This policy will tell you about your privacy rights and how we protect your privacy. If you want to know about cookies, please see our Cookie Policy here
We are Convert Insights Inc. and we provide online website optimization services to our customers (which we’ll refer to as the “Services”) to improve the performance of their online businesses and marketing activities. We collect certain personally identifying information from our customers and their websites in the course of performing those Services.
We respect the privacy of our customers and their customers and we want you to know that your personal information (data) is protected and that you have a choice about how it is used. This notice explains your rights, how we use your personal data and how we comply with our legal obligations. As an organization we’re committed to data privacy and security, including the General Data Protection Regulations (known as GDPR) which apply to our EEA resident and you'll find the full GDPR roadmap here, and the GDPR Committing to Compliance here.
Our policy won’t apply to any third parties, including our customers' websites and any social media platforms to which our website links and we have no control over any third party websites. We recommend you read the individual privacy policies for other sites and platforms.
This policy is effective from November 8th, 2024
We regularly update this policy and post the updated Notice on the website so it is your responsibility as a customer and/or website user to check it. However, if we make a significant change (i.e. change the way data is processed in a way which you wouldn’t expect) then we will actively let you know, by, for example, emailing you using the last email address you give us. We want you to be able to review the revised policy (and change your mind if you want to) before continuing to use the website and Services.
We track users for our test and targeting software but do not store IP addresses to figure out your identity. In addition we do not store sensitive personal data.
We are Convert Insights Inc. of 2093 PHILADELPHIA PIKE #9985, CLAYMONT, DE 19703, USA and we own and operate this website www.convert.com.
The person responsible for data protection is the Privacy Principles Officer, Dionysia Kontotasiou and you can email them at support@convert.com.
As an organization we are subject to the regulatory and enforcement authority of the United States Federal Trade Commission.
You need to know anything about how we protect your privacy? All you need to do is ask us!
In the US, there isn’t currently one single federal law which defines personal data (or regulates its protection and security) but the GDPR’s definition of personal data is any information which could identify you, including your name, address and email address and IP address. Special category data is more sensitive, such as information about your health or ethnic origin. We don’t collect special categories of personal data but we do collect personal data.
You can visit our website and read information about us and our products and services without revealing any personally identifiable information. However, if you want to become a customer, you must create an account and set up a profile.
We collect personal data in a variety of ways and you can find out more here.
We collect personal data from you in the following ways:
We use personal data in a variety of ways and you can find out more here.
We use personal data so that we can:
We do not make any automated decisions or undertake any profiling.
It’s important that you understand how we use your personal data.
We only process (collect, use or store) your information when we have a lawful basis for doing so. You can find out more here.
There are several lawful bases which we rely on, particularly in relation to GDPR, including:
We need a lawful basis before we can process your personal data.
Our customers can place an opt-out link on their website and we respect your privacy when you turn off tracking features and other security settings in your browser. You can find out more here.
Each of our customers is invited to place an opt-out link on their website that can be used by visitors to their websites who do not want their information given to us, Convert Insights Inc. By clicking on the link, those visitors can activate our opt-out process. We will implement each opt-out election in the shortest amount of time possible after receipt.
We have placed a general opt-out on the home page of our Site. By using the general opt-out, our customers can direct us to purge all or a portion of the data that we have received or collected in the course of performing the Services.
You can opt-out of our Services for each individual customer website and for all of our Services for all customer sites. We provide the opt-out functionality at: https://www.convert.com/opt-out/.
Upon receiving your opt-out request, we will purge the information submitted to us pertaining to that request.
DO NOT TRACK SETTINGS
Some web browsers have settings that enable you to request that our website not track your movement within our website. Our website obeys such settings when transmitted to and detected by our website. You can alter tracking features and other security settings in your browser by referring to your browser’s user manual.
If you do not wish to provide us with the personal data which we need from our customers, (or you provide us with the data but then change your mind), you will be unable to use our Services.
You can control what data you give us but we'll need some if you want be our customer.
We want your data to be accurate and up-to-date so please keep us up to date when anything changes. Customers (registered users) can do this by updating their profile. Alternatively, you can email us at support@convert.com or visit https://www.convert.com/contact-us/.
There are likely to be times when we must share your personal data with others, for example, where the law requires or to enforce our rights or protect others, such as for fraud prevention or if we sell all or part of our business or it is otherwise acquired by someone else. We could also:
Otherwise we will only share your personal information if you have consented to this.
We share data with others but we want you to know all about it.
Customers can specify the categories of data they wish to receive and you can find out more here.
The Services we provide to customers consists of tracking visits to their websites and collecting information about the behavior of those visitors. The data we collect helps you (the customer) optimize your website and to use it strategically. This data can include the web addresses (URLs) of pages visited, the URLs of web pages that referred your visitors to your website, details about the web browsers that visitors use to browse your website, the operating systems used by those visitors, the number of screen colors and the screen resolution used by the visitors to view your websites and external geodata elements connected to your visitors' IP address, including country, city, region, etc.
Our Service is organized so that our customers can specify the categories of data they wish to receive. The foregoing categories of information do not necessarily enable us or others to identify you or the visitors to your website. However, if the URLs we collect contain information that in themselves include personally identifiable information, such as a name or phone number, or if they link to pages that contain personally identifiable information, then we can collect that information as well.
Our Service allows our customers to transmit and store additional information on our servers. This additional information can be anything, including personally identifiable information, except that we don't permit URLs or internet addresses to be stored. We have no control over what information is transmitted by our customers to our servers. Our customers can also request that we receive personally identifiable information that has been rightfully obtained by those customers, such as the email addresses of those who visit their websites and the information those visitors to their websites choose to post.
All of the information that we collect from our customers, retain and store, that identifies them and the visitors to their websites belong to our customers. We treat that information as proprietary, confidential customer property. Convert Insights Inc. is merely a limited agent that possesses and uses the information only for purposes of performing the Services requested by our customers. We recommend that our customers include information in their own privacy policies that describes their use of hosted optimization services such as those we provide. We also recommend that each of our customers provides its visitors with information regarding their ability to opt-out of permitting disclosure of their personally identifiable information to providers such as Convert Insights Inc. We urge visitors to our customers' websites to review the privacy policies of those websites. Those privacy policies govern the use of visitors' personally identifiable information by our customers and also by us.
The law gives you certain rights in relation to your personal data and to exercise or discuss these rights contact Dionysia Kontotasiou at support@convert.com.
You can find our more about your rights here
The following rights can apply to personal data we collect and process (these can vary according to the lawful basis we rely on to process personal data) so that you can:
GDPR gives EU residents specific data rights and we comply with those rights.
You can exercise your GDPR rights by contacting us at support@convert.com and can find out more about our process here
When you choose to exercise any of your data protection rights:
We keep your data:
Details about how long we retain data is here.
Please check that the retention periods meet your other compliance obligations:
| Data Subject | How long is personal data kept? | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Customers | We will retain personal data for 7 years from the date that you ceased to be a customer. | ||||||||||||||||||||||
| Potential Customers | We will retain personal data for 12 months from the date of our last contact. | ||||||||||||||||||||||
| Potential Suppliers | We will retain personal data for 6 months from the date of the last time you contacted us. | ||||||||||||||||||||||
| Suppliers | We will retain personal data for 7 years from the date that you ceased to be a supplier. | ||||||||||||||||||||||
| Employees | We will retain personal data for 7 years from the date that you ceased to be an employee. | ||||||||||||||||||||||
| Potential employees | We will retain personal data for 12 months from the date of the last time you contacted us. | ||||||||||||||||||||||
We store personal data for only as long as we need to.
Our company is registered and based in the US and so your data will be processed, transferred or stored outside the EU and the UK and Switzerland to countries including the US, which do not have the same data protection as the EU. However, wherever we transfer, process or store your personal data, we will take reasonable steps to protect it.
We comply with GDPR and the Data Privacy Framework when transferring the personal data of EU, UK and Swiss individuals, and you can find out more here.
EU and UK Residents – transfers
Since some countries do not have the same level of data protection the law restricts the transfer of your personal data so that this can only take place if:
EU, UK and Swiss individuals - the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework
Convert Insights, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Convert Insights, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Convert Insights, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Convert Insights is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the DPF Principles, EU, UK and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to support@convert.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to support@convert.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Convert Insights’ accountability for personal data that it receives in the United States under the Data Privacy Framework Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, Convert Insights remains responsible and liable under the DPF Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Convert Insights proves that it is not responsible for the event giving rise to the damage.
Data Privacy Framework Enforcement & Disputes
In compliance with the Data Privacy Framework Principles, Convert Insights Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF. European Union, United Kingdom and Swiss individuals with DPF inquiries or complaints should first contact should Convert Insights Inc. at:
Convert Insights Inc.
Department: Data Privacy Framework Principles
2093 PHILADELPHIA PIKE #9985
CLAYMONT, DE 19703, USA
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Convert Insights, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to DATA PRIVACY FRAMEWORK SERVICES, an alternative dispute resolution provider based in the United States operated by BBB National Programs. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint. The services of DATA PRIVACY FRAMEWORK SERVICES are provided at no cost to you.
If your Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
We transfer data out of the EU and the UK and Swiss but we know what we’re doing and comply with the Data Privacy Framework.
We have implemented technology, security policies and measures to protect the personal information that we have under our control from unauthorized access, improper use, alteration, unlawful or accidental destruction and accidental loss. To find out more, see below.
The data we collect from our customers and their websites in the course of providing the Services is stored on servers operated by third parties under contract with us. The user names and passwords our customers use to access their accounts and the Services are stored on servers operated by different third parties, also under contract with us. Those third parties have instituted reasonable commercial measures to ensure the security of our customers' information, and we rely on the effectiveness of those measures to keep our customers' information secure. These security measures include physical security of the facilities where the servers are located; redundant storage of data in multiple physical locations; access to data based on established privilege levels; firewalls to prevent unauthorized access; and SSL-encrypted API calls. We do not collect, store or transmit any credit card or banking account data from sites installing our code.
Data that our customers submit to us regarding visitors to their websites do not contain any personally identifiable information unless the visitors themselves have included such personally identifiable information in their submissions to our customers' websites. We have no control over this, and we disclaim any responsibility for the unauthorized use or disclosure of such information. However, such data is retained in the servers in an anonymous form and IP addresses are not stored.
We take care of your personal data.
When you use the Website we also collect non-personal information or aggregated information – that is any information about more than one individual where the individual’s identity is unknown and cannot be inferred from that information. This helps us run our Website and business effectively. Find out more here.
Our website uses Google Analytics to collect information about the use of our website. We use this information to analyze traffic, improve our marketing, and to improve our website. Google Analytics does not collect your name or other identifying information. We do not combine the information collected using Google Analytics with personal data. For more information on how Google collects and processes your data, visit https://www.google.com/policies/privacy/partners/.
You can prevent Google Analytics from using your information by opting out at this link: https://tools.google.com/dlpage/gaoptout.
We use cookies – please read our Cookie Policy which can be found here.
You can visit or leave our Website by clicking a link to or from another website or platform operated by a third party – for example, you can use social media icons (such as Twitter). If you do this, please also take the time to read the relevant privacy information provided by other websites/platforms because they will be different to our privacy Notice which only relates to our website.
Customers acknowledge that Convert Insights Inc is not a Business Associate or subcontractor (as those terms are defined in HIPAA) and that the Convert Insights Inc. Services is not HIPAA compliant. “HIPAA” means the Health Insurance Portability and Accountability Act and related amendments and regulations as updated or replaced. “Regulated Data” includes HIPAA-regulated data and data covered under the Gramm-Leach-Bliley Act (or related rules or regulations) as updated or replaced.
If you or your organization are required under the European Union’s General Data Protection Regulation (GDPR) to enter into a contract, or other binding legal act under EU or Member State law, with your data processors, you can review and accept our Data Processing Agreement here.