Our privacy obligations
The terms “We”, “Us”, “Our” means SafeStart Europe Ltd. The terms “You” and “Your” refer to You, as a user of our products, services, and customer support or visitor of our website/ application/ services.
SafeStart Europe Ltd respects your privacy and is committed to protecting it through our compliance with this notice. This Privacy Notice (“Notice”) describes how SafeStart Europe Ltd processes Personal Data in its capacity as a controller (i.e., when SafeStart Europe Ltd determines the purposes and means of the processing of personal data). It also describes your choices and rights regarding your Personal Data which has been mentioned below in detail.
The said policy has been created in compliance to the EU Data Protection Legislation which comprises of- The General Data Protection Regulation (No 2016/679/EU) which came into force on 25 May 2018, Privacy and Electronic Communications Directive 2002/58/EC and other relevant law as will be updated when required.
This Privacy Policy applies to personal data collected and/or held by SafeStart Europe Ltd and does not apply to any third-party websites that may be linked to our websites, which will be governed by their own respective privacy policies.
What is personal data?
Personal data is any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. An identifiable natural person is one who can be identified directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, as set out in
Personal data extends beyond a person’s name or email address. Some examples include name, gender, date of birth, address, feedback, biometric data, IP addresses, ethnicity etc.
The types of Data we process
We collect personal data of our users in order to provide our products, services, and customer support to the best of our ability. Our products, services, and customer support are provided through many platforms including but not limited to: websites, mobile applications, email, and telephone. The specific platform and product, service, or support you interact with may involve the personal data we process.
In some situations, users may provide us with personal data without us asking for it, or through means not intended for the collection of particular types of information. Whilst we may take reasonable steps to protect this data, the user will have bypassed our systems, processes, and control and thus the personal data provided will not be governed by this privacy policy.
In some situations, users may provide us personal data over platforms that are outside our control; for example through social media or forums. Whilst any personal data processed by us is governed by this Privacy Notice, the platform by which it was communicated will be governed by its own Privacy Policy or by any arrangement between us and the respective platform.
Not all information requested, collected, and processed by us is “Personal Data” as it does not identify you as a specific natural person. This will include majority of “User Generated Content” that you provide us with the intention of sharing with other users. Such “Non-Personal Data” is not covered by this Privacy Notice. However, as non-personal information may be used in aggregate or be linked with existing personal data; when in this form it will be treated as personal data. As such, this privacy policy has listed both types of information for the sake of transparency.
Safety of Minors
Our products/services are not intended for and may not be used by minors. “Minors” are individuals under the age of 13 (or under a higher age if permitted by the laws of their residence). We do not knowingly collect personal data from Minors or allow them to register. If it comes to our attention that we have collected personal data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.
How we collect personal information
Personal data that you specifically give us
While you use our products and services you may be asked to provide certain types of personal data. This might happen through our website, applications, online chat systems, telephone, paper forms, or in-person meetings. We shall give you a Collection Notice at the time, to explain how we will use the personal data we are asking for. The notice may be written or verbal.
We may process the following personal data:
- Account Details– username, password, profile picture
- Contact Details– email address, phone number
- Location Details– physical address, billing address, time zone
- Identity Details– full name
- User Generated Content– user profiles, user reviews, campaign materials, competition materials, user feedback, survey details, questionnaires, story feeds.
There can be some “User Generated Content” that you provide to us for which you do not have the intention of sharing your personal identifiable details with other users
In cases where such data is collated and used for reporting and analytical purposes, such data shall not carry personal identifiable details such as username, phone number, email and physical address thereby not disclosing the personal data to other users.
Personal data we collect as you use our service
We maintain records of the interactions we have with our users, including the products, services and customer support we have provided. This includes the interactions our users have with our platform such as when a user has viewed a page or clicked a button.
When we are contacted, we may collect personal data that is intrinsic to the communication. For example, if we are contacted via email, we will collect the email address used.
We may collect or process the following:
- Metadata– IP address, computer and connection information, referring web page, standard web log information, language settings, time zone, etc.
- Device Information– device identifier, device type, device plugins, hardware capabilities, etc.
- Actions– pages viewed, buttons clicked, time spent viewing, search keywords, etc.
We may send cookies to your computer in order to uniquely identify your browser and improve the quality of our service. The term “cookies” refers to small pieces of information that a website sends to your computer’s hard drive while you are viewing the site. We may use both session cookies (which expire once you close your browser) and persistent cookies (which stay on your computer until you delete them). Persistent cookies can be removed by following your browser help directions.
The usage information we collect helps us to improve the Website and our services by enabling us to:
- Store information about your preferences, allowing us to customize the website and our services.
- Recognize you when you use the website.
- Use location information to track loads and other transactions through the applications.
All of the above shall be done on the basis of your consent.
Links to other sites
On our website, you will encounter links to third party websites. These links may be from us, or they may appear as content generated by other users. These linked sites are not under our control and thus we are not responsible for their actions. Before providing your personal information via any other website, we advise you to examine the terms and conditions of using that website and its privacy policy.
How we use personal information
The information we process is primarily used to provide users with the product or service they have requested. More specifically, we may use your personal information for the following purposes:
- to provide the service or product you have requested
- to facilitate the creation of a User Account
- to provide technical or other support to you
- to answer enquiries about our services, or to respond to a complaint
- to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications)
- to allow for debugging, testing and otherwise operate our platforms
- to conduct data analysis, research and otherwise build and improve our platforms
- to comply with legal and regulatory obligations
- if otherwise permitted or required by law; or
- for other purposes with your consent, unless you withdraw your consent for these purposes
The ‘lawful processing’ grounds on which we will use personal information about our users are (but are not limited to):
- when a user has given consent
- processing is necessary for compliance with our legal obligations
- processing is necessary in order to protect the vital interests of our users or of another natural person
- processing is necessary for the performance of a contract to which you may be a party or in order to take steps at the user’s request prior to entering into a contract
- processing is done in pursuing our legitimate interests, where these interests do not infringe on the rights of our users
- processing is necessary for the performance of a task carried out in the public interest
When we disclose personal data
The personal information of users may be held, transmitted to or processed on our behalf, including ‘in the cloud’, by our third-party service providers. Our third-party service providers are bound by contract to only use your personal data on our behalf, under our instructions.
Our third-party service providers include:
- Cloud hosting and storage
- SMS and email providers
- Marketing and analytics providers
Sub-processors
Sub-processors are third-party businesses engaged by a processor for performing data processing on behalf of a controller. According to the GDPR, these companies are also accountable for protection of an individual’s personal data. Data protection obligations of sub-processors are to be established by way of contract or other legal acts under the Union or Member State law. This includes providing sufficient guarantees to implement appropriate technical and organizational measures as specified in the regulation.
SafeStart Europe Ltd uses sub-processors (listed below), to assist in providing services as described in our Terms of Services or a similar services agreement customer may have signed with us.
-
List of Sub-processors
The Software products of SafeStart Europe Ltd utilizes both infrastructure and services specific vendors to provide product and services to its end-users. The following is an up-to-date list of names and purpose of sub-processors and 3rd-party vendors:
-
Infrastructure & Services Sub-processors:
SafeStart Europe Ltd products and services operate on cloud platforms, listed in the table below. SafeStart Europe Ltd holds control and access to data hosted on these services and resides in corresponding data centre facilities based on location. Data subsequently remains in the data centre unless shifted to ensure performance and availability of services. The following table describes the services and purpose for which these infrastructure service providers have been engaged.
VENDOR | PURPOSE | DATA CENTERS | PRODUCTS |
Amazon Web Services, Inc. | Primary cloud infrastructure provider for YouFactors, where all SaaS applications are hosted. Almost all data stored, processed and transmitted through YouFactors products and services resides on Amazon Web Services data centres. | United States,
Europe, India |
YouFactors |
SendGrid, Inc. | SendGrid is used by our products as an email service provider to deliver emails that are triggered programmatically from the products. It is an email campaign service provider used to send notification emails and dashboards to Agents and End-Users. |
United States | YouFactors |
Other disclosures and transfers
We may also disclose your personal information to third parties for the following purposes:
- if necessary, to provide the service or product you have requested
- requests for information by law enforcement
- if otherwise permitted or required by law; or
- for other purposes with your consent
As we are a global company, with offices around the world, your personal data may be processed by staff in any of our offices in Europe, the Americas and India. We may share your data within SafeStart, where such disclosure is necessary to provide you with our products and/or services and/or to manage our business and also for the purpose of providing support and maintenance.
The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we shall perform those transfers in accordance with the requirements of applicable law; and (ii) we shall protect the transferred personal information in accordance with this privacy policy.
International Transfers Outside of the European Economic Area (EEA)
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards under applicable law governing such transfers, which may include:
(i) to a jurisdiction which has been subject to an “Adequacy” decision from the European Commission, meaning the jurisdiction is recognised as providing for an equivalent level of protection for personal data as is provided for in the European Union;
(ii) entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission; or
(iii) in respect of transfers to the United States of America, ensuring that the transfer is covered by Standard Contractual Clauses.
Security
Appropriate security measures are implemented in order to protect your personal data. Security measures refer to physical security in the office (e.g., securely locked filing cabinets etc.) as well as implementing appropriate technology and cyber security measures across our systems and networks in order to prevent any accidental or unauthorised access, interference, damage, loss or disclosure of personal data. In the event of certain types of personal data breaches, we are legally obliged to notify the Supervisory Authority and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.
We use up to date appropriate encryption techniques that your systems support when transmitting data via our systems. However, we cannot guarantee that all internet or email transmission is fully secure or error free and except for our guarantee to use commercially reasonable and up to date measures to technically secure any data transmission. We cannot guarantee their absolute security and we therefore cannot be held liable for intercepted information sent via the internet or for third parties using revoked, stolen, forged, or otherwise insecure certificates. You should therefore take special care in deciding what information you send us via email and keep this in mind when disclosing any personal data to us or to any other party via the Internet.
Retention period
We store your personal data for as long as it is necessary for the purpose for which it was collected or for fulfilling our legal obligations, such as statutory retention periods. The data will be deleted at the latest within 60 days after the respective purpose no longer applies.
Accessing, correcting, or downloading your personal information
You have the right to request access to the personal data SafeStart Europe Ltd. holds about you. Unless an exception applies, we must allow you to access the personal data we hold about you, within a reasonable time period, and without unreasonable expense for no charge. Most personal information can be accessed by logging into your account. If you wish to access information that is not accessible through the platform or wish to download all personal information, we hold on you in a portable data format, please contact our Privacy Officer.
You also have the right to request the correction of the personal information we hold about you. All your personal information can be updated through the user settings pages. If you require assistance, please contact our customer support.
Exercising your other rights
You have a number of rights in respect to your personal data. These are:
- The right to access your personal data, which includes receiving confirmation on whether the personal data are being processed and if so, receiving the personal data and related information about why they are being processed, the categories of personal data involved, to whom the personal data have been or will be shared and how long the data will be kept for. We will accede to any such valid requests within one month of the receipt of a valid request
- The right to request that we rectify inaccurate data or update incomplete data. You may also request that we restrict the processing of the personal data until the rectification or updating has been completed, although please be aware that we may have to suspend the operation of your account or the products or services that we provide.
- The right to request that we erase your data under certain circumstances, including where you want to withdraw the consent you previously gave to us, where you object to the processing of the data for its own legitimate interests or where processing of the data is unlawful. In the case of unlawful processing, you can also request that this processing is restricted rather than the personal data being erased. Please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
- The right to object to the processing of your personal data, where such processing is being conducted for the purpose of: a. Direct marketing;b. Establishing, exercising or defending ourselves or others from legal claims; orc. Our legitimate interests, unless we can demonstrate that our interests override your interests and rights. You may request that we restrict the processing of the personal data until this analysis of legitimate interests has been concluded, although please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
- The right to receive your data in a portable format or, subject to it being technically feasible, have us transfer it directly to a third party. This applies where you have provided us with consent for the processing or where the processing is necessary for entering a contract with us.
- The right, at any time, to withdraw consent you have provided to us to process your personal data.
- The right to lodge a complaint to the Data Protection Commission or another supervisory authority. The Office of the Data Protection Commission can be contacted at:
Email: info@dataprotection.ie
Telephone: +353 (0)761 104 800
Postal Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28
If you wish to raise a complaint in relation to how we processed your personal data, please contact us. We take your privacy and data protection very sincerely and we endeavour to address your complaint as expediently and as thoroughly as we can in order to find a satisfactory resolution for you.
Conditions and changes to this Privacy Policy
We will update this Privacy Statement from time to time. Any changes will be made available on our website and, where appropriate, notified to you by written notice or e-mail. These changes will be effective immediately for new users of our services and will become effective for existing users through continued use of our services after the effective date of the posted change. If you do not wish to approve the changes to our use of your personal information, you must notify us before such changes take effect that you wish to deactivate your account with us. Please note that you are always responsible for keeping your personal information up to date and providing us with your current contact information.
To contact our Privacy Officer
If you have any questions about our privacy statement, your rights, or how we use your information, please do not hesitate to contact our Privacy Office, at:
SafeStart Europe Ltd.
6 Cedar Crescent,
Cedar Park, Newport Road,
Westport F28YT32, Ireland
Email: privacy@ssi.safestart.com