Effective Date: June 11, 2018
Personal Data (“PII”) is any information concerning a specific or definable natural person. Outgrow respects the data entrusted to us by our clients, vendors, suppliers, contractors, and employees and is committed to ensuring its security through fair and transparent practices.
This Policy includes the minimum standards for data privacy applicable to Outgrow. This Policy is primarily derived from the following:
However, where applicable, Outgrow seeks to exceed these standards to ensure compliance with stringent local laws, such as the European Union’s Data Protection Directive (95/46/EC)3 (as implemented by local law).
[Note: our Privacy Shield compliance assessment is currently underway; however, we have not yet
completed this process.] With respect to Personal Data processed in the scope of this privacy
policy, Outgrow complies with the EU-U.S. Privacy Shield Framework (the “Privacy Shield”) as
adopted and set forth by the U.S. Department of Commerce regarding the processing of personal
data. Outgrow commits to adhere to and has certified to the Department of Commerce that it
adheres to the Privacy Shield Principles.
To learn more about the Privacy Shield, and to view Outgrow’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
In compliance with the Privacy Shield Principles, Outgrow commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Outgrow at: firstname.lastname@example.org
Outgrow has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/endispute/ for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Outgrow performs the role of a data transmitter during the course of business. As a data transmitter, we transmit information on behalf of another group company or a third party. Outgrow does not process sensitive PII data like credit card numbers, social security numbers etc.
In the context of an onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Where required by law, Outgrow obtains consent from individuals and uses that consent as the basis for the processing of PII, including to collect, use, retain, or disclose such data. Individuals are given the choice to opt-in or opt-out of this procedure.
For all contact or data forms hosted on Outgrow, if required by the user and the law of the concerned geography, the user is allowed to add opt-in widgets with clear data privacy statements for end user’s reference. When required, opt-out widgets can also be added by the user.
Also Outgrow’s double opt-in feature allows you to obtain consent from individuals twice, once when filling out the form and the second opt-in can be handled via email confirmation, where the user receives an email confirming their interest in joining your email list.
All data collected by Outgrow is used expressly for legitimate business activities and for purposes consented to by the individual. Outgrow only uses data in strict adherence to contractual, regulatory and applicable laws.
Outgrow collects data in a fair, transparent, and lawful manner. As such, we adhere to the following guidelines:
Outgrow does not retain data any longer than is absolutely necessary. The retention period for data is determined by:
As part of our retention practices, Outgrow documents and tracks:
Outgrow’s Data Retention and Disposal Policy require managerial approval for the disposal, destruction and deletion of any data. Our disposal, destruction and redaction procedures prevent the recovery, theft, misuse or unauthorized access of data.
Any user who previously consented to being added to an email list can request to remove and delete all their information permanently. An Outgrow user can easily delete any lead data directly from the Outgrow analytics tab.
All individuals are given access to review, update or correct their PII. The mode of access to this information is clearly communicated to the individual within an appropriate timeframe. Where required by law, Outgrow will respond to requests from individuals to provide them with information relating to the data, we hold about them. Access to data may be denied if an unreasonable request is made, subject to local laws. If access is denied, Outgrow provides the reason and a point of contact for further inquiry to the individual.
Outgrow may disclose data to third parties as a part of normal business operations. Such third parties must adhere to our appropriate privacy clauses. Third parties are mandated to handle all data in accordance with the following:
We will strive to prevent unauthorized access to your information, however, no data transmission over the Internet, by wireless device or over the air is guaranteed to be 100% secure. We will continue to enhance security procedures as new technologies and procedures become available.
We strongly recommend that you do not disclose your password to anyone. If you forget your password, we will ask you for your email and send you an email containing a link that will allow you to reset your password.
Please remember that you control what information you provide while using the Services. Ultimately, you are responsible for maintaining the secrecy of your identification, passwords and/or any information in your possession for the use of the Services. Always be careful and responsible regarding your information. We are not responsible for, and cannot control, the use by others of any information which you provide to them and you should use caution in selecting the information you provide to others through the Services. Similarly, we cannot assume any responsibility for the content of an information or other information which you receive from other users through the Services, and you release us from any and all liability in connection with the contents of any information or other information which you may receive using the Services. We cannot guarantee, or assume any responsibility for verifying, the accuracy of the information or other information provided by any third party. You release us from any and all liability in connection with the use of such information or other information of others.
Outgrow informs individuals that they have a responsibility to provide accurate, complete and relevant information in order to maintain the quality and integrity of all data. Individuals may contact our designated personnel for any updates or corrections. Individuals may verify and challenge the accuracy and completeness of their data and have it amended or deleted if appropriate. Additionally, Outgrow has a system in place to record the date, edits, validation and verification of all data collected, maintained and updated.
Dispute resolution will be conducted as part of the Dispute resolution program established by JAMS.
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by JAMS, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
Outgrow is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Please allow up to four weeks for us to reply.