Privacy Policy

Last updated: 25th February 2022

INTRODUCTION

Welcome and thank you for your interest in Usermaven Inc. (“Usermaven”, “we”, “our” or “us”). Usermaven is a user behavioral analytics product and service. We allow businesses and websites to collect and analyze data about how their users are interacting with their services. Usermaven does this by collecting data on what users are doing, including but not limited to what webpages they visit, what users click on, where those users are located, what browser or platform those users are using, and many other forms of behavioral or personal data.

This privacy policy (“Privacy Policy”) explains how information about you, that directly identifies you, or that makes you identifiable (“personal information”) is collected, used and disclosed by Usermaven when you use our “Websites” (including without limitation www.usermaven.com, app.usermaven.com and any successor URLs, mobile or localized versions and related domains and subdomains), and other online products and services that link to this privacy policy (collectively, the “Service”).

Please read this privacy policy carefully. By accessing or using any part of the Websites, you acknowledge you have been informed of and consent to our practices with regard to your personal information and data.

Usermaven as a Data Controller: For purposes of data protection laws, Userrmaven Inc., a company duly incorporated and organized under the laws of the United States of America, having its registered address at 2055 Limestone Road STE, 200-C, Wilmington, Delaware 19808, is the “data controller” and is generally responsible for and controls the processing of your personal information collected through your use of our Service. This Privacy Policy applies only to instances where Usermaven acts as a data controller.

Usermaven as a Data Processor: Wherever our customers use our Service to submit, manage, or otherwise use content relating to our customers’ end-users during the provision of our Service, we act as a “data processor” and have contractually committed ourselves, including by signing data processing agreements, to only process such information on behalf and under the instruction of the respective customer, who is the data controller. As such, this Privacy Policy does not apply to such processing.

In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.  

INFORMATION WE COLLECT AND HOW IT IS USED

When browsing our website, submitting information via our contact form, registering with us for services online, registering interest in advertised job roles through our website, logging into our online services, subscribing to application status updates, and purchasing services from us, we collect personal information about you that may be combined, reviewed, logged, stored, or accessed for the following purposes: ‍

• Analysis of the performance of our website by monitoring usage and traffic patterns;
• To enable you to customize or personalize your experience of our website;
• Responding to requests for more information about our products and services;
• Registering an account so that we can provide you with the services you have requested;
• Processing subscription payments;
• Responding to demo and onboarding session requests;
• Facilitating login to the Usermaven application using a registered Usermaven account or third party account such as Google and Microsoft;
• Reviewing and responding to applications for advertised positions;
• Providing support to our customers by receiving, analyzing, and responding to support requests;
• Facilitating the correct operation of our services by logging necessary transaction, event, and error data.
• Facilitating subscription to status updates for the Usermaven application so that we can provide you with real-time application status notifications.
• Communicating with you regarding changes and improvements to the Usermaven application which are relevant to your service subscription.

We may also receive personal data about you from referrals. Referrals may come from other customers or partners that we work with, but we will always confirm your consent with referrers before receiving and processing any personal data about you, and will be processed in accordance with this privacy policy.

TYPES OF INFORMATION COLLECTED

Data we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information

“Voluntarily provided” data refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.

“Automatically collected” data refers to any information automatically sent by your devices in the course of accessing our products and services.

The specific types of personal data that we collect are: ‍

• Contact data consisting of name, email address, and phone number, where provided in contact request forms, demo bookings, onboarding session requests, application status subscriptions, service subscriptions or referrals.
• Authentication data such as your name and email address which is used for login to our service. A phone number may also be used to confirm your identity as a second factor of authentication (2FA).
• Analytics data from our website consisting of device type, operating system used, unique device identifiers, device settings or preferences, and geo-location data. We currently do not anonymize IP address data.
• Recruitment data consisting of name, contact details, previous employment information, education and training.
• Personal data submitted via support requests which would typically contain contact data consisting of name, email address, and phone number, but may also include screenshots taken on your local devices that may inadvertently include personal data about you.
• Log data which may include technical details about devices that you used and actions performed by you either on our website, or while logged into our services. Personally identifiable data is removed from log data wherever possible, but it may be possible to combine log data to personally identify persons using our services.

Where data is submitted to us inadvertently by you we will make every effort to delete or mask this data in our systems, where possible. We do not request, or encourage, the submission of personal data that is not specifically necessary to carry out the activities described in this privacy policy.

LEGITIMATE REASONS FOR PROCESSING YOUR PERSONAL INFORMATION

The processing activities we perform are primarily carried out for our legitimate interest as a commercial company that is developing and selling software-as-a-service. We also process personal data in order to fulfil our contractual and service level obligations to you when you purchase these services from us.

When we process personal data in order to market our product, we do so based on your consent. You may provide this consent via voluntary submission of a contact request, demo booking request, or onboarding session request following subscription to the service. You are entitled to withdraw your consent at any time by submitting a request as described in this privacy policy.

When you submit personal information to us by registering your interest in an advertised position, we process this data based on our legitimate interest and your consent by you voluntarily submitting the data to us.

We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, Our marketing and market research activities may uncover data and insights, which we may combine with information about how visitors use our site to improve our site and your experience on it.

SECURITY OF YOUR PERSONAL INFORMATION

When we collect and process personal data, and for the duration that we retain and store this data, we will protect it within commercially acceptable means to prevent loss and theft, and unauthorized access, disclosure, copying, use or modification. We do this primarily by:

• Using industry standard encryption technology wherever possible to protect your data from the point of collection to the time that it is deleted;
• By implementing access control mechanisms;
• By ensuring data processing agreements are in place with relevant third parties;
• By training our employees and contractors on the correct handling of your data.

However, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security. For example, you are responsible for the safe keeping and strength of any passwords you create to log into our services, and for ensuring the security of your own information within the bounds of our services. Where your password can be easily guessed, or where you inadvertently divulge it to unauthorized users, we cannot ensure the confidentiality of the data held in your account with us.

RETENTION OF YOUR PERSONAL INFORMATION

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

DISCLOUSRE OF PERSONAL INFORMATION TO THIRD PARTIES

Your personal data will be shared with third parties that we use to help deliver our services to you, or where required to share it for legal or regulatory purposes. Categories of third parties would include:

• Cloud-service providers contracted by us to provide required infrastructure and data center services, which would include services such as data storage, processing, logging and monitoring, email, web-services, networking, data backup, account authentication, feature-flag services, etc.;
• Web-hosting providers for hosting of our website and collection of contact form data and demo requests;
• Data analytics providers for analysis of web-traffic data;
• Contractors employed to carry out specific services on our behalf;
• CRM services for recording and managing customer accounts;
• Payment providers to process payment of your subscriptions;
• Legal and regulatory authorities where required in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights;
• Communication tool providers used to facilitate customer communications.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

The personal data we collect is primarily stored and processed within the EU, and more specifically in Germany wherever it is possible to restrict the processing of your personal data.

Third parties that we contract for services may use processing facilities outside of the EU for redundancy, and for the purposes of providing support services. Where this is the case, and the country does not have equivalent data protection laws to that of the EU, we will ensure:‍

• Any transfers of data are performed in accordance with the requirements of applicable law; and
• The data transferred is protected in accordance with this privacy policy.

Typically, we will do this by ensuring Standard Contractual Clauses (SCC) published by the European Commission are in place with relevant third parties as part of our ISO/IEC 27001:2013 aligned supplier due diligence programme prior to any transfers. Where this is not possible, we will ensure that transfers will only take place based on your informed consent.

YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION

Under data protection law, you have certain rights which you are entitled to exercise and which we are required to make you aware of. These include:

• The right to access

  You may request that we provide you with copies of any personal data that we hold about you.

• The right to rectification

  If you believe that any personal data we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

• The right to erasure

  You have the right to request that we erase any personal data we hold about you. However, where we are required to process your data for a legal basis such as compliance with a legal obligation, or where the data must be processed to continue to deliver contracted services to you, it may not be possible to erase your personal data.

• The right to restrict processing

  You have the right to request that we restrict the processing of your personal data if (i) you are concerned about the accuracy of your personal data; (ii) you believe your personal data has been unlawfully processed; (iii) you need us to maintain the personal data solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

• The right to object to processing

  You have the right to object to processing of your personal data where (i) the processing is carried out based on our legitimate interests, (ii) carried out in the public interest such as for research purposes; or (iii) the processing relates to direct marketing. Where the processing is based on our legitimate interests or in public interest, you must clearly submit your grounds for objection in a request in accordance with this privacy policy.

• The right to data portability

  You have the right to request that your personal data be transferred to you, or another data controller of your choice, in a structured and machine-readable form so that the personal data can be reused. An example of this may be if you choose to transfer services to another service provider.

• Consent

  As mentioned in section 2 of this policy, you have the right to withdraw consent of the processing of your personal data at any time, subject to certain conditions. To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided below, or opt-out using the opt-out facilities provided in the communication. We may need to request information from you to help us confirm your identity.

• Lodging a complaint with a supervisory authority

  You have the right to lodge a complaint regarding our processing of your personal data with a supervisory authority. In Ireland, the supervisory authority is the Data Protection Commission, and you can submit a complaint via web-form or post as directed on their website.

CHILDREN’S PRIVACY

We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.

COOKIES

We use 'cookies' to collect information about the devices you use and your activity across our site as mentioned in section 1 of this policy. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified, and helps us to analyze the performance of our site. ‍

CHANGES TO THIS POLICY

We may periodically make changes to this privacy policy to reflect updates to our business processes, or legislative or regulatory changes. We will post the changes here on our website, at the same link by which you are accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or provide you with the facility to opt in to or opt out of, as applicable, any new uses of your personal information.

CONTACTING US

The personal data that we process about you is controlled by Usermaven Inc. For any queries or requests regarding your personal data, or if you believe that we may be in breach of relevant data protection law, please contact: privacy@usermaven.com. Where you prefer to make a request verbally via phone call, please let us know and we will arrange a call back.

Where you submit a data subject access request to us, we will respond without undue delay in writing, unless specifically requested otherwise, within 1 month of receiving your request, in line with current data protection law.