Privacy Policy

Effective date: January 1, 2023

Previous versions can be found here: LINK

Welcome to the new privacy policy of Convoso. Convoso (“we,” “us,” or “our”) has created this privacy policy to explain how and what personal information we might have visitors’ and users’ use of our site (“Convoso Site”) or the services we provide (“Convoso Services”) as well as our collection, use and disclosure of personal information in connection with customers and their users,, job applicants, employees, and contractors. If you have any questions, please email us here, privacy@convoso.com.

Please note that many of the changes in California law leading to revisions of this policy have not yet been clarified.  California has established a new state agency that will implement clarifying regulations in the near future, which will lead to additional changes to this policy.  In addition, enforcement does not take effect until July 1, 2023.

Table of Contents

  1. Types of Information
    • Non-personal Information

    • Personal Information

    • What Is Personal Information?

    • “Sensitive” Personal Information

    • Collecting & Using Sensitive Personal Information (“SPI”)

      • What Are the Sources of Personal Information and SPI?
  2. What Are the Sources of Personal Information and SPI?

    • In General

    • Personal Information from Customers, Referrals, etc.

    • Third Parties

    • Public Information

    • Integrated Analytics and Interactive Tools

    • Incidental Access

  3. How Do We Use the Information We Receive?

    • We do not sell your personal information

    • For Site Visitors and Users

    • For Applicants for Employment or Independent Contractor/Vendor Relationships

    • For Employees, Independent Contractors/Vendors, Shareholders and Others

    • For Information Uploaded by Customers

  4. Categories of Information Convoso Has Received in the Last 12 Months

  5. Disclosures in the Last 12 Months

    • Disclosure to Service Providers

    • Other Disclosures

    • Disclosures in the Last Twelve Months

  6. Rights Regarding the Personal Information of California Residents

    • A Quick Summary

    • The Right to Know 

    • The Right to Correct 

    • The Right to Request Deletion

    • The Right of Data Portability

    • The Right to Limit Some Uses of Sensitive Personal Information

    • Exceptions

    • Limiting the Use of Your Sensitive Personal Information

  7. Additional Privacy Matters under California Law
    • Do Not Sell

    • Do Not Share 

    • Shine the Light Law

    • “Online Erasure” Law

  8. Exercising Your Privacy Rights

    • Authorized Agents

    • What Information a Request Must Provide 

    • Penalty of Perjury

    • Response Timing and Format

    • Non-Discrimination

    • Limits on Requests

    • Verifying the Request

    • When Minors Are Involved

  9. For Those of You Outside of California

    • Persons Subject to GDPR or UK Privacy Laws

    • Persons Associated with Convoso Subsidiaries not in the United States

  10. Opting Out of Cookies

  11. Links to Other Sites

  12. Do Not Track Notice

  13. Data Security

  14. Privacy Notice Changes

  15. Questions

1.Types of Information

Like most other companies, Convoso collects, receives and has access to personal information about and related to quite a few groups, including site visitors, Convoso Services users, job applicants, employees, independent contractors or vendors, potential and actual customers and even those people who provide us with their information (such as people who give us business cards). We explain the information in more detail below.

Non-personal Information. When you visit the Convoso Site, we collect non-personal information, which is information about things like IP address (in situations where we cannot reasonably link the IP address to you), browser and operating system. This is done through “cookies,” which are small files with unique ID numbers to simplify your logging in and staying logged into a website and using services there, such as the Convoso Site and the Convoso Services. Our cookies do not allow us to learn your real name and address. We explain below how you can change that process.

Personal Information. We receive more detailed personally-identifiable information when someone requests a demo, registers to use the Convoso Services, uses the Convoso Services, authorizes payment, signs up for a newsletter or seeks technical support. We also receive detailed personal information when applicants apply for a job or someone becomes an employee or a person is an independent contractor or a vendor (or associated with an independent contractor or vendor). Our customers will also upload personal information about other persons. We describe the personal information we have—and have collected—in the past 12 months below.

Personal information does not include:

  • Publicly available information from government or other records, such as phone books, and in some cases, social networks or similar sources
  • De-identified or aggregated consumer information that is no longer capable of reasonably identifying a particular consumer or household

What Is Personal Information? Applicable law essentially defines personal information as information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Naturally, this information could include name, email address, credit card information and such other information that could identify a person, whether by itself or together with other information.

“Sensitive” Personal Information (“SPI”).  As of 2023, California has also added the sub-category of “sensitive personal information,” which is defined below. Below, we discuss how Convoso handles this type of information for California residents.

Sensitive Personal Information as Personal Information that is not publicly available and reveals:

  • a consumer’s social security, driver’s license, state identification card, or passport number;
  • a consumer’s account log-In, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  • a consumer’s precise geolocation;
  • a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership;
  • the contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication;
  •  a consumer’s genetic data; and
  • the processing of biometric information for the purpose of uniquely identifying a consumer;
  •  personal information collected and analyzed concerning a consumer’s health; or
  • personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
  • Note that SPI does not include publicly available personal information, which may include information gleaned from social networks as public sources.

Collecting & Using Sensitive Personal Information (“SPI”).  In the table below we explain what Convoso collects and does not collect and how long it is retained.  Please note that some SPI may come to Convoso in an indirect manner, e.g., the results of a workplace investigation.

Type of SPI

Collected/Used

Period Held

social security, driver’s license, state ID card, or passport number;

only for HR files and provided, when requested and permitted by law, to service providers, including benefits providers

For period of providing Convoso Services plus period permitted by law

account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;

for billing, payment  and use of Convoso Services by customers and their users.  .  For employees, Convoso provides and maintains account log-in for Convoso internal networks, including access code, password or credentials allowing access to internal accounts.

For customers and their users for the period of providing Convoso Services plus period permitted by law. For employees and independent contractors, for the period of employment and thereafter as necessary for access to information in Convoso network to which such employee/independent contractor had access

precise geolocation;

Not collected, unless incidental to employee or independent contractor providing such information

Not retained 

racial or ethnic origin, religious or philosophical beliefs, or union membership;

Not collected, although it might be inferred from information provided to HR in application or during employment

For period of employment and period afterwards permitted by law

the contents of mail, email and text messages, unless the business is the intended recipient of the communication;

Recipient might read, circulate and/or respond to emails, permitted because Convoso is the intended recipient; most emails are archived and may be deleted per the document retention policy

The period of retention depends on the nature and content of the emails, e.g., indefinitely if related to legal or potential legal matters. Otherwise, for anywhere from ninety days to several years

genetic data; and

Not collected, although such information might be included in confidential health records held by health providers

Convoso does not keep any such records and might have only incidental access (e.g., employee/applicant provides it as part of other documents)

the processing of biometric information for the purpose of unique identification;

Use only for access to premises and online services

For the period of permitting access (e.g., employment or engagement as an independent contractor) and as permitted by law

personal information collected and analyzed concerning an individual’s health; or

Not collected, although such information might be included in confidential health records held by health providers. Convoso might also have incidental access (e.g., if employee/applicant provides it as part of other documents)

Convoso does not keep any such records unless required for accommodating certain conditions or complying with applicable law (e.g., ADA). In all cases, Convoso will maintain as permitted by law. 

personal information collected and analyzed concerning a person’s sex life or sexual orientation

Not collected, although such information might be included in confidential health records held by health providers, results of investigations, e.g., sexual harassment or content posted by a person.  Convoso might have incidental access if disclosed by user, employee, or applicant.

Convoso and will keep such records for as long as required for resolution of legal matters (e.g., investigation, civil or criminal suits)

Sharing SPI with Third Parties. As noted elsewhere in this document, Convoso might provide some SPI to service providers that handle billing, payment processing, database management, benefits and benefits management, technical support, training, system maintenance and other services closely related to the business and to government agencies in a valid request for such information or in other legal actions.

Advertising Information. Some information created by cookies involves how users navigate the Convoso Site. That information is also used by third party services we use such as Google search and display advertising services. We use Google’s remarketing feature, through the Google Display Network, to inform, optimize and serve relevant and useful ads based on past visits to our website. This service enables us to modify ads presented based on that information. This requires the use of first-party cookies and third-party cookies placed on our Convoso Site. Those services do not enable us to identify you. Visitors and Users can change their browser settings to limit cookies, as described below.

  1. What Are the Sources of Personal Information and SPI?

We receive information in several ways.

In General.  Persons who sign up or login on our Site or request a demo or send us an email or letter or other form of communication provide us with personal information. In addition, our customers provide us with personal information when they open an account, use one or more Convoso Services, make payments and communicate with us. Applicants provide us personal information when they apply for a position and when they communicate with us. Independent contractors and employees provide us personal information when they make initial contact, when they have an agreement with us, when they perform their services, or we request those services and afterwards in further communications. Other individuals provide personal information when they contact us through other means, such as meeting a Convoso representative at a trade show and exchanging business cards. Others might provide personal information when they contact us for other reasons, such as proposing a new product or service or engaging with us on legal matters.

Personal Information from Customers, Referrals, etc.  We also receive personal information when one person or contact provides the personal information of persons they are contacting using the Convoso Services or another contact, e.g., the lawyer, accountant or bookkeeper of a customer or a referral by an employee to a potential candidate for a job opening.  Personal information provided by a customer is there only for the customer to use the Convoso Services and not for use by Convoso.

Third Parties. Third parties might provide us with information, such as contact information they use, leads provided to us or employees who provide information about their dependents.

Public Information. We might obtain information from publicly available sources such as databases from or derived from government or other sources (e.g., directories).

Integrated Analytics and Interactive Tools. We might obtain information through first-party and third-party tools integrated into the Convoso Site and Convoso Services such as lead forms, chat features, or system access logging features.

Incidental Access. We might receive personal information as an unintended consequence of other actions.  For example, we might have access to a small number of names and phone numbers used by users of Convoso Services when examining a bug or upgrading Convoso Services.  Convoso would keep such information only for the period to complete the task.

In addition, we might learn information about sexual orientation as a consequence of a workplace investigation or a lawsuit claiming, e.g., sexual harassment.  We would keep that information for as long as required under law and on the advice of counsel.

  1. How Do We Use the Information We Receive?

We do not sell your personal information. We use personal information for one or more of the following business purposes:

  • To provide you with information, products or services that you request from us or that are a natural part of providing the Convoso Services (i.e., to enable customers and those working with them to use certain features and functionality, to alert you of changes, etc.).
  • To fulfill and enforce obligations and rights arising from any contracts or other relationships we have, including the safety of our team, clients and others.
  • To improve the Convoso Services, including research & development, testing, product development, bug fixes and the like.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To develop and analyze our marketing program, including communicating with customers and potential customers.
  • To evaluate applicants for employment or contractor positions, such as contacting references, evaluating credentials, implementing aptitude exams, conducting background checks, and conducting drug screening.
  • To facilitate employment, contractor, or vendor relationship, such as processing payroll/payments, providing benefits, or paying taxes.
  • To facilitate our day-to-day business operations such as maintaining and improving our IT systems, managing our facilitates, entering into agreements with service providers, and managing our financial operations (payment processing, collections, accounting).
  • To refer companies that contact us to other providers by providing the contact information of those who contact us to others who might be able to provide the services requested.
  • To consider a business transaction that might involve providing or receiving services or the sale or other transfer of our assets or the purchase, licensing or other transfer of other assets, which might include personal information.

For Site Visitors and Users. For those who visit the Site, register, login, request a demo or additional information or otherwise use the Convoso Services, we use personal information for the following additional purposes: to simplify login; to improve the Convoso Services, including customizing them to your preferences; to provide you a demo and/or additional information and then follow-up; to respond to technical support requests; to enable users to utilize Convoso Services; to enable payment for use of the services; and to inform users of certain changes in the Convoso Services, certain procedures, use restrictions and account(s). For all such persons, we will contact users in the future if actions require us to do so—e.g., to send an invoice, notify of matters regarding use and so forth—and you give us permission to do so

If you are a customer, then we may keep personal information you provide us (including personal information of your users and persons contacted through your use of the Convoso Services) for approximately as long as there is legal liability based on our agreement with you, although it could be a shorter or longer period. The information received from those visitors who request a demo or additional information may be kept for about two years, unless a shorter period is required by regulation or a longer period is deemed by Convoso to be appropriate (and permitted by law).

For Applicants for Employment or Independent Contractor/Vendor Relationships. For those of you who are applying to become an employee, an independent contractor or a vendor, we use the information you provide to help us make the decision about employment or engagement. If we decide not to hire or engage you, then we will keep that personal information to inform you about later opportunities

We usually keep such personal information for up to three (3) years, unless you have the right, under applicable law, to request that we delete it and we are required by such law to delete it.  (Please note that you have to follow the procedure for making such request, as described below).  The period may be shorter or longer, depending on regulations and situations in which it is appropriate to have such information.

For Employees, Independent Contractors/Vendors, Shareholders and Others. Once you have an established relationship with us—e.g., you are employed by us, providing services to us or you own shares in Convoso—then we will use your personal information to manage that relationship. For example, for employees, we will use your personal information for those purposes normally associated with employment, e.g., pay you, schedule your time of employment, evaluate you, train you, administer benefits and so forth. As such, we will use it to contact you for work-related matters and you give us permission to do so.

We usually keep such personal information for up to three (3) years, unless you have the right, under applicable law, to request that we delete it and we are required by such law to delete it.  (Please note that you have to follow the procedure for making such request, as described below).  The period may be shorter or longer, depending on regulations and situations in which it is appropriate to have such information.

For Information Uploaded by Customers. Customers using the Convoso Services might upload personal information of third parties. We do not access such information except in situations where that information has caused, or is involved in, system malfunctions that would require us to access such information to examine it to solve the problem; the supplying customer requests that we access or delete it; or if access is necessary to fulfill a legal or compliance obligations including, but not limited to, responding to a subpoena, civil investigative demand, or traceback request. Each such customer, not Convoso, is responsible for the use of such information in compliance with all relevant rules and regulations. If we receive a request from a consumer to exercise any legal right related to personal information uploaded by a customer, we may try to inform the consumer of the identity of the relevant customer and require that such consumer submit its request directly to the customer for processing.

We usually keep such information for as long as required by law or in accordance with our data retention policy.

  1. Categories of Information Convoso Has Received in the Last 12 Months

Below we specify the personal information acquired in the last twelve months (updated every year), which we have provided below. Immediately below that table we have provided more detail by type of individual.

Category

Examples

Collected

A.     Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

YES as to site visitors; YES as to job applicants and employees (and their dependents); YES as to independent contractor applicants and those engaged; YES as to data from potential and actual customers.

B.     Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). “Sensitive Personal Information” under California law.

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES as to data from potential and actual customers; YES as to job applicants and employees (and their dependents); YES as to independent contractor applicants and those engaged.

C.    Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES as to job applicants and employees (and their dependents)

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES as to potential and actual customers

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

YES as to job applicants and employees

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

YES as to site visitors and customers

G.    Geolocation data.

Physical location or movements.

YES as to job applicants and employees; YES as to data from potential and actual customers

H.    Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

YES as to job applicants and employees; YES as to data from potential or actual customers

I.      Professional or employment-related information.

Current or past job history or performance evaluations.

YES as to job applicants and employees; YES as to independent contractor applicants and those engaged

J.     Non-public education information (per the Family Educational Rights & Privacy Act) (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

YES as to job applicants and employees (and their dependents); YES as to independent contractor applicants and those engaged

K.    Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. 

YES as to job applicants

  1. Disclosures in the Last 12 Months

Disclosure to Service Providers.  In the last twelve months we have disclosed personal information to various third-party service providers (i.e., vendors) who assist us with our business operations, including, but not limited for:

  • Payment processing;
  • Database management
  • Collection of accounts;
  • Providing the Convoso Services;
  • Facilitating marketing and non-marketing communications;
  • Marketing design and development;
  • Business analytics (both marketing and non-marketing related);
  • IT, network, and systems administration such as data storage and management, website hosting, and data security;
  • Professional services such as legal and accounting;
  • Validating authorization to work in the United States;
  • Evaluating job applicants (or other candidates)
  • Performance evaluation
  • Payroll processing;
  • Providing employee benefits such as insurance;
  • Training
  • Obtaining background checks and/or drug screenings; and
  • Day-to-day business operations such as courier services, facilities management, mailhouse operations, and document destruction.

We only provide our service providers with the information necessary for them to perform their services on our behalf. Each service provider is expected to use reasonable security measures appropriate to the nature of the information involved to protect your personal information from unauthorized access, use, or disclosure. Use of personal information by each such service provider is governed by a written agreement with us. 

Other Disclosures.  From time to time, Convoso might provide personal information (i.e., name and contact information) of representatives of a company to another service provider, or even a competitor, when Convoso feels that such a referral would be suitable for that initial contact. Under California law, Convoso is “sharing” that personal information.  Convoso receives no financial compensation or other benefits, although it is often possible that the recipient of the referral might thank Convoso for the referral.

Convoso may disclose such information in certain circumstances, including in response to requests by government authorities or industry regulatory bodies, or requests in a legal action. We may disclose information if we believe that it is appropriate or necessary for legal and/or regulatory compliance or we are exercising or defending our rights or the rights of others. We may also disclose information in connection with a merger or sale of our assets. 

By visiting the Site and/or using the Convoso Services, you consent to such disclosures.

Disclosures in the Last Twelve Months.  In the past twelve months, we have shared the following categories of personal information:

  • Category A: Identifiers
  • Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
  • Category C: Protected classification characteristics under California or federal law
  • Category D: Commercial information
  • Category E: Biometric information
  • Category F: Internet or other similar network activity
  • Category G: Geolocation data
  • Category H: Sensory data
  • Category I: Professional or employment-related information
  • Category J: Non-public education information (per the Family Educational Rights & Privacy Act, 20 U.S.C. § 1232g, 34 C.F.R. Part 99)
  • Category K: Inferences drawn from other personal information
  1. Rights Regarding the Personal Information of California Residents

California law now grants California residents certain rights to request certain actions by companies such as Convoso about your personal information. The law also imposes obligations on Convoso regarding these rights. 

In this Section 6 we explain those rights and the exceptions to fulfilling your request(s).  In Section 8 we explain how you can exercise those rights by submitting your requests.

Please note that these rights are available to individuals who are California residents and who could be employees, job applicants and users, as well as individuals at vendors providing services to Convoso.

A Quick Summary.  In general, these rights give California residents the right to request access to personal information about you in order for you to: 

  • know what personal information we have
  • correct that personal information
  • receive a copy of such information
  • delete personal information under certain circumstances, and
  • limit certain uses of sensitive personal information

Please note that these rights apply to individuals resident in in California, not legal entities. (For residents in others states or outside of the US, please see Section 9.) Please also note that these rights now apply to California residents who are job applicants or employees. 

Please note that there are circumstances in which we do not have to comply with all of your request.  We explain these circumstances below.

The Right to Know.  You have the right to request information about your personal information that we have collected and used over the preceding 12 months.  

The Right to Correct. California residents have the right to request that Convoso correct any of their personal information that Convoso has on file, with certain exceptions.  

The Right to Request Deletion. California residents have the right to request that Convoso delete personal information that Convoso has on file, with certain exceptions.

The Right of Data Portability. California residents have the right to request that Convoso provide to you a copy of certain personal information.  The copy must also be in a usable format.

The Right to Limit Some Uses of Sensitive Personal Information. If a company uses your SPI to infer characteristics about the person, then it must provide a mechanism for the subject of such SPI to opt out—i.e., Convoso cannot use it.  

Convoso does not use SPI to infer characteristics, so there is not opt-out mechanism.  However, if you believe that such use occurs, please submit a request .

Exceptions.  An exception to the requirement of deletion might apply to your request—generally, the exception is based on our need to complete obligations you and we have to each other, to protect our rights and rights of others, to maintain and enhance the Convoso Services and to respond to legal requests for such information. If we apply an exception, we will inform you of the categories of personal information that we were unable to delete and the exceptions we applied. The following is a list of exceptions that may be applied, including examples where the exception might not be clear.

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

For example: If you ordered Convoso Services and the order has not been cancelled, then we cannot delete information needed to fulfill the Services and obtain payment from you.

  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

For example: We will need to keep the information if we believe that it is relevant to detecting and correcting fraudulent activity with your account.

  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another person to exercise its free speech rights, or exercise another right provided for by law.
  • Comply with federal and state laws, e.g., the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
  • Enable exclusively internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

For example: If we are comparing your use of Convoso Services with the relevant contract terms or with the use by other users.

  • Comply with other legal obligations, such as responses to government requests or actions in a lawsuit.

For example: If we are required by law to retain certain information in our possession.

  • Make other internal and lawful uses that are compatible with the context in which you provided it.

For example: If you are an independent contractor currently engaged by us, then it will be necessary to retain information for contractual obligations and tax and other reporting purposes.

Limiting the Use of Your Sensitive Personal Information.  If a company uses SPI to infer characteristics about the person, then it must provide a mechanism for the subject of such SPI to opt out—i.e., Convoso cannot use it.  

Convoso does not use SPI to infer characteristics, so there is not opt-out mechanism. 

  1. Additional Privacy Matters under California Law

California privacy law also includes other obligations for companies such as Convoso.  In many respects, the provisions above comply with those laws.  However, in this section we explain some of those specific portions of California law and how Convoso addresses them.  Please note that these requirements are mandatory for Convoso only for individuals (i.e., not companies) who are California residents.  This does not mean that Convoso won’t follow your requests—only that California law does not require it for companies or for persons outside of California.

Do Not Sell.   Please note that we do not sell your personal information.  However, we will soon install a button on the home page.  When you push this button, then you are telling Convoso that it cannot sell your personal information to others for direct marketing purposes.  (“Selling” means that Convoso receives some compensation, e.g., cash, discounts, in-kind or others forms of compensation).  We will update our records if you provide us with accurate information.  If not, then we will contact you to get the right information.

Do Not Share.  Under California privacy law, companies must permit persons to opt out of Convoso sharing their personal information if such sharing is used “[. . .] for cross-context behavioral advertising [. . .].”  Convoso shares personal information for its business purposes, as described above in Sections 3, 4 and 5—e.g., for employees, sending it to third parties managing benefits, handling payroll, etc.  Convoso’s business purposes do not include cross-context behavioral advertising.  However, we will soon install a button on the home page so that you can opt out.  When you push this button, then you are telling Convoso that it cannot share your personal information with others as sharing is defined in the applicable law.  We will update our records if you provide us with accurate information.  If not, then we will contact you to get the right information.

Shine the Light Law.  California law related to privacy includes what is known as the “Shine the Light” law (at Civil Code Section 1798.83), which gives users resident in California the right to prevent disclosure of their personal information to third parties for direct marketing purposes by those third parties. The law also requires companies such as Convoso to respond to inquiries from such users about disclosure to such third parties. Companies can also choose an alternative, which is to follow a policy of not providing such personal information to third parties for direct marketing purposes. We have such a policy because we do not provide personal information to any third parties for their direct marketing purposes in the absence of your express consent.  

If we wish to provide your personal information to a third party for these direct marketing purposes, first, we will obtain your consent and, second, we will provide it only as a referral to another service provider with whom you might wish to discuss their services.

“Online Erasure” Law.  California also adopted a law, known as the “Online Erasure” law (at Business and Professions Code Sections 22580-22582), which requires companies that maintain certain website or online services to allow registered users who are under the age of 18 and who are also residents of California to request that the company remove content such persons have posted. Please note that we do not provide any feature or functionality for such users to post any content.  However, in the unlikely event that we introduce such features, then we will remove any such content upon requests following the normal procedure.

  1. Exercising Your Privacy Rights

To exercise the rights described in Sections 6 and 7 above, we have a procedure for you to submit your requests.  You have two means of doing so:  

  • Call us at (866) 525-0428
  • Send an email to: privacy@convoso.com

If you call us, we also recommend that you send an email, although you are not required to do so.  Please note:  if you call us and do not provide us with a way to contact you, then it will be almost impossible for us to follow through on your request.

Authorized Agents.  Only two people can make a verifiable consumer request: you or someone you have authorized to act on your behalf (which may include a business entity properly registered with the California Secretary of State). If you are an authorized agent, we will require you to undergo an identity verification process and will require that you provide a signed written authorization from the person that authorized you to make the request on its behalf. We may also independently contact that person to verify your authorization.

What Information a Request Must Provide.  Your request must include the following:

  • Provide information sufficient for us to reasonably verify that you are the person to which such personal information relates or that the person making such request on your behalf is properly authorized and registered. If your request does not contain such information, we may contact you to let you know what additional information we need.
  • Describe your request with detail sufficient for us to understand, evaluate, and respond to it.
  • Provide at least your full name, telephone number, and either email address, mailing address, or both. 

We will use personal information provided in a request only for verification and communicating with you about exercising your rights and responding to you, and for our compliance record keeping purposes.

Penalty of Perjury.  If you request access to the specific information in our files about you, we may require that you sign and return to us a declaration under penalty of perjury confirming your identity.

Response Timing and Format.  Convoso is obligated to respond within ten days after receiving the request and 45 days in fulfilling it or explaining why it cannot be fulfilled.  There might be circumstances where those periods can be extended, depending on the regulations issued by the relevant California agency.  How far back your request can go is not yet clarified under California law, but the twelve-month “look-back” limit has been lifted.  Convoso can use a shorter period if it reasonably believes that doing otherwise would create an undue burden.  Convoso, like many other companies, awaits the rules and regulations that will be issued and implemented by the new California privacy agency.  The response we provide will also explain the reasons we cannot comply with a request, if applicable. 

If you are requesting a copy (the right of data portability) and we are able to fulfill that request, then we will deliver the personal information in a format is readily usable by you (obviously within reason).  It should allow you to transmit the information from one entity to another entity.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination.  We will not discriminate or retaliate against you when you wish to exercise any of your rights, which means that when you make any such request, we will not (unless permitted by applicable law):

  • Deny or alter goods or services you have ordered.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  • For job applicants or employees, use your request(s) in any evaluation of your candidacy or performance.

Limits on Requests.  There are two types of limits on your requests.  First, you can submit requests to Convoso only twice in any twelve-month period.  Second, we are not required to fulfill some requests, if keeping your personal information is required for a business purpose—which we have described above.  For example, we would not be able to delete your billing information if you and we still have a contractual relationship and you are the one whose credit card is used for payments under that contract.  We will explain our reasons for rejecting the request.

Verifying the Request.  Please note that we might have to verify your request—i.e., you are the person you claim to be, or the agent genuinely authorized by the person who personal information is being requested.  Often, when we receive your request, we will contact you to verify that you are the person you claim to be and then we will begin the process to fulfill your request.

When Minors Are Involved.  Convoso does not permit minors to use its services.  However, Convoso may have personal information of minors who are dependents of employees.  That information is used solely for the HR purposes relating to benefits, such as family health insurance plans.

If you are a parent or legal guardian making a request on behalf of a minor, we will require to prove your identity and that you are the parent or legal guardian of that minor. 

  1. For Those of You Outside of California

If you live outside of California, there may be other privacy and disclosure requirements. However, by using the Convoso Site you agree and consent to us collecting, processing and transferring data about you in accordance with this privacy policy solely under the applicable laws of California, where we provide the Convoso Services.  You are solely responsible for compliance with any data security or privacy obligations in your jurisdiction.  However, Convoso is using commercially reasonable efforts to comply with other state privacy laws.

Persons Subject to GDPR or UK Privacy Laws.  If you are subject to GDPR or UK privacy laws, then our policies under those laws will be sent to you at your request to privacy@convoso.com.

Persons Associated with Convoso Subsidiaries not in the United States.  For those of you who are job applicants, employees or individuals or companies providing services to one of Convoso’s subsidiaries, then you will be subject to the privacy policies of the relevant subsidiary. Please note that those policies might provide for the transfer of personal information from the jurisdiction in which the relevant subsidiary is located to Convoso in the United States.  Such transfer will comply with the relevant laws, and processing by Convoso will comply with applicable law and a data processing agreement between each such subsidiary and Convoso.

  1. Opting Out of Cookies

Your browser may be set to a default that accepts cookies, but usually you can modify those settings to reject cookies. If you do so, please understand that some of the features of the Convoso Services or parts of the Convoso Site might be disabled. You can also opt out of customized Google Display Network ads by visiting the Google Ads Preference Manager.

  1. Links to Other Sites

The Convoso Site may from time to time include links to third party sites. When you visit those sites you are subject to their privacy policies and practices and we are not responsible for those sites, anything on them or available through them. You should review and understand the privacy policy of each such site prior to using it.

  1. Do Not Track Notice

Convoso’s Site does not presently respond to Do Not Track signals.

  1. Data Security

Convoso has implemented reasonable physical, technical, and administrative safeguards to prevent the unauthorized access or distribution of personal information. Even with these safeguards in place, no network can be 100% secure.

  1. Privacy Notice Changes

We will advise you of changes to this privacy policy by noting the effective date of the most recent changes, usually at the top of this page and in some cases by other means. Those changes will affect your use of the Convoso Site and the Convoso Services going forward from that effective date. The previous policies (which will be available through a link) will govern your use before the effective date.

  1. Questions

If you have any questions or comments, then please email us at privacy@convoso.com