Privacy Policy

Updated: 22.9.2022

 

Welcome, and thank you for your interest in Zapflow (“Zapflow”, “we”, or “us”), our website at https://www.zapflow.com (the “Site”), and all related web sites, downloadable software and other services provided by us.

 

This Privacy Policy (“Policy”) will explain how our organization uses the personal data we collect from you when you use our website or services provided by us.

This Privacy Policy applies to:

  • Clients and Users,
  • Event Attendees,
  • Marketing Prospects, and
  • Visitors

as defined below in section 1.

 

Table of contents:

  1. Definitions
  2. Who is collecting data?
  3. What data do we collect?
  4. How do we collect your data?
  5. How will we use your data?
  6. How do we store your data?
  7. What are your data protection rights?
  8. Personal data retention period
  9. Marketing
  10. Analytics
  11. Cookies
  12. Other items

 

1. Definitions

Client” means a customer of Zapflow.

Client Data“ means personal data, reports, addresses, and other files, folders or documents in electronic form that a User of the Service stores within the Service.

Event Attendee” means a person that attends a Zapflow event or an event which Zapflow sponsors.

Marketing prospect” – means a person whose data Zapflow processes for the purposes of assessing customer eligibility or a person that has given his/her consent to receive marketing communications from Zapflow.

Personal Data” means any information relating to an identified or identifiable natural person.

Public Area” means the area of the Site that can be accessed both by Users and Visitors, without needing to log in.

Restricted Area” means the area of the Site that can be accessed only by Users, and where access requires logging in.

User” means an employee, agent, or representative of a Client, who primarily uses the restricted areas of the Site for accessing the Service in such capacity.

Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.

 

2. Who is collecting data?

2.1 Personal Data

This Policy applies to Personal Data which is collected and/or used by Zapflow in its capacity as a data controller as defined in the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR” or “Regulation”), for the purposes set out under section 3, “How will we use your data?”.

Controller’s contact details:
Name: Zapflow Oy
Company ID: 2689962-4
Address: Valkjärventie 7b, Espoo Finland FI-02130
Email: legal@zapflow.com

 

2.2 Client Data

When we provide Services to Clients, we sometimes process personal data as a data processor in terms of the GDPR. Zapflow does not own, control, or direct the use of any of the Client Data stored or processed by a Client or User via the Service and does not directly access such Client Data except as authorized by the Client, and on the instructions of the Client, as necessary to provide Services to the Client and its Users. Only the Client or Users are entitled to access, retrieve, and direct the use of such Client Data. Zapflow is largely unaware of what Client Data is being stored or made available by a Client or User to the Service.

We should be considered only as a processor on behalf of its Clients and Users as to any Client Data containing Personal Data that is subject to the requirements of the GDPR. Except as provided in this Privacy Policy, we do not independently cause Client Data containing Personal Data stored about the Services to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on behalf of us in connection with our provision of Services to Clients. Such actions are performed or authorized only by the applicable Client or User.

The Client or the User is the data controller under the Regulation for any Client Data containing Personal Data, meaning that such party controls the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data.

We are not responsible for the content of the Personal Data contained in the Client Data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Client or User nor are we responsible for the manner in which the Client or User collects, handles disclosure, distributes or otherwise processes such information.

We use subcontractors for data processing. Data can be transferred outside the EU/EEA within the scope of the applicable legislation.

 

3. What data do we collect?

We collect different types of information from or through the Service. The legal basis for our processing of personal data is primarily that the processing is necessary for providing the Service in accordance with our Terms of Service and that the processing is carried out in our legitimate interests.

3.1 Clients & Users

We may collect the following Personal data on our Clients and Users:

User-provided information:

  • Personal identification information: first and last names,
  • Contact information: account email, account first and last name,
  • Other special information: account picture URL, LinkedIn public profile URL, LinkedIn ID, LinkedIn profile, role in terms of subject entity (e.g. company), person related to a subject entity (e.g. company)

User’s Automatically collected information:

  • IP address or other device address or ID, web browser and device type, location, city, country, region, continent, platform, and referrer
  • date first seen & date last seen, meaning the time a User first has visited the Service and/or logged in and the time a User last visited and/or logged into the Service

3.2 Event attendees

We may collect the following Personal Data on our event attendees using Livestrom Inc. tools:

  • Basic information: avatar, name, email address, email statuses, event access key, city & country (from IP),
  • Registration information: registration date, company name, title, first and last name, phone number,
  • Attendance information: if you attended to our event or not, your attendance rate and duration, if you have viewed the event replay or not, number of your sent messages and questions, answered polls and question upvotes
  • Traffic data: referrer, UTM source, medium, term, content and campaign
  • Technical information: browser, browser version, operation system, operating system version, screen height and screen width.

More information about how Livestorm collects and processes your Personal Data, click here: https://support.livestorm.co/article/129-data-analytics#capture

3.3 Marketing prospects

We may collect the following Personal Data on our Marketing Prospects:

  • Personal information: first and last names, email address, company name, title, phone number and LinkedIn profile URL

3.4 Visitors

We may collect the following Personal Data on our Visitors using HubSpot, Inc. tools: https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

3.5 Third-party information

We may receive information from third party service providers, from related companies, and from our business and solution partners. Please revisit this page periodically to stay aware of any changes.

 

4. How do we collect your data?

You directly provide us with most of the data we collect. We collect data and process data when you:

  • Use the Service as a User or as a Visitor,
  • Register online for an Account to our Service,
  • Contact our customer support,
  • Voluntarily complete a customer survey or provide feedback on any of our message boards or via email,
  • Request a demo,
  • Subscribe for our updates, newsletters, or download our Factsheet or Security White Paper

We may also receive your data indirectly from the following sources:

  • Client Data uploaded by a Client or a User (documents, files or attachments),
  • Integrated Services, such as Google or LinkedIn, when providing the authorization for the Integrated Service to provide Personal Data or other information to us,
  • Other sources, such as our partners, advertisers, and credit rating agencies.

5. How will we use your data?

We collect your data so that we can:

  • Operate, maintain, enhance, and provide all features of the Service,
  • Provide the Services and information that you request,
  • Respond to comments and questions and to provide support to users of the Service,
  • Understand and analyze the usage trends and preferences of our Visitors and Users, improve the Service, and develop new products, Services, features, and functionality,
  • Contact Visitor or User for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to the Client Data or Personal Data posted on the Service,
  • Contact Visitor or User with updates on promotions and events, relating to products and Services offered by us and by third parties we work with.

When we process your order, it may send your data to, and also use the resulting information from credit reference agencies to prevent fraudulent purchases.

 

6. How do we store your data?

We securely store your data upon Amazon Web Services (AWS) Elastic Compute Cloud (EC2) application and database servers spread across multiple AWS datacenters in Dublin, Ireland. Data in transit between the client device and our servers is protected by HTTP Strict Transport (HSTS) via Transport Layer Security (TLS) provided by HTTPS. Data at rest is encrypted with 256-bit Advanced Encryption Standard (AES-256). Backups of our data are taken daily, encrypted and stored in AWS Secure Scalable Storage (S3) multi-region buckets hosted in Dublin, Ireland. Please see the Zapflow Security Whitepaper for more information.

We will keep your data for 30 days after the contract has been terminated. Once this time period has expired, we will delete your data by permanently deleting S3 files and database entries.

 

7. What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. You is entitled to the following:

The right to access – You have the right to request us for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

You also have the right to receive our confirmation on whether your Personal Data will be processed or not, or whether they already have been processed.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email at legal@zapflow.com.

 

8. Personal data retention period

We only retain the Personal Data collected from

  1. Users, for as long as the User’s account is active, or
  2. otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law.

Billing information is retained for a period of 7 years as of their provision to Zapflow in accordance with the Finnish accounting and taxation laws.

 

9. Marketing

We work with a variety of third parties to attempt to understand the profiles of the individuals who are most likely to be interested in our products or services so that we can send them promotional emails or serve our advertisements to them on the websites and mobile apps of other entities. These third parties include advertising networks.

In collaboration with these third parties, we collect information about our customers, prospects, and other individuals over time and across different platforms when they use these platforms or interact with them. Individuals may submit information directly on our Sites or on platforms run by third parties, or by interacting with us, our advertisements, or emails they receive from us or from third parties. We may use special tools that are commonly used for this purpose, such as cookies, beacons, pixels, tags, mobile advertising IDs, flash cookies, and similar technologies. We may have access to databases of information collected by our business partners.

The information we or third party collect enables us to learn what purchases the person made, what ads or content the person sees, on which ads or links the person clicks, and other actions that the person takes on our Sites, or in response to our emails, or when visiting or using third parties’ platforms.

We, or the third parties with which we work, use the information collected as described above to understand the various activities and behaviors of our customers, Site visitors and others. We, or these third parties, do this for many reasons, including: to recognize new or past visitors to our Sites; to present more personalized content; to provide more useful and relevant ads - for example, if we know what ads you are shown we can try not to show you the same ones repeatedly; to identify visitors across devices, sales channels, third party websites and Sites, or to display or send personalized or targeted ads and other custom content that is more focused on a person’s perceived interest in products or services similar to those that we offer.

Our interest-based ads may be served to you in emails or on third-party platforms. We may serve these ads about our products or services or send commercial communications directly ourselves or through these third parties.

You have the right at any time to stop us from contacting you for marketing purposes or giving your data to these third parties.

The third parties we collaborate with to contact you for the purposes stated above, are:

  • HubSpot, Inc.
  • Intercom R&D Unlimited Company
  • Livestorm Inc.
  • LinkedIn Corporation

 

10. Analytics

The following web analytic services are used to improve the user experience of our Website.

10.1 Google Analytics

We use Google Analytics, a service for the marketing analysis of this website, of Google Inc. (“Google”). Google Analytics uses codes consisting of text and numbers, which will be stored on your computer and which allow for an analysis of the use of the Websites (“Cookies”). The information generated by the Cookie about your use of the Websites (including your IP address) will be transferred to and stored by a Google Server. Google will use this information to evaluate your use of the website, to prepare reports about the website activities for the website operators and to provide further services connected to the use of websites and the use of the Internet. Google may transfer this information to third parties, if legally obliged to do so or if third parties process these data on behalf of Google. In no case, Google will connect your IP address with other data from Google.

To learn more about how Google collects and processes your data, and how to opt-out and disallow your data being collected, please visit www.google.com/policies/privacy/partners/.

10.2 Intercom

We use Intercom, a third-party analytics service provided by Intercom, Inc. (“Intercom”) to help understand your use of our services and to communicate with you by sending you service-related notifications in the Posts interface. Posts uses Intercom to collect data for analytics purposes when you use our services. Intercom analyzes your use of our website and/or service and our relationship with you, so that we can improve our services. For more information on the privacy practices of Intercom, please check https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s terms of use, which can be found at http://docs.intercom.io/terms.

10.3 HubSpot

We use HubSpot to help us analyze and understand Site traffic and user experiences. The content that appears on this Site is hosted by HubSpot and may use cookies. HubSpot uses persistent cookies to recognize return visitors. HubSpot does not collect any PII information nor is any data linkage made with your PII information to them. Read HubSpot's privacy policy here: https://www.hubspot.com/privacy-policy/.

10.4 Livestorm

We use Livestorm to help us analyze and understand your attendance on our events hosted on the Livestorm platform. Livestorm uses the Personal Data collected from you to evaluate and analyze your attendance on our events and to prepare reports about the event activity.

For more information on Livestorm’s privacy practices, please check https://livestorm.co/privacy-policy.

 

11. Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. This information won’t be linked to any other information we collect about you unless you have given your consent that we may do so.

We use automatically collected information and other information collected on the Service through cookies and similar technologies to

  • Personalize our Service, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits;
  • Provide customized advertisements, content, and information;
  • Monitor and analyze the effectiveness of Service and third-party marketing activities;
  • Monitor aggregate site usage metrics such as total number of visitors and pages viewed; and
  • Track your entries, submissions, and status in any promotions or other activities on the Service.

For more information about cookies, please read our Cookie Policy.

 

12. Other items

12.1 Privacy policies of other websites

Our Site contains links to other websites. If you click on a third-party link, you will be directed to that third-party’s website. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

12.2 Users under the age of 18

Zapflow does not knowingly collect or solicit personal data from anyone under the age of eighteen (18) or knowingly allow such persons to use our Service. If you are under the age of eighteen (18), please do not send any information about yourself to us.

12.3 Changes to our privacy policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will indicate the date of the latest revision. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of the Policy.

12.4 
Change of ownership

Information about you, including your Personal Data, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of your Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.

Client Data may be physically or electronically transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, for the sole purpose of continuing the operation of the Service, and only if the recipient of the Client Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.

12.5 Security

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical, and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL technology to encrypt data during transmission through public internet, and we may also employ application-layer security features to further anonymize Personal Data.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to contact us” section.

12.6 How to contact us

If you have any questions about our Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us by email at legal@zapflow.com.
12.7 How to contact the appropriate authority

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Office of the Finnish Data Protection Ombudsman or EU’s independent data protection authority.