### Company : docusign.txt ### Question 1 | Answer 1 | Justification This Privacy Policy sets out how DocuSign, Inc. and its group of companies ( us, our, or we ) collect and use personal information from customers and other individuals (collectively "you") who access or use our websites, including docusign.com and docusign.net, our mobile applications, our web client or professional client, and or any of our other sites, products, or services that link to this Privacy Policy (the Services ). Question 2 | Answer 1 | Justification Unless otherwise defined in this DPA, capitalized terms will have the meaning given to them in the Agreement. Question 3 | Answer 1 | Justification DocuSign has adopted Binding Corporate Rules to facilitate the transfer of personal information from the EEA to DocuSign outside of the EEA. Question 4 | Answer 0 | Justification DocuSign has adopted Binding Corporate Rules to facilitate the transfer of personal information from the EEA to DocuSign outside of the EEA. Question 5 | Answer 0 | Justification Question 6 | Answer 0 | Justification Question 7 | Answer 0 | Justification Question 8 | Answer 1 | Justification DocuSign has adopted Binding Corporate Rules to facilitate the transfer of personal information from the EEA to DocuSign outside of the EEA. Question 9 | Answer 840 | Justification You represent and warrant that you are: (a) of legal age (18 years of age or older or otherwise of legal age in your resident jurisdiction) and competent to agree to these Terms; and (b) you (or your Authorized Users, as applicable) are not and will not when using the Site be located in, under the control of, or a national or resident of a usa embargoed country or territory and are not a prohibited end user under Export Control Laws (as defined in Section 12.3). Question 10 | Answer 0 | Justification You represent and warrant that you are: (a) of legal age (18 years of age or older or otherwise of legal age in your resident jurisdiction) and competent to agree to these Terms; and (b) you (or your Authorized Users, as applicable) are not and will not when using the Site be located in, under the control of, or a national or resident of a usa embargoed country or territory and are not a prohibited end user under Export Control Laws (as defined in Section 12.3). Question 11 | Answer 840 | Justification You represent and warrant that you are: (a) of legal age (18 years of age or older or otherwise of legal age in your resident jurisdiction) and competent to agree to these Terms; and (b) you (or your Authorized Users, as applicable) are not and will not when using the Site be located in, under the control of, or a national or resident of a usa embargoed country or territory and are not a prohibited end user under Export Control Laws (as defined in Section 12.3). Question 12 | Answer 0 | Justification You represent and warrant that you are: (a) of legal age (18 years of age or older or otherwise of legal age in your resident jurisdiction) and competent to agree to these Terms; and (b) you (or your Authorized Users, as applicable) are not and will not when using the Site be located in, under the control of, or a national or resident of a usa embargoed country or territory and are not a prohibited end user under Export Control Laws (as defined in Section 12.3). Question 13 | Answer 0 | Justification [''] Question 14 | Answer 1 | Justification Here are some examples of how we use the personal information we process: Provide you with the Services and products you request and collect payments Send you records of our relationship, including for purchases or other events Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you Record details about what happens with electronic documents, such as who viewed or signed, the devices used and when these events occur Run sweepstakes, contests, and refer-a-friend programs Choose and deliver content and tailored advertising, and support the marketing and advertising of our Services Create and review data about our users and how they use our Services Test changes in our Services and develop new features and products Fix problems you may have with our Services, including answering support questions and resolving disputes Manage the Services platform including support systems and security Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior Comply with legal obligations Meet legal retention periods Other Uses. Question 15 | Answer 1 | Justification Some examples include: IP address Precise geolocation information that you allow our apps to access (usually from your mobile device) Unique device identifiers and device attributes, like operating system and browser type Usage data, such as: web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used our Services, the frequency of your use of our Services, error logs, and other similar information Transactional data, such as: names and email addresses of parties to a transaction, subject line, history of actions that individuals take on a transaction(e.g. review, sign, enable features) and personal information about those individuals or their devices, such as name, email address, IP address, and authentication methods Cookies and Related Technologies. Question 16 | Answer 1 | Justification DocuSign s core product and Services help users create, complete, and show the validity of digital or electronic transactions, such as electronically signing a contract for mobile phone services or placing a digital signature on a loan application. Question 17 | Answer 1 | Justification California residents may ask for a list of third parties that have received your personal information for direct marketing purposes during the previous calendar year. Question 18 | Answer 0 | Justification With respect to Personal Data Processed by DocuSign or DocuSign Affiliate as a Processor on behalf of Customer or Customer Affiliate or as a Subprocessor where Customer Processes such Personal Data on behalf of its customers (or both), DocuSign will: (a) Process Personal Data only as necessary to provide the Services in accordance with the terms of the Agreement or as instructed by Customer in writing, including in electronic form, and consistent with the terms of the Agreement; and (b) not disclose Personal Data to third parties except: (i) to employees, service providers, or advisers who have a need to know the Personal Data and are under confidentiality obligations at least as restrictive as those described under this DPA or (ii) as required to comply with valid legal process in accordance with the terms of the Agreement. Question 19 | Answer 0 | Justification With respect to Personal Data Processed by DocuSign or DocuSign Affiliate as a Processor on behalf of Customer or Customer Affiliate or as a Subprocessor where Customer Processes such Personal Data on behalf of its customers (or both), DocuSign will: (a) Process Personal Data only as necessary to provide the Services in accordance with the terms of the Agreement or as instructed by Customer in writing, including in electronic form, and consistent with the terms of the Agreement; and (b) not disclose Personal Data to third parties except: (i) to employees, service providers, or advisers who have a need to know the Personal Data and are under confidentiality obligations at least as restrictive as those described under this DPA or (ii) as required to comply with valid legal process in accordance with the terms of the Agreement. Question 20 | Answer 0 | Justification With respect to Personal Data Processed by DocuSign or DocuSign Affiliate as a Processor on behalf of Customer or Customer Affiliate or as a Subprocessor where Customer Processes such Personal Data on behalf of its customers (or both), DocuSign will: (a) Process Personal Data only as necessary to provide the Services in accordance with the terms of the Agreement or as instructed by Customer in writing, including in electronic form, and consistent with the terms of the Agreement; and (b) not disclose Personal Data to third parties except: (i) to employees, service providers, or advisers who have a need to know the Personal Data and are under confidentiality obligations at least as restrictive as those described under this DPA or (ii) as required to comply with valid legal process in accordance with the terms of the Agreement. Question 21 | Answer 1 | Justification The parties agree that the audit reports and audit rights provided under the Processor Code and Agreement will be used to satisfy any audit or inspection requests by or on behalf of Customer and to demonstrate compliance with applicable obligations of DocuSign under this DPA. Question 22 | Answer 1 | Justification Here are some examples of how we use the personal information we process: Provide you with the Services and products you request and collect payments Send you records of our relationship, including for purchases or other events Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you Record details about what happens with electronic documents, such as who viewed or signed, the devices used and when these events occur Run sweepstakes, contests, and refer-a-friend programs Choose and deliver content and tailored advertising, and support the marketing and advertising of our Services Create and review data about our users and how they use our Services Test changes in our Services and develop new features and products Fix problems you may have with our Services, including answering support questions and resolving disputes Manage the Services platform including support systems and security Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior Comply with legal obligations Meet legal retention periods Other Uses. ### Company : hotjar.txt ### Question 1 | Answer 1 | Justification DOCUMENT Privacy Policy https: www.hotjar.com legal policies privacy Privacy Policy We will NEVER sell your personal data to anyone. Question 2 | Answer 1 | Justification Customers who would like to enable this particular feature should sign a Data Processing Agreement with Hotjar. Question 3 | Answer 1 | Justification International Transfers of Personal Data Hotjar s customer information is stored in the European Union. In some limited cases, customer information may be accessed from, or other data (e.g., e-mail) may be transferred to, the usa or other countries which may have data protection laws that are different from the laws where you live. Question 4 | Answer 0 | Justification International Transfers of Personal Data Hotjar s customer information is stored in the European Union. In some limited cases, customer information may be accessed from, or other data (e.g., e-mail) may be transferred to, the usa or other countries which may have data protection laws that are different from the laws where you live. Question 5 | Answer 840 | Justification International Transfers of Personal Data Hotjar s customer information is stored in the European Union. In some limited cases, customer information may be accessed from, or other data (e.g., e-mail) may be transferred to, the usa or other countries which may have data protection laws that are different from the laws where you live. Question 6 | Answer 0 | Justification International Transfers of Personal Data Hotjar s customer information is stored in the European Union. In some limited cases, customer information may be accessed from, or other data (e.g., e-mail) may be transferred to, the usa or other countries which may have data protection laws that are different from the laws where you live. Question 7 | Answer 0 | Justification International Transfers of Personal Data Hotjar s customer information is stored in the European Union. In some limited cases, customer information may be accessed from, or other data (e.g., e-mail) may be transferred to, the usa or other countries which may have data protection laws that are different from the laws where you live. Question 8 | Answer 1 | Justification This includes signing a Data Processing Agreement (together with Standard Contractual Clauses, where applicable) with all of our sub-processors and ensuring they all have supplementary measures in place, where applicable. Question 9 | Answer 470 | Justification The parties agree that any dispute or claim arising out of or in connection with this Agreement or its subject-matter, shall be subject to the exclusive jurisdiction of the Malta Arbitration Centre in accordance with the Arbitration Act (Cap. 387 of the Laws of Malta) and the arbitration rules of the Malta Arbitration Centre in force at the time of the dispute. Question 10 | Answer 0 | Justification The parties agree that any dispute or claim arising out of or in connection with this Agreement or its subject-matter, shall be subject to the exclusive jurisdiction of the Malta Arbitration Centre in accordance with the Arbitration Act (Cap. 387 of the Laws of Malta) and the arbitration rules of the Malta Arbitration Centre in force at the time of the dispute. Question 11 | Answer 470 | Justification The parties agree that any dispute or claim arising out of or in connection with this Agreement or its subject-matter, shall be subject to the exclusive jurisdiction of the Malta Arbitration Centre in accordance with the Arbitration Act (Cap. 387 of the Laws of Malta) and the arbitration rules of the Malta Arbitration Centre in force at the time of the dispute. Question 12 | Answer 0 | Justification The parties agree that any dispute or claim arising out of or in connection with this Agreement or its subject-matter, shall be subject to the exclusive jurisdiction of the Malta Arbitration Centre in accordance with the Arbitration Act (Cap. 387 of the Laws of Malta) and the arbitration rules of the Malta Arbitration Centre in force at the time of the dispute. Question 13 | Answer 0 | Justification [''] Question 14 | Answer 1 | Justification The extent of the Service(s) to which You may have access to may be dependent on the relevant Subscription Plan, Subscription Term and respective and timely payment of Service fees to Hotjar. Question 15 | Answer 1 | Justification Access and Disclosure to Third Parties Hotjar does not sell, and has not sold, consumers Personal Data at any time. Question 16 | Answer 1 | Justification Sub-Processor Country Service Sub-Processor Measures Amazon Web Services, Ireland, Cloud Service Provider, Shared Responsibility Model Datadog, usa Real-time alerts and monitoring service, Security, Data Protection, and Compliance practices Sentry, usa Application monitoring and error tracking, Security and Compliance commitments Hotjar is committed to ensuring that all of its sub-processors have the appropriate legal and security safeguards in place to ensure that your data will remain protected to the highest standards. Question 17 | Answer 1 | Justification DOCUMENT Sub-Processors used by Hotjar https: help.hotjar.com hc en-us articles 360058514233-Sub-Processors-used-by-Hotjar Sub-Processors used by Hotjar Please see the below list of sub-processors that Hotjar has engaged with, the country they operate from, and the service(s) they provide. Question 18 | Answer 372 | Justification Sub-Processor Country Service Sub-Processor Measures Amazon Web Services, Ireland, Cloud Service Provider, Shared Responsibility Model Datadog, usa Real-time alerts and monitoring service, Security, Data Protection, and Compliance practices Sentry, usa Application monitoring and error tracking, Security and Compliance commitments Hotjar is committed to ensuring that all of its sub-processors have the appropriate legal and security safeguards in place to ensure that your data will remain protected to the highest standards. Question 19 | Answer 840 | Justification Sub-Processor Country Service Sub-Processor Measures Amazon Web Services, Ireland, Cloud Service Provider, Shared Responsibility Model Datadog, usa Real-time alerts and monitoring service, Security, Data Protection, and Compliance practices Sentry, usa Application monitoring and error tracking, Security and Compliance commitments Hotjar is committed to ensuring that all of its sub-processors have the appropriate legal and security safeguards in place to ensure that your data will remain protected to the highest standards. Question 20 | Answer 0 | Justification Sub-Processor Country Service Sub-Processor Measures Amazon Web Services, Ireland, Cloud Service Provider, Shared Responsibility Model Datadog, usa Real-time alerts and monitoring service, Security, Data Protection, and Compliance practices Sentry, usa Application monitoring and error tracking, Security and Compliance commitments Hotjar is committed to ensuring that all of its sub-processors have the appropriate legal and security safeguards in place to ensure that your data will remain protected to the highest standards. Question 21 | Answer 0 | Justification [''] Question 22 | Answer 1 | Justification Following termination of your account, we may retain your personal data (in part or in whole) in order to meet any regulatory and reporting requirements for the timeframes stipulated by law and in order to be able to address customer service issues. ### Company : iadvize.txt ### Question 1 | Answer 1 | Justification We use data to: Collection of GDPR consents (articles 6 to 8) Why do we use data : Legal obligation How long do we retain data for: Five years after the end of validity of the consent Which third parties may receive data : None Where might data be transferred : Not specified What data comes from external sources : None Conversation recording Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : France, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources :None Direct marketing absent a prior contact with the persons (scraping) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, France (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing absent a prior contact with the persons (social networks) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing after prior contact with the persons Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Contact files, Business cards, Device or connection data Direct marketing expressly requested by the persons (newsletter) Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Device or connection data Your rights You retain full rights on your data. Question 2 | Answer 0 | Justification [''] Question 3 | Answer 0 | Justification [''] Question 4 | Answer 1 | Justification [''] Question 5 | Answer 0 | Justification Question 6 | Answer 0 | Justification Question 7 | Answer 0 | Justification Question 8 | Answer 1 | Justification We use data to: Collection of GDPR consents (articles 6 to 8) Why do we use data : Legal obligation How long do we retain data for: Five years after the end of validity of the consent Which third parties may receive data : None Where might data be transferred : Not specified What data comes from external sources : None Conversation recording Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : France, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources :None Direct marketing absent a prior contact with the persons (scraping) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, France (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing absent a prior contact with the persons (social networks) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing after prior contact with the persons Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Contact files, Business cards, Device or connection data Direct marketing expressly requested by the persons (newsletter) Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Device or connection data Your rights You retain full rights on your data. Question 9 | Answer 0 | Justification Question 10 | Answer 0 | Justification Question 11 | Answer 0 | Justification Question 12 | Answer 0 | Justification Question 13 | Answer 1 | Justification DOCUMENT Security Privacy https: www.iadvize.com en product security-privacy Compliance and security of the iAdvize infrastructure iAdvize uses an infrastructure which is compliant with the ISO27001, ISO9001, SOC and PCI-DSS 3.2 Level 1 international certifications and certificates. Question 14 | Answer 1 | Justification DOCUMENT Pricing https: landing.iadvize.com en pricing-iadvize Customised pricing for your business Solene will contact you shortly to discuss your pricing request. Question 15 | Answer 1 | Justification We use data to: Collection of GDPR consents (articles 6 to 8) Why do we use data : Legal obligation How long do we retain data for: Five years after the end of validity of the consent Which third parties may receive data : None Where might data be transferred : Not specified What data comes from external sources : None Conversation recording Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : France, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources :None Direct marketing absent a prior contact with the persons (scraping) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, France (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing absent a prior contact with the persons (social networks) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing after prior contact with the persons Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Contact files, Business cards, Device or connection data Direct marketing expressly requested by the persons (newsletter) Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Device or connection data Your rights You retain full rights on your data. Question 16 | Answer 1 | Justification We use data to: Collection of GDPR consents (articles 6 to 8) Why do we use data : Legal obligation How long do we retain data for: Five years after the end of validity of the consent Which third parties may receive data : None Where might data be transferred : Not specified What data comes from external sources : None Conversation recording Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : France, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources :None Direct marketing absent a prior contact with the persons (scraping) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, France (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing absent a prior contact with the persons (social networks) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing after prior contact with the persons Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Contact files, Business cards, Device or connection data Direct marketing expressly requested by the persons (newsletter) Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Device or connection data Your rights You retain full rights on your data. Question 17 | Answer 0 | Justification [''] Question 18 | Answer 246 | Justification We use data to: Collection of GDPR consents (articles 6 to 8) Why do we use data : Legal obligation How long do we retain data for: Five years after the end of validity of the consent Which third parties may receive data : None Where might data be transferred : Not specified What data comes from external sources : None Conversation recording Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : France, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources :None Direct marketing absent a prior contact with the persons (scraping) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, France (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing absent a prior contact with the persons (social networks) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing after prior contact with the persons Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Contact files, Business cards, Device or connection data Direct marketing expressly requested by the persons (newsletter) Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Device or connection data Your rights You retain full rights on your data. Question 19 | Answer 250 | Justification We use data to: Collection of GDPR consents (articles 6 to 8) Why do we use data : Legal obligation How long do we retain data for: Five years after the end of validity of the consent Which third parties may receive data : None Where might data be transferred : Not specified What data comes from external sources : None Conversation recording Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : France, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources :None Direct marketing absent a prior contact with the persons (scraping) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, France (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing absent a prior contact with the persons (social networks) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing after prior contact with the persons Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Contact files, Business cards, Device or connection data Direct marketing expressly requested by the persons (newsletter) Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Device or connection data Your rights You retain full rights on your data. Question 20 | Answer 276 | Justification We use data to: Collection of GDPR consents (articles 6 to 8) Why do we use data : Legal obligation How long do we retain data for: Five years after the end of validity of the consent Which third parties may receive data : None Where might data be transferred : Not specified What data comes from external sources : None Conversation recording Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : France, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources :None Direct marketing absent a prior contact with the persons (scraping) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, France (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing absent a prior contact with the persons (social networks) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing after prior contact with the persons Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Contact files, Business cards, Device or connection data Direct marketing expressly requested by the persons (newsletter) Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Device or connection data Your rights You retain full rights on your data. Question 21 | Answer 0 | Justification [''] Question 22 | Answer 2 | Justification We use data to: Collection of GDPR consents (articles 6 to 8) Why do we use data : Legal obligation How long do we retain data for: Five years after the end of validity of the consent Which third parties may receive data : None Where might data be transferred : Not specified What data comes from external sources : None Conversation recording Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : France, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources :None Direct marketing absent a prior contact with the persons (scraping) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, France (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing absent a prior contact with the persons (social networks) Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Device or connection data Direct marketing after prior contact with the persons Why do we use data : Legitimate interest How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Finland, Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Professional life, Identity contact, Contact files, Business cards, Device or connection data Direct marketing expressly requested by the persons (newsletter) Why do we use data : Consent of the person How long do we retain data for : Three years following the last contact from the person Which third parties may receive data : Service provider, Affiliate Where might data be transferred : Germany (Privacy shield, Standard contractual clauses) What data comes from external sources : Device or connection data Your rights You retain full rights on your data. ### Company : mailjet.txt ### Question 1 | Answer 1 | Justification This means that we are responsible for deciding how we hold and use personal data about you. Question 2 | Answer 1 | Justification You can request to sign our Data Processing Agreement which lists out all our important sub processors used and the measures in place to ensure proper data protections. Question 3 | Answer 1 | Justification Your platform will be hosted from their data centers throughout the usa or Europe, based on where you have selected to deploy our services. Question 4 | Answer 0 | Justification (b) Mailgun may terminate this DPA and the Standard Contractual Clauses if Mailgun offers alternative mechanisms to Customer that comply with the obligations of the European Union privacy laws for the transfer of Personal Data outside the EEA. Question 5 | Answer 840 | Justification Your platform will be hosted from their data centers throughout the usa or Europe, based on where you have selected to deploy our services. Question 6 | Answer 0 | Justification Your platform will be hosted from their data centers throughout the usa or Europe, based on where you have selected to deploy our services. Question 7 | Answer 0 | Justification Your platform will be hosted from their data centers throughout the usa or Europe, based on where you have selected to deploy our services. Question 8 | Answer 1 | Justification When we need to provide your personal data to third parties, we will only share it to the extent necessary to provide you with our services, and we ensure that we have in place data protection requirements with these third parties (including standard contractual clauses as well as the requisite technical and organisational measures). Question 9 | Answer 840 | Justification GOVERNING LAW 15.1 The Agreement is governed by the laws of the State of Texas, usa exclusive of any choice of law principle that would require the application of the law of a different jurisdiction, and the laws of the usa of America including the Federal Arbitration Act, 9 usa C. 1, et seq. Question 10 | Answer 0 | Justification GOVERNING LAW 15.1 The Agreement is governed by the laws of the State of Texas, usa exclusive of any choice of law principle that would require the application of the law of a different jurisdiction, and the laws of the usa of America including the Federal Arbitration Act, 9 usa C. 1, et seq. Question 11 | Answer 840 | Justification GOVERNING LAW 15.1 The Agreement is governed by the laws of the State of Texas, usa exclusive of any choice of law principle that would require the application of the law of a different jurisdiction, and the laws of the usa of America including the Federal Arbitration Act, 9 usa C. 1, et seq. Question 12 | Answer 0 | Justification GOVERNING LAW 15.1 The Agreement is governed by the laws of the State of Texas, usa exclusive of any choice of law principle that would require the application of the law of a different jurisdiction, and the laws of the usa of America including the Federal Arbitration Act, 9 usa C. 1, et seq. Question 13 | Answer 1 | Justification Additionally, all providers are SOC Type II and ISO 27001 certified. Question 14 | Answer 1 | Justification Payment Providers: We use a StripeŽ and Chargify, to process subscription payments, and therefore provide them with the personal data required to charge your credit card and maintain any payment mandate information as law requires. Question 15 | Answer 1 | Justification Except for the limited circumstances we describe here or in an applicable agreement or our Terms of service, we do not share your personal data with third parties. Question 16 | Answer 1 | Justification Customer engagement: We use third-party service providers and platforms (such as Gainsight, Customer.io, Salesforce, Uservoice, Zapier, and Zendesk) for customer engagement, customer chat, product feedback and customer support ticketing. Question 17 | Answer 1 | Justification You can request to sign our Data Processing Agreement which lists out all our important sub processors used and the measures in place to ensure proper data protections. Question 18 | Answer 100 | Justification ANNEX 2 AUTHORIZED SUB-PROCESSORS AS OF THE DPA EFFECTIVE DATE Infrastructure Sub-Processors Company, Server Location, Description of Activities Google Platform, Germany and usa datacenter Rackspace (AWS), usa and Germany, Datacenter, Proxiad Bulgaria, Bulgaria, Ticket supports functions and TAM functions Mailgun Technologies, usa Group company Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95 46 EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection The Customer entity that is a party to the DPA to which these Standard Contractual Clauses are attached. Question 19 | Answer 276 | Justification ANNEX 2 AUTHORIZED SUB-PROCESSORS AS OF THE DPA EFFECTIVE DATE Infrastructure Sub-Processors Company, Server Location, Description of Activities Google Platform, Germany and usa datacenter Rackspace (AWS), usa and Germany, Datacenter, Proxiad Bulgaria, Bulgaria, Ticket supports functions and TAM functions Mailgun Technologies, usa Group company Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95 46 EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection The Customer entity that is a party to the DPA to which these Standard Contractual Clauses are attached. Question 20 | Answer 840 | Justification ANNEX 2 AUTHORIZED SUB-PROCESSORS AS OF THE DPA EFFECTIVE DATE Infrastructure Sub-Processors Company, Server Location, Description of Activities Google Platform, Germany and usa datacenter Rackspace (AWS), usa and Germany, Datacenter, Proxiad Bulgaria, Bulgaria, Ticket supports functions and TAM functions Mailgun Technologies, usa Group company Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95 46 EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection The Customer entity that is a party to the DPA to which these Standard Contractual Clauses are attached. Question 21 | Answer 1 | Justification The Customer shall be responsible for any costs and expenses of Processor arising from the provision of such audit rights. Question 22 | Answer 1 | Justification For how long do we retain your personal data? ### Company : marvelapp.txt ### Question 1 | Answer 1 | Justification Marvel Prototyping Limited respects your privacy and is committed to protecting your personal data. Question 2 | Answer 1 | Justification DOCUMENT Data Processing Addendum https: marvelapp.com data-processing-addendum Data Processing Addendum Marvel Prototyping Limited ( Marvel we us our ) has contracted to provide you ( you , your(s) , user ) with our design, prototyping and collaboration software as a service through the MarvelApp.com website and or Marvel mobile application ( Services ). Question 3 | Answer 1 | Justification International transfers Our third party service providers may be based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Question 4 | Answer 0 | Justification International transfers Our third party service providers may be based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Question 5 | Answer 0 | Justification Question 6 | Answer 0 | Justification Question 7 | Answer 0 | Justification Question 8 | Answer 0 | Justification [''] Question 9 | Answer 826 | Justification These terms are governed by English law and the parties agree to submit to the exclusive jurisdiction of the English Courts. Question 10 | Answer 0 | Justification These terms are governed by English law and the parties agree to submit to the exclusive jurisdiction of the English Courts. Question 11 | Answer 826 | Justification These terms are governed by English law and the parties agree to submit to the exclusive jurisdiction of the English Courts. Question 12 | Answer 0 | Justification These terms are governed by English law and the parties agree to submit to the exclusive jurisdiction of the English Courts. Question 13 | Answer 0 | Justification [''] Question 14 | Answer 1 | Justification Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us including the type of card used for a particular transaction (but not any other card details). Question 15 | Answer 1 | Justification This privacy notice tells you the types of information we collect about you when you visit our Site https: marvelapp.com (the Site ) and use our products and services or which we otherwise obtain directly from you or from a third party, how we use that information, and the instances in which we share your information. Question 16 | Answer 1 | Justification Service providers who provide IT and system administration services. Question 17 | Answer 0 | Justification [''] Question 18 | Answer 0 | Justification Question 19 | Answer 0 | Justification Question 20 | Answer 0 | Justification Question 21 | Answer 1 | Justification maintain complete and accurate records and information to show we have complied with these terms; and permit you (or your third party auditor) to audit our compliance with these terms on giving reasonable notice to us, provided that any third party auditor mandated by you to conduct such audit has entered into confidentiality undertakings which are satisfactory to us, the audit is at your expense, and you use reasonable endeavours to ensure that any such audit is designed to minimise disruption to our business. Question 22 | Answer 1 | Justification Data retention We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. ### Company : postman.txt ### Question 1 | Answer 1 | Justification To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. Question 2 | Answer 0 | Justification [''] Question 3 | Answer 1 | Justification How we transfer information we collect internationally International transfers of information we collect We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Question 4 | Answer 0 | Justification How we transfer information we collect internationally International transfers of information we collect We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Question 5 | Answer 840 | Justification Our primary and backup hosting facilities are in the usa Question 6 | Answer 0 | Justification Our primary and backup hosting facilities are in the usa Question 7 | Answer 0 | Justification Our primary and backup hosting facilities are in the usa Question 8 | Answer 1 | Justification When we share information of customers in the European Economic Area, the uk or Switzerland, we make use of the European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer. Question 9 | Answer 840 | Justification Indemnity And Liability Postman will defend you from any claim made by a third party that the your Use of the Product infringes a usa or European Union patent or a registered copyright (a Claim ), and we will indemnify you and hold you harmless against any damages and costs finally awarded by a court of competent jurisdiction or agreed to in a settlement by Postman (including reasonable attorneys fees) arising out of a Claim, provided that we have received from you: (a) prompt written notice of the claim (but in any event notice in sufficient time for us to respond without prejudice); (b) reasonable assistance in the defense and investigation of the claim, including providing us a copy of the claim and all relevant evidence in your possession, custody or control; and (c) the exclusive right to control and direct the investigation, defense, and settlement (if applicable) of the claim. Question 10 | Answer 0 | Justification Indemnity And Liability Postman will defend you from any claim made by a third party that the your Use of the Product infringes a usa or European Union patent or a registered copyright (a Claim ), and we will indemnify you and hold you harmless against any damages and costs finally awarded by a court of competent jurisdiction or agreed to in a settlement by Postman (including reasonable attorneys fees) arising out of a Claim, provided that we have received from you: (a) prompt written notice of the claim (but in any event notice in sufficient time for us to respond without prejudice); (b) reasonable assistance in the defense and investigation of the claim, including providing us a copy of the claim and all relevant evidence in your possession, custody or control; and (c) the exclusive right to control and direct the investigation, defense, and settlement (if applicable) of the claim. Question 11 | Answer 840 | Justification Indemnity And Liability Postman will defend you from any claim made by a third party that the your Use of the Product infringes a usa or European Union patent or a registered copyright (a Claim ), and we will indemnify you and hold you harmless against any damages and costs finally awarded by a court of competent jurisdiction or agreed to in a settlement by Postman (including reasonable attorneys fees) arising out of a Claim, provided that we have received from you: (a) prompt written notice of the claim (but in any event notice in sufficient time for us to respond without prejudice); (b) reasonable assistance in the defense and investigation of the claim, including providing us a copy of the claim and all relevant evidence in your possession, custody or control; and (c) the exclusive right to control and direct the investigation, defense, and settlement (if applicable) of the claim. Question 12 | Answer 0 | Justification Indemnity And Liability Postman will defend you from any claim made by a third party that the your Use of the Product infringes a usa or European Union patent or a registered copyright (a Claim ), and we will indemnify you and hold you harmless against any damages and costs finally awarded by a court of competent jurisdiction or agreed to in a settlement by Postman (including reasonable attorneys fees) arising out of a Claim, provided that we have received from you: (a) prompt written notice of the claim (but in any event notice in sufficient time for us to respond without prejudice); (b) reasonable assistance in the defense and investigation of the claim, including providing us a copy of the claim and all relevant evidence in your possession, custody or control; and (c) the exclusive right to control and direct the investigation, defense, and settlement (if applicable) of the claim. Question 13 | Answer 0 | Justification [''] Question 14 | Answer 1 | Justification Payment Information: We collect certain payment and billing information when you register for certain paid Services. Question 15 | Answer 1 | Justification You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Services. Question 16 | Answer 1 | Justification Third party Sub-processor Purpose Address Amazon Web Services Cloud services provider 410 Terry Avenue N. Seattle, WA 98109 usa Stripe, Inc. Payment processor 185 Berry St., Suite 550 San Francisco, CA 94107 usa Marketo, Inc. Marketing automation software 901 Mariners Island Blvd., Suite 500 San Mateo, CA 94404 usa Zendesk Inc. Support 1019 Market St. Question 17 | Answer 1 | Justification The Product includes certain code and libraries licensed to us by third parties, including open source software ( OSS ) as listed at postman.com dependencies along with the applicable OSS license. Question 18 | Answer 840 | Justification Third party Sub-processor Purpose Address Amazon Web Services Cloud services provider 410 Terry Avenue N. Seattle, WA 98109 usa Stripe, Inc. Payment processor 185 Berry St., Suite 550 San Francisco, CA 94107 usa Marketo, Inc. Marketing automation software 901 Mariners Island Blvd., Suite 500 San Mateo, CA 94404 usa Zendesk Inc. Support 1019 Market St. Question 19 | Answer 0 | Justification Third party Sub-processor Purpose Address Amazon Web Services Cloud services provider 410 Terry Avenue N. Seattle, WA 98109 usa Stripe, Inc. Payment processor 185 Berry St., Suite 550 San Francisco, CA 94107 usa Marketo, Inc. Marketing automation software 901 Mariners Island Blvd., Suite 500 San Mateo, CA 94404 usa Zendesk Inc. Support 1019 Market St. Question 20 | Answer 0 | Justification Third party Sub-processor Purpose Address Amazon Web Services Cloud services provider 410 Terry Avenue N. Seattle, WA 98109 usa Stripe, Inc. Payment processor 185 Berry St., Suite 550 San Francisco, CA 94107 usa Marketo, Inc. Marketing automation software 901 Mariners Island Blvd., Suite 500 San Mateo, CA 94404 usa Zendesk Inc. Support 1019 Market St. Question 21 | Answer 0 | Justification [''] Question 22 | Answer 2 | Justification Account information: We retain your account information for as long as your account is active and up to 15 days thereafter. ### Company : slack.txt ### Question 1 | Answer 1 | Justification The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement ( Customer ) controls its instance of the Services (its Workspace ) and any associated Customer Data. Question 2 | Answer 1 | Justification DOCUMENT DPA https: slack.com intl en-fr terms-of-service data-processing DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms a part of the Customer Terms of Service found at https: slack.com terms-of-service, unless Customer has entered into a superseding written master subscription agreement with Slack, in which case, it forms a part of such written agreement (in either case, the Agreement ). Question 3 | Answer 1 | Justification International Data Transfers Slack may transfer your Personal Data to countries other than the one in which you live. Question 4 | Answer 0 | Justification International Data Transfers Slack may transfer your Personal Data to countries other than the one in which you live. Question 5 | Answer 840 | Justification Infrastructure Subprocessors Slack may use the following Subprocessors to host Customer Data or provide other infrastructure that helps with delivery of our Services: Entity Name Subprocessing Activities Entity Country Amazon Web Services, Inc. Cloud Service Provider usa Google LLC Cloud Service Provider usa Other Subprocessors Slack may use the following Subprocessors to perform other Service functions: Entity Name Subprocessing Activities Entity Country Zendesk, Inc. Cloud-based Customer Support Services usa Slack Affiliates Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services provided, Slack may also engage one or more of its Affiliates as Subprocessors to deliver some or all of the Services provided to a Customer Updates As our business grows and evolves, the Subprocessors we engage may also change. Question 6 | Answer 0 | Justification Infrastructure Subprocessors Slack may use the following Subprocessors to host Customer Data or provide other infrastructure that helps with delivery of our Services: Entity Name Subprocessing Activities Entity Country Amazon Web Services, Inc. Cloud Service Provider usa Google LLC Cloud Service Provider usa Other Subprocessors Slack may use the following Subprocessors to perform other Service functions: Entity Name Subprocessing Activities Entity Country Zendesk, Inc. Cloud-based Customer Support Services usa Slack Affiliates Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services provided, Slack may also engage one or more of its Affiliates as Subprocessors to deliver some or all of the Services provided to a Customer Updates As our business grows and evolves, the Subprocessors we engage may also change. Question 7 | Answer 0 | Justification Infrastructure Subprocessors Slack may use the following Subprocessors to host Customer Data or provide other infrastructure that helps with delivery of our Services: Entity Name Subprocessing Activities Entity Country Amazon Web Services, Inc. Cloud Service Provider usa Google LLC Cloud Service Provider usa Other Subprocessors Slack may use the following Subprocessors to perform other Service functions: Entity Name Subprocessing Activities Entity Country Zendesk, Inc. Cloud-based Customer Support Services usa Slack Affiliates Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services provided, Slack may also engage one or more of its Affiliates as Subprocessors to deliver some or all of the Services provided to a Customer Updates As our business grows and evolves, the Subprocessors we engage may also change. Question 8 | Answer 1 | Justification Slack offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union and the uk and other international transfers of Customer Data. Question 9 | Answer 0 | Justification Question 10 | Answer 0 | Justification Question 11 | Answer 0 | Justification Question 12 | Answer 0 | Justification Question 13 | Answer 0 | Justification [''] Question 14 | Answer 1 | Justification In addition, Customers that purchase a paid version of the Services provide Slack (or its payment processors) with billing details such as credit card information, banking information and or a billing address. Question 15 | Answer 1 | Justification Once enabled, the provider of a Third Party Service may share certain information with Slack. Question 16 | Answer 1 | Justification Infrastructure Subprocessors Slack may use the following Subprocessors to host Customer Data or provide other infrastructure that helps with delivery of our Services: Entity Name Subprocessing Activities Entity Country Amazon Web Services, Inc. Cloud Service Provider usa Google LLC Cloud Service Provider usa Other Subprocessors Slack may use the following Subprocessors to perform other Service functions: Entity Name Subprocessing Activities Entity Country Zendesk, Inc. Cloud-based Customer Support Services usa Slack Affiliates Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services provided, Slack may also engage one or more of its Affiliates as Subprocessors to deliver some or all of the Services provided to a Customer Updates As our business grows and evolves, the Subprocessors we engage may also change. Question 17 | Answer 1 | Justification DOCUMENT Slack Subprocessors https: slack.com intl en-fr slack-subprocessors Effective: January 15, 2020 To support delivery of our Services, Slack Technologies, Inc. (or one of its Affiliates listed below) may engage and use data processors with access to certain Customer Data (each, a "Subprocessor"). Question 18 | Answer 840 | Justification Infrastructure Subprocessors Slack may use the following Subprocessors to host Customer Data or provide other infrastructure that helps with delivery of our Services: Entity Name Subprocessing Activities Entity Country Amazon Web Services, Inc. Cloud Service Provider usa Google LLC Cloud Service Provider usa Other Subprocessors Slack may use the following Subprocessors to perform other Service functions: Entity Name Subprocessing Activities Entity Country Zendesk, Inc. Cloud-based Customer Support Services usa Slack Affiliates Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services provided, Slack may also engage one or more of its Affiliates as Subprocessors to deliver some or all of the Services provided to a Customer Updates As our business grows and evolves, the Subprocessors we engage may also change. Question 19 | Answer 0 | Justification Infrastructure Subprocessors Slack may use the following Subprocessors to host Customer Data or provide other infrastructure that helps with delivery of our Services: Entity Name Subprocessing Activities Entity Country Amazon Web Services, Inc. Cloud Service Provider usa Google LLC Cloud Service Provider usa Other Subprocessors Slack may use the following Subprocessors to perform other Service functions: Entity Name Subprocessing Activities Entity Country Zendesk, Inc. Cloud-based Customer Support Services usa Slack Affiliates Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services provided, Slack may also engage one or more of its Affiliates as Subprocessors to deliver some or all of the Services provided to a Customer Updates As our business grows and evolves, the Subprocessors we engage may also change. Question 20 | Answer 0 | Justification Infrastructure Subprocessors Slack may use the following Subprocessors to host Customer Data or provide other infrastructure that helps with delivery of our Services: Entity Name Subprocessing Activities Entity Country Amazon Web Services, Inc. Cloud Service Provider usa Google LLC Cloud Service Provider usa Other Subprocessors Slack may use the following Subprocessors to perform other Service functions: Entity Name Subprocessing Activities Entity Country Zendesk, Inc. Cloud-based Customer Support Services usa Slack Affiliates Depending on the geographic location of a Customer or their Authorized Users, and the nature of the Services provided, Slack may also engage one or more of its Affiliates as Subprocessors to deliver some or all of the Services provided to a Customer Updates As our business grows and evolves, the Subprocessors we engage may also change. Question 21 | Answer 1 | Justification Before the commencement of any such on-site audit, Customer and Slack shall mutually agree upon the scope, timing, and duration of the audit, in addition to the reimbursement rate for which Customer shall be responsible. Question 22 | Answer 1 | Justification To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as Personal Data. Data Retention Slack will retain Customer Data in accordance with a Customer s instructions, including any applicable terms in the Customer Agreement and Customer s use of Services functionality, and as required by applicable law. ### Company : typeform.txt ### Question 1 | Answer 1 | Justification General 1.1 This Privacy Policy describes how TYPEFORM SL (the Company , we , or us ) collects, uses, stores, shares and protects your personal information in connection with your use of both the platform accessible through the www.typeform.com domain name (the Site ) and the services we may offer through the Site from time to time, consisting in typeform forms and other services (indistinctly referred to as the Services ). Question 2 | Answer 1 | Justification Name: Segment DOCUMENT Typeform | Data Processing Agreement https: admin.typeform.com to dwk6gt As a data-driven company, we take privacy seriously. Question 3 | Answer 1 | Justification For the provision of the Services or because you want to process data from a given location or hand it to another company, data may be transferred outside the European Economic Area to a country which has not been declared to offer a level of protection equal to the one provided by European data protection regulations. Question 4 | Answer 0 | Justification For the provision of the Services or because you want to process data from a given location or hand it to another company, data may be transferred outside the European Economic Area to a country which has not been declared to offer a level of protection equal to the one provided by European data protection regulations. Question 5 | Answer 0 | Justification Question 6 | Answer 0 | Justification Question 7 | Answer 0 | Justification Question 8 | Answer 1 | Justification In those cases, you shall ensure that said transfer is possible in accordance with European data protection regulations or any other requirements set forth by law without having to sign Standard Contractual Clauses. Question 9 | Answer 724 | Justification Any dispute that may arise from or in connection to us and or the Site or the Services shall be subject to the jurisdiction of the courts in Barcelona, Spain. Question 10 | Answer 0 | Justification Any dispute that may arise from or in connection to us and or the Site or the Services shall be subject to the jurisdiction of the courts in Barcelona, Spain. Question 11 | Answer 724 | Justification Any dispute that may arise from or in connection to us and or the Site or the Services shall be subject to the jurisdiction of the courts in Barcelona, Spain. Question 12 | Answer 0 | Justification Any dispute that may arise from or in connection to us and or the Site or the Services shall be subject to the jurisdiction of the courts in Barcelona, Spain. Question 13 | Answer 0 | Justification [''] Question 14 | Answer 1 | Justification If you create an Account on or after August 20, 2019, you will be able to opt for any of the new plans described in the Pricing section. Question 15 | Answer 1 | Justification We share your information with our service providers who help us to provide the Services to you, in which case those third parties are required to comply with our internal standards, policies, and technical and organizational measures that ensure that your data is protected and kept confidential at all times, and only in accordance with and to the extent authorized by this Privacy Policy. Question 16 | Answer 1 | Justification Data Disclosed: Amazon Web Services All user personal data, Rollbar might receive user personal data Purpose: Hosting the Typeform platform, backups, real-time exception reporting and continuous deployment monitoring Name: Amazon Web Services (AWS), Rollbar Category: Analytics To make typeforms even better, we want to understand how you use them. Question 17 | Answer 1 | Justification Additionally, we will also continue to engage other service providers for carrying out the Services, as those subprocessors are listed here. Question 18 | Answer 0 | Justification For those subprocessors located in a country not considered by European authorities as having the same level of protection than European data protection laws, you agree to comply with the requirements set forth in 4.10 below. Question 19 | Answer 0 | Justification For those subprocessors located in a country not considered by European authorities as having the same level of protection than European data protection laws, you agree to comply with the requirements set forth in 4.10 below. Question 20 | Answer 0 | Justification For those subprocessors located in a country not considered by European authorities as having the same level of protection than European data protection laws, you agree to comply with the requirements set forth in 4.10 below. Question 21 | Answer 1 | Justification We will make available to you all information necessary to demonstrate compliance with the obligations laid down in this Section 4 and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you who is not any of our competitors. Question 22 | Answer 0 | Justification [''] ### Company : wordpress.txt ### Question 1 | Answer 1 | Justification At Automattic, we have a few fundamental principles: We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services. Question 2 | Answer 1 | Justification Data Processing Agreement If you need a Data Processing Agreement with us for the GDPR requirements that apply to us as a data processor for your website, please follow these instructions. Question 3 | Answer 1 | Justification Other Things You Should Know (Keep Reading!) Transferring Information Because Automattic s Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third-party data processors. Question 4 | Answer 0 | Justification Other Things You Should Know (Keep Reading!) Transferring Information Because Automattic s Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third-party data processors. Question 5 | Answer 0 | Justification Question 6 | Answer 0 | Justification Question 7 | Answer 0 | Justification Question 8 | Answer 1 | Justification In case Automattic engages a further processor outside of the EU, the User hereby authorises Automattic to conclude an agreement with another processor on behalf of the User based on the standard contractual clauses for the transfer of personal data to processors in third countries pursuant to the decision of the European Commission of February 5, 2010 ( SCC ) and to specify the content of the SCC in accordance with this Addendum. Question 9 | Answer 840 | Justification The proper venue for any disputes arising out of or relating to the Agreement and any access to or use of our Services will be the state and federal courts located in usa Question 10 | Answer 0 | Justification The proper venue for any disputes arising out of or relating to the Agreement and any access to or use of our Services will be the state and federal courts located in usa Question 11 | Answer 840 | Justification The proper venue for any disputes arising out of or relating to the Agreement and any access to or use of our Services will be the state and federal courts located in usa Question 12 | Answer 0 | Justification The proper venue for any disputes arising out of or relating to the Agreement and any access to or use of our Services will be the state and federal courts located in usa Question 13 | Answer 1 | Justification Automattic s origin servers currently meet the International Organization of Standardization (ISO), International Electrotechnical Commission (IEC) 27001 certification, Standards for Attestation Engagements (SSAE) No. 16 (SOC1) and SOC2 Type 2, and ongoing surveillance reviews. Question 14 | Answer 1 | Justification Our other Automattic products, services, and features that are available on or through our websites (for example, WordPress.com plans, the Payments feature, the Pay with PayPal block, WordPress.com VIP, Jetpack, the WooCommerce Shipping Tax extension, Gravatar, the IntenseDebate comment management system, Akismet plans, Simplenote, Simperium, Cloudup, Longreads, and Happy Tools); and Other users websites that use our Services, while you are logged in to your account with us. Question 15 | Answer 1 | Justification These are spelled out below, as well as in the section called Ads and Analytics Services Provided by Others: Subsidiaries and independent contractors: We may disclose information about you to our subsidiaries and independent contractors who need the information to help us provide our Services or process the information on our behalf. Question 16 | Answer 0 | Justification [''] Question 17 | Answer 0 | Justification [''] Question 18 | Answer 0 | Justification Question 19 | Answer 0 | Justification Question 20 | Answer 0 | Justification Question 21 | Answer 0 | Justification [''] Question 22 | Answer 1 | Justification Close your account: While we d be very sad to see you go, you can close your account if you no longer want to use our Services. (Here are account closure instructions for WordPress.com accounts.) Please keep in mind that we may continue to retain your information after closing your account, as described in How Long We Keep Information above for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests. ### Company : zoom.txt ### Question 1 | Answer 1 | Justification This Statement explains Zoom s practices when we process your personal data, which is information that relates to an identified or identifiable individual. Question 2 | Answer 1 | Justification Furthermore, if Your Use of the Services requires Zoom to process any personally identifiable information ( PII or Personal Data ) Zoom shall do so at all times in compliance with our Zoom Global Data Processing Addendum https: zoom.us docs doc Zoom GLOBAL DPA.pdf is incorporated in these Terms of Service. Question 3 | Answer 1 | Justification ZfG is hosted in the usa in a separate cloud authorized by FedRAMP and is accessible by way of a separate website (www.zoomgov.com). If you use the ZfG service: All data collected about you while using the ZfG service or the ZfG website is stored in the usa of America; Question 4 | Answer 0 | Justification By using Zoom or providing personal data for any of the purposes stated above, you acknowledge that your personal data may be transferred to or stored in the usa or in other countries around the world. Question 5 | Answer 840 | Justification ZfG is hosted in the usa in a separate cloud authorized by FedRAMP and is accessible by way of a separate website (www.zoomgov.com). If you use the ZfG service: All data collected about you while using the ZfG service or the ZfG website is stored in the usa of America; Question 6 | Answer 0 | Justification ZfG is hosted in the usa in a separate cloud authorized by FedRAMP and is accessible by way of a separate website (www.zoomgov.com). If you use the ZfG service: All data collected about you while using the ZfG service or the ZfG website is stored in the usa of America; Question 7 | Answer 0 | Justification ZfG is hosted in the usa in a separate cloud authorized by FedRAMP and is accessible by way of a separate website (www.zoomgov.com). If you use the ZfG service: All data collected about you while using the ZfG service or the ZfG website is stored in the usa of America; Question 8 | Answer 1 | Justification If you are a resident of the European Economic Area (EEA), and your personal data is transferred outside of the EEA, we will: Process it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or Implement appropriate safeguards to protect your personal information, including transferring it in accordance with applicable transfer mechanism, including the European Commission's standard contractual clauses . Question 9 | Answer 840 | Justification WAIVER OF CLASS ACTION. If You are located in the usa You agree to resolve disputes only on an individual basis, through arbitration pursuant to the provisions of Exhibit A. Question 10 | Answer 0 | Justification WAIVER OF CLASS ACTION. If You are located in the usa You agree to resolve disputes only on an individual basis, through arbitration pursuant to the provisions of Exhibit A. Question 11 | Answer 840 | Justification WAIVER OF CLASS ACTION. If You are located in the usa You agree to resolve disputes only on an individual basis, through arbitration pursuant to the provisions of Exhibit A. Question 12 | Answer 0 | Justification WAIVER OF CLASS ACTION. If You are located in the usa You agree to resolve disputes only on an individual basis, through arbitration pursuant to the provisions of Exhibit A. Question 13 | Answer 0 | Justification [''] Question 14 | Answer 1 | Justification Provide you with support Send marketing communications, where permitted Provide announcements related to software updates, upgrades, and system enhancements Run opt-in contests, sweepstakes or other promotional activities Provide you with Zoom event information and offers from us or Zoom event co-sponsors Contract Legitimate Interests Paid Account Holder Data Information we collect for a Paid Zoom Account, such as: Zoom Account User Data (listed above) Billing name Billing phone Billing address Payment method Company Name (if applicable) Employee count (if applicable) From the Paid Zoom Account registrant Create a Zoom Account Provide Zoom services Respond to requests for support Send marketing communications, where permitted Provide announcements related to software updates, upgrades, and system enhancements Contract Legitimate Interests Operation Data Technical information from Zoom s software or systems hosting the Services, and from the systems, applications and devices that are used to access the Services, such as: Configuration Data: information about the deployment of Zoom Services and related environment information. Question 15 | Answer 1 | Justification With Zoom Partners If Zoom received your personal data from a third-party partner and you become a Customer, Zoom may disclose select personal data to that partner or their designee for the purpose of the partnership agreement; for example, to reward a referral partner from a co-sponsored event. Question 16 | Answer 1 | Justification Zoom Third-Party Subprocessors Name, Purpose, Location Amazon Web Services, Cloud Service Provider, usa E.U., Canada, Australia Oracle, Cloud Service Provider, usa Google Firebase, Send push notifications on Android phones, usa Apple, Send push notifications on iOS phones, usa Rocket Science Group, For webinars and Zoom meetings, usa Zendesk, Cloud-based Customer Service Platform, USA Question 17 | Answer 1 | Justification Automatically when you use the Services from your web browser Provide the Service Provide Technical Support Contract Legitimate Interests Marketing Data Data enrichment services (only in connection with Marketing Pages) Email marketing lists (where permitted under applicable law) From Third Parties and public sources Marketing activities Sending marketing communications Providing tailored information about our Services Legitimate Interests Zoom sponsored or co-sponsored Event Attendee information Event title details Name Email address Employer (if applicable) Job Title (if applicable) From you or the party responsible for registering you for a Zoom sponsored event Communicate with you about the event Run opt-in contests, sweepstakes or other promotional activities Provide you with information and offers from us or event co-sponsors Contract Consent Legitimate interests Customer Content Customer content is the in-session information you give us directly through your use of the Services, such as meeting recordings, files, chat logs, and transcripts, and any other information uploaded while using the Services. Question 18 | Answer 36 | Justification Zoom Third-Party Subprocessors Name, Purpose, Location Amazon Web Services, Cloud Service Provider, usa E.U., Canada, Australia Oracle, Cloud Service Provider, usa Google Firebase, Send push notifications on Android phones, usa Apple, Send push notifications on iOS phones, usa Rocket Science Group, For webinars and Zoom meetings, usa Zendesk, Cloud-based Customer Service Platform, USA Question 19 | Answer 124 | Justification Zoom Third-Party Subprocessors Name, Purpose, Location Amazon Web Services, Cloud Service Provider, usa E.U., Canada, Australia Oracle, Cloud Service Provider, usa Google Firebase, Send push notifications on Android phones, usa Apple, Send push notifications on iOS phones, usa Rocket Science Group, For webinars and Zoom meetings, usa Zendesk, Cloud-based Customer Service Platform, USA Question 20 | Answer 840 | Justification Zoom Third-Party Subprocessors Name, Purpose, Location Amazon Web Services, Cloud Service Provider, usa E.U., Canada, Australia Oracle, Cloud Service Provider, usa Google Firebase, Send push notifications on Android phones, usa Apple, Send push notifications on iOS phones, usa Rocket Science Group, For webinars and Zoom meetings, usa Zendesk, Cloud-based Customer Service Platform, USA Question 21 | Answer 1 | Justification Zoom makes available to the Customer all information reasonably necessary to demonstrate compliance with the obligations laid down in Art. 28 GDPR and allows for and contributes to audits, including inspections, reasonably requested by the Customer. Question 22 | Answer 1 | Justification Personal Data Processing Types of Personal Data How We Get It What we do with it Legal Basis Applies only in the EEA, and only within the meaning of the EU s General Data Protection Regulation (GDPR) Account User Data Information we collect when you register for a free Zoom Account, such as: Date of birth (for age-verification purposes only, Zoom does not retain or use this information for any other purpose) First Name Last Name Phone (optional) Email Language preference User IDs and Password (if Single Sign On is not used) Profile Picture for avatar (optional) Department (optional) Meeting schedule From the free Zoom Account registrant Enroll you in the Services Display your user avatar to meeting participants.