Effective as of: February 1, 2022
Tovuti, Inc., a Delaware corporation (“Company” or “We”) respects your privacy. We firmly believe in the need for transparency when collecting and using your personal information. We are committed to that notion of transparency by protecting it through our compliance with this policy.
We know you care about what information may be collected from and about you, how such information is used and shared, and the choices you have.
Children under the age of 18.
The Website is a general use site and is not targeted toward anyone under the age of 18 years of age or the age of majority in your jurisdiction, whichever is or older.
We are committed to the preservation of online privacy for all of our visitors, especially children. Our Website is intended for use exclusively by adults (i.e., those age 18 or older). We will not knowingly collect any personal information from children under the age of 18. If you are the parent or guardian of a child under the age of 18, and you become aware that personal information from a child under 18 has been collected by us, please contact us at email@example.com.
California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please refer to “California Privacy Rights.”
Personal information we collect.
We may collect the following types of information about you:
a. Identifiers, characteristics, and other information you provide, such as your contact information (including your name, email address, postal address, and telephone number), gender and other demographic information, payment method and payment information, authentication information you create (such as account password), birthdays, professional and educational information, and device identifiers (such as advertising IDs, pixel and cookie IDs, IP address, ICCID), and other personal information collected through the Tovuti Purchase Terms.
b. Usage Data. We reserve the right to collect information based on your usage of this site which is information collected automatically from this site (or third party services employed in this site ), which can include: the IP addresses or domain names of the computers utilized by the users who use this site, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the user, the various time details per visit (e.g., the time spent on each page within the site) and the details about the path followed within the site with special reference to the sequence of pages visited, other parameters about the device operating system and/or the user's IT environment, and data, conversion rates, marketing and conversion data and statistics, reports, analytics data, reviews and surveys (“Usage Data”). Usage Data is essentially anonymous when collected, but could be used indirectly to identify a person.
c. Internet and other electronic activity that is gathered automatically when you visit our Website.
d. Geolocation information, such as IP-based or precise geolocation information. This may be collected automatically or based on information you provide.
e. Your marketing preferences, such as things you click or other sites you visit during your browsing session.
f. Customer information required for your contract with us, such as your company affiliation, invoicing data and also service usage data that prove that the service is used in accordance to your subscription terms, We may also acquire additional data through our Customers’ support requests to the extent this is required for us to resolve a technical issue or respond to a request or complaint. We also email to our Customers newsletters, announcements regarding The Company and our products, or marketing material. If you are a Customer and no longer wish to receive such emails you can remove yourself from the recipients list at any time by selecting the “unsubscribe” link provided within the e-mail footer. If you are providing information (including Personal Information) about someone else, you must have the authority to act for them and to consent to the collection and use of their Personal Information.
g. Content that you create, input, submit, post, upload, transmit, store or display in the process of using our “Site”. Such Content includes any Personal Information or other sensitive information that you choose to include (“incidentally-collected Personal Information”). Although the Company owns the code, databases, and all rights to the Website and any related service, Customers retain ownership, control and all rights to their records and data which are their property.
How we collect the information.
We collect personal information about you from the following sources:
a. Directly From You. We may collect personal information during your access or use of the Website and through other online and offline interactions. For example, when you sign up for marketing, make purchases, create an account, contact us for customer service or other assistance, and participate in promotions.
b. Cookies and Tracking Technologies. When you access or use the Website, we may collect data about your device, internet usage, location, website activity, and other details about your use of the Website through cookies and other tracking technologies. For further information on these practices, see “Cookies and Other Tracking Technologies.”
c. Service Providers. We may collect personal information from service providers who are assisting us in the supply of our products or services and carrying out our business, such as to provide a platform to sell third party products and services and provide customer assistance.
d. Other Third Parties and Publicly Available Information. We may collect personal information from other third parties that provide information to us, such as business partners, advertising networks, data brokers, government and other public sources, and social media platforms and networks. “Business Partners” are third parties with whom we share personal information for their (or their service providers’) own purposes, such as for marketing purposes, and from whom we may receive personal information.
How we use your personal information.
We may use your personal information for the following purposes:
a. To provide you with products and services, such as to respond to your inquiries, process transactions and payments, fulfill your order, communicate with you, authenticate users, verify your eligibility for certain programs or benefits, and otherwise facilitate your relationship with us.
b. For marketing, such as to market Our goods and services or goods and services of those of our affiliates, Business Partners, and other third parties.
d. To comply with legal obligations, including keeping records required by law or to evidence our compliance with laws or to provide information to law enforcement.
e. For internal business and operational purposes, such as:
i. For our internal business administration, such as to manage customer accounts, including keeping general records of customers, sales, customer care, and other interactions;
ii. Auditing related to our interactions with you;
iii. For security purposes, such as to protect genuine customers and our business from fraud, to minimize the risk of false details being used, and to avoid abuse by fraudsters;
iv. To manage competitions or other promotions that you have chosen to participate in;
v. To comply with contractual obligations;
vi. To improve or develop our products and services (including our marketing activity more generally), including operating our Website and improving or personalizing your experience (such as building profiles about you or how you interact with us); and
vii. For internal research and quality assurance.
f. Business Transfers in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified on any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
We may use de-identified, anonymized, or aggregated versions of your personal information for any purpose.
How we share your personal information.
a. Affiliates: We may share your personal information with our affiliates, partners, employees, officers, and agents.
b. With Third Parties to Provide You with Services or Communications: We may disclose your information to third parties to provide you with services or benefits.
c. With others for Legal, Security, or Safety Purposes: We may share your personal information: (i) as required by law or legal process; (ii) to prevent or investigate suspected or possible fraud, harassment, or other violations of any law, rule, or regulation; and (iii) to prevent or investigate suspected or possible violations of any terms or policies applicable to the Website or the services provided by us or our third party providers or affiliates.
d. In Connection with a Corporate Transaction: We also may transfer your personal information in connection with a sale, merger, change of control, bankruptcy, or similar transaction.
e. With Business Partners for their Own Purposes: We may share your personal information with business partners. In many cases, such sharing is related to our operation of the Website, such as sharing your personal information with a business partner. Examples of business partners that might receive your information include social networks, partners who work with us on promotional or sponsorship opportunities available on our properties, data analytics companies and other companies that may use the data to help us drive advertising-related revenue (including those who may have registered in California as a “data broker”). We do not control how business partners use and share your information once they receive it. You will need to contact such business partners directly for information about their privacy practices or to exercise rights you may have (including if you would like to opt-out of receiving future emails from a business partner).
f. With other third parties with your consent.
Cookies and other tracking technologies.
Like many other websites and applications, we may automatically collect certain information regarding our Website's users. Such information may include, without limitation, the Internet Protocol (“IP”) address (which may be used to determine your geographic location) of your computer/internet service provider, your device ID, your zip code, the date and time you access the Website, the Internet address of a referring website, the operating system you are using, the sections or pages of the Website that you visit, and the images and content viewed. Some of the ways in which we or the website may collect and use such information are further described below.
Additionally, we may employ Flash Cookies. Certain features of our Website may use local stored objects (Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Pages of the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit The Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We may use information we collect (alone or in combination with information provided by third parties and service providers) to deliver targeted advertising (about The Company or other third-party products and services) to you when you visit our Website or other websites. Information about you (such as email address) as well as cookies and other tracking technologies (described above) may be used in this process. For example, if you are searching for information on a particular product, we may use that information to cause an advertisement to appear on other websites you view with information on that product.
If you would like to opt-out of these interest-based advertisements, please see the Opt-Out Process/Options and Additional Terms below.
We will retain your personal information for as long as your account is active (as determined by us) and for a reasonable time thereafter, or such other time period as prescribed by law. We also may retain your personal information for a longer period of time as needed to provide you services or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your personal information, we may continue to retain and use aggregate, anonymous data previously collected and/ or anonymize and aggregate your personal information.
Updating personal Information.
Upon request, we will permit you to request or make changes or updates to your Personal Information for legitimate purposes. We request identification prior to approving such requests. We reserve the right to decline any requests that are unreasonably repetitive or systematic, require unreasonable time or effort of our technical or administrative personnel, or undermine the privacy rights of others. We reserve the right to permit you to access your Personal Information in any account you establish with this site for purposes of making your own changes or updates, and in such case, instructions for making such changes or updates will be provided where necessary.
Contests and Promotions.
We strive to offer you with choices about how information is used and shared. There are several ways in which you may opt out of the various programs and services we provide. Some of the ways in which you may opt out are described below.
Opting Out of Our Services. If you receive a marketing email from us, you may unsubscribe from future marketing emails in accordance with our standard unsubscribe process.
We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way.
We will implement reasonable and appropriate security procedures consistent with prevailing industry standards to protect data from unauthorized access by physical and electronic intrusion. Unfortunately, no data transmission over the Internet or method of data storage can be guaranteed 100% secure. Therefore, while we strive to protect your Personal Information by following generally accepted industry standards, we cannot ensure or warrant the absolute security of any information you transmit to us or archive at this site.
When you transmit Personal Information through our registration process or if you purchase products or services, we encrypt that information in transit using secure socket layer technology (SSL). We do not store your credit card information in our systems. All credit card transactions are processed using secure encryption - the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely at gateways on a PCI-compliant network.
Compliance with Laws and Law Enforcement.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of the Company or a third party, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
California “Shine the Light”.
Under California Civil Code Section 1798.83 (“Shine the Light”), California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personal information, as defined under Shine the Light, such as name, email address and mailing address and the type of services provided to the customer that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. If you are a California resident: (i) to request the above information, or (ii) if you do not want your personal information shared with any third party who may use such information for direct marketing purposes and wish to opt out of such disclosures, please contact us by email at firstname.lastname@example.org.
Please note that under Shine the Light, we are not responsible for removing your personal information from the lists of any third party who has previously been provided with your information, and any elections or privacy choices you may make with respect to receipt of certain types of e-mails or marketing communications from us will not apply to any such third parties. You should directly contact any third parties that send you communications regarding choices that they may make available to you concerning such communications.
Nevada Privacy Rights.
If you are a Nevada resident, you have the right to request that we do not sell your covered information (as those terms are defined in N.R.S. 603A) that we have collected, or may collect, from you. We do not sell your covered information, however, if you would like to make such a request you may do so by contacting us at (Contact Info)
Your California Privacy Rights.
We collect information that identifies, relates to, describes, references, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The California Consumer Privacy Act of 2018 (“CCPA”) refers to such information as “personal information.” If you are a California consumer, as defined by the CCPA, the CCPA provides you with specific rights regarding your personal information. More information regarding the CCPA can be found at https://oag.ca.gov/privacy/ccpa.
(GDPR), (UK DPA) and other Data Protection laws.
IF YOU ARE SITUATED IN THE EUROPEAN ECONOMIC AREA (“EU”), SWITZERLAND, OR THE UNITED KINGDOM (the “UK”), THIS SECTION APPLIES TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.
The Company is located in the United States. If you are accessing the website from outside of the United States, your use of the Website constitutes consent to transfer and process your Personal Data in the Unites States, and an acknowledgement that our use of that Data is subject only to the laws of the United States. If we process your data in the EU, Switzerland, or the UK, our Data Processing Addendum applies (see below)
Terms and Conditions.
You may contact us at:
775 S. Rivershore Lane, Suite 200
Eagle, Idaho 83616
Telephone: (888) 646-2353
Tovuti GDPR Data Processing Addendum
1. Definitions and Interpretation
a. Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meaning:
i. “Agreement” means this Data Processing Agreement and all Schedules;
ii. “Client Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of a client or user pursuant to or in connection with the Principal Agreement;
iii. “Contracted Processor” means a Sub processor;
iv. “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
v. “EEA” means the European Economic Area;
vi. “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
vii. “GDPR” means EU General Data Protection Regulation 2016/679;
viii. “Data Transfer” means:
a) a transfer of Client Personal Data from The Company to a Contracted Processor; or
b) an onward transfer of Client Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);
ix. “Services” means the services provided by the Company.
x. “Sub processor” means any person appointed by or on behalf of Processor to process Client Personal Data on behalf of The Company in connection with the Agreement.
xi. The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
2. Processing of Client Personal Data
a. Processor shall:
i. comply with all applicable Data Protection Laws in the Processing of Client Personal Data; and
ii. not Process Client Personal Data other than on the relevant Client’s documented instructions.
b. The Company instructs Processor to process Client Personal Data.
3. Processor Personnel
a. Processor shall take commercially reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to Client Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Client Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
a. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to Client Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
b. In assessing the appropriate level of security, the Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
5. Sub Processing
a. Processor shall only appoint and or disclose Client Personal Data to authorized Sub Processors and shall do so only if required by The Company.
b. Taking into account the nature of the Processing, Processor shall assist The Company by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Company obligations, as reasonably understood by Client, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
c. Processor shall:
i. promptly notify Client if it receives a request from a Data Subject under any Data Protection Law in respect of Client Personal Data; and
ii. ensure that it does not respond to that request except on the documented instructions of Client or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Client of that legal requirement before the Contracted Processor responds to the request.
d. Personal Data Breach:
i. Processor shall notify Client without undue delay upon Processor becoming aware of a Personal Data Breach affecting Client Personal Data, providing Client with sufficient information to allow The Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
ii. Processor shall cooperate with The Company and take reasonable commercial steps as directed by Client to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
6. Data Protection Impact Assessment and Prior Consultation Processor
a. Prior Consultation Processor shall provide reasonable assistance to The Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other Protection Law, in each case solely in relation to Processing of Client Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
7. Deletion or return of Client Personal Data
a. Subject to this section 9 Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of Client Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Client Personal Data.
8. Audit Rights
a. Subject to this section 10, Processor shall make available to The Company on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by The Company or an auditor mandated by The Company in relation to the Processing of Client Personal Data by the Contracted Processors.
b. Information and audit rights of The Company only arise under section 10.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
9. Data Transfer
a. The Processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of The Company. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.
10. General Terms
a. Confidentiality. Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
i. disclosure is required by law;
ii. the relevant information is already in the public domain.
b. Notices. All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this Agreement at such other address as notified from time to time by the Parties changing address.
11. Governing Law and Jurisdiction
a. This Agreement is governed by the laws of the state of Idaho.
b. Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of the state of Idaho.