Convert + Privacy
Convert Experiences is the Most Privacy Focused A/B Testing Solution On the Market.
Learn MoreOur GDPR Commitment
We are committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.
To learn more, see the Convert GDPR Company Page about the steps we have taken to reach compliance as a company, as well as our roadmap for making Convert Experiences GDPR compliant.
Our CCPA Commitment
The California Consumer Privacy Act, also referred to as CCPA, is a privacy-centric bill aimed at protecting the privacy of California consumers that is effective from January 1, 2020.
Because of the many product and process enhancements we made in preparation for the 2018 General Data Protection Regulation (GDPR), when the CCPA was signed we were already well-positioned to support customers needing to comply.
We are committed to protecting your privacy and see CCPA as an opportunity to strengthen our commitment even further. We don’t collect & process users’ personal information beyond what is required for the functioning of our services, and this will never change.
We have put in place processes and procedures to comply with the various provisions of CCPA—consumer rights, data protection addendum, data deletion, data retention, and pseudonymization, which align with our core values of customer trust and data privacy.
Our LGPD Commitment
Brazil passed its own GDPR-like law in 2018 (Lei Geral de Proteção de Dados (or LGPD)), and is effective from August 2020. We are committed to provide secure services to all our Brazilian customers by implementing and adhering to prescribed compliance policies.
To prepare for LGPD, we worked with vendors to ensure they are compliant. We are continuing to review our security measures, as we always do, to stay at the forefront of evolving industry standards and best practices.
International Data Transfers: Data Privacy Framework and SCC
For any transfer of personal data outside the European Economic Area to a country which is deemed by the EU to not have an “adequate” level of data protection, we have put in place with our affiliates, with our third party service providers, and with our customers, the necessary safeguards and mechanisms to ensure that such transfers comply with applicable data protection laws.
These safeguards include the EU Standard Contractual Clauses (SCC) and EU-US Data Privacy Framework (EU-US DPF) and the SWISS-U.S. Data Privacy Framework: certification. In addition, we may institute in the future, in our discretion, other lawfully approved mechanisms such as Binding Corporate Rules and Codes of Conduct. For transfers to third party service providers, we ensure that such entity maintains appropriate safeguards and shall have in place required data protection terms to ensure protection of personal data to the same degree as required of Convert.
Sign your DPA
We make it easy for our customers to formalize and share with their stakeholders, including employees, customers and potential auditors, that they use Convert Experiences in a way that meets GDPR data processing obligations.
The Data Processing Agreement (DPA) is an easy-to-execute document that only requires an electronic signature from the customer.
For reference, please visit this page.
Sign your NDA
We have a very balanced mutual Non-Disclosure Agreement (NDA).
We sign NDAs with potential and current users/customers and suppliers as needed free of charge. In doing so we commit to safeguarding their confidential information as laid down in the provisions of the NDA. In return we seek the same commitment via this mutual agreement.
Contact support@convert.com to sign your NDA
Conduct a DPIA
As part of Convert’s GDPR Project, we developed guidance for staff and a template to be used to carry out Data Privacy Impact Assessments (DPIAs). You can find the template with the pre-filled screening questions here.
For further information, please visit this page.
Carry out a LIA
If you want to rely on legitimate interests as your lawful basis for a particular processing activity, you will need to carry out a Legitimate Interests Assessment (LIA) to help you to decide if this lawful basis is the most appropriate for the type of processing you want to carry out, or if you should look at the other options (consent, contract, legal obligation, vital interest).
We have carried out our LIA where we show that the processing of personal data does not override the fundamental rights and freedoms of the individual to whom the data relates.
If you wish to conduct a Legitimate Impact Assessment exercise, please download our LIA template.
Request your Personal Data with the DSAR Form
You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
- We may ask you to verify your identity, or ask for more information about your request; and
- Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
Information on how to submit a GDPR Data Subject Request can be found here. The DSAR form is accessible here.
We Honor DNT/Opt-out
We honor the Do Not Track header, this means that if a viewer has the DNT header installed, Convert Experiences will not track that user.
The Opt-Out option we provide is a further measure to set a third-party cookie that specifically tells the Convert Experiences script not to track a user. With or without this, we still honor the Do Not Track header.
Our Transparent Data Policies
We have several data policies in place.
1
General Data Protection Policy
This policy is a statement of our commitment to protect the rights and privacy of individuals in accordance with the GDPR.
2
Data Management Policy
The purpose of this policy is to enable access to data and information held by us, to the greatest extent possible, consistent with legislation and relevant policies, whilst ensuring that electronic data is protected from unauthorised use, access and breaches of privacy.
3
Personal Data Breach Escalation Policy
The purpose of these procedures is to provide a framework for reporting and managing data security breaches affecting personal data held by us. These procedures are a supplement to the Data Protection Policy which affirms its commitment to protect the privacy rights of individuals in accordance with Data Protection legislation.
4
Data Retention Schedule
The purpose of this schedule is to define the minimum data retention periods and disposal mechanism.
Want to access any of these policies? Please contact us at support@convert.com.
Our Cookie Policy vs Privacy Notice
Our Privacy Notice explains our principles when it comes to the collection, processing, and storage of your information. Our Cookie Policy specifically explains how we, our partners, and users of our services deploy cookies, as well as the options you have to control them.
We Take Legal Compliance Seriously
We employ dedicated legal and compliance professionals with extensive expertise in data privacy and security. These professionals are embedded in the development lifecycle and review products and features for compliance with applicable legal and regulatory requirements. We also have a business code of conduct that makes legal, ethical and socially responsible choices and actions fundamental to our values and standards for meeting those goals.
On-Demand Demonstration
Showing is Better than Telling
Book your slot for a complete demonstration of the newest privacy & security features incorporated in Convert Experiences.
Book your slotWant to Test But Worried about the Privacy Implications?
We are constantly working to build a service that helps you create better experiences without compromising the privacy of your users. For more questions get in touch with us at support@convert.com.