This Privacy Notice (“Notice”) describes how Gorgias Inc. (“Gorgias”, “we” or “us”) handles information we receive or collect about individual representatives of subscribers to our services (collectively, “You” or “Your”) when interacting with us, subscribing to our services, and using our websites and other digital services that link to this Notice (the “Services”). This Notice only applies to Gorgias when it controls the processing of personal information for its own business purposes (such as when we receive contract information from our business clients (“Clients”) that subscribe to our Services and used for billing purposes). Thus, this Notice does not apply to information we process as a service provider or processor (i.e., not a controller) on behalf of our Clients when they use our Services. If you have questions regarding how our Clients process your information, please contact them directly. We are not responsible for the privacy or data security practices of our Clients. This Notice also does not apply to any information about current and former employees, job candidates, or contractors and agents acting in similar roles.
This Notice is designed to inform our Clients of how we collect, use, disclose and otherwise process personal information submitted to or obtained by Gorgias when you purchase and utilize the Services. By subscribing or using our Services, or by otherwise providing us with Your information, You are accepting the practices and policies described in this Notice. If You do not agree with this Notice, do not provide any personal information to us, or register or use the relevant Services where this notice is posted or linked.
This Notice applies to Gorgias Inc. and its relevant affiliates. If you are a Client located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“U.K.”), please refer to our EU Privacy Notice for more information about how we process personal data as a controller.
1. Whose information do we collect?
As used in this Notice, the term “personal information” means any information that relates to, describes, or could be used to identify a natural person, directly or indirectly, including where information linked or combined with other information by us is used to identify such person. For purposes of this Notice, “personal information” will include personally identifiable information, personal data, or other terms with similar connotation under applicable laws in the United States. “You” means the individual who provided personal information to us in connection with a Client’s subscription to our Services or obtained by us in connection with the use of the Services, and includes personal business contact information of individual Client representatives.
2. What type of personal information do we collect?
This section describes the categories of personal information we collect. While You may not be required to provide us with Your personal information to access our general public-facing website Services or review some of our content on the Service, there may be areas on our Service that require us to collect information from You, or about You or Your devices used to access the Services. If You do not provide the requested personal information or prevent us from collecting certain information from Your device, we may not be able to provide access or use of our Services, or such Services may not operate as intended.
Personal Contact Information. Personal information to create an account, register with us as a subscriber to our Services, to receive our newsletter, for us to manage your account, provide support, or for You to participate in webinars, events, programs, marketing, and promotional activities. This includes Your legal name, alias, postal address, email address, online identifiers (such as user name and password), account or user name, land and mobile phone numbers, social media identifiers (e.g., Twitter handle, Instagram name, etc.), or other similar identifiers that can be used to contact, communicate with, or identify You.
User Experience and Support Information. We collect user experience information to help us understand how our Services is accessed, used and how it performs (e.g., activity logs, device ID, browser type, network connection, and IP address). We collect purchase history, order details (items purchased, amount paid, shipping and billing addresses), and the form of payment. If You interact with our Services by contacting us, we will collect Your message exchanges. If You have initiated a support inquiry or request, we collect audio, electronic, visual, and other sensory information, such as recordings of interactions with our Service, chat bots, support personnel, and sales teams (e.g., for quality assurance, training, and analysis purposes in accordance with applicable laws). This also includes inferences drawn from any of the information we collect to create a profile about You reflecting Your preferences, characteristics, and behavior.
Payment Information. If You make a purchase, our payment processor will collect Your payment method information, such as credit card information, back account information, and types of financial accounts.
Geolocation Information. Based on the settings of the device and browser, we collect location data such as longitude and latitude (GPS), IP address or mobile device location, and Your city and state through webforms.
Usage Information. We use web tracking technologies (e.g., cookies, web beacons, pixel tags and clear GIFs) to operate the Services efficiently and to collect data related to usage of the Services. Such collected data may include the IP address of the Services You visited before and after You visited the Services, the type of browser You are using, what pages in the Services You visit and what links You clicked on, and whether You opened email communications we send to You. Some of this information may be collected using a third-party’s tracking technologies. To learn more about how we use tracking technologies, the related data we collect and Your choices, please see our Cookie Notice in Section 6.
3. How do we collect Your information?
We collect Your information in a variety of ways.
Information Provided Directly from You. This includes instances when You visit our Services, subscribe or interact with our Services and Services by filling out a registration form or contacting us, when You participate in our marketing and outreach activities including surveys, contests, promotions, sweepstakes, conferences, webinars or when You otherwise use our Services.
Information Collected from Third Parties. We receive information about You from other third parties, such as service providers that help us to build and maintain our Services and that integrate their Services with ours, content providers, entities with whom we partner to sell or promote products and services, telephone and fax companies, authentication service providers, data brokers, and social media networks (including widgets related to such networks). Your interactions with third-party integrated or framed third-party services (including social media networks) are governed by the privacy statements of the companies that provide them, not this Notice.
Information Collected Passively. Our Services use tracking technologies to collect information about Your experience when accessing and using our Services. For more information on how we use tracking technologies and the type of information we collect using these technologies, see our Cookies Notice in Section 6.
Information Collected from Your Employer, Coworkers, or Friends. We collect and process personal information concerning representatives (e.g., employees or contractors) of our Clients (or their representatives) and business partners (suppliers, investors and other business partners). We may also receive Your name, address, phone number, and company name from a friend as part of our Referral Program.
4. Why do we collect Your personal information?
We collect and use the information we receive or collect from You or about You for the following purposes:
- to provide, enhance, and offer our Services and integrated digital services and products we make available on our Services;
- to communicate with You at Your request or as required in connection with Your purchase, access or use of the Services;
- to enable interactions and use of our Services;
- to manage, authenticate, and promote the security of Your account and the use of our Services;
- to create, maintain, customize, administer, and secure Your account;
- to enter, manage, and fulfill our contract with You or Your company;
- to process and complete Your contact and support requests and send You related information, including purchase confirmations and invoices;
- to provide You with customer service and support;
- to inform You of and promote additional features, products, and services offered by us or third parties that may be of interest to You, unless You have opted-out from receiving such communications or You have not consented to such communications, as required under applicable law;
- to diagnose, repair and track service and quality issues;
- to facilitate an order, download, expiration or termination;
- to send You transactional messages, provide security alerts and updates, and communicate with You about our practices;
- to manage and promote Your invitation and participation in conferences, webinars, and event registrations we promote, sponsor or hold;
- to manage and promote Your participation in our surveys, contests, promotions, and sweepstakes, if any;
- to personalize our Services for You;
- to deliver content information relevant to Your interests;
- to install and configure changes and updates to programs and technologies related to interactions with us and our Services;
- to respond to Your requests, complaints, and inquiries;
- to fulfill a referral request if You participate in our Referral Program or to contact You as a potential Client using personal information received from a participant of our Referral Program;
- to evaluate or audit the usage and performance of programs and technologies related to Your interactions with us;
- to record phone calls and/or video meetings for quality assurance, training and analysis purposes;
- for credit and payment collection, accounting and other similar business functions;
- for legal, safety, or security reasons, such as:
- to comply with legal requirements, establish, exercise or defend against legal claims, whether in court proceedings or in an administrative or out-of-court procedures;
- protect the safety, security, and integrity of our Services and rights of those who interact with us or others;
- otherwise detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; and
- in connection with corporate transactions, sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events, such as to comply with requests from a prospective or an actual purchaser interested in our companies and other assets, or in relation to a prospective or actual purchase of companies or assets by us.
5. When do we share Your personal information?
We may share Your information with the categories of recipients and for reasons described below:
Service Providers and Contractors. We share Your information with third-party service providers working on our behalf, such as hosting service providers, IT providers, operating systems and platforms, internet service providers, data analytics companies, marketing providers, suppliers, professional advisors (legal and consultancy), payment processors, and those that support our business operations such as identity verification, email distribution, market research, and promotions management. We provide these companies with only the information they need to perform their services and work for us or on our behalf.
Legal and Law Enforcement. We disclose any information without further notice to You to any law enforcement or regulatory authority to the extent required by law or if, in Gorgias reasonable discretion, disclosure is reasonable to:
- investigate, prevent, or take action regarding illegal activities, suspected fraud, and situations involving potential threats to the physical or online safety of any person;
- enforce or apply our other agreements and to protect our rights and our property or safety of our users or third parties; or
- to establish, exercise and defend against legal claims (including by sharing data with opposing or other related parties to the proceedings and their professional advisors).
Corporate Transactions. We disclose Your information to financial advisers, legal service providers, investors, and potential buyers of our business or assets related to any merger, acquisition, sale, financing, or similar transaction.
Marketing. We disclose Your contact information (name, email, Service URL, etc.) to partners/sponsors/advertisers in connection with our marketing, promotional, advertisements, and other commercial communications.
To the Public. If You provide testimonials or provide feedback that You published or intended to be published on the Services or as a Client testimonial, we disclose Your post and Your name on our Services and marketing materials. Any information You post on our Services might be read, collected, and used by others who access this information.
With Your Consent. We disclose Your information to other third parties with Your consent where required by law. However, we may also de-identity, anonymize, or otherwise aggregate the information in a manner that is no longer identifiable of an individual before sharing with third parties for any legally permitted purpose.
6. How do we use tracking technologies?
Tracking Technologies We Use: We collect information over time through the Services by using several common types of tracking technologies (including cookies, log files, pixels, tags, web bugs, web beacons, clear GIFs, Local Storage Objects (LSOs) or other similar technologies) to collect information about the ways You interact with and use the Services and our Services, to support and enhance features and functionality, to monitor performance, to personalize content and experiences, for marketing and analytics, and for other lawful purposes. We may also permit third parties that collect information in this way on Our behalf and for their own business purposes. Tracking technologies are small files that download when You access certain Services. For more information visit: http://www.allaboutcookies.org/.
To assist us with analyzing our Services traffic through tracking technologies, we use analytics services such as Google Analytics. For more information on Google Analytics’ processing of Your information, please see “How Google uses information from Services or apps that use our services.” You can opt out of Google Analytics by installing Google’s opt-out browser add-on.
The following chart describes the type of tracking technologies we use:
Type of Cookies:
Session Cookies: A session cookie is for temporary use. It helps track real-time changes in a user's activity while on a website and disappears after the web session is over.
Necessary Cookies: Required cookies are essential for the operation of the Service. They include, for example, cookies that allow You to access and use secure areas of the Services.
Performance: These cookies collect information about how You use the Services, including which pages You go to most often and if You receive error messages from certain pages. These cookies do not collect information that individually identifies You. All information these cookies collect is aggregated and anonymous. It is only used to improve how the Services’ function and perform.
Functionality: Functionality cookies allow us to remember information You have entered or choices You make (such as Your username, language, or Your region) and provide enhanced, more personal features on the Services. These cookies also enable You to optimize Your use of the Services after logging in. These cookies can also be used to remember changes You have made to text size, fonts and other parts of web pages that You can customize.
Your Choices: Most internet browsers accept cookies by default. You can accept, or block cookies by activating the setting on Your browser that allows You to reject all or some cookies, or by changing Your cookie preferences via the Services. The help and support area on Your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow You to control or reject cookies or to alert You to when a cookie is placed on Your computer, tablet or mobile device. On a mobile device, You may also be able to adjust Your settings to permit or limit ad tracking. Although You are not required to accept cookies, if You block or reject them, You may not have access to all of the features available through the Services. To find out more on how to manage and delete cookies, visit aboutcookies.org. For more details on Your choices regarding use of Your web browsing activity for interest-based advertising You may visit the following Services:
7. How can You opt out of receiving marketing emails from Us?
If You would like to be removed from our marketing mailing list or database, please contact us at firstname.lastname@example.org or follow the unsubscribe directions located in the footer of our electronic marketing messages.
8. Do we collect information relating to children?
Our Services are meant for business Clients, and we will not knowingly collect personal information from any person under the age of 18. If You are a parent or legal guardian and think Your child has given us information You can email us at email@example.com. You can also write to us at the address listed in Section 16, “Contacting Gorgias”, of this Privacy Notice. Please mark Your inquiries “Children Privacy Inquiry.”
9. How can You request access to and update Your personal information?
You can request to access or update Your personal information by using the profile editing tools on the Services or by sending an email request to firstname.lastname@example.org. We will respond to any reasonable request by a user to review or amend his or her account information. We reserve the right to verify Your identity in order to process such requests.
10. How do we protect Your information?
We will take reasonable security precautions to protect the security and integrity of Your personal information in accordance with this Notice and applicable law. Unfortunately, the internet is not inherently secure, and we cannot guarantee that any safeguards or security measures will be sufficient to prevent a security issue with information transmitted over the internet. Any transmission is at Your own risk and Your information may be disclosed to third parties in unforeseeable situations or situations that are not preventable even when commercially reasonable protections are employed, such as in the case that Gorgias is subject to a hacking or other attack.
You must take reasonable precautions to prevent unauthorized access to Your account and personal information used to access our Services, such as by selecting and protecting passwords and/or other sign-on mechanisms appropriately, limiting access to Your device used to sign-in into Your account or other authenticated pages on our Services, and by turning off or logging-off from Your device if You have auto-login enabled. We also recommend that You take steps to protect against unauthorized access to any devices, networks and applications connected to, or integrated with, the Services.
11. How long do we store Your information?
The time periods for which we retain Your personal information depend on the purposes for which we use it. We will keep Your personal information for as long as You are a registered account holder or user of our Services, or for as long as we have another business purpose to do so (e.g., for business, tax, or legal purposes). We otherwise will not retain Your personal information for longer than is required or permitted by law, or longer than our records retention policy, or longer than reasonably necessary for internal reporting and reconciliation purposes, or to provide You with feedback or information You might request.
Following termination or deactivation of Your user account or contact with Gorgias, we may retain all information posted to public areas of the Service. Following termination or deactivation of Your account or contract, if any, we may retain Your personal information and other data, but will maintain it as confidential according to this Notice, and as required by applicable law or the contract with Gorgias. Except as provided under an agreement between the Client and Us, we have the right to delete all of Your personal information and other data after termination of Your account or agreement with Us without notice.
We may retain information that is de-identified, aggregated, or anonymized for as long as we deem appropriate.
Even if You delete Your account (e.g., Referral Program Portal), the deletion by our service providers may not be immediate and the deleted information may persist in backup copies for a reasonable period of time. When we have no ongoing business need to process Your information, we may also anonymize or aggregate it or, if this is not possible (for example, because the information has been stored in backup archives), then we will store the information and isolate it from any further use until deletion is possible.
12. How do we treat third-party links?
The Services contain links to other websites or other digital services not owned or controlled by us. We are not responsible for the practices or the content of those third-party websites or other online services. Your use of such third-party Services and digital services is at Your own risk. We encourage You to review such third-party privacy notices and practices before You share Your personal information with such third parties or on a third-party’s website as we are not responsible for how such third parties will handle information You share. This Notice applies solely to information collected by us or by third parties solely on our behalf.
13. Amendments to this Notice.
We may modify or amend this Notice from time to time. If we make any material changes, as determined by Us, we will notify You of these changes by modification of this Notice, which will be available for review by You on the Services. If any of such changes are unacceptable to You, You should cease interacting with us. Your continued use of our Services following the posting of such changes constitutes Your acceptance of those changes.
14. Do we transfer information to other countries?
To facilitate our global operations, we may process and store personal information both inside the United States and overseas. If You live outside of the United States, be advised that we may transfer Your personal information to the United States and other countries, whose laws may not provide the same protections as the laws in Your country. Personal information transferred outside of the European Economic Area will be subject to the appropriate safeguards pursuant to GDPR and other applicable law, including without limitation, standard contractual clauses approved by the European Commission. Please see our EU Privacy Notice for further information.
15. Supplemental terms for Residents of California.
Pursuant to the California Consumer Privacy Act (“CCPA”) and the amendments made in the California Privacy Rights Act (“CPRA”), this section applies to certain personal information collected about California residents where Gorgias acts as a “business” and supplements the rest of our Notice above. Business contact information provided to Gorgias (collectively “You” as used in this section) are protected under California law, and You, as a resident of California, have the rights highlighted below.
Categories of Personal Information Collected: See Section 2 this Notice.
Use of Personal Information: See Section 4 of this Notice.
Sharing of Your Personal information: We share Your personal information with affiliates and third parties for the same reasons we collect this information as explained in Section 4 of this Notice. We also share Your personal information with affiliates and third parties for the reasons explained in Section 5 of this Notice, and for marketing, advertising, and analytics partners and service providers in connection with the use of tracking technologies as explained in Section 6 of this Notice.
Sale or Sharing of Your Personal Information: We do not sell Your personal information. We do not share Your personal information for cross-context behavioral advertising.
Your Rights: To exercise Your rights please email us at email@example.com. We will not discriminate against You for exercising these rights.
- Right to Know and Access. You have the right to request information about the categories of personal information we have collected about You (as detailed in Section 2 of this Notice), the categories of sources from which we collected the personal information, the purposes for collecting the personal information, the categories of third parties to whom we have disclosed Your personal information, and the purpose for which we disclosed Your personal information (“Categories Report”). You may also request information about the specific pieces of personal information we have collected about You (“Specific Pieces Report”).
- Right to Delete. You have the right to request that we delete personal information that we have collected from You.
- Right to Opt Out. You have the right to opt out of any automated decision process that occurs in our business operations.
- Right to Correct Information. You have the right to request that we correct any inaccurate personal information.
Timing: We will respond to Requests within forty-five (45) days. If we need more time to correct inaccurate personal information or delete personal information it may take up to ninety (90) days, however, we will provide notice if such extension is necessary.
Verification: Only You, or a person or business entity registered with the California Secretary of State that You authorize to act on Your behalf (an “Authorized Agent”), may make the requests set forth above. The request should include Your contact information and describe Your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, You should provide sufficient information that allows us to reasonably verify that You are the person about whom we collected the personal information or an Authorized Agent of that person. In order to protect the security of Your personal information, we will not honor a request if we cannot verify Your identity or authority to make the request and confirm the personal information relates to You. The method used to verify Your identity will depend on the type, sensitivity, and value of the information, including the risk of harm to You posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by You to the personal information that we already have.
Making a Request: If You are contacting us to exercise Your rights with respect to Your personal information as detailed in this Notice, we ask You to please adhere to the following guidelines:
- Tell Us Which Right You Are Exercising. Specify which right You want to exercise and the personal information to which Your request relates (if not to You). If You are acting on behalf of another person, please clearly indicate this fact and Your authority to act on such person’s behalf.
- Help Us Verify Your Identity. Provide us with enough information to verify Your identity. For example, provide us (at a minimum) with Your full name, address, and phone number. Please note that if we cannot initially verify Your identity, we may request additional information to complete the verification process. Any personal information You disclose to us for purposes of verifying Your identity will solely be used for the purpose of verification.
- Direct Our Response Delivery. Inform us of the delivery mechanism with which You prefer to receive our response. You may specify, for example, email, mail, or through Your account (if You have one with us).
Please note that You don’t need to create an account with us in order to make a request to exercise Your rights hereunder.
Do-Not-Track Signals: Some tracking technologies enable us to track Your device activity over time and across devices and websites. While some browsers have incorporated Do-Not-Track or DNT preferences, we do not honor such signals from web browsers at this time.
16. Contacting Gorgias
If You have questions or complaints regarding this Notice, please email: firstname.lastname@example.org or write to us at:
Attn: Legal Department
611 Mission Street, 6th floor
San Francisco, CA 94105