Effective date: December 26, 2019
Previous versions can be found here: LINK
Table of Contents
- Types of Information
- Non-personal Information
- Personal Information
- What is Personal Information?
- Advertising Information
- What Are the Sources of Personal Information?
- How Do We Use the Information We Collect?
- For Site Visitors and Users
- For Applicants for Employment or Independent Contractor/Vendor
- For Employees, Independent Contractors/Vendors, Shareholders and Others
- For Information Uploaded by Customers
- Categories of Information Convoso Has Acquired in the Last 12 Months
- Types of Information by Type of Individual
- Disclosures in the Last 12 Months
- Required Disclosures
- Where Does This Information Go?
- Your Rights Regarding the Personal Information
- Access to Specific Information and Data Portability Rights
- The Right to Request Deletion
- Exceptions to Deletion
- Exercising Access, Data Portability and Deletion Rights
- What Information a Verifiable Consumer Must Provide
- Response Timing & Format
- Opting Out of Third Party Cookies
- Additional Privacy Matters under California Law
- Links to Other Sites
- Do Not Track Notice
- For Visitors and Users from Outside the US
- Data Security
- Privacy Notice Changes
Types of Information
Like most other companies, Convoso collects, receives and has access to information about and related to quite a few groups, including site visitors, Convoso Services users, job applicants, employees, independent contractors or vendors, potential customers and even those people who provide us with their information (such as people who give us business cards). We explain the information in more detail below.
Non-personal Information. When you visit the Convoso Site, we collect non-personal information, which is information about things like your IP address, browser and operating system. This is done through “cookies,” which are small files with unique ID numbers to simplify your logging in and staying logged into a website and using services there, such as the Convoso Site and the Convoso Services. Our cookies do not allow us to learn your real name and address. We explain below how you can change that process.
Personal Information. We receive more detailed personally-identifiable information from you when you request a demo, register to use the Convoso Services, authorize payment, sign up for a newsletter or seek technical support. We also receive detailed personal information when you apply for a job or you become an employee or you are an independent contractor or a vendor. Our customers will also upload personal information about other persons but our access to such personal information is limited to technical issues where our access would be incidental to tasks like fixing a software bug. We describe the personal information we have—and have collected—in the past 12 months below.
What Is Personal Information? Applicable law essentially defines personal information as information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. Naturally, this information could include your name, email address, credit card information and such other information that could identify you, whether by itself or together with other information.
Advertising Information. Some information created by cookies involves how users such as you navigate the Convoso Site. That information is also used by third party services we use such as Google search and display advertising services. We use Google’s remarketing feature, through the Google Display Network, to inform, optimize and serve relevant and useful ads based on past visits to our website. This service enables us to modify ads presented based on that information. This requires the use of first-party cookies, and third-party cookies placed on our Convoso Site. Those services do not enable us to identify you. You can change your browser setting, as described below.
What Are the Sources of Personal Information?
We obtain information in several ways.
- Persons who sign up or login on our Site or request a demo or send us an email or letter or other form of communication provide us with personal information. In addition, Customers provide us with personal information when they open an account, make payments and communicate with Convoso. Applicants provide us personal information when they apply and when they communicate with us. Independent contractors provide us personal information when they make the initial contact, when they have an agreement with us, when they perform their services or we request those services and afterwards in further communications. Other individuals provide personal information when they contact us through other means, such as meeting a Convoso representative at a trade show and exchanging business cards. Others might provide personal information when they contact us for other reasons, such as proposing a new product or service or engaging with us on legal matters.
- Convoso also receives personal information when one person or contact provides the personal information of another contact, e.g., the lawyer or accountant or bookkeeper of a Customer or a referral by an employee to a potential candidate for a Convoso job opening.
- Third Parties. Third parties might provide us with information, such as contact information for leads.
- Public Information. Convoso might obtain information from publicly available sources such as social network or other postings available on the internet or databases from or derived from government sources.
How Do We Use the Information We Collect?
We use the information in several ways. Several important points:
- We do not sell your personal information.
- You have certain rights to control how we collect and use such personal information. Those rights are detailed below.
- We use the personal information only for the purposes we describe below. We also use the information only for the purpose for which it was collected. For example, if you are an employee, then you must give us an emergency contact. That information will only be used when there is an emergency and its use is required by that emergency.
- We use the personal information for the purposes for which it was collected. We will notify you if there are other uses and if required, seek your consent.
We use personal information for one or more of the following business purposes:
- To provide you with information, products or services that you request from us or that are a natural part of providing the Convoso Services (i.e., to alert you of changes, etc.).
- To fulfill and enforce obligations and rights arising from any contracts or other relationships we have with you, including the safety of our team, clients and others.
- To improve the Convoso Services, including R&D, testing, product development, bug fixes and the like;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when you provide your personal information to Convoso or as otherwise set forth in applicable law.
- To consider a business transaction that might involve the sale or other transfer of our assets, which might include personal information.
For Site Visitors and Users. For those who visit the site, register, login, request a demo or additional information or otherwise use the Convoso Services, we use such information, including for the following purposes: to simplify your login; to improve the Convoso Services, including customizing them to your preferences; to provide you a demo and/or additional information and then follow-up; to respond to technical support requests; to enable payment for your use of the services; and to inform you of certain changes in the Convoso Services, certain procedures, your use and your account(s). For all such persons, we will contact you in the future if your actions require us to do so—e.g., to send you an invoice, notify you of matters regarding your use and so forth.
If you are a Customer then we will keep the personal information for as long as there is legal liability based on the agreement with you. The information received from those visitors who request a demo or additional information will be kept for one year.
For Applicants for Employment or Independent Contractor/Vendor. For those of you who are applying to become an employee, an independent contractor or a vendor, we use the information you provide to help us make the decision about employment or engagement. If we decide not to hire or engage you, then we will keep that personal information to inform you about later opportunities.
We usually keep such personal information for up to three (3) years, unless you request that we delete it (you have to follow the procedure for making such request, as described below).
For Employees, Independent Contractors/Vendors, Shareholders and Others. Once you have an established relationship with us—e.g., you are employed by us, providing services to us or you own shares in Convoso—then we will use the personal information to manage that relationship. For example, for employees, we will use the personal information for those purposes normally associated with such employment, e.g., pay you, schedule your time of employment, evaluate you, train you, administer benefits and so forth. As such, we will use it to contact you for work-related matters
We usually keep such information for the longer of the contractually stipulated period or when legal liabilities expire.
For Information Uploaded by Customers. Customers using the Convoso Services might upload personal information of third parties. Convoso does not have access to such information except in situations where that information has caused, or is involved in, system malfunctions that would require us to access such information to examine it exclusively to solve the problem. Each such customer, not Convoso, is responsible for the use of such information in compliance with all relevant rules and regulations.
Categories of Information Convoso Has Acquired in the Last 12 Months
Below Convoso specifies the personal information acquired in the last twelve months (updated every year), which we have provided below. Immediately below that table we have provided more detail by type of individual.
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES as to email address for all who submit it and as to IP address for site visitors; YES for most of the information for job applicants (see below); YES for most as to potential Customers seeking to enter into an agreement; YES for most as to Customers. (See below for details)|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES as to name when submitted to us; YES as to certain information for potential and actual Customers; YES as to applicants. (See below for details)|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES as to some of the information in this category in relation to applicants and employees (Please see below for details)|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES as to Customers|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||YES as to applicants/employees where required by law|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||NO|
|G. Geolocation data.||Physical location or movements.||YES as to location for job applicants and employees|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||YES as to applicants and employees and independent contractor applicants and those engaged|
|J. Non-public education information (per the Family Educational Rights & Privacy Act) (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||YES if desired for employment decision or if submitted (e.g., in CV or vendor proposal)|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Types of Information by Type of Individual
Below we specify the type of information received and used by Convoso from each type of individual:
|Type of Individual||Information||Use|
|Site visitor||Cookie-based information||Anonymized and used to evaluate Site performance|
|Site visitor who requests a demo or additional information or contacts Convoso||Name, name of company and contact information (email address and phone number)||Deliver demo and/or requested information and follow up to such activities|
|Site visitor who signs up for newsletter||Name, name of company and email address||Deliver newsletter|
|Customer (or user of a Customer account)||Name, title, name of company, email address, phone number, billing address, credit card number, credit and financial information||Negotiate agreement and complete related documents; deliver Convoso Services ordered by Customer; communicate as to Convoso Services performance, account and/or additional Convoso Services|
|Employment Applicant||Required by Convoso: name; contact information (which includes physical location); current and past job history or performance evaluations. Other information is whatever an applicant provides in a CV, which could include: name, mailing address, email address, age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status; grades, transcripts, class lists||Used for employment decision in strict compliance with applicable law|
|Employee||Name; contact information (which includes physical location); emergency contact information; current and past job history or performance evaluations; wage/salary and tax information; bank information (if direct deposit payment made); citizenship; passport information where required by law; medical conditions (to the extent permitted by law and required for health benefit, if any); special status where required by law (e.g., disability, workers compensation, ADA compliance); performance evaluations.||Manage the employer/employee relationship in compliance with applicable law and company policies.|
|Independent Contractor/Vendor applicant||Required by Convoso: name; contact information (including physical location, where relevant); current and past job history or performance evaluations (when relevant); references and credit history||Make a decision to engage independent contractor/vendor|
|Independent Contractor||Name, title, name of company, email address, phone number, billing address, credit card number or payment information.|
|Individual who contacts Convoso or provides contact information (e.g., business card)||Name, name of company, contact information||Respond to contact|
Personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the scope of applicable law, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Disclosures in the Last 12 Months
In the last twelve months Convoso has disclosed the following information, which has been disclosed to: third party vendors who provide services to Convoso such as payroll and benefits processing; companies inquiring as to former employees; government agencies in response to requests for information.
- Category A: Identifiers
- Category B: California Customer Records personal information categories
- Category C: Protected classification characteristics under California or federal law
- Category D: Commercial information
Convoso might have to disclose such information in certain circumstances, including requests by government authorities or requests in a legal action. We may have to disclose information if we believe that it is appropriate or necessary for legal reasons (such as a government request, court order or legal process served on us or we are exercising or defending our rights, whether under contract or otherwise). By visiting the Site and/or using the Convoso Services, you consent to such disclosure.
Where Does the Information Go?
We don’t sell or trade your personal information. We don’t share the personal information except for limited purposes of running our business by using the services of third parties and only those ones that have agreed with us to keep such information secure. These would include, for example, cloud storage providers, email services for newsletters, payment processors and the like. If you are an employee, we might provide your information to a customer or potential customer solely for you to perform your role in Convoso where it relates to relationships with such Customers.
Your Rights Regarding the Personal Information
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. First, you need to send us your “consumer request” and we have to verify that it is you. Once that happens, Convoso will disclose to you:
- The categories of personal information we collected about you. This is similar to the section above.
- The categories of sources for the personal information we collected about you. This is similar to the section above.
- Our business or commercial purpose for collecting that personal information (we do not sell your personal information). This is similar to the section above.
- The categories of third parties with whom we share that personal information. This is similar to the section above.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold (which we do not do) or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
California residents have the right to request that Convoso delete any of their personal information that Convoso has, with certain exceptions (which we explain below). You can do so only twice in any twelve-month period. As noted above, we have to verify your consumer request and then, subject to the exceptions, we will delete that information; if there are third party service providers (e.g., payroll processing companies) that have such information, then we will also direct them to delete that information (which is also subject to the exceptions). Please also remember that this right relates only to personal information and not to information regarding a legal entity other than a person.
Exceptions to Deletion
An exception to the requirement of deletion might apply to your request—generally, the exception is based on our need to complete obligations you and we have to each other, to protect Convoso rights and rights of others, to maintain and enhance the Convoso Services and to respond to legal requests for such information. We may deny your deletion request if retaining the information is necessary for us (or our service providers) for the following reasons. We have included examples where the reason might not be clear.
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
For example: If you ordered Convoso Services and the order has not been cancelled, then we cannot delete contact and payment information.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
For example: We will need to keep the information if we believe that it is relevant to detecting and correcting fraudulent activity with your account.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
- Enable exclusively internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
For example: If we are comparing your use of Convoso Services with the relevant contract terms or with the use by other users.
- Comply with a legal obligation.
For example: If we are required by law to retain certain information in our possession.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
For example, if you are an independent contractor currently engaged by Convoso then it will be necessary to retain information for contractual obligations.
Exercising Access, Data Portability and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request as follows:
- Call us at (888)456-5454
- Send an email to: firstname.lastname@example.org
Only two people can make a verifiable consumer request: you or someone you have authorized to act on your behalf and that person is registered with the California Secretary of State. Although we do not collect any information on a minor child and we are not aware of any such information, you (or the registered person with the proper authorization) may also make a verifiable consumer request on behalf of that minor.
What Information a Verifiable Consumer Must Provide
The verifiable consumer request must:
- Provide information sufficient for us to reasonably verify that you are the person to which such personal information relates or that the person making such request on your behalf is properly authorized and registered.
- Describe your request with detail sufficient for us to understand, evaluate, and respond to it.
We will use personal information provided in a verifiable consumer request only for verification and communicating with you about exercising your rights and responding to you. There are not requirements other than as specified above. For example, making a verifiable consumer request does not require you to create use Convoso Services (i.e., create an account). We cannot respond to your request or provide you with personal information if we cannot verify your identity (or the authority of another person making such a request) to make the request and confirm that the personal information relates to you.
Response Timing and Format
We will try to respond to a verifiable consumer request within 45 days of the day we receive it. If we need more time (up to 90 days), then we will inform you of the reason and extension period in writing if we have that contact information. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option, but we must have the relevant contact information to honor your choice. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without problems.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate or retaliate against you when you wish to exercise any of your rights, which means that when you make any such request, we will not (unless permitted by applicable law):
- Deny or alter goods or services you have ordered.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Opting Out of Third Party Cookies
Your browser may be set to a default that accepts cookies, but usually you can modify those settings to reject cookies. If you do so, please understand that some of the features of the Convoso Services or parts of the Convoso Site might be disabled. You can also opt out of customized Google Display Network ads by visiting the Google Ads Preference Manager.
Additional Privacy Matters under California Law
California law related to privacy includes what is known as the “Shine the Light” law (at Civil Code Section 1798.83), which gives users resident in California the right to prevent disclosure of their personal information to third parties for direct marketing purposes by those third parties. The law also requires companies with a web presence (such as Convoso) to respond to inquiries from such users about disclosure to such third parties as described above. Such companies can also choose an alternative, which is to follow a policy of not providing such personal information to third parties for direct marketing purposes. We have such a policy because we do not provide personal information to any third parties for their direct marketing purposes.
California also adopted a law, known as the “Online Erasure” law (at Business and Professions Code Sections 22580-22582), which requires companies the maintain certain website or online services to allow registered users who are under the age of 18 and who are also residents of California to request that the company remove content such persons have posted. Please note that we do not provide any feature or functionality for such users to post any content.
Links to Other Sites
Do Not Track Notice
Convoso does not respond to Do Not Track signals because, except for the Google analytic services described above, Convoso does not track site visitors across third party sites and over time to provide targeted advertising. Your browser should be able to set the Do Not Track signal on sites that do respond, thereby enabling you to inform them that you are not to be tracked.
For Visitors and Users Outside the US
Convoso complies with the requirements of California and federal law regarding data security. If Convoso becomes aware of events governed by those laws, then we will follow the procedures for notifying you.
Privacy Notice Changes
If you have any questions or comments, then please email us here.