Our privacy statement discloses how we use the personal data you provide to us, both through using our products and services and when browsing our website.
Last update: August 14, 2020
ClearOPS supports privacy by default. This Privacy Statement describes the actions we (“ClearOPS” or “we” or “us” or “our”) take as a business to use your private information and protect your privacy. This Privacy Statement also provides information that permits you to take actions to protect your own privacy. This Privacy Statement applies to submissions of your information to us through the website as well as when you use our services. We are NOT self-certified on the Privacy Shield list. We DO NOT publish a separate GDPR notice. We DO host our own email, so if you send us an email, it is not also accessible by a third party provider on our side. However, we will use an email marketing service and will update this notice when we find one that appropriately protects your contact information. We DO have a valid SSL certificate for our website, so that any information you send from the website to us is encrypted in transmission. Check out our rating (note, this link is to a third party) https://www.ssllabs.com/ssltest/analyze.html?d=clearops.io. We DID use a third party, called Nice page, to create this website, but we downloaded the files and are serving them to you from our own infrastructure. We know their code that they provided to us does link back to third party providers for things like fonts and display for this website (which you can see if you right click on the website and inspect it).
We collect your personal data to sell or provide our services to you. If you fill out and then send us a filled out web form, we use the data you provide to contact you to sell you our services or for whatever purpose you filled out the form. If you send us a login and password to access our application, then we collect that information to authenticate your access. We may need to use your personal data for other access and authentication, such as other dashboards and services we may provide in the future. If you are a business and you are concerned about the data we store on your behalf, you may request our deletion of such data at any time (although deleting questionnaire responses may result in poor functioning of the service).
We sort of answered this in the prior section, but just to confirm, we use your personal data to deliver the services to you or to communicate with you or to try to sell you our services (which is part of communicating, but we want to make sure you get the point). If you want to opt out, you always have that right. We believe in the right of opt in, so if you somehow were contacted by us and you did not opt in, please let us know because that is a serious issue for us at firstname.lastname@example.org.
Who we share your personal data with and why. We do use service providers, such as AWS, so they have access to your data and you can read all about their security on their website. We use other service providers to help us with the operation of the business. Most importantly, we use Stripe for accounts receivable and so if you are a customer, your invoice information will be contained within our Stripe account. You also have the option to link your payment method to Stripe. We rely on Stripe for all payment data. If we take you out to dinner sometime in 2021 and beyond, your name may also appear in our accounting software as part of the receipt (we happily disclose this list but we keep it confidential to protect against targeted attacks). We also use LinkedIn for sales prospecting and Pipedrive for our sales CRM (and our Get in Touch page is hosted by Pipedrive, who also uses Google). Eventually, we may use other tools and we intend to update this statement when we do. We do comply with law and any valid legal requests, such as subpoenas etc. We will seek to contact you first if the subpoena or other legal request pertains to your personal data and we will also seek to limit the scope of any response. If we are unable to reach you by the deadline, then we may share your personal data without your knowledge. We are sorry about that, but you just need to check your email or listen to your voicemails or respond to the LinkedIn connection or whatever other method of contact we have for you. We may also disclose your personal information if we believe it is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of ClearOPS, our customers, users, employees, or others. We reserve the right to sell the company. In that case, we may sell, transfer or otherwise share some or all of our assets, including your information, whether personally identifiable or not, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
Retaining your information If you are a customer, you have control over the information you provide to us and may delete it or transfer it to another provider at any time. However, we will still retain some information about you such as the original contracts between you and us, payment history, invoice history, performance metrics, emails, texts and case studies on your use of our services. We may also retain copies of your documents, questionnaires etc. in our backups until the backups are purged. Contact us at email@example.com for more information or to discuss options.
Children, International Users Our website is not targeted at children and we don’t know why any child would be interested in our website or services. We are aware that those outside of the United States may be interested in our services. Under GDPR, we are considered a controller since the information we collect is our customer’s business information. If you do reside outside of the United States, all our databases are located in the United States.
Changes to this Privacy Statement We are a young company and our services will be changing and, for that reason, so will this privacy statement. Since we are an opt in company, we will only send you emails about changes if you send us an email opting in to firstname.lastname@example.org. Otherwise, we will post changes on the website. If you want to know specifics about the changes, you may also email us at email@example.com.
The European Union (“EU”) privacy regulation, the General Data Protection Regulation (“GDPR”) went into effect on May 25, 2018. The GDPR impacts companies located in the EU or when they are processing data of EU residents, among other criteria. ClearOPS strives to meet global privacy regulations and is committed to GDPR compliance. The principles of GDPR include putting the data subject in control of their data, providing them with access and correction rights, minimizing data collection, securing the data and maintainin accuracy of the data. It is important to note, there is no certified compliance program for the GDPR, and there is no set checklist of required actions for GDPR compliance. As a result, GDPR compliance is a continual process for ClearOPS.
Privacy Shield Disclosure
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. To be assured of Privacy Shield benefits, an organization must self-certify annually to the Department of Commerce that it agrees to adhere to the Privacy Shield Principles, a detailed set of requirements based on privacy principles such as notice, choice, access, and accountability for onward transfer. The website for the Privacy Shield is located here: https://www.privacyshield.gov As of the date written above, ClearOPS does not have any EU offices but it will enter into standard contractual clauses for the processing of contact information provided in questionnaires. As of July 16, 2020, the CJEU invalidated the Privacy Shield. ClearOPS did not seek self-certification and therefore did not rely on the EU-U.S. Privacy Shield prior to July 16, 2020, nor does it after such date.
The California Consumer Privacy Act ("CCPA") is a comprehensive privacy law that took effect on January 1, 2020. CCPA is a step forward in the United States for shaping data protection requirements.The CCPA creates several new rights so individuals may control access and use of their personal information. These include the right to access or delete personal information collected by a business and the right to opt out of a "sale" of their personal information. However, transfers to "service providers" are not considered "sales." ClearOPS is a "service provider" as defined under the CCPA. ClearOPS does not sell personal information. ClearOPS does (a) engage other service providers as subcontractors, where the subcontractor also meets the requirements for a service provider under the CCPA; (b) use personal information for providing the services and for internal use by ClearOPS to build or improve the quality of our services, but that use does not include building or modifying household or consumer profiles, or cleaning or augmenting personal information acquired from another source; (c) use personal information to detect security incidents; and (d) use personal information to protect against fraudulent or illegal activity or for reasons specified in CCPA, subsections 1798.145(a)(1) – (a)(4) (e.g., to comply with laws).