We are GDPR ready and compliant
GDPR is the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1. Data Protection Officer
Groove Networks LLC, 2 Dearborn St. Newport, RI United States is a data controller and a processor of personal data provided in Service.
Groove has its headquarters in the USA, which is why we have appointed a representative and internal data protection officer (“DPO”) for you to contact if you have any questions or concerns about Groove’s personal data policies or practices.
You can reach out to our Data Protection Officer at dpo@groovehq.com.
2. What do we do:
We provide a web application for help desk support. The main activity of Groove is gathering Your data from various channels (like email, twitter, facebook or widget you embed on your site - for a full list, see our Knowledge Base), grouping it, cross referencing and categorizing in order to make it accessible in the most user-friendly way, allowing you to deliver best possible support for your customers.
In order to perform our Service we process:
- (as a data controller) internet protocol (IP) of everyone who visits our service or if sending us a message name, email address and your general location (“Visitor”)
- (as a data controller) personal data of our customers (users of Service acting as Account Owner, Administrators, Agents - jointly referred to as (“You”));
- (as a processor on Your behalf ) personal data of Your customers.
3. How do we collect personal data
Visitors data
When the website is used for informational purposes - meaning You do not register as a user of the website or transmit other information to us - we do not collect any personal data, with the exception of the data which Your browser transmits to us in order to allow You to access the website. This data is:
- IP address
- Date and time of the query
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific site)
- Access status/HTTP status code
- Volume of data transferred each time
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
If you send us a message via a contact form you disclose your name, email address - apart from that we can track your movement on our website, see general location of your device.
We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
Your personal data
Groove collects personal data (name, email) during registration process and when You add new Agents. Groove also collects personal data such as IP address and API token when You use our Service.
If You activate new features, it’s possible new personal data will be collected. We will always inform You on the legal grounds and purposes of data collecting and also enable You to study the current Privacy Policy.
Your customer data
As a processor we do not collect any personal data without Your consent – we process Your customers’ personal data on Your behalf, which You have collected and explicitly provided to the Service. All this data belongs to You, we store it on our servers to support all of the Service’s features and remove them whenever You instruct us to.
We also provide You with features that enable You to profile Your customers by tracking their movements on the Knowledge Base (KB), by tracking read emails opened by Your customers as we also collect Your customers’ satisfaction ratings (for further information please visit Tracking and Profiling.
By using our contact form you can not only respond to your client’s message but also track your client’s movement on your website and collect data regarding your client’s location.
4. What kind of data do we process
Your personal data
- Name;
- Email addresses;
- Billing information - which we do not store ourselves, we use Stripe for this purpose to ensure best security of Your billing information;
- Internet protocol (IP);
- API token;
- Cookies;
- General location
We collect information how You use our Service, i.e. which features You use the most, which pages You visit, which buttons You click. We use cookies – more info Cookies.
Your customer data
This category is all data You give us access to in order for us to process it, store it and present it to You in the most productive and user-friendly way to help You deliver the best support experience for Your customers.
We also build on top of these channels to give You additional features, such as collecting information regarding the time of opening an email by Your customer, tracking Your customer’s movements on KB and collecting Your customers’ satisfaction ratings, tracking movement on your website.
We also collect Your customers data which browsers send to us - please look at “Visitors data”.
We enable You to use third-party services however we don’t store the content.
If anything is unclear please contact our DPO at dpo@groovehq.com.
5. What are the legal grounds for processing data
We process Your data either on contractual ground (processing is necessary for the fulfilment of a contract or in order to take steps at Your request prior to entering into a contract) or the legal ground for processing your personal data is realization of the legitimate interests pursued by the controller (tracking movement on website for analytics, responding to messages sent by contact form).
We process Your data for marketing purposes only when You have given us Your consent.
We process Your customer data as processor pursuant to Data Processing Agreement.
6. What are the purposes of processing data:
Your personal data
Purpose | Category |
---|---|
Service performance including its development | email, name, billing information, API token, cookies, internet protocol (IP), location, tracking movement |
Marketing | email addresses, name; |
Service performance purposes means all data processing relevant to providing You with Service. This is information which we need for creating an account for You (name, e-mail address, billing information) but also to develop and maintain our Service (cookies, API token, internet protocol (IP). Groove analyzes trends, tracks Your movements so we can adjust Service to Your needs.
Marketing purposes mean that we want to inform You about our new features and products and send You a newsletter regarding it via email.
You can always withdraw Your consent – more at Right to withdraw consent.
Your customer data
We process Your customer data on Your behalf so you can use Groove.
We provide You with features that enable You to profile Your customers (tracking read emails, tracking online movements in Knowledge Base, tracking customers’ satisfaction ratings).
7. Tracking and Profiling
Your personal data
We use online tracking which means Groove collects certain information automatically and stores it in log files and databases. The information includes internet protocol (IP) addresses, browser type, operating system and other usage information about the use of the Grooves’ website, including a history of the pages You visit in Groove, your location if using a contact form. Groove analyzes trends, tracks Your movements, and gathers this information in order to make better decisions in terms of product development, so it better suits Your needs and also for assisting us in debugging issues You report to us via our own support channels.
Although online tracking is an automated process in which we collect personal data (Your movements online) Groove does not make any predictions or draws no conclusion about an individual – You – on that account. We use online tracking only for Service development. We don’t create any profiles nor do we make any decisions concerning You that are made based on online tracking. We are not profiling You.
Your customer data
We use email read receipt tracking as a feature of Service.We collect Your customers’ satisfaction ratings.
We use Knowledge Base as a feature of Service. Your customers can be tracked while using Knowledge Base. We collect their internet protocol (IP), the region or general location where Your customers’ computer or device is accessing the internet. We use cookies to track Your customers' activity on the Knowledge Base. Based on collected data Groove provides You with a statistical report. You may on that account make predictions or draw conclusions. Your customers are being profiled on Your behalf.
We use contact form as a feature of Service which enables you to collect personal data disclosed in a form as also enables to track movement on a website and collect data regarding location.
If you are a customer please contact your data controller – this is an entity you interact directly with.
In case of any doubts please contact our dpo@groovehq.com.
8. Cookies
A cookie is a small amount of data which often includes an anonymous unique identifier that is sent to Your browser from a web site’s computers and is stored on Your computer's hard drive.
Cookies are required to use Groove in order to uniquely identify Your browser and user preferences while logged in. We use non-permanent cookies that last for up to two weeks, after which You will be required to log in to the Service again.
You can control and/or delete cookies as You wish using Your browser preferences. You can delete all cookies that are already on Your computer and You can set most browsers to prevent them from being placed. If You do this, however, You may have to manually adjust some preferences every time You visit Groove and some services and functionalities may not work.
9. Who do we disclose Your data to
We cooperate with several third parties, however we do not disclose any personal data to them without Your demand or consent. If You wish to use any of third-parties services You will be asked to agree to third parties’ terms and conditions (including privacy policies).
The list of third parties can be found here.
10. Where and to whom do we transfer Your data
In order to maintain and develop the Service Groove engages other entities. You gave us general written authorisation in the Data Processing Agreement.
We are also obliged to engage only sub-processors who demonstrate adequate safeguards in onward transfer. Groove may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
In the context of an onward transfer, Groove has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Groove shall remain liable if its agent processes such personal information in a manner inconsistent with the Principles under the Privacy Shield, unless Groove proves that it is not responsible for the event giving rise to the damage.
The list of sub-processors be found here.
Groove notifies You if we intend to change the list so You have the opportunity to object to such changes.
Groove’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
11. Your rights
Access:
You have a right to be informed about Your personal data processing, including the source of Your data collection, purpose of its processing and how long it will be stored .
If You have any question regarding Your personal data please contact our DPO at dpo@groovehq.com.
Rectification:
You have a right to access and change Your personal data provided during registration or creating an account. You can do this in the Profile section of Your Account Settings.
More info about Your rights as a Service user here.
Erasure (“right to be forgotten”):
In line with GDPR enforcement of the right to be forgotten, Groove introduces internal procedures which will streamline this process.
In other words You (as an Account owner and/or Admin) can decide whether You wish to permanently delete a whole account, a user account or just specific personal data. If You decide so the process will be irreversible.
Deletion can be performed by either using a “delete” function next to an appropriate piece of data in the Service (for example, Delete Ticket) or by contacting us on support@groovehq.com when a built-in option is not available.
Groove reserves the right to refuse permanent deletion for a legitimate reason, in particular but not limited to if current business affairs are not yet finished.
Restriction on processing:
You have a right to demand ceasing processing your data or restricting its processing with respect to exceptions set forth in art. 18 GDPR.
If You have any question regarding Your restriction rights please contact our DPO at dpo@groovehq.com.
Portability:
If You need to export/import data to the Service in a way which is not available, please contact us at support@groovehq.com so we can help You with Your custom needs.
However, we also have exposed an API which allows You to easily access Your data in a portable way as well import data from other systems.
You can read more about the API here: https://developer.groovehq.com/
Right to withdraw consent:
You always can withdraw Your consent for processing Your data for marketing.
To do so just contact us at support@groovehq.com.
Lodge a complaint:
You have a right to lodge a complaint with the appropriate data protection authority if You have concerns about how Groove processes Your personal data.
For more information please contact our DPO at dpo@groovehq.com.
12. Cross-border US - EU transfer
Groove is established in the United States. Information we collect from You and on Your behalf will be processed in the United States.
Groove ensures that along with SCCs adequate safeguard have been adopted.
Groove also relays on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, Groove collects and transfers to the U.S. personal data only: with Your consent; to perform a contract with You; or to fulfil a compelling legitimate interest of Groove in a manner that does not outweigh Your nor Your customers’ rights and freedoms (Using a Contact form).
Groove endeavours to apply suitable safeguards to protect the privacy and security of Your and Your customers’ personal data and to use it only consistent with Your relationship with Groove and the practices described in this Privacy Policy.
13. Privacy Shield
Groove complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland to the United States. Groove has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
With respect to European Personal Data received or transferred pursuant to the Privacy Shield Framework, Groove is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Groove may be required to disclose European Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website, if you are an European resident, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
14. Data storage
Groove stores Your and Your customers’ personal data on the servers of the cloud-based database management services Groove engages, located in the United States. Groove is hosted at AWS which announced compliance with GDPR. For more information on their servers and security, please see AWS security whitepaper https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/welcome.html.
Full list of hosting providers can be found here.
Groove notifies You if we intend to change the list so You have the opportunity to object to such changes.
For more information regarding data storage contact our DPO at dpo@groovehq.com.
15. Retention:
We keep all Your data that You have provided to us for the duration of Your business relationship with us and we remove data:
1) at Your explicit request (either via clicking the delete button next to a particular piece of data or via an email request to support@groovehq.com)
2) after You cancel Your account, at which point we remove Your data. This process takes up to 30 days to ensure all Your data is expunged from the system.
Most personal data is deleted once You demand it or our business relation is ceased, however we keep Your name and email address longer until all possible business affairs are finished.
For more information please contact our DPO at dpo@groovehq.com.
16. Security of data
We are committed to ensuring the best security for You, which means choosing the best hosting providers and data storage solutions, including those having ISO 27001 and PCI Level 1 certifications. We ensure encryption of communication not only between You and our servers but also internally between parts of our Service.
Groove restricts access to Your personal data to those employees who need to know that information to provide benefits or services to You. We maintain an internal Security Policy which ensures that all sensitive information is always transferred using secure, encrypted channels. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of Your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
17. Legal obligations regarding data.
Groove discloses personal data we process if necessary for the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Groove under Data Protection Agreement and Standard Contractual Clauses is obliged to promptly inform You of its inability to comply with SCCs clauses which enables each Party to suspend the transfer and terminate the contract.
18. Changes and updates to the Privacy Policy
As Groove changes from time to time, this Privacy Policy is expected to change as well.
We reserve the right to amend the Privacy Policy at any time, for any reason. We will inform You about that change by sending to You an email. Remember to check our Privacy Policy website.
19. Contact & Questions
In case of any queries please contact Groove’s DPO at dpo@groovehq.com.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Groove appreciates the effort of software security researchers who work to make the Internet more secure. Our security vulnerability bounty system exists to reward the work of security researchers who find issues with our software and web services. You can find more about our program here.