Category A: Identifiers
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
- Category C: Protected classification characteristics under California or federal law
- Category D: Commercial information
- Category E: Biometric information
- Category F: Internet or other similar network activity
- Category G: Geolocation data
- Category H: Sensory data
- Category I: Professional or employment-related information
- Category J: Non-public education information (per the Family Educational Rights & Privacy Act, 20 U.S.C. § 1232g, 34 C.F.R. Part 99)
- Category K: Inferences drawn from other personal information
Convoso may disclose such information in certain circumstances, including in response to requests by government authorities or industry regulatory bodies, or requests in a legal action. We may disclose information if we believe that it is appropriate or necessary for legal and/or regulatory compliance or we are exercising or defending our rights or the rights of others. We may also disclose information in connection with a merger or sale of our assets. By visiting the Site and/or using the Convoso Services, you consent to such disclosures.
Rights Regarding the Personal Information of California Residents
If you are a California resident, California law provides you specific rights regarding the personal information that we have on file about you. Please note that these rights apply to individuals in California, not legal entities. If you submit a request related to personal information we retain in our capacity as a service provider to a customer, we will not be able to process your request related to such personal information and we will inform you of the applicable customer so that you may make your request to the customer directly.
Right to Know Requests
Up to two times in any 12-month period, you may request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. First, you need to send us your “consumer request” using the methods specified below. After we receive your request, we will contact you to confirm your request and verify your identity. We may need you to provide additional information or answer questions from us in order to verify your identity for your own security. If you request access to the specific information in our files about you, we will require that you sign and return to us a declaration under penalty of perjury confirming your identity. If we are unable to verify your identity, we will inform you that we are denying your request. If we are able to verify your identity, we will disclose to you within 45 days of your request (subject to any extensions permitted by law):
- The categories of personal information we collected about you. This is similar to the section above.
- The categories of sources for the personal information we collected about you. This is similar to the section above.
- Our business or commercial purpose for collecting that personal information (we do not sell your personal information). This is similar to the section above.
- The categories of third parties with whom we share that personal information. This is similar to the section above.
- The specific pieces of personal information we collected about you (also called a data portability request). Please note that we will only provide you with your specific pieces of personal information if you specifically request that we do. We may withhold certain specific pieces of personal information that would create an unreasonable risk to you in the event of an unauthorized disclosure such as your social security number or a financial account number. If we withhold certain information from disclosure, we will replace it with a specific identifier, for example, instead of providing your social security number we will say that we have a social security number on file.
- If we sold (which we do not do) or disclosed your personal information for a business purpose, two separate lists disclosing:
- identifying the personal information categories that each category of recipient received; and
- our business purpose for disclosing each category of personal information to the third party.
California residents have the right to request that Convoso delete any of their personal information that Convoso has on file, with certain exceptions (which we explain below). You can do so twice in any 12-month period. Like with a Right to Know request discussed above, we will contact you to verify your request and identity before processing your deletion request. If we are unable to verify your identity, we will inform you that we have denied your request. If we are able to verify your identity, we will process your deletion request within 45 days of your request (subject to any extensions permitted by law). We will retain a copy of your deletion request as required by law.
Exceptions to Deletion
An exception to the requirement of deletion might apply to your request—generally, the exception is based on our need to complete obligations you and we have to each other, to protect our rights and rights of others, to maintain and enhance the Convoso Services and to respond to legal requests for such information. If we apply an exception, we will inform you of the categories of personal information that we were unable to delete and the exceptions we applied. The following is a list of exceptions that may be applied, including examples where the exception might not be clear.
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
For example: If you ordered Convoso Services and the order has not been cancelled, then we cannot delete information needed to fulfill the Services and obtain payment from you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
For example: We will need to keep the information if we believe that it is relevant to detecting and correcting fraudulent activity with your account.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
- Enable exclusively internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
For example: If we are comparing your use of Convoso Services with the relevant contract terms or with the use by other users.
- Comply with a legal obligation.
For example: If we are required by law to retain certain information in our possession.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
For example: If you are an independent contractor currently engaged by us, then it will be necessary to retain information for contractual obligations and tax reporting purposes.
To exercise the right to know and deletion rights described above, please submit a verifiable consumer request as follows:
- Call us at (888)456-5454
- Send an email to: firstname.lastname@example.org
Authorized Agents & Minors
Only two people can make a verifiable consumer request: you or someone you have authorized to act on your behalf (which may include a business entity properly registered with the California Secretary of State). If you are an authorized agent, we will require you to undergo an identity verification process and will require that you provide a signed written authorization from the consumer permitted you to make the request on their behalf. We may also independently contact the consumer to verify your authorization.
If you are a parent or legal guardian making a request on behalf of a minor child, we will require to prove your identity and that you are the parent or legal guardian of the minor child. Please note that we do not generally knowingly collect the personal information with the exception of dependents for purposes of providing benefits to employees.
The verifiable consumer request must:
- Provide information sufficient for us to reasonably verify that you are the person to which such personal information relates or that the person making such request on your behalf is properly authorized and registered. If your request does not contain such information, we will contact you to let you know what additional information we need.
- Describe your request with detail sufficient for us to understand, evaluate, and respond to it.
- Provide at least your full name, telephone number, and either email address, mailing address, or both.
We will use personal information provided in a verifiable consumer request only for verification and communicating with you about exercising your rights and responding to you, and for our compliance record keeping purposes.
Response Timing and Format
We will try to respond to a verifiable consumer request within 45 days of the day we receive it. If we need more time (up to 90 days), then we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For right to know requests where you ask to receive the specific personal information we have on file about you, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without problems.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate or retaliate against you when you wish to exercise any of your rights, which means that when you make any such request, we will not (unless permitted by applicable law):
- Deny or alter goods or services you have ordered.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Opting Out of Cookies
Your browser may be set to a default that accepts cookies, but usually you can modify those settings to reject cookies. If you do so, please understand that some of the features of the Convoso Services or parts of the Convoso Site might be disabled. You can also opt out of customized Google Display Network ads by visiting the Google Ads Preference Manager.
Additional Privacy Matters under California Law
California law related to privacy includes what is known as the “Shine the Light” law (at Civil Code Section 1798.83), which gives users resident in California the right to prevent disclosure of their personal information to third parties for direct marketing purposes by those third parties. The law also requires companies with a web presence (such as Convoso) to respond to inquiries from such users about disclosure to such third parties as described above. Such companies can also choose an alternative, which is to follow a policy of not providing such personal information to third parties for direct marketing purposes. We have such a policy because we do not provide personal information to any third parties for their direct marketing purposes.
California also adopted a law, known as the “Online Erasure” law (at Business and Professions Code Sections 22580-22582), which requires companies the maintain certain website or online services to allow registered users who are under the age of 18 and who are also residents of California to request that the company remove content such persons have posted. Please note that we do not provide any feature or functionality for such users to post any content.
Links to Other Sites
Do Not Track Notice
For Visitors and Users Outside the US
Convoso has implemented reasonable physical, technical, and administrative safeguards to prevent the unauthorized access or distribution of personal information. Even with these safeguards in place, no network can be 100% secure.
Privacy Notice Changes
If you have any questions or comments, then please email us here.