Full policy

Owner and Data Controller

Courate AB
559251-7006
c/o Henrietta Fromholtz
Skeppargatan 29A
114 52 STOCKHOLM, Sweden

Owner contact email: [email protected]

Types of Data collected

Among the types of Personal Data that this Website collects, by itself or through third parties, there are: Cookies; Usage Data; Data communicated while using the service; email address; phone number; various types of Data; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); password; first name; last name; picture; payment data; address; Universally unique identifier (UUID).

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party's consent to provide the Data to the Owner.

Mode and place of processing the Data

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Legal basis of processing

The Owner may process Personal Data relating to Users if one of the following applies:

• Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
• provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
• processing is necessary for compliance with a legal obligation to which the Owner is subject;
• processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
• processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
• Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.

The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

The purposes of processing

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Analytics, Tag Management, Heat mapping and session recording, Hosting and backend infrastructure, Handling payments, Managing contacts and sending messages, Social features, SPAM protection, User database management, Traffic optimization and distribution, Infrastructure monitoring, Interaction with external social networks and platforms, Remarketing and behavioral targeting, Advertising, Registration and authentication, Managing data collection and online surveys and Content performance and features testing (A/B testing).

For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

• Advertising

  This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on this Website, possibly based on User interests.
  This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
  Some of the services listed below may use Trackers to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside this Website. For more information, please check the privacy policies of the relevant services.
  In addition to any opt-out feature offered by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.

  Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

  Facebook Audience Network (Facebook Ireland Ltd)

  Facebook Audience Network is an advertising service provided by Facebook Ireland Ltd In order to understand Facebook's use of Data, consult Facebook's data policy.

  This Website may use identifiers for mobile devices (including Android Advertising ID or Advertising Identifier for iOS, respectively) and technologies similar to cookies to run the Facebook Audience Network service. One of the ways Audience Network shows ads is by using the User's ad preferences. The User can control this in the Facebook ad settings.

  Users may opt-out of certain Audience Network targeting through applicable device settings, such as the device advertising settings for mobile phones or by following the instructions in other Audience Network related sections of this privacy policy, if available.

  Personal Data processed: Cookies; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); Usage Data.

  Place of processing: Ireland – Privacy Policy – Opt Out.

• Analytics

  The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

  MixPanel (MixPanel)

  MixPanel is an analytics service provided by Mixpanel Inc.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy – Opt Out.

  Google Analytics (Google Ireland Limited)

  Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
  Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: Ireland – Privacy Policy – Opt Out.

  Facebook Ads conversion tracking (Facebook pixel) (Facebook, Inc.)

  Facebook Ads conversion tracking (Facebook pixel) is an analytics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on this Website. The Facebook pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Audience Network.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy.

  Amplitude (Sonalight, Inc.)

  Amplitude is an analytics service provided by Sonalight, Inc.
  This service is designed for mobile apps analytics and can collect various information about your phone, highlighted in the Amplitude privacy policy.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy.

  Heap Analytics (Heap Inc.)

  Heap Analytics is an analytics service provided by Heap Inc.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy.

• Content performance and features testing (A/B testing)

  The services contained in this section allow the Owner to track and analyze the User response concerning web traffic or behavior regarding changes to the structure, text or any other component of this Website.

  Optimizely (Optimizely, Inc.)

  Optimizely is an A/B testing service provided by Optimizely, Inc.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy.

• Handling payments

  Unless otherwise specified, this Website processes any payments by credit card, bank transfer or other means via external payment service providers. In general and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. This Website isn't involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.

  Stripe (Stripe Inc)

  Stripe is a payment service provided by Stripe Inc.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: United States – Privacy Policy.

  Apple Pay (Apple Inc.)

  Apple Pay is a payment service provided by Apple Inc., which allows Users to make payments using their mobile phones.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: United States – Privacy Policy.

  Google Pay (Google Ireland Limited)

  Google Pay is a payment service provided by Google Ireland Limited, which allows users to make online payments using their Google credentials.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: Ireland – Privacy Policy.

  Payment by bank transfer (this Website)

  In the event that the chosen payment method is a direct bank transfer to the current account indicated by this Website, the Owner will collect the payment details of the User, i. e. the current account number of the sender, the SWIFT code, the bank and the name of the sender. Such data will be collected and processed exclusively within the transaction and for billing purposes only.

  Personal Data processed: address; first name; last name; payment data.

  Klarna (Klarna AB)

  Klarna is a payment service provided by Klarna AB.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: Sweden – Privacy Policy.

• Heat mapping and session recording

  Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
  Some of these services may record sessions and make them available for later visual playback.

  Full Story

  Privacy Policy
  Thanks for visiting FullStory. This privacy policy explains the what, how, and why of the Personal Information we collect when you visit the website located at www.fullstory.com (the “Site”) and when you use the FullStory SaaS analytics software and services (“Services”) and includes Personal Information collected via email, SMS, telephone, or other means. It also explains the specific ways we use and disclose that information and how you can exercise your privacy rights. By using or accessing the Site or Services, you are accepting the practices described in this Privacy Policy and our processing of your information as described below.
  
  FullStory is subject to the regulatory and enforcement authority of the United States Federal Trade Commission.
  
  The Full Story on FullStory
  FullStory is based in Atlanta, GA, USA.
  
  The FullStory Services utilize a powerful script that creates a new level of ease for website owners to understand the usability of their websites. Website owners who use FullStory Services can watch a DVR-like video playback of user sessions on their website, enabling meaningful insight into their users' experience, as an effective way to identify usability problems and other areas for improvement. FullStory exists to make the web better for end-users, and it is only available to websites that share that goal.
  
  Definitions
  Getting a few definitions out of the way should help you better understand this policy.
  
  “FullStory” means FullStory, Inc., a Delaware corporation. We may also refer to FullStory as “we”, “us”, or “our”.
  
  “FullStory Customer” means any customer that has entered into an agreement with FullStory to use the FullStory Services on its site, including those in a trial environment.
  
  “Personal Information” means any information which may identify an individual, directly or indirectly. Examples of Personal Information include, but are not limited to, first and last name, home address, billing address or other physical address, email address, telephone number, etc.
  
  “User” refers to a visitor to a website that uses the FullStory Services or a client of a FullStory Customer.
  
  “Visitor” refers to anyone accessing the FullStory website, www.fullstory.com.
  
  Information we collect
  The types of information we collect varies depending on whether you are:
  
  A FullStory Visitor,
  A FullStory Customer, or
  A User, i.e., someone visiting a website that uses FullStory Services
  A. Information Collected from FullStory Visitors
  This section applies to Personal Information we may process in the usual course of business via the Site.
  
  If you are a Visitor, FullStory collects information on your use of the Site, such as pages visited, links clicked, non-sensitive text entered, and mouse movements, as well as information more commonly collected such as the referring URL, browser, operating system, and Internet Protocol (“IP”) address. We use publicly available sources to approximate your geographic region and Internet Service Provider based on your IP address. We use the term “Usage Data” to refer to this information about your use of the Site that we collect. FullStory’s purpose in collecting Usage Data is to better understand how FullStory’s Visitors use the Site.
  
  FullStory collects information that may be personally identifiable, such as IP addresses. Also, you may choose to interact with the Site in a way that results in your providing Personal Information to FullStory, such as giving us your name, email address, and user name when signing up for a free trial of the Services or creating an account to license the Services or to post comments to the FullStory blog or social media sites, etc. Any information you provide in the FullStory blog or social media areas may be read, collected, and used by others who access them.
  
  Any Personal Information provided by you as a Visitor to the Site will be used only as described in this Privacy Policy and in FullStory’s Acceptable Use Policy located at https://www.fullstory.com/legal/acceptable-use/.
  
  Cookies on the Site:
  
  For Visitors to the Site, FullStory uses first party cookies, third party cookies, and other tracking technologies in order to:
  
  Provide personalized pages for visitors,
  Help us track email response rates, measure the success of our marketing campaigns, identify when our emails are viewed and track whether our emails are forwarded,
  Provide assistance in navigation,
  Provide assistance during the visit,
  Analyze your use of our products, services, or applications,
  Assist us with our promotional or marketing efforts.
  When you visit any website, it may store or retrieve information on your browser in the form of cookies. This information might be about you, your preferences, or your device. It is used to make the Site work as you expect it to, and is designed to give you a more personalized web experience.
  
  Because we respect your right to privacy, we provide you with a nice user interface you can use to opt out of our use of some types of cookies. In our Privacy Preference Centre, you can click on the different category headings to find out more and change our default cookie settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
  
  Here are the types of cookies we use:
  
  Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
  
  You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
  
  Performance & Functionality Cookies: These cookies are used to enhance the performance and functionality of our website but are non-essential to their use. However, without these cookies, certain functionality may become unavailable.
  
  Analytics & Customization Cookies: These cookies collect information that is used either in aggregate form to help us understand how our websites are being used or how effective our marketing campaigns are, or to help us customize our websites and applications for you in order to enhance your experience.
  
  B. Information collected for FullStory Customers
  This section applies to Personal Information of FullStory Customers that we may process via provision of the FullStory Services. If you are not a Customer, please refer to either the FullStory Visitors or the FullStory Users section of this policy.
  
  We use FullStory on FullStory. In this regard, we use a separate instance of the FullStory Services to monitor the instance of FullStory Services that our customers use. This includes using first-party cookies to maintain a coherent scope for a customer user session across the customer-facing FullStory Services. In addition, the customer-facing FullStory Services may use third-party cookies to aid in payment processing.
  
  If you are a Customer of FullStory, when you signed up for the Services, you entered into an agreement with FullStory to accept FullStory’s terms of use for the Services, which includes the obligations in this Privacy Policy and our Acceptable Use Policy (the “Agreement”). As part of your use of the Services, we collect the same information as that of a Visitor (see above) through your interaction with the Site, and we may ask you for additional information, such as payment information, Usage Data in relation to the Services, and other information we deem relevant for the purpose of providing the Services.
  
  FullStory may use Customers’ Personal Information as agreed to in the Agreement and:
  
  To complete transactions between you and FullStory,
  To send e-mail, chat, or in-app messaging about the Site or respond to inquiries,
  To provide support for the FullStory Services,
  To enhance or improve user experience, the Site, or FullStory Services,
  In a support context, to view details of your account and ensure that it complies with your contractual obligations to us,
  To perform any other function that we believe in good faith is necessary to protect the security or proper functioning of the FullStory website or the FullStory Services,
  We may post your testimonials along with those of other satisfied customers on our Site, in addition to other endorsements.
  The information we collect from Customers is disclosed only in accordance with the Agreement, this Privacy Policy, and the Acceptable Use Policy. FullStory’s terms and conditions prohibit Customers from providing FullStory with sensitive personal data through the Services.
  
  C. Information collected when visiting websites that use FullStory Services
  This section applies to Personal Information FullStory may process relating to Users of a FullStory Customer’s website.
  
  For Users of a FullStory Customer, FullStory is acting as a service provider to the Customer for the FullStory Services. FullStory collects information on a User under the direction of its Customer, and has no direct relationship with the User whose information it processes. It is important to understand that when a User visits other websites that use the FullStory Services, the FullStory Customer’s privacy policy applies to that information collected instead of this Privacy Policy.
  
  FullStory Services use first-party cookies and local storage to maintain a coherent scope for a user session across multiple pages on a single website.
  
  FullStory Services do not and will not ever attempt to identify the same person across disparate, unrelated domains. FullStory takes pains in its engineering choices to differentiate itself from ad-tracking software. It is a violation of our Acceptable Use Policy for our customers to attempt to build multi-site user profiles for the intent of selling or exchanging lists of users or demographic information.
  
  General Information on our use of Personal Information
  We will never sell your data to third parties or otherwise share it with non-agent third parties. If this practice should change in the future we will update this policy to identify those parties and illustrate how individuals can exercise their right to opt out of such usage. However, in the course of business, we may hire third party individuals and organizations to help us make the FullStory Services better. These third parties include our web host provider, SaaS providers such as email hosting services, payment processors, or outside contractors we hire to perform marketing, maintenance, or assist us in securing our website. We may also hire third parties to operate, maintain, repair, or otherwise improve or preserve our website or its underlying files or systems.
  
  FullStory may disclose Personal Information only to those of its employees and third-party organizations that (1) need to know such information in order to process it on FullStory’s behalf or to provide services as described above, and (2) have agreed not to disclose it to any other parties without FullStory’s consent. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using the Site and/or the Service, you consent to the transfer of information to such individuals and organizations in order to accomplish these purposes.
  
  If you are a registered user of the Service and have supplied your email address, FullStory may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with FullStory and our products. FullStory will only send you marketing communications, including via email, in compliance with applicable laws and in accordance with your preferences, that we believe may be of interest to you. FullStory takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of Personal Information. To the extent we send you this type of email in compliance with applicable laws and in accordance with your preferences, you can opt-out at any time by either following the opt-out instructions in the email or just replying to tell us you don’t want to receive any additional emails.
  
  In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. If we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, User and Visitor information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this Privacy Policy. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
  
  Opting out of FullStory Services
  If you wish to prevent all websites using the FullStory Services to be able to record activity, you can opt-out of the FullStory Services. Opting out will create a cookie that tells FullStory to turn off recording on any site which uses the FullStory Services. The presence of this cookie is required to continue opting out. That means if you clear your browser cookies, you will have to opt-out again. Unfortunately, this is the most permanent and least intrusive solution FullStory can offer because of how browser technology works. You may wish to employ a third party browser extension to block scripts like FullStory instead of using our Opt Out cookie, but know that using any third party extension may pose additional risk.
  
  One More thing about FullStory Services
  If you are considering opting-out, it's probably a good time to make sure you really understand that the purpose of the FullStory Services is to help well-intentioned companies make their website better for you. It is emphatically not one of those we-track-you-around-the-web kind of deals. We think that's creepy, too.
  
  Most people who make websites are just like you: nice people who want to do a good job and make something awesome. And you wouldn't believe how much time and energy product teams spend trying to make their websites great for you. Without the FullStory Services, though, they simply do not have enough information to understand when they get it wrong. If they can see how you actually experience their website, like an ongoing usability study, they'll actually know what to improve! They don't need to record anything sensitive in order to do that, and we have a strict Acceptable Use Policy where you can see for yourself the high standards we expect of FullStory customers with respect to your privacy.
  
  Blocking Cookies on the FullStory Services
  If you choose, you can set your browser to reject cookies or you can manually delete individual cookies or all of the cookies on your computer by following your browser’s help file directions. Note that turning off cookies may also disable functions of many websites you visit. If your browser is set to reject cookies or you manually delete cookies, FullStory will not be able to coalesce your anonymous user identity automatically into sessions across pages on the same website.
  
  Release of Your Information for Legal Purposes
  We may access or release Personal Information about you when required to do so in order to comply with any applicable, laws, regulations, subpoenas, or enforceable governmental or public authority requests, including, to meet national security or law enforcement requirements. We may also access or release Personal Information when we have a good faith belief that such access or release is reasonably necessary to (i) enforce applicable terms of service, including investigation of potential violations, (ii) detect, prevent, or otherwise address fraud, security, or technical issues, (iii) respond to user support requests, or (iv) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and security forensics.
  
  Your Rights
  You have the following rights with respect to data protection:
  
  The right to access, update, edit, correct, or request deletion of your Personal Information:
  
  For FullStory Customers, you have the right to access Personal Information we hold about you. Whenever you use our site or the FullStory Services, we strive to make sure the Personal Information we hold is accurate. If that information is wrong, we give you ways to update it quickly or to delete it (unless we have to keep that information for legitimate business or legal purposes) .
  
  You can contact us at any time regarding your right to access, update, edit, correct, request deletion of your Personal Information, as well as making changes to your marketing preferences us by emailing us at [email protected] We will consider any requests in accordance with applicable laws and our potential legitimate interests. If we are unable to accommodate your request, we will let you know why we are unable to do so.
  
  If you have consented to our processing of Personal Information, you can always withdraw your consent to such processing. A request to withdraw consent will not affect processing of your Personal Information if such processing is conducted in reliance on a lawful processing ground other than consent.
  
  To the extent you believe processing of your Personal Information infringes on applicable regulations, you have the right to lodge a complaint with a supervisory authority
  
  If you are a User of a Fullstory Customer’s website and you would like to access, updated, edit, correct, or request deletion of your Personal Information, you should direct your inquiry to the FullStory Customer. If you direct your inquiry to us when it should be directed to a FullStory Customer, we will redirect your inquiry to the FullStory Customer.
  
  Security Measures
  We take measures to enhance the security of our site and the FullStory service. These measures include maintaining a robust information security program, instituting security controls within the FullStory Services such as TLS certificates and strong authentication options, and giving our Customers facilities to exercise good security practices. As a FullStory Customer, it is important for you to protect against unauthorized access to your password and to your computer. No security measures are perfect and we cannot promise to be able to withstand security threats in all circumstances.
  
  International Transfers
  FullStory operates in the United States and we store and process data on Google Cloud Platform servers located in the United States. Regardless of your locations, your information will be stored, processed in, or transferred to the United States.
  
  For transfers from the EU or Switzerland to the United States, the following applies:
  
  FullStory complies with both the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland to the United States. FullStory has certified that it adheres to the Privacy Shield Principles. If there is any conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern. To learn more about the Privacy Shield program and to view our certification page, please visit www.privacyshield.gov.
  
  Pursuant to the Privacy Shield we are obliged to state that we remain liable for the onward transfer of EU and Swiss personal data to agent third parties unless we can prove we were not a party to the actions giving rise to the damages.
  
  The Privacy Shield Frameworks require us to inform EU and Swiss individuals that we may be required to release their data in response to lawful requests by public authorities including to meet national security or law enforcement requirements.
  
  In compliance with the Privacy Shield Principles, FullStory commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact FullStory at [email protected]
  
  FullStory has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/file-a-complaint for more information and to file a complaint. Under certain limited conditions, if your complaint is not resolved through these channels, it may be possible for individuals to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. These options of redress are in no way designed to replace or take precedence over any right you may have to file a complaint with an applicable supervisory authority.
  
  Australia:
  
  FullStory adheres to the Australian Privacy Act 1988, as applicable.
  
  Do Not Track Signal
  We treat the data of everyone who comes to our site in accordance with this Privacy Policy, regardless of their Do Not Track setting.
  
  Children
  Our site is intended for a general audience and we do not knowingly collect personal information from anyone under the age of 13. If you become aware that a child has provided us with personal information, please contact us at [email protected] and we will take steps to delete such information.
  
  Changes
  We may amend this Privacy Policy from time to time. When there are changes to this Privacy Policy, we will update this page. When there are significant changes to this Privacy Policy, we will also endeavor to notify FullStory Customers via email. The date on the bottom will always indicate when we last made changes. If you are a Visitor to this site and disagree with this Privacy Policy, you should leave the site and/or cancel your agreement with FullStory.
  
  What if I Have Questions or Concerns
  If you have any questions or concerns regarding privacy when using FullStory, please send a detailed message to [email protected] or via postal mail at:
  
  FullStory
  Attn: Privacy
  1745 Peachtree St NE
  Suite G
  Atlanta, GA 30309
  
  We will make every effort to address your concerns.
  
  California Privacy
  FullStory may disclose your Personal Information to commercial providers for a business purpose, which includes verifying your identity when making a payment or registering access to your accounts. When we disclose Personal Information for these reasons, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except for the purposes set forth in the contract.
  
  In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for one or more business purposes:
  
  Identifiers;
  California Customer Records Personal Information categories;
  Internet or other network activity information.
  Professional or employment-related information
  We disclose your Personal Information for a business purpose to the following categories of third parties:
  Service providers and other third parties we use to support our business, including without limitation those performing core services (such as billing, credit card processing, customer support services, customer relationship management, accounting, auditing, surveys, advertising and marketing, analytics, email and mailing services, data storage, and security) related to the operation of our business and/or the Services, and making certain functionalities available to our users;
  Third parties to whom you or your agents authorize us to disclose your personal information in connection with the services we provide to you.
  We may disclose your Personal Information for legal reasons as described earlier in this policy.
  
  We attempt to notify Users about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
  
  We may disclose your Personal Information in the event of a business transfer. If we establish a new related entity, are acquired by or merged with another organization, or if substantially all of our assets are transferred to another organization, Personal Information about our users is often a transferred business asset. In the event that FullStory itself or substantially all of our assets are acquired, Personal Information about our users may be one of the transferred assets.
  
  Sale of Personal Information
  In the preceding twelve (12) months, we have not sold any Personal Information.
  
  Your Privacy Choices
  You may have certain rights relating to your Personal Information, subject to local data protection law. Whenever you choose to be a guest or visitor at one of our managed properties, we aim to provide you with choices about how we use your Personal Information. Subject to applicable law, you may obtain a copy of Personal Information we maintain about you. In addition, if you believe that Personal Information we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the “How to Contact Us” section below. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.
  
  Privacy Rights Specific to California Residents
  Under the California Consumer Privacy Act, California residents have specific rights regarding their personal information. This section describes Californians’ rights and explains how California residents can exercise those rights.
  
  Below we further outline specific rights which California residents may have under the California Consumer Privacy Act.
  
  Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection, use and disclosure of your Personal Information over the past twelve (12) months. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
  Right to Data Portability. You have the right to a “portable” copy of your Personal Information that you have submitted to us. Generally, this means you have a right to request that we move, copy or transmit your Personal Information stored on our servers or information technology environment to another service provider’s servers or information technology environment.
  Right to Delete Your Data. You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
  Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for exercising your privacy rights conferred by the California Consumer Privacy Act.
  Exercising Your Rights
  If you are a California resident who chooses to exercise your rights, you can:
  
  Submit a request via email to [email protected] or
  Call 1-833-385-5786 to submit your request.
  You may also designate an agent to exercise your privacy rights on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.
  
  Our Response to Your Request
  Upon receiving your request, we will confirm receipt of your request by [sending you an email/confirming receipt via our online portal/sending a message to your online account]. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.
  
  We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
  
  In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
  
  Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  Debug products to identify and repair errors that impair existing intended functionality;
  Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
  Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
  Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  Comply with a legal obligation; or
  Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
  Effective Date
  This Privacy Policy became effective on: December 20, 2019.

• Hosting and backend infrastructure

  This type of service has the purpose of hosting Data and files that enable this Website to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Website.

  Some services among those listed below, if any, may work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.

  iubenda Consent Solution (iubenda srl)

  iubenda Consent Solution is a service that facilitates the collection and management of proofs of consent provided by iubenda srl.

  Personal Data processed: Data communicated while using the service.

  Place of processing: Italy – Privacy Policy.

  Amazon Web Services (AWS) (Amazon Web Services, Inc.)

  Amazon Web Services (AWS) is a hosting and backend service provided by Amazon Web Services, Inc.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: Ireland – Privacy Policy; Germany – Privacy Policy.

  Uploadcare (Uploadcare, LLC.)

  Uploadcare is a hosting service provided by Uploadcare, LLC.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: United States – Privacy Policy.

• Infrastructure monitoring

  This type of service allows this Website to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
  Which Personal Data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of this Website.

  Sentry (Functional Software, Inc. )

  Sentry is a monitoring service provided by Functional Software, Inc. .

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: United States – Privacy Policy.

  Datadog (Datadog, Inc.)

  Datadog is a monitoring service provided by Datadog, Inc.
  The way Datadog is integrated means that it filters all traffic of this Website, i.e., communication between the Application and the User's browser or device, while also allowing analytical data on this Website to be collected.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: United States – Privacy Policy.

• Interaction with external social networks and platforms

  This type of service allows interaction with social networks or other external platforms directly from the pages of this Website.
  The interaction and information obtained through this Website are always subject to the User’s privacy settings for each social network.
  This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
  It is recommended to log out from the respective services in order to make sure that the processed data on this Website isn’t being connected back to the User’s profile.

  Facebook Like button and social widgets

  The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc. or by Facebook Ireland Ltd, depending on the location this Website is accessed from,

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

• Managing contacts and sending messages

  This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
  These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

  Sendgrid (Sendgrid)

  Sendgrid is an email address management and message sending service provided by Sendgrid Inc.

  Personal Data processed: email address.

  Place of processing: United States – Privacy Policy.

  Twilio (Twilio, Inc.)

  Twilio is a phone numbers management and communication service provided by Twilio, Inc.

  Personal Data processed: phone number.

  Place of processing: United States – Privacy Policy.

• Managing data collection and online surveys

  This type of service allows this Website to manage the creation, deployment, administration, distribution and analysis of online forms and surveys in order to collect, save and reuse Data from any responding Users.
  The Personal Data collected depend on the information asked and provided by the Users in the corresponding online form.

  These services may be integrated with a wide range of third-party services to enable the Owner to take subsequent steps with the Data processed - e.g. managing contacts, sending messages, analytics, advertising and payment processing.

  Facebook lead ads (Facebook Ireland Ltd)

  Facebook lead ads is an advertising and data collection service provided by Facebook Ireland Ltd that allows form-based ads to be shown to Users pre-populated with Personal Data from their Facebook profiles, such as names and email addresses. Depending on the type of advertisement, Users may be requested to provide further information.

  Form submission results in the collection and processing of these Data by the Owner under this privacy policy, and only for the specific purpose outlined on the form and/or inside this privacy policy, where provided.

  Users may exercise their rights, at any time, including the right to withdraw their consent to the processing of their Data, as specified in the section containing information about User rights in this privacy policy.

  Personal Data processed: Usage Data.

  Place of processing: Ireland – Privacy Policy – Opt out.

• Registration and authentication

  By registering or authenticating, Users allow this Website to identify them and give them access to dedicated services.
  Depending on what is described below, third parties may provide registration and authentication services. In this case, this Website will be able to access some Data, stored by these third-party services, for registration or identification purposes.
  Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service.

  Facebook Authentication (Facebook Ireland Ltd)

  Facebook Authentication is a registration and authentication service provided by Facebook Ireland Ltd and is connected to the Facebook social network.

  Personal Data processed: various types of Data as specified in the privacy policy of the service.

  Place of processing: Ireland – Privacy Policy.

  Auth0 (Auth0, Inc)

  Auth0 is a registration and authentication service provided by Auth0, Inc. To simplify the registration and authentication process, Auth0 can make use of third-party identity providers and save the information on its platform.

  Personal Data processed: Cookies; email address; first name; last name; password; picture; various types of Data as specified in the privacy policy of the service.

  Place of processing: European Union – Privacy Policy.

• Remarketing and behavioral targeting

  This type of service allows this Website and its partners to inform, optimize and serve advertising based on past use of this Website by the User.
  This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.
  Some services offer a remarketing option based on email address lists.
  In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.

  Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

  Facebook Remarketing (Facebook Ireland Ltd)

  Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook Ireland Ltd that connects the activity of this Website with the Facebook advertising network.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: Ireland – Privacy Policy – Opt Out.

• Social features

  Inviting and suggesting friends (this Website)

  This Website may use the Personal Data provided to allow Users to invite their friends - for example through the address book, if access has been provided - and to suggest friends or connections inside it.

  Personal Data processed: various types of Data.

• SPAM protection

  This type of service analyzes the traffic of this Website, potentially containing Users' Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

  Google reCAPTCHA (Google Ireland Limited)

  Google reCAPTCHA is a SPAM protection service provided by Google Ireland Limited.
  The use of reCAPTCHA is subject to the Google privacy policy and terms of use.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: Ireland – Privacy Policy.

• Tag Management

  This type of service helps the Owner to manage the tags or scripts needed on this Website in a centralized fashion.
  This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.

  Segment (Segment Inc.)

  Segment is a tag management service provided by Segment.io, Inc.

  Personal Data processed: Cookies; Usage Data.

  Place of processing: United States – Privacy Policy.

• Traffic optimization and distribution

  This type of service allows this Website to distribute their content using servers located across different countries and to optimize their performance.
  Which Personal Data are processed depends on the characteristics and the way these services are implemented. Their function is to filter communications between this Website and the User's browser.
  Considering the widespread distribution of this system, it is difficult to determine the locations to which the contents that may contain Personal Information of the User are transferred.

  Cloudflare (Cloudflare Inc.)

  Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc.
  The way Cloudflare is integrated means that it filters all the traffic through this Website, i.e., communication between this Website and the User's browser, while also allowing analytical data from this Website to be collected.

  Personal Data processed: Cookies; various types of Data as specified in the privacy policy of the service.

  Place of processing: United States – Privacy Policy.

• User database management

  This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Website, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that the Owner can display and use for improving this Website.
  Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Website.

  HubSpot CRM (HubSpot, Inc.)

  HubSpot CRM is a User database management service provided by HubSpot, Inc.

  Personal Data processed: email address; phone number; various types of Data as specified in the privacy policy of the service.

  Place of processing: United States – Privacy Policy.

  Intercom (Intercom R&D Unlimited Company)

  Intercom is a User database management service provided by Intercom R&D Unlimited Company.
  Intercom can also be used as a medium for communications, either through email, or through messages within this Website. Intercom Messenger may use Cookies and similar technologies to recognize and track Users behaviour.

  Personal Data processed: Cookies; Data communicated while using the service; email address; Universally unique identifier (UUID); Usage Data; various types of Data as specified in the privacy policy of the service.

  Place of processing: Ireland – Privacy Policy.

Further information about Personal Data

• Selling goods and services online

  The Personal Data collected are used to provide the User with services or to sell goods, including payment and possible delivery.
  The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by this Website depends on the payment system used.

The rights of Users

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

• Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
• Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
• Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
• Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
• Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
• Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Cookie Policy

This Website uses Trackers. To learn more, the User may consult the Cookie Policy.

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” requests are handled

This Website does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Website and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.