This Privacy Notice (“Notice”) describes how Gorgias Inc. (“Gorgias”, “we” or “us”) handles information we receive or collect about individual representatives of subscribers to our services (collectively, “You” or “Your”) when interacting with us, subscribing to our services, and using our websites and other digital services that link to this Notice (the “Services”). This Notice only applies to Gorgias when it controls the processing of personal information for its own business purposes (such as when we receive contract information from our business clients (“Clients”) that subscribe to our Services and used for billing purposes). Thus, this Notice does not apply to information we process as a service provider or processor (i.e., not a controller) on behalf of our Clients when they use our Services. If You have questions regarding how our Clients process Your information, please contact them directly. We are not responsible for the privacy or data security practices of our Clients. This Notice also does not apply to any information about current and former employees, job candidates, or contractors and agents acting in similar roles.
This Notice is designed to inform our Clients of how we collect, use, disclose and otherwise process personal information submitted to or obtained by Gorgias when You purchase and utilize the Services. By subscribing or using our Services, or by otherwise providing us with Your information, You are accepting the practices and policies described in this Notice. If You do not agree with this Notice, do not provide any personal information to us, or register or use the relevant Services where this notice is posted or linked.
This Notice applies to Gorgias Inc. and its relevant affiliates. If You are a resident of the States of California, Colorado, Connecticut, Nevada, Utah, or Virginia, please see our Additional US Privacy Disclosures section for additional information. If You are a Client located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“U.K.”), please refer to our EU Privacy Notice for more information about how we process personal data as a controller.
1. Whose information do we collect?
As used in this Notice, the term “personal information” means any information that relates to, describes, or could be used to identify a natural person, directly or indirectly, including where information linked or combined with other information by us is used to identify such person. For purposes of this Notice, “personal information” will include personally identifiable information, personal data, or other terms with similar connotation under applicable laws in the United States. “You” means the individual who provided personal information to us in connection with a Client’s subscription to our Services or obtained by us in connection with the use of the Services, and includes personal business contact information of individual Client representatives.
2. What type of personal information do we collect?
This section describes the categories of personal information we collect. While You may not be required to provide us with Your personal information to access our general public-facing website Services or review some of our content on the Service, there may be areas on our Service that require us to collect information from You, or about You or Your devices used to access the Services. If You do not provide the requested personal information or prevent us from collecting certain information from Your device, we may not be able to provide access or use of our Services, or such Services may not operate as intended.
Personal Contact Information.
Personal information to create an account, register with us as a subscriber to our Services, to receive our newsletter, for us to manage Your account, provide support, or for You to participate in webinars, events, programs, marketing, and promotional activities. This includes; Your legal name, alias, postal address, email address, online identifiers (such as username and password), account or username, land and mobile phone numbers, social media identifiers (e.g., Twitter handle, Instagram name, etc.), or other similar identifiers that can be used to contact, communicate with, or identify You.
User Experience and Support Information.
We collect user experience information to help us understand how our Services is accessed, used and how it performs (e.g., activity logs, device ID, browser type, network connection, and IP address). We collect purchase history, order details (items purchased, amount paid, shipping and billing addresses), and the form of payment. If You interact with our Services by contacting us, we will collect Your message exchanges. If You have initiated a support inquiry or request, we collect audio, electronic, visual, and other sensory information, such as recordings of interactions with our Service, chat bots, support personnel, and sales teams (e.g., for quality assurance, training, and analysis purposes in accordance with applicable laws). This also includes inferences drawn from any of the information we collect to create a profile about You reflecting Your preferences, characteristics, and behavior.
If You make a purchase, our payment processor will collect Your payment method information, such as credit card information, back account information, and types of financial accounts.
Based on the settings of the device and browser, we collect location data such as longitude and latitude (GPS), IP address or mobile device location, and Your city and state through webforms.
We use web tracking technologies (e.g., cookies, web beacons, pixel tags and clear GIFs) to operate the Services efficiently and to collect data related to usage of the Services. Such collected data may include the IP address of the Services You visited before and after You visited the Services, the type of browser You are using, what pages in the Services You visit and what links You clicked on, and whether You opened email communications we send to You. Some of this information may be collected using a third-party’s tracking technologies. To learn more about how we use tracking technologies, the related data we collect and Your choices, please see our Cookie Notice in Section 6.
3. How do we collect Your information?
We collect Your information in a variety of ways.
Information Provided Directly from You.
This includes instances when You visit our Services, subscribe or interact with our Services and Services by filling out a registration form or contacting us, when You participate in our marketing and outreach activities including surveys, contests, promotions, sweepstakes, conferences, webinars or when You otherwise use our Services.
Information Collected from Third Parties.
We receive information about You from other third parties, such as service providers that help us to build and maintain our Services and that integrate their Services with ours, content providers, entities with whom we partner to sell or promote products and services, telephone and fax companies, authentication service providers, data brokers, and social media networks (including widgets related to such networks). Your interactions with third-party integrated or framed third-party services (including social media networks) are governed by the privacy statements of the companies that provide them, not this Notice.
Information Collected Passively.
Our Services use tracking technologies to collect information about Your experience when accessing and using our Services. For more information on how we use tracking technologies and the type of information we collect using these technologies, see our Cookies Notice in Section 6.
Information Collected from Your Employer, Coworkers, or Friends.
We collect and process personal information concerning representatives (e.g., employees or contractors) of our Clients (or their representatives) and business partners (suppliers, investors and other business partners). We may also receive Your name, address, phone number, and company name from a friend as part of our Referral Program.
4. Why do we collect Your personal information?
We collect and use the information we receive or collect from You or about You for the following purposes:
- To provide, enhance, and offer our Services and integrated digital services and products we make available on our Services;
- To communicate with You at Your request or as required in connection with Your purchase, access or use of our Services;
- To enable interactions and use of our Services;
- To manage, authenticate, and promote the security of Your account and the use of our Services;
- To create, maintain, customize, administer, and secure Your account;
- To enter, manage, and fulfill our contract with You or Your company;
- To process and complete Your contact and support requests and send You related information, including purchase confirmations and invoices;
- To provide You with customer service and support;
- To inform You of and promote additional features, products, and services offered by us or third parties that may be of interest to You unless You have opted-out from receiving such communications or You have not consented to such communications, as required under applicable law;
- To diagnose, repair, and track service and quality issues;
- To facilitate an order, download, expiration or termination;
- To send You transactional messages, provide security alerts and updates, and to communicate with You about our practices;
- To manage and promote Your invitation and participation in conferences, webinars, and event registrations we promote, sponsor or hold;
- To manage and promote Your participation in our surveys, contests, promotions, and sweepstakes, if any;
- To personalize our Services for You;
- To deliver content information relevant to Your interests;
- To install and configure changes and updates to programs and technologies related to interactions with us and our Services;
- To respond to Your requests, complaints, and inquiries;
- To fulfill a referral request if You participate in our Referral Program or to contact You as a potential Client using Your personal information received from a participant of our Referral Program;
- To evaluate or audit the usage and performance of programs and technologies related to Your interactions with us;
- To record phone calls and/or video meetings for quality assurance, training, and analysis purposes;
- For credit and payment collection, accounting, and other similar business functions;
- For legal, safety, or security reasons, such as:
- To comply with legal requirements, establish, exercise or defend against legal claims, whether in court proceedings or in an administrative or out-of-court procedures;
- Protect the safety, security, and integrity of our Services and rights of those who interact with us or others;
- Otherwise detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; and
- In connection with corporate transactions, sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events, such as complying with requests from a prospective or an actual purchaser interested in our companies and other assets, or in relation to a prospective or actual purchase of companies or assets by us.
5. When do we disclose Your personal information?
We may disclose Your information with the categories of recipients and for reasons described below:
Service Providers and Contractors.
We share Your information with third-party service providers working on our behalf, such as hosting service providers, IT providers, operating systems and platforms, internet service providers, data analytics companies, marketing providers, suppliers, professional advisors (legal and consultancy), payment processors, and those that support our business operations such as identity verification, email distribution, market research, and promotions management. We provide these companies with only the information they need to perform their services and work for us or on our behalf.
Legal and Law Enforcement.
We disclose any information without further notice to You to any law enforcement or regulatory authority to the extent required by law or if, in Gorgias’ reasonable discretion, disclosure is reasonable to:
- Investigate, prevent, or take action regarding illegal activities, suspected fraud, and situations involving potential threats to the physical or online safety of any person;
- Enforce or apply our other agreements and to protect our rights and our property or safety of our users or third parties; or
- To establish, exercise and defend against legal claims (including by sharing data with opposing or other related parties to the proceedings and their professional advisors).
We disclose Your information to financial advisers, legal service providers, investors, and potential buyers of our business or assets related to any merger, acquisition, sale, financing, or similar transaction.
We disclose Your contact information (name, email, Service URL, etc.) to partners/sponsors/advertisers in connection with our marketing, promotional, advertisements, and other commercial communications.
To the Public.
If You provide testimonials or provide feedback that You published or intended to be published on the Services or as a Client testimonial, we disclose Your post and Your name on our Services and marketing materials. Any information You post on our Services might be read, collected, and used by others who access this information.
With Your Consent.
We disclose Your information to other third parties with Your consent where required by law. However, we may also de-identity, anonymize, or otherwise aggregate the information in a manner that is no longer identifiable of an individual before sharing with third parties for any legally permitted purpose.
6. How do we use tracking technologies?
Tracking Technologies We Use:
We collect information over time through the Services by using several common types of tracking technologies (including cookies, log files, pixels, tags, web bugs, web beacons, clear GIFs, Local Storage Objects (LSOs) or other similar technologies) to collect information about the ways You interact with and use the Services and our Services, to support and enhance features and functionality, to monitor performance, to personalize content and experiences, for marketing and analytics, and for other lawful purposes. We may also permit third parties that collect information in this way on our behalf and for their own business purposes. Tracking technologies are small files that download when You access certain Services. For more information visit: http://www.allaboutcookies.org/.
To assist us with analyzing our Services traffic through tracking technologies, we use analytics services such as Google Analytics. For more information on Google Analytics’ processing of Your information, please see “How Google uses information from Services or apps that use our services.” You can opt out of Google Analytics by installing Google’s opt-out browser add-on.
The following chart describes the type of tracking technologies we use:
Type of Cookies:
- Session Cookies: A session cookie is for temporary use. It helps track real-time changes in a user's activity while on a website and disappears after the web session is over.
- Necessary Cookies: Required cookies are essential for the operation of the Services. They include, for example, cookies that allow You to access and use secure areas of the Services.
- Performance: These cookies collect information about how You use the Services, including which pages You go to most often and if You receive error messages from certain pages. These cookies do not collect information that individually identifies You. All information these cookies collect is aggregated and anonymous. It is only used to improve how the Services’ function and perform.
- Functionality: Functionality cookies allow us to remember information You have entered or choices You make (such as Your username, language, or Your region) and provide enhanced, more personal features on the Services. These cookies also enable You to optimize Your use of the Services after logging in. These cookies can also be used to remember changes You have made to text size, fonts and other parts of web pages that You can customize.
Most internet browsers accept cookies by default. You can accept or block cookies by activating the setting on Your browser that allows You to reject all or some cookies, or by changing Your cookie preferences via the Services. The help and support area on Your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow You to control or reject cookies or to alert You to when a cookie is placed on Your computer, tablet or mobile device. On a mobile device, You may also be able to adjust Your settings to permit or limit ad tracking. Although You are not required to accept cookies, if You block or reject them, You may not have access to all of the features available through the Services. To find out more on how to manage and delete cookies, visit aboutcookies.org. For more details on Your choices regarding use of Your web browsing activity for interest-based advertising You may visit the following Services:
7. How can You opt out of receiving marketing emails from Us?
If You would like to be removed from our marketing mailing list or database, please contact us at email@example.com or follow the unsubscribe directions located in the footer of our electronic marketing messages.
8. Do we collect information relating to children?
Our Services are meant for business Clients, and we will not knowingly collect personal information from any person under the age of 18. If You are a parent or legal guardian and think Your child has given us information, You can email us at firstname.lastname@example.org. You can also write to us at the address listed in Section 16, “Contacting Gorgias”, of this Privacy Notice. Please mark Your inquiries “Children Privacy Inquiry.”
9. How can You request access to and update Your personal information?
You can request to access or update Your personal information by using the profile editing tools on the Services or by sending an email request to email@example.com. We will respond to any reasonable request by a user to review or amend his or her account information. We reserve the right to verify Your identity in order to process such requests.
10. How do we protect Your information?
We will take reasonable security precautions to protect the security and integrity of Your personal information in accordance with this Notice and applicable law. Unfortunately, the internet is not inherently secure, and we cannot guarantee that any safeguards or security measures will be sufficient to prevent a security issue with information transmitted over the internet. Any transmission is at Your own risk and Your information may be disclosed to third parties in unforeseeable situations or situations that are not preventable even when commercially reasonable protections are employed, such as in the case that Gorgias is subject to a hacking or other attack.
You must take reasonable precautions to prevent unauthorized access to Your account and personal information used to access our Services, such as by selecting and protecting passwords and/or other sign-on mechanisms appropriately, limiting access to Your device used to sign-in into Your account or other authenticated pages on our Services, and by turning off or logging-off from Your device if You have auto-login enabled. We also recommend that You take steps to protect against unauthorized access to any devices, networks and applications connected to, or integrated with the Services.
11. How long do we store Your information?
The time periods for which we retain Your personal information depend on the purposes for which we use it. We will keep Your personal information for as long as You are a registered account holder or user of our Services, or for as long as we have another business purpose to do so (e.g., for business, tax, or legal purposes). We otherwise will not retain Your personal information for longer than is required or permitted by law, or longer than our records retention policy, or longer than reasonably necessary for internal reporting and reconciliation purposes, or to provide You with feedback or information You might request. We may retain information that is de-identified, aggregated, or anonymized for as long as we deem appropriate.
To determine the appropriate duration of the retention of personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting and other applicable obligations.
Following termination or deactivation of Your user account or contact with Gorgias, we may retain all information posted to public areas of the Service. Following termination or deactivation of Your account or contract, if any, we may retain Your personal information and other data, but will maintain it as confidential according to this Notice, and as required by applicable law or the contract with Gorgias. Except as provided under an agreement between the Client and Us, we have the right to delete all of Your personal information and other data after termination of Your account or agreement with Us without notice.
Even if You delete Your account (e.g., Referral Program Portal), the deletion by our service providers may not be immediate and the deleted information may persist in backup copies for a reasonable period of time. When we have no ongoing business need to process Your information, we may also anonymize or aggregate it or, if this is not possible (for example, because the information has been stored in backup archives), then we will store the information and isolate it from any further use until deletion is possible.
12. How do we treat third-party links?
The Services contain links to other websites or other digital services not owned or controlled by us. We are not responsible for the practices or the content of those third-party websites or other online services. Your use of such third-party Services and digital services is at Your own risk. We encourage You to review such third-party privacy notices and practices before You share Your personal information with such third parties or on a third-party’s website as we are not responsible for how such third parties will handle information You share. This Notice applies solely to information collected by us or by third parties solely on our behalf.
13. Amendments to this Notice.
We may modify or amend this Notice from time to time. If we make any material changes, as determined by us, we will notify You of these changes by modification of this Notice, which will be available for review by You on the Services. If any of such changes are unacceptable to You, You should cease interacting with us. Your continued use of our Services following the posting of such changes constitutes Your acceptance of those changes.
14. Do we transfer information to other countries?
To facilitate our global operations, we may process and store personal information both inside the United States and overseas. If You live outside of the United States, be advised that we may transfer Your personal information to the United States and other countries, whose laws may not provide the same protections as the laws in Your country. Personal information transferred outside of the European Economic Area will be subject to the appropriate safeguards pursuant to GDPR and other applicable law, including without limitation, standard contractual clauses approved by the European Commission. Please see our EU Privacy Notice for further information.
Some of the third parties described in this Privacy Notice are based in other countries, whose laws may not provide the same protections as the laws in Your country.
15. Contacting Gorgias
If You have questions or complaints regarding this Notice, please email: firstname.lastname@example.org or write to us at:
Attn: Legal Department
180 Sansome St, Suite 1800,
San Francisco, CA 94014
16. Additional U.S. State Privacy Disclosures
If You are a resident of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not currently sell covered information, please contact us at email@example.com with the subject line “Nevada Opt Out Request” to submit such a request.
CALIFORNIA, COLORADO, CONNECTICUT, UTAH, VIRGINIA:
These Additional U.S. State Privacy Disclosures (“U.S. Disclosures”) supplement the information contained in our Privacy Notice by providing additional information about our personal information processing practices relating to individual residents of these States. For a detailed description of how we collect, use, disclose, and otherwise process personal information in connection with our Services, please visit our Privacy Notice. Unless otherwise expressly stated, all terms defined in our Privacy Notice retain the same meaning in these U.S. Disclosures.
For the purposes of these U.S. Disclosures, personal information does not include publicly available information or de-identified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to You.
Your Privacy Choices
Depending on Your state of residency, You may be able to exercise the following rights in relation to the personal information about You that we have collected (subject to certain limitations at law):
The Right to Know
The right to confirm whether we are processing personal information about You and under California law only, to obtain certain personalized details about the personal information we have collected about You in the last 12 months, including:
- The categories of personal information collected;
- The categories of sources of the personal information;
- The purposes for which the personal information were collected;
- The categories of personal information disclosed to third parties (if any), and the categories of recipients to whom the personal information were disclosed;
- The categories of personal information shared for cross-context behavioral advertising purposes (if any), and the categories of recipients to whom the personal information were disclosed for those purposes; and
- The categories of personal information sold (if any), and the categories of third parties to whom the personal information were sold.
The Right to Access and Portability
The right to obtain access to the personal information we have collected about You and where required by law, the right to obtain a copy of the personal information in a portable and to the extent technically feasible, readily usable format that allows You to transmit the data to another entity without hindrance.
The Right to Request Deletion
You have the right to request the deletion of personal information that we have collected from You, subject to certain exceptions.
The Right to Correction
You have the right to request that any inaccuracies in Your personal information be corrected, taking into account the nature of the personal information and the purposes of the processing of Your personal information.
Right To Control Over Automated Decision-Making/Profiling
The right to direct us not to use automated decision-making or profiling for certain purposes.
Depending on Your state of residency, You may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.
How to Exercise Your Privacy Rights
To submit a request to exercise one of the privacy rights identified above, please submit a request by:
- Emailing: firstname.lastname@example.org with the subject line “Data Subject Rights Request,”
- Calling: +1 (844) 957-4252
We may need to verify Your identity before processing Your request which may require us to request additional personal information from You or require You to log into Your account, if You have one. We will only use personal information provided in connection with a Privacy Rights request to review and to comply with the request.
In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify Your identity or locate Your information in our systems. If we are unable to comply with all or a portion of Your request, we will explain the reasons for declining to comply with the request.
In certain circumstances, You are permitted to use an authorized agent to submit requests on Your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney (where required by applicable law) or (ii) a signed letter containing Your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and Your state of residency, we may still need to separately reach out to You to confirm the authorized agent has permission to act on Your behalf and to verify Your identity in connection with the request.
Appealing Privacy Rights Decisions
Depending on Your state of residency, You may be able to appeal a decision we have made in connection with Your privacy rights request. All appeal requests should be submitted using the Individual Rights Request Form or emailing email@example.com.
The following disclosures only apply to residents of the State of California.
Personal Information Collection
In the last 12 months, we may have collected the following categories of personal information: identifiers, customer records, commercial information, internet/network information, geolocation data, professional/employment information and inferences generated from Your use of our sites. For more information about our collection of personal information, the sources of personal information, and how we use this information, please see What type of personal information do we collect? section of our Privacy Notice.
Disclosure of Personal Information
In the last 12 months, we may have disclosed all of the categories of information we collect with third parties for a business purpose, as described in the When do we disclose Your personal information? section of the Privacy Notice. The categories of third parties to whom we sell or disclose Your personal information for a business purpose include:
- Service providers and advisors that perform services for us, on our behalf, which may include providing marketing and advertising services, providing mailing or email services, tax and accounting services, data enhancement services, fraud prevention, web hosting, or similar services.
- Select marketing and strategic partners who use this information to market to You, to perform analytics and conduct research, or for other purposes;
- Ad networks and advertising partners, including social networks, to deliver advertising and personalized content to You on our services, on other sites and services You may use, and across other devices You may use, as well as provide advertising-related services such as reporting, attribution, analytics, and market research;
- Social networks for advertising or personalization purposes, or to engage with You.
- Analytics providers to better understand the demographics of our users and visitors, and to personalize, enhance and improve our Service;
- We may also disclose personal information to other third parties at Your direction or upon Your request, or to comply with legal process or contractual obligations, as described in our Privacy Notice.
Sales of Personal Information and Sharing for Targeted Advertising
We do not sell personal information, and we do not process or otherwise share personal information for the purpose of displaying advertisements that are selected based on personal information obtained or inferred over time from an individual’s activities across businesses or non-affiliated websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”).
We do not sell the personal information and do not have actual knowledge that we sell the personal information of minors under 16 years of age. If we wish to do so in the future, we will first seek affirmative authorization form from either the minor who is between 13 and 16 years of age, or the parent or guardian of a minor less than 13 years of age. Please contact us at firstname.lastname@example.org to inform us if You, or Your minor child, are under the age of 16.
If You wish to submit a privacy request on behalf of Your minor child in accordance with applicable jurisdictional laws, You must provide sufficient information to allow us to reasonably verify Your child is the person about whom we collected personal information and You are authorized to submit the request on Your child’s behalf (i.e., You are the child’s legal guardian or authorized representative).
“Shine the Light”
The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. To opt out of this type of sharing, please email us at email@example.com.
Notice of Financial Incentives
We may offer various programs, promotions and other financial incentives that may result in differences in our prices or services offered to consumers. For example, we may offer discounts or other benefits in connection with signing up to use our Services. To obtain access to these offerings, we may collect and retain personal information, such as name, contact information, professional information and account information.
We have determined that the value of these programs and other incentives are reasonably related to the value of the personal information we receive and otherwise process in connection with these programs and offerings, based on our reasonable but sole determination. We estimate the value of the personal information we receive and otherwise process in connection with these programs and offerings by considering the expense we incur in collecting and processing the personal information, as well as the expenses related to facilitating the program or offering.
The material aspects of any financial incentive will be explained and described in its program terms or in the details of the incentive offer. Participating in any financial incentive program is entirely optional and participants may withdraw from the program at any time. To opt-out of the program and forgo any ongoing incentives, please follow the instructions in the program’s terms and conditions or contact us using the contact information below. Participating individuals may also opt out of receiving marketing communications by contacting us at firstname.lastname@example.org or by following the unsubscribe directions located in the footer of our electronic marketing messages.