Last Updated: November 23, 2021
Hello and thank you for using Contacts+!
Specifically, we’ll cover:
- Information We Collect
- How We Use Information
- How Information Is Shared
- Data Retention
- Third Party Websites
- Data Protection
- Your Rights
- Your Rights Under the GDPR
- How to Contact Us
1. INFORMATION WE COLLECT
1.1 Types of Data We Collect
“Personal Data” means any data that allows someone to identify or contact an individual data subject, including, for example, name, address, telephone number, email address, as well as any other non-public information that is associated with or linked to any of the foregoing data. “Anonymous Data” means data that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons. We collect Personal Data and Anonymous Data, as described below.
1.2 Information You Provide Us
- Account Information. When you sign up for an Account, we may require certain information such as your full name, organization, phone number, email address(s) and password. You may optionally choose to sign into Contacts+ using a third party (e.g., your Google login). If you choose to do this, you will be asked whether you agree to the third party providing certain information to Contacts+, such as your name, email address, profile photo, and other information associated with your account.
- Profile Information. To help improve your experience or enable certain features of the Services, you may choose to create a profile including information such as your name, photo, email, phone, urls, physical address, instant message handles, dates, job title, gender, bio, and interests.
- Referrals. When you use Contacts+ to refer our Services to others we will collect and use any contact information you choose to provide and automatically generate an invitation to the contacts you select.
- Payment Information. Some of our Services require payment. We may use third party service providers such as Stripe to collect all information necessary to complete the transaction. Such information may include name, credit card and billing information, as well as additional fields required for payment. We never share your billing and payment information.
- General Communication. If you contact us (for example via email or phone) we will collect information such as your name, phone number, email address, as well as any other content that you provide. We also may create event logs to diagnose product or app related issues, and capture information relating to any support or service issues. To improve customer service, subject to applicable laws, we may also record and review conversations with customer support representatives and analyze any feedback provided through voluntary customer surveys.
- Additional Information. You may otherwise choose to provide us information when you fill in a form, conduct a search, update or add information to your Account, respond to surveys, provide feedback, request support, post to forums, participate in promotions, or use other features of our Services. We may also collect information at other points in our Services when clearly stated that information is being collected.
1.3 Information We Receive from Your Use of Our Services
1.3.1 Your Contacts
- Connected Services. Many of our Services allow you to connect with external systems or databases that contain your Contacts. Examples include but are not limited to: 1) third-party contact management applications and services, 2) communication applications such as email providers, video conferencing systems, calendar applications, and social networks, and 3) sales, marketing, customer service, and media applications and platforms. Connections to such services generally require you to sign into those services.
- User Interfaces. Many of our Services allow you to directly enter, edit, or otherwise manage your Contacts by means such as typing into a user interface or speaking to a voice interface.
- APIs. Contacts may also be collected when you submit Contacts through our API. This includes both APIs for directly managing contacts as well as APIs for lookup or search.
- Uploaded Files. You may also elect to upload lists of Contacts to Contacts+ for processing.
- Third-Party Applications. Contacts+ may enable you to manually or automatically transfer, upload, or copy-and-paste contact information from certain third-party applications into Contacts+.
- Contact Extraction. You may elect certain Contacts+ features that extract Contacts from email, text or photographs. Examples include our business card scanning feature and our email signature extraction feature. We will not process the content of the communication unless you have explicitly asked us to do so.
- Shared Contacts. Other users may elect to share their Contacts or their personal contact details with you.
- Caller ID: When caller ID is enabled for Android phones only, parts of the call log may be sent to our servers for caller identification.
1.3.2 Relationship Information
We provide a variety of Services that enable you to effectively manage your relationships. Depending on which Services you elect to use, relationship information may be collected in one or more of the following ways:
- Your Contacts. Your Contacts suggest a certain relationship between you and the people or organizations those Contacts represent. Your Contacts may explicitly indicate the nature of the relationship. We may also infer the strength or nature of a relationship based on the presence or absence of certain contact information such as mobile numbers or key dates, as well as shared elements such as physical addresses or organizational affiliations. Inferred relationship information may also be based on how you interact with individual Contacts such as how often you access or modify them.
- Connected Services. Many of our Services allow you to connect with external systems or databases that may contain information on your relationships, such as “connections” on social networks or other platforms.
- Communication MetaData. Some of our Services may infer relationship information based on communication patterns. For example, any time communication is initiated within our Apps, we may collect communication metadata including the individual contacted, the time, and the length or duration of the communication. We may similarly collect communication metadata from services you have elected to connect to Contacts+, such as email providers. In some cases, communication metadata may be collected directly from a device. We will not process the content of the communication unless you have explicitly asked us to do so (e.g., for purposes of contact extraction).
- Appointment Data. If you have connected a calendar or scheduling service to Contacts+, we may collect information such as the appointment time, location, duration, and participants.
1.3.3 Location Information
- Geo-location. When you use certain features of our Services, we may collect information about your precise or approximate location as determined through data such as your IP address or mobile device’s GPS to offer you an improved user experience. Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu.
1.3.4 Usage and Device Information
We may collect the following information from the applications and devices you use to access our Services:
- Usage Information. We collect information about your interactions with the Services, such as when you login, pages you visit, buttons you click, and other actions performed with our Services. This includes usage information related to connected services as well as our APIs.
- Log Data and Device Information. We automatically collect log data and device information when you access and use our Services, even if you have not created an Account or logged in. That information includes, among other things: details about how you’ve used the Services, IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the Services.
1.4 Information We Receive from Third Parties.
We may receive information that others provide about you when they use the Services (through Contacts provided to us as described above), or obtain information from other sources, including but not limited to public or licensed APIs (“Public Data”), and combine that with information we collect through the Services. We do not control, supervise, or respond for how the third parties providing your information process your Personal Data.
- Analytics. We may collect and allow third parties to collect information about how you use and interact with our Site and Services. Examples of third-party providers of analytics and similar services may include:
- Google Analytics, Facebook Analytics and Amplitude are used to track app and site statistics and user demographics, interests and behavior on websites and apps. We also use Google Search Console to help understand how our website visitors find our websites and to improve our search engine optimization.
- Third Party Services. If you link, connect, or login to your Account with a third party service (For Example: Google), the third party service may send us information such as your registration and profile information. This information varies and is controlled by that service or as authorized by you via your privacy settings in that service.
- Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic or interests data, from third party service providers and/or partners, and combine that information with information we have about you. We may receive information about you and your activities whether as part of or outside our Services through partnerships, or about your experiences and interactions from our partner ad networks.
2. HOW WE USE INFORMATION
We use, store, and process information, including Personal Data, to provide, understand, improve, and develop our Services, create and maintain a trusted and safer environment, and comply with our legal obligations. Contacts+ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
2.1 Provide, Maintain, and Support the Services
Relationship information may be used for relationship management services including determining, classifying, and ranking relationships, as well as recommending communication actions, appointments, or new connections. Relationship information may also be used to improve certain contact management functions such as deduplication, tagging, and grouping.
We also need to use the information you provide (including Personal Data) to facilitate the creation of and secure your Account on our network, identify you as a user in our system, provide improved administration and quality of experience of our Site and Services, send email, call, or send SMS text messages to you to verify ownership of the email address or phone number provided when your Account was created, send you service, support or maintenance messages, updates, security alerts, and Account notifications. Your information may also be used for the detection and prevention of fraud, spam, abuse, and other harmful activity, and for any purpose you authorize at the time of collection.
Additionally, to provide you technical support, we may need to review your Account and the contents of your Account to identify, research, troubleshoot, and resolve any issues that you report to us or that we otherwise become aware of.
2.2 Improve, Personalize, and Develop the Services
We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and services.
2.3 Provide, Personalize, Measure, and Improve our Advertising and Marketing
We may process your information (including Personal Data) for marketing purposes including profiling and offering you products or services that may be of interest to you (such as information about our Services or partner campaigns and other third party services). We may also administer referral programs, rewards, surveys, sweepstakes, contests, newsletters, or other promotional activities or events sponsored or managed by us or a third party partners. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your Account.
We may also process your Contacts and relationship information to suggest people for you to invite to use our Services. When you have chosen to send a referral to another individual or organization, we may process your Contacts and relationship information to facilitate your referral invitations.
2.4 Combine Contacts Across Users
By selectively combining your Contacts and relationship information with information from other users we can provide you and other users with enhanced features and Services. Your Contacts may be combined with other Users’ Contacts, as well as Public Data and other publicly available information and information we receive from third parties, to build more complete contact records of individuals (“Completed Contact Data”). Completed Contact Data reside in our Database and may be processed for the purposes described in the remainder of this section.
Completed Contact Data may be used to provide you and other Users of our Services with enhanced deduplication. Deduplication is a service that cleans up Contacts by automatically merging duplicate Contact records. The deduplication service relies on making associations between different Contact elements. For example, you might have two Contacts for the same individual in your address book or in your Customer database or file: one Contact that contains just a first name and a phone number, and a second Contact that contains a full name and an email address only. In order to determine whether those two Contacts represent the same individual and should be merged, we look at the Completed Contact Data for that individual. If, in this example, both the phone number and the email address exist within Completed Contact Data for that individual, we may automatically merge (or suggest you to merge) your two Contacts. In the above example, we may have learned of the linkage between the phone number and email address from publicly available sources. In other cases, we may have been able to infer the linkage or we may have learned the linkage from one or more other Users of our Services who have contributed a Contact that contains those two contact elements together. In this way you are benefiting from information that other Users of our Services have contributed to Completed Contact Data. Similarly, contributing your information to Completed Contact Data benefits other Users of our Services. Relationship information from you and other Users of our Services may also be used in providing enhanced deduplication. For example, the fact that two Contacts in your address book contain the same first name may increase the chances that those Contacts represent the same individual.
Your Contact information may also be combined with other Users of our Services data to provide contact enrichment. In contact enrichment, a User is able to match a Contact that they possess to our Completed Contact Data and receive back a subset of the contact information from the relevant Completed Contact Data for that individual. For example, we may share an individual’s name to support features including but not limited to caller ID. We also may share public social handles to support Contact Enrichment. Certain professional information including but not limited to business emails, organizational affiliation and job title, that can be inferred or extracted from a business card or email signature, may also be shared. Finally, generalized demographic information such as age range and gender, affinities, unique pseudonymized identifiers, as well as derived general location from a phone number or physical address, may also be shared. We will never share physical addresses, personal phone numbers, personal emails unless you have given us your specific and unequivocal permission to share that information or we have secured the information via pseudonymization (e.g., through cryptographic hashing). We will never share any of your private notes with any other User.
We also use Completed Contact Data to provide Contact Search, such as when a User of our Services wants to retrieve a set of Completed Contact Data based on a set of search criteria. With the exception of the shareable contact elements described above, all contact elements in a Completed Contact are considered private and are not shared with other Users of our Services. However, any contact element (including those private elements) may be used for lookup and matching purposes.
2.5 Creation of Anonymous Data
We may create Anonymous Data records from information by excluding certain private data in a manner that makes the data not personally identifiable. We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site navigation. We reserve the right to use Anonymous Data for any purpose and disclose Anonymous Data to third parties in our sole discretion.
2.6 Additional Limits on Use of Your Google User Data
- The App will only use access to a read permission to provide a signature extraction feature that allows you to pull signature information from emails directly to your contacts. We will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- The App will not request the following permissions: write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings.
- The App will not use this Gmail data for serving advertisements.
- The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.
- App’s use of information received, and App’s transfer of information to any other app, from Google APIs will adhere to Google’s Limited Use Requirements.
3.1 When You Consent, Agree or Direct Us to Share
3.2 Sharing between Users
To provide our Services, we may need to share certain information with other Users of our Services, as it is necessary for the adequate performance of the contract between you and us and for performance of certain features of our Services based on our legitimate interest. Examples include, but are not limited to, sharing information through our Teams products as well as information contributed to our Database for the purposes of improving the Services for both you and other End Users and Developers (as described in Section 2.4).
3.3 Compliance with Law, Responding to Legal Requests, Preventing Harm, and Protection of Yours or Our Rights
3.4 Service Providers
We use a variety of third party service providers to help us provide our Services. These Service providers may be located anywhere worldwide in countries outside your country of residence. In particular, currently use service providers based in Europe, India, Asia Pacific and North and South America.
In order to facilitate payments for Services we provide, certain information as described above may be shared with the relevant payments service providers. This data sharing is necessary for the performance of the contract between you and us.
3.5 Corporate Affiliates
To enable or support us in providing the Services, we may share your information including Personal Data, in compliance with local data privacy laws, within our corporate family of companies that are related by common ownership or control.
- Sharing with Contacts Plus LLC. Even if your country of residence is not the United States, your information may be shared with Contacts Plus LLC which provides the technical infrastructure for the Services, product development and maintenance, customer support, trust and safety and other business operation services to other Contacts+ entities.
- Sharing with our subsidiaries. Your information may be shared with our wholly owned subsidiaries. The information shared in these circumstances may include Personal Data including but not limited to Contact information.
3.6 Social Media Platforms.
Where permissible according to applicable law we may use certain derivative Personal Data about you, such as a cryptographic hash of a personal email and share it with social media platforms, such as Facebook or Google, to generate leads, drive traffic to our Sites or otherwise promote our Services.
The social media platforms with which we may share your Personal Data are not controlled or supervised by us. Therefore, any questions regarding how your social media platform service provider processes your Personal Data should be directed to such provider.
Please note that you may, at any time ask us to cease processing your Personal Data for these direct marketing purposes by sending an email to: email@example.com.
3.7 Business Transfers.
If we undertake or are involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information, in connection with such transaction, or in preparation for or contemplation of such transaction (e.g., due diligence).
3.8 Aggregated and Anonymized Data.
We may also use and share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other Anonymized Data for any lawful purpose, including (but not limited to) regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
4. DATA RETENTION
We generally retain your information for as long as is necessary for the performance of the Services to you and our other Users and to comply with our legal obligations. This includes information that you have made available to our Database for the purposes of improving the Services for both you and other Users of our Services (as described in Section 2.4).
You may request that we delete your information and close your Account or you can delete your End User Contact Data and close your Account on your own. Please note that if you request the deletion of your information or if you delete your information:
- We may retain some of your information as necessary for fraud detection and prevention and enhancing safety. For example, if we suspend an Account for fraud or safety reasons, we may retain certain information from that Account to prevent that user from opening a new Account in the future.
- We may retain and use your information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting, and auditing obligations.
- Information you have shared with other systems (e.g., Google) may continue to exist in those systems, and in some cases be publicly visible.
- Some copies of your information (e.g., log records) may remain in our Database but are disassociated from personal identifiers.
- Because we maintain backup to protect our Services from accidental or malicious loss and destruction, residual copies of your information will be included in backups and may not be removed from our backup systems.
5. THIRD PARTY WEBSITES
7. DATA PROTECTION
We are continuously implementing and updating appropriate technical and organizational measures to help protect your Personal Data against unauthorized access, loss, destruction, or alteration. Some of the safeguards we use to protect your Personal Data are firewalls and data encryption, and information access controls. If you know or have reason to believe that your account credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your Account, please contact us following the instructions in the “Contact Us” section below.
7.2. Our International Operations and Data Transfers
7.3 EU-US and Swiss-US Privacy Shield
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, we are subject to the authority of the Federal Trade Commission. If you have any questions or concerns relating to our Privacy Shield certification, contact us at: Contacts+ Legal Department, 5500 Bolsa Avenue Suite 245, Huntington Beach, CA 92649, or via email: firstname.lastname@example.org. If we are not able to resolve your concern, you may also contact our designated Privacy Shield independent dispute resolution provider, JAMS. In certain circumstances, you may also have the right to pursue binding arbitration through the Privacy Shield Framework, as described in Annex I to the Privacy Shield Principles.
8. YOUR RIGHTS
8.1 Email Choices
8.2 Access, Correction, and Deletion
We allow any data subject, including the End Users of our Services, to access, modify, and set permissions with respect to Personal Data that it holds about them. You and any data subject may access and make corrections and choices about your Personal Data by visiting our “Claim Profile” page (located at https://www.contactsplus.com/sar).
Please note however that, if you request that we delete your Personal Data, we will not do so to protect your rights and freedoms because, if we do, another user may later upload your contact information and we will not have a record that you requested that your contact information be deleted. Instead of deleting your End User Contact Data from our Database, we will retain it but flag it, restrict any further processing and not use or share it with any third parties. Finally, we provide you with the ability to export your Personal Data, End User Contact Data or Completed Contact Data from some of our Services at any time using industry standard formats.
8.3 California Privacy Rights
California law permits users and customers who are California residents to request and obtain from us, once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Data (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Data disclosed to those third parties. See the “Contact Us” section below for where to send such requests.
9. YOUR RIGHTS UNDER THE GDPR
In the Use of our Services we mainly act as data processor and, in some cases, we may act as data controller when we determine the purposes and means of the processing of Personal Data.
EEA residents may exercise any of the rights described in this section by using the applicable functionality in our Services or by contacting us directly. If you reside outside of the European Union, you may have similar rights under your local laws. Please note that we may ask you to verify your identity before taking action on your request.
9.1 Purposes and Legal Basis for Processing. The purposes for processing are described in detail in Section 2 (“HOW WE USE INFORMATION”). In the Use of our Services when we act as data controller the legal basis for processing is as follows:
Improve, Personalize, and Develop the Services (Section 2.2): This use is based on our Legitimate Interest in improving our services for you and other users.
Provide, Personalize, Measure, and Improve our Advertising and Marketing (Section 2.3): This use is based on our Legitimate Interest in marketing our Services.
Combine Contacts and Relationship Information Across Users (Section 2.4): This use is necessary to deliver certain Services to you and is based on our your explicit Consent.
Creation of Anonymous Data (Section 2.5): This use is based on our Legitimate Interests to improve and market our Services.
9.2 Categories of Recipients of Data. Recipients of data are detailed in Section 3 (“HOW INFORMATION IS SHARED”).
9.3 Rectification of Inaccurate or Incomplete Information. You have the right to ask us to correct inaccurate or incomplete Personal Data concerning you (and which you cannot update yourself within your Account).
9.4 Data Access and Portability. In some jurisdictions, applicable law may entitle you to request copies of your Personal Data held by us. You may also be entitled to request copies of Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
9.5 Withdrawing Consent and Restriction of Processing. Where you have provided your consent to the processing of your Personal Data by us you may easily withdraw your consent at any time specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your Personal Data, in particular where (i) you contest the accuracy of your Personal Data; (ii) the processing is unlawful and you oppose the erasure of your Personal Data; (iii) we no longer need your Personal Data for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to Section 9.2.6 below (“Objection to Processing”) and pending the verification whether the legitimate grounds of Contacts+ override your own.
9.6 Objection to Processing. In some jurisdictions, applicable law may entitle you to require us not to process your Personal Data for certain specific purposes, where such processing is based on legitimate interest. If you object to such processing we will no longer process your Personal Data for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise, or defence of legal claims.
Where your Personal Data is processed for direct marketing purposes, you may, at any time, ask us to cease processing your Personal Data for these direct marketing purposes by sending an email to: email@example.com.
9.7 Lodging Complaints. You have the right to lodge complaints about the data processing activities carried out by us before the competent data protection authorities. If you are a EEA resident, you have the right to file a complaint with your applicable data protection authority.
11. HOW TO CONTACT US
Data Protection Officer (DPO):
Contacts Plus LLC
5500 Bolsa Avenue Suite 245
Huntington Beach, CA 92649