Privacy policy

REVIEWED: 10/10/2023

Severalnines AB (“Company”) is committed to protecting your privacy. This Data Privacy Policy tells you about our policy and practice for the collection, use, processing, storage, transfer, protection, and disclosure of information that we may collect about you through our website, ccx.severalnines.com, or any subdomains, marketing events, or our partners. 

Before you access and use our websites or submit your personal information to us, you will be asked to provide your authorization and consent by agreeing to the “Terms of Service” and this CCX Data Privacy Policy and consenting to the collection, your submission (if applicable), and processing of information about you as described herein, in compliance with relevant data protection laws. 

The collection, use, processing, storage, transfer and disclosure of your Personal Information (as defined below) will be limited to the terms under which you provide Severalnines your authorization. We are committed to compliance with all relevant country-specific data privacy laws, including EU Standard Contractual Clauses, model contracts / transfer agreements, privacy statements and policies, and country-specific filings if applicable. 

Collected Data

Personal Information is data that can be used to identify, either directly or indirectly, an individual to whom the information applies. The information that we may collect from you includes your name, email address, contact preferences, login information (account number, password), marketing preferences, and as applicable, IP address.

Furthermore, the Company may also collect anonymized statistics about the way the User uses the Services provided by the Company.

Purpose of Data Collection

The primary purpose of collecting personal data is to provide Services to the User and to issue accurate charges for the use of Services.

The personal data stored in the User Register may also be used by the Company to provide, develop and customize the Service and to communicate with the User. Such communication may include direct marketing, market research or research polls. The Company may use subcontractors when providing any services.

Legal Basis for Processing Personal Data (European Territory Users only)

The Company provides the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). They are specific to Users located in EEA countries or Switzerland, so please don’t rely on the below, if you’re not a User in one of those countries.

If you are a User from the European Territories, the Company’s legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which it is collected. “European Territories” mean the European Economic Area and Switzerland.

However, the Company will normally collect personal data from Users where the processing is in the Company’s legitimate business interests to, for example, administer Services and fulfill contractual obligations as a service provider. In some cases the Company may collect and process personal data based on consent.

Personal Data Communicated to Third Parties

The Company may communicate the Users’ personal data to its affiliates, cooperation partners or other third parties only to the extent as may be required and permitted by applicable laws, required for the purpose of providing the Service or defending the Company’s legitimate interests in accordance with the applicable law or required due to an acquisition or other corporate transaction.

There are times when Severalnines may be required to disclose your Personal Information by law, legal process, litigation, and/or requests from public and governmental authorities. Severalnines may also disclose your Personal Information for purposes of investigations of threats to national security, compliance with requests from law enforcement, or other issues of public importance, or when we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.

CRM Provider/s

The Company provides user data, as required, to the Company’s CRM provider/s. These provides include, but may not be limited to, Salesforce (Lead Management), Pardot (Email Marketing), & Stripe (Payment Processing)

Google Analytics

The Company uses Google Analytics, a service which transmits anonymous website traffic data to Google servers. The Company uses reports provided by Google Analytics to help the Company understand website traffic and usage.

The Company also uses Google Analytics to send and receive data to/from Google Ads to improve the performance of the Company’s Google Ads campaigns and develop remarketing lists.

User-level and event-level is automatically deleted from Google Analytics servers after 38 months. However, the 38 month period will reset if Google Analytics detects new activity, such as a site visit.

Urchin Tracking Module (UTM) Tags

UTM tags are appended as part of the visible URL for marketing campaigns and reports can be viewed in platforms like Google Analytics. The Company sends UTM tag information to Google Google Analytics/Intercom to evaluate campaign performance.

For example, if a user visits the website via a link with UTM parameters attached. These details, such as campaign source, medium, and name, are collected at an aggregated level and sent to Google Analytics.

Moreover, if a user who clicks a campaign link with a UTM tag becomes a registered user, the UTM information will associated with the registration and sent to Intercom. This information helps the Company assess the utility of its marketing channels.

Quality of Data

To the extent required by the applicable law, the Company corrects, erases or supplements at the request of a User, possibly erroneous, unnecessary, incomplete or obsolete data processed in the User Register. However, Users are responsible for the validity and quality of the personal data they provide to the Company.

A User also is responsible for notifying the Company of any possible changes in the personal data he/she has provided. In order to correct any possibly erroneous data, the Company recommends the User to contact the Company by using the contact information provided in this Privacy Policy.

Data Security

The Company has carried out reasonable technical and organizational measures to secure the personal data processed in the User Register against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, access to automatically processed data is limited by user rights and passwords within the Company’s organization.

Cookies

Cookies are files which are received and transmitted by a User’s device when the User is using the Company’s Service. The Company uses cookies and similar techniques to provide the Service, to improve its quality and to enhance the user experience.

The Company may also use cookies and similar techniques to track the User’s behavior on its marketing site to improve the site’s performance and user experience, as well as for ad campaign tracking, targeting and attribution. By using the Site and Services you consent to the use of cookies. User’s may block them in the User’s browser settings.

Information collected by cookies and similar technologies are treated as non-personal information except to the extent under local law that IP addresses (or like identifiers) are otherwise considered Personal Information.

Users’ Rights

A User has the right to prohibit the Company from processing personal data stored on him/her in the User Register for the purposes of direct advertising, distance selling, other direct marketing, market research and opinion polls. In order to prohibit such processing, the Company recommends the User to contact us at [email protected] to request addition to our suppression lists or by unsubscribing to a recently received email.

A User also has the right to access the data stored on him/her in the User Register and upon request obtain a copy of the data. In order to access the data, the User shall provide sufficient search criteria and submit a request to the Company by emailing [email protected].

Children’s Privacy

Severalnines will not knowingly collect Personal Information from any person that is not a legal adult, as defined by local law, without insisting that they seek prior parental consent, if such consent is required by applicable law. Severalnines does not target children in connection with its products, services, and websites.

Additional Data Protection Rights for European Territory Users

If you are a resident of a European Territory, you have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. 

Similarly, if the Company has collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing the Company conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

If you wish to access, correct, update or request deletion of your personal information, you can contact us at [email protected].

Links to Other Websites

Our Site may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s website. It is important that you review the Privacy Policy of every site you visit. We have no control over, and are unable to assume any responsibility for, the content, privacy policies or practices of any third party sites or services.

Product Feedback

If you provide feedback on any of our Products or our website, we may use such feedback for any purpose, provided we will not associate such feedback with your Personal Data. We will collect any information contained in such communication and will treat the Personal Data in such communication in accordance with this Privacy Policy.

Changes to the Privacy Policy

The Company may amend this Privacy Policy and the related information. The Company recommends that the Users regularly access the Privacy Policy to obtain knowledge of any possible changes made thereto. The Company aims at informing the Users of possible changes by using reasonable and available channels.