PRIVACY STATEMENT



Last Updated: May 22, 2018

1. Introduction

We take your privacy extremely seriously. This policy explains the what, how, and why of the information we collect when you visit one of our websites, or when you use our Services. It also explains the specific ways we use and disclose that information. Please read our Terms of Service and this Privacy Policy carefully, as you must agree to both documents in order to have permission to use our Service. This Privacy Policy is hereby made a part of the Terms of Service. Please note that for the purposes of EU data protection legislation, GrooveJar is the data processor of personal information. This Privacy Policy is effective with respect to any data that we have collected, or collect, about and/or from you, according to our Terms of Services.

2. Definitions

Throughout this document, we may use certain words or phrases, and it is important that you understand the meaning of them. The following is a non-exhaustive list of definitions of words and phrases found in this document:

3. Information We Collect

3.1. Information you voluntarily provide to us: When you sign up for and use the Services, consult with our customer service team, send us an email, post on our blog, integrate the Services with another website or service (for example, when you choose to connect your e-commerce or CMS platform account with GrooveJar), or communicate with us in any way, you are voluntarily giving us information that we collect. That information may include either your or your Customers’ name, physical address, email address, IP address, phone number, credit card information, as well as details including gender, occupation, location, purchase history, and other demographic information. By giving us this information, you consent to this information being collected, used, disclosed, transferred to the United States and stored by us, as described in our Terms of Services and in this Privacy Policy.

3.2. Information we collect automatically: When you use the Services or browse one of our Sites, we may collect information about your visit to our Sites, your usage of the Services, and your web browsing. That information may include your IP address, your operating system, your browser ID, your browsing activity, and other information about how you interacted with our Websites or other websites. We may collect this information as a part of log files as well as through the use of cookies or other tracking technologies. Our use of cookies and other tracking technologies is discussed more below.

3.3. List and email information: When you add a subscriber list, create a campaign, or create an email with the Services, we have and may access the data on your list and the information in your email. If a Customer chooses to use forward a link in an email campaign you send, it will allow the Customer to share your email content with individuals not on your subscriber list or in your campaign. When a Customer forwards an email to another person, we do not store that other person’s email address.

3.4. Information from your use of the Service: We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our users.

3.5. Cookies and tracking: We and our partners may use various technologies to collect and store information when you use our Services, and this may include using cookies and similar tracking technologies on our Site, such as pixels and web beacons, to analyze trends, administer the website, track users’ movements around the website, serve targeted advertisements, and gather demographic information about our user base as a whole. Users can control the use of cookies at the individual browser level. We partner with third parties to display advertising on our website or to manage and serve our advertising on other sites. Our third party partners may use cookies or similar tracking technologies in order to provide you advertising or other content based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click http://preferences-mgr.truste.com/ (or if located in the European Union click http://www.youronlinechoices.eu/). Please note you might continue to receive generic ads.

3.5.1. Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.

3.5.1.1. session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).

3.5.1.2. shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits

3.5.1.2.1. shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

3.5.1.2.2. cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

3.5.1.2.3. secure_session_id, unique token, sessional

3.5.1.2.4. storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

3.6. Web beacons and hooks: We use web beacons and hooks on our Websites and in our emails. When we send emails to Customers, we may track behavior such as who opened the emails and who clicked the links. This allows us to measure the performance of the email campaigns and to improve our features for specific segments. Reports are also available to us when we send email to you, so we may collect and review that information.

4. Use and Disclosure of Personal Information

We may use and disclose Personal Information only for the following purposes:

4.1. To promote use of our Services to you and others. For example, if we collect your Personal Information when you visit our Website and do not sign up for any of the Services, we may send you an email inviting you to sign up. If you use any of our Services and we think you might benefit from using another Service we offer, we may send you an email about that. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send. In addition, we may use information we collect in order to advertise our Services to you or suggest additional features of our Services that you might consider using. In addition, we may use your Personal Information to advertise our Services to potential or other users like you.

4.2. To send you informational and promotional content in accordance with your marketing preferences. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.

4.3. To bill and collect money owed to us by You. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.

4.4. To send you System Alert messages. For example, we may inform you of temporary or permanent changes to our Services, such as planned outages, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy.

4.5. To communicate with You about Your account and to provide customer support.

4.6. To enforce compliance with our Terms of Services and applicable law. This may include developing tools and algorithms that help us prevent violations.

4.7. To protect Your rights and safety as well as those of third parties and our own.

4.8. To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.

4.9. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.

4.10. To prosecute and defend a court, arbitration, or similar legal proceeding.

4.11. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.

4.12. To provide, support, and improve the Services we offer. This includes our use of the data that our Members provide us in order to enable our Members to use the Services to communicate with their Subscribers. This also includes, for example, aggregating information from your use of the Services or visit to our Websites and sharing this information with third parties to improve our Services. This might also include sharing your information or the information you provide us about your Subscribers with third parties in order to provide and support our Services or to make certain features of the Services available to you. When we do have to share Personal Information with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that requires them to use the Personal Information we transfer to them in a manner that is consistent with this policy.

4.13. To provide suggestions to you. This includes adding features to compare email campaigns or using data to suggest products or services that you may be interested in or that may be relevant to you or your Customers.

4.14. To transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Site.

Combined Information: We may combine Personal Information with other information we collect or obtain about you (such as information we source from our third party partners), to serve you specifically, such as to deliver a product or service according to your preferences or restrictions, or for advertising or targeting purposes in accordance with this Privacy Policy. When we combine Personal Information with other information in this way, we treat it as, and apply all of the safeguards in this Privacy Policy applicable to, Personal Information. 5. Data Collected for and by our Users

As you use our Services, you may import into our system Personal Information you have collected from your Customers or other individuals. We have no direct relationship with your Customers or any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to collect and process information about those individuals.

Consistent with the uses of Personal Information covered above, we may transfer Personal Information of you or your Customers to companies that help us promote, provide, or support our Services (“Service Providers”). All Service Providers enter into a contract with us that protects Personal Information and restricts their use of any Personal Information consistent with this policy. As part of our Services, we may use and incorporate into features information you have provided, we have collected from you, or we have collected about Customers. We may share this information, including Customer email addresses, with third parties in line with the approved uses of this Privacy Policy.

6. Commercial and Non-Commercial Communications to You

By providing information to the Site that forms the basis of communications with you, such as contact information, you waive all rights to file complaints concerning unsolicited e-mails from GrooveJar since, by providing such information, you agree to receive communications from us or anyone else covered under this Privacy Policy. However, you may unsubscribe from certain communications by notifying GrooveJar that you no longer wish to receive solicitations or information and we will endeavor to remove you from the database.

We will retain Personal Information we process for as long as needed to provide our Services or to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements.

7. Public Information and Third Party Websites

Blog. We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you want it removed, contact us. If we are unable to remove your information, we will tell you why.

Social media platforms and widgets. Our Site includes social media features. These features may collect information about your IP address and which page you are visiting on our Site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. We also maintain presences on social media platforms including Facebook, Twitter, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

Links to third-party websites. Our Site include links to other websites, whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

8. Third Parties

Service Providers. Sometimes, we share your information with our third party Service Providers, who help us provide and support our Services. For example, if it is necessary to provide you something you have requested then we may share your and/or your Customer’s Personal Information with a Service Provider for that purpose. Just like with the other third parties we work with, these third party Service Providers enter into a contract that requires them to use your Personal Information only for the provision of services to us and in a manner that is consistent with this policy. Examples of Service Providers include payment processors, hosting services, and content delivery services. Without limiting the generality of the foregoing, you authorize us to collect, share, store, and otherwise use your information in conjunction with the entities listed in our Third-Party Sub-Processors page.

Advertising partners. We may partner with third party advertising networks and exchanges to display advertising on our Site or to manage and serve our advertising on other sites and may share Personal Information with them for this purpose. All third parties with which we share this information are required to use your Personal Information in a manner that is consistent with this policy. We and our third party partners may use cookies and other tracking technologies, such as pixels and web beacons, to gather information about your activities on our Site and other sites in order to provide you with targeted advertising based on your browsing activities and interests.

9. Content of Email Campaigns

When you send an email marketing campaign, it bounces from server to server as it crosses the Internet. Along the way, server administrators can read what you send. Email was not built for confidential information. Please do not use GrooveJar to send confidential information.

10. Your Subscriber Lists and Campaigns

A Subscriber List and related Campaigns used within Collect & Convert are created by capturing lead information via GrooveJar popups or other GrooveJar apps. Data is stored on a secure GrooveJar server. We do not, under any circumstances, sell your Subscriber Lists. Only authorized employees have access to view Subscriber Lists.

We do not, under any circumstances, sell your Subscriber Lists. We will use and disclose the information in your Subscriber Lists only for the legal and regulatory reasons. We will not use and disclose the information in your Subscriber Lists to:

If we detect abusive or illegal behavior related to your Subscriber List, we may share your Subscriber List or portions of it with affected ISPs or anti-spam organizations.

11. Notice of Breach of Security

If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your Subscriber Lists, then GrooveJar will notify you as soon as possible and later report the action we took in response.

12. Safeguarding Your Information

We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information.

Our credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor is certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC). If you have any questions about the security of your Personal Information, you may contact us at support@groovejar.com.

GrooveJar accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your Subscriber Lists is sensitive, account passwords are encrypted, which means we cannot see your passwords.

13. Operations in the United States

Our servers and headquarter offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy, including offering a data processing addendum. By using our Site, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this policy.

14. Data Transfers from Switzerland or the EU to the United States

GrooveJar adheres to and is being certified for its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. A list of Privacy Shield participants is maintained by the Department of Commerce and is available at: https://www.privacyshield.gov/list.

GrooveJar is responsible for the processing of Personal Information it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider TRUSTe (free of charge to you) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Users located in Switzerland and the EU are also free to request our updated data processing agreement which incorporates the Standard Contractual Clauses here in addition or instead of relying on GrooveJar’s Privacy Shield certification, as applicable.

15. Users Located in Australia

If you are a Member who lives in Australia, this Section applies to you. We are subject to the operation of the Privacy Act 1988 (“Australian Privacy Act”). Here are the specific points you should be aware of:

Where we say we assume an obligation about Personal Information, we are also requiring our subcontractors to undertake a similar obligation, where relevant.

We will not use or disclose Personal Information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for the marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account.

Our servers are primarily located in the United States. In addition, we or our subcontractors, may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of off-shore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas.

If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request.

If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.

16. Accuracy and Retention of Data

We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes. Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. We will retain your information for as long as your account is active or as long as needed to provide you with our Services. We may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our Agreements.

17. Access

We will give an individual, either you or a Subscriber, access to any Personal Information we hold about them within 30 days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by contacting us. Unless it is prohibited by law, we will remove any Personal Information about an individual, either you or a Subscriber, from our servers at your or their request. There is no charge for an individual to access or update their Personal Information.

18. California Privacy

Under California Law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of Personal Information, such as name, email and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes and (b) the names and addresses of all such third parties. To request the above information, please contact us at support@groovejar.com.

15. Amendments

We may amend this Privacy Policy from time to time. When we amend this Privacy Policy, we will e-mail you to inform you of the amendments. Your continued use of our Service shall constitute your acceptance of any such amendments.

If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at: support@groovejar.com or 112 Water Street, Suite 500, Boston, MA 02109, United States.