Last updated: Aug 19, 2022
We collect and process personal information from visitors to our Site in connection with our Services.
BoostKPI is a Delaware corporation, with offices in California. Please reach us at email@example.com
For users in the EEA and the U.K., note that we may collect your personal data as a ‘data controller’ when we determine the means and purpose of processing, such as when we process the personal data of our Site Visitors and/or Customers.We otherwise process personal data as a ‘data processor’ when we collect and process End User personal data on behalf of our Customers who use our Services. In other words, with respect to personal information that we process in order to provide Services to our Customers, we are acting as a service provider.
Our Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.Our customers are responsible for ensuring compliance with applicable rules where the personal information of children is collected and transmitted.
The information we collect and process depends on how and why you use our platform. There are three buckets of personal information we receive:
You can visit our Site without having to submit any personal information. If you request more information, or sign up for marketing communication and/or our Services, we will collect personal information as follows.
When you use or interact with our Site, even if you do not have an account, we, or authorized third parties engaged by us, may automatically collect information about your use of the Site via your device, some of which is considered personal information. “Device and Usage Information” that we collect consists of:
We process personal information from third parties, which consists of data from our Customer End Users, as well as information from our CRM service. What we collect from Customer End Users, how we access the data and how we use it is subject to our Customers terms and privacy policies.
As noted above, our Services consist of data analytics for our Customers. These Customers may collect personal information from Customer End Users in connection with the products or services that they offer to Customer End Users and make some information – at their discretion – available to us in order to provide the Services. Such information is stored on our Customers’ systems or in the cloud, and our Customers are responsible for any personal information they collect.
With the information that we collect (or that is collected by our third-party analytics services, such as Google Analytics), we generate and process aggregated information, such as statistical or demographic data (“Aggregated Information”). For example, we may track the total number of visitors to our Platform, track the number of visitors to each page of our Site. We aggregate this data to calculate the percentage of users accessing a specific feature of the Platform and analyze this data for trends and statistics. We do the same with the data that we process on behalf of our Customers. Aggregated Information may be derived from personal data, but is not considered personal data if it does not directly or indirectly reveal your identity. However, if we or our third-party analytics service providers combine or connect Aggregated Information with your personal data such that it can directly or indirectly identify or re-identify you, we treat the combined data as personal data.
If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking visiting https://www.youronlinechoices.com/ or https://optout.networkadvertising.org/?c=1 or set your browser to block cookies. Please note that opting-out does not opt you out of being served generic ads.
We use your personal information for a number of different reasons, as further explained below. In addition, for individuals located in the EEA and the U.K. and when we act as the data controller, we must have a valid legal basis in order to process your personal data. The main legal bases under the European Union’s General Data Protection Regulation (GDPR) that justify our collection and use of your personal information are:
Below are the general purposes and corresponding legal bases (in brackets) for which we may use your personal information:
We only disclose your personal information as described below.
BoostKPI discloses users’ information to our third party agents, contractors, or service providers who are hired to perform services on our behalf. These companies do things to help us provide the Site and Services. Such third-party service providers include, but are not limited to, hosting and content delivery services, analytics services, CRM providers, marketing and social media partners, functionality and debugging services, professional services providers (such as auditors, lawyers, consultants, and accountants).
As we grow, we may purchase websites, applications, subsidiaries, other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation or other corporate reorganization in which BoostKPI participates, or to a purchaser or acquirer of all or a portion of BoostKPI’s assets, bankruptcy included.
When we act on behalf of our Customers (as a data processor), we may process Customer End Users’ personal information to our Customers in order to comply with their requests, Customer End Users’ requests and/or regulator requests, among others.We also provide our Customers with aggregated information that does not identify Customer End Users directly, in order to provide information about usage, demographics (such as location) or other general information.
We share aggregated, automatically-collected or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) for business or marketing purposes; (iii) to assist us and other parties in understanding our users’ interests, habits and usage patterns for certain programs, content, services, marketing and/or functionality available through the Platform. We do not share personal information about you in this case.
In the unlikely case that we are required to disclose personal information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty). Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
We use social media plugins on our Site and include icons that allow you to interact with third-party social networks such as LinkedIn, Twitter and Facebook. For example, you may “like” us on Facebook or follow us on Twitter. The third-party social plugin may set a cookie when your browser creates a connection to the servers of such social networks and the plugin may transmit your personal information to the social networks. Your use of these social plugins is subject to the privacy policies of the third-party social networks.
We use the following criteria to determine our retention periods:
We retain personal information for as long as needed to provide our Services. Note, however, that with respect to our Customers with active accounts, we may retain certain essential account information, but otherwise regularly delete other information that is less essential to the provision of our Services in order to minimize our storage of data.
We also will retain personal information that we’ve collected from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements). Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible. When we choose to anonymize personal data, we make sure that there is no way that it can be linked back to you or any specific user.
We take steps that are reasonably necessary to securely provide our Platform. We have put in place reasonably appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We limit access to personal data only to those employees, agents, contractors and the third parties who have a business need-to-know. For any questions about the security of your information, please contact firstname.lastname@example.org.
BoostKPI is a United States Delaware corporation with primarily storage of your information in the United States and the EEA. To facilitate our global operations, we may process personal information from around the world, including from other countries in which BoostKPI has operations, in order to provide the Platform.
If you are accessing or using our Platform or otherwise providing personal information to us, you are agreeing to the processing of your personal information in the United States and other jurisdictions in which we operate. If you are a Customer, you are responsible for informing your Customer End Users of how and where their personal data will be processed at the time of collection.
If the GDPR applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
These rights are subject to certain rules around when you can exercise them.
If you are located in the EEA or the U.K. and you are a Customer or have registered for a demo or marketing communications, and wish to exercise any of the rights set out above, you may email us at email@example.com using the term “DSR” as your email subject line.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
If we cannot reasonably verify your identity, we will not be able to comply with your request(s). We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Note that this is especially true when you engage a third party to assist you in exercising your rights.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law. In addition, we will always balance your rights against those of other data subjects in connection with any requests, and in some cases this may require us to redact our responses or deny a request.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
BoostKPI has no direct relationship with Customer End Users. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their Customer End Users, and this includes handling all data subject requests. We rely on our Customers to comply with the underlying legal requirements and respond directly to Customer End Users when Customer End Users wish to exercise the rights set forth above. However, if an End User sends a request to BoostKPI to access, correct, update, or delete his/her information, or no longer wishes to be contacted by a Customer that uses our Services, we will direct that End User to contact the Customer’s website(s) with which he/she interacted directly, and cooperate with our Customers as required by applicable law in order to ensure that our Customers satisfy their Customer End Users’ requests.
This section applies to California residents. The following describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.