LAST UPDATED: September 7, 2022
- Scope: This Policy applies whether you are a customer that uses the Creatio Services, a prospective customer, an end user of our customers’ services that utilize our solutions, a prospective employee, partner, supplier, independent contractor, or whether you are simply visiting our Sites (each a “User” or “you,” and collectively, “Users”).
- QUICK LINKS:
- Information We May Collect
- Use of Information
- Sharing of Information
- Cookies and Similar Technologies
- Data Retention
- Choices and Opt-Out
- Cross-Device Tracking
- Employment Opportunities
- Third-Party Sites
- Sensitive Personal Information
- International Data Transfers
- California Privacy Rights
- Questions, Complaints and Disputes
- Contact Information
1. INFORMATION WE MAY COLLECT
We only collect personal information for the purposes of conducting our business, including in relation to providing the Creatio Services. We collect, process, share, and retain information from you and any devices you may use when you access our Sites, register for an event or account with us, provide us information on a web form, update or add information to your account, participate in chats, or otherwise correspond with us.
The type of personal information we collect depends on your use of the Creatio Services and/or your relationship with us (for example, whether you are a customer, prospective employee, etc.). Examples of the types of information we collect are:
- Your first and last names and contact details, including residential address, telephone number, and email address
- Payment or financial information for billing purposes (credit card details)
- Your passwords and/or personal identification codes (PINs)
- Employer or organizational affiliation for a User of the Creatio Services
- IP address or MAC address, and information derived from an IP or MAC address, such as geographic location
- Referring domain, destination domain and destination path
- Geolocation data
- User IDs and passwords for Users with accounts on the Creatio Services
- Employee data regarding current position and employment history
- Your testimonials, feedback and complaints
- Browsing activities, cookies and similar data, and platform or mobile application use data
- Screen name
- Screen sharing views, at the request of Users, for support and quality assurance (“QA”) purposes
- Any data in any files uploaded, emailed or otherwise provided by Users for support and QA
- Operating system type and version, web server type and version, database type and version
- Unique IDs such as a cookie placed on a computer or mobile device, or device IDs
- Information about the performance, security, software configuration and availability of our software on your servers and network
- Statistics regarding use of the Sites and viewing activity records
- Communication preferences
- Other similar information
We may collect your personal information in several ways, including, in person, by telephone, by email or electronically when you contact us, visit our Sites or use our Services, including as follows:
- Registration, purchase and use of the Creatio Services: Information such as name, email address, telephone number, company/organization, and other information, may be collected in connection with registration for, or purchase or use of, the Creatio Services (for example, to sign-up for and log into the Creatio Services and/or register for an event). Users may update their information by logging into their account.
- Communications^ Personal information such as name, email address, and other information, may be collected, when provided in any communications, whether via email, social media, telephone or otherwise.
- Support: Personal information may be collected in connection with User support, whether via screensharing, email, social media, telephone or otherwise.
- Information We Automatically Collect: We receive and store certain types of information whenever you interact with us or our Sites. Our Sites use “cookies,” tagging and other tracking technologies. This information includes computer and connection information such as statistics on your page views, traffic to and from our Sites, referral URL, ad data, your IP address, and device identifiers; this information may also include your browsing history, transaction history, and your web log information.
- Sign-in Features: Our Sites may include links to other websites and online services whose privacy practices may differ from those of Creatio. These services will authenticate your identity and provide you the option to share certain personal information with us, such as your name and email address to pre-populate our sign-up form. If you submit personal information to or through any of those websites or services, your information is governed by the privacy policies of such third-party sites or services. We encourage you to carefully read the privacy statement of any website you visit or online services you use.
- User Comments and Content: If you post any comments or content on our Sites, you should be aware that any personal information you choose to provide there may be read, collected, or used by third-parties. We are not responsible for the information you choose to submit, and we cannot guarantee that third-parties have not made copies of, or will not use, such information in any way. No protected health information or sensitive personal information (in each case, as defined in Section 12, below) should be provided to us through the Creatio Services.
- Information from Other Sources: We may supplement the personal information we collect with information
from third-parties, including to add it to your account information. Information from third-parties may include, but is
not limited to, demographic information that is publicly available, additional contact information, group affiliations,
occupational information, and educational background. We may also collect your personal information from third-parties,
including data available on the internet, and data purchased from third-party sources. Where personal
information is obtained from third-party sources, the collection, use and disclosure of that personal information will
we may also collect personal information from credit agencies (after seeking your consent to do so).
You can choose not to provide us with certain information, in which case you might not be able to take advantage of certain features of the Creatio Services and Creatio may not be able to provide you with certain Services.
2. USE OF INFORMATION
- We may use the information, including personal information, collected in connection with the Sites or for providing the Creatio Services to you, as well as for supporting our business functions, such as fraud prevention, marketing, analytics and legal functions, and other legitimate purposes.
- To the extent permitted by applicable law and, for customer data, as permitted by our customer agreements, including but not limited to all applicable Master Subscription Agreements, we may use information collected in connection with the Sites and our Services:
- to deliver certain of our Services from our Sites;
- to provide, maintain, and improve the Sites for internal or other business purposes;
- to fulfill User requests, such as to create a Creatio Services account or to provide requested Services;
- to communicate with our Users; to inform Users, as applicable, of products, programs, services profiles or transactions with us, and changes to our policies or terms, as applicable;
- to send offers, promotions, or other communications about our Services, including special or promotional events, including services, products, or events for which we collaborate or co-offer with a third-party;
- to send Users information regarding the Creatio Services, including information about features and enhancements on or to our Sites and issues specifically affecting our Services;
- to respond to reviews, comments, or other feedback provided to us;
- to support, optimize, improve and personalize our Services, Sites, mobile services, and advertising, including tracking and evaluating the use of the Sites;
- to send newsletters or other materials;
- to populate online profiles of Users;
- to protect the security and integrity of our Services, content, and our business;
- for marketing purposes and to explore prospective sales leads;
- to check financial qualifications and collect payments;
- for benchmarking, data analysis, audits, developing new products, enhancing our Services, facilitating product, software and applications development, improving our Services, conducting research, analysis, studies or surveys, identifying usage trends, as well as for other analytics purposes;
- in the case of server logs, to help us statistically monitor how many people are using our Site and for what purpose;
- to perform statistical, demographic, and marketing analyses of Users of the Sites and their viewing patterns;
- to meet our contractual requirements, to comply with applicable legal or regulatory requirements and our policies, and to protect against criminal activity, claims and other liabilities; and/or
- for any other lawful purpose for which the information is provided, including fulfilling requests for information.
- Personal information under the control of Users of the Creatio Services. In some circumstances, we may access and use personal information that has been collected by a User in the course of their use of the Creatio Services. This personal information remains under the control of the User at all times. We will only use this information on a limited basis to:
- diagnose and address software issues;
- provide hosting services;
- fulfill IT-related duties for technical maintenance and the backup of the hosting environment;
- provide services in relation to the installation and configuration of our software;
- assist with the preparation and migration of data to our software;
- develop product enhancements; and/or
- provide data capturing services.
- Customer Data Uploaded to Creatio Services. The Company does not own, control or direct the use of any of the Creatio customer data stored or processed by a customer via the Services. Only the customer is entitled to access, retrieve and direct the use of such customer data. The Company does not directly access or control such customer data except as authorized by the customer, or as necessary to provide Services to the customer.
- The customer is the data controller under the GDPR for any customer data, including that which contains personal data, meaning that such party controls how such personal data is collected and used, as well as the determination of the purposes and means of the processing of such personal data.
- The Company is responsible for neither the content of the personal data contained in the customer data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the customer, nor for the manner in which the customer collects, handles disclosures of, distributes or otherwise processes such information.
- Aggregate Information. To the extent permitted by applicable law, we may use, process, transfer, and store any data about Users in an anonymous (or pseudonymous) and aggregated manner. We may combine personal information with other information, collected online and offline, including information from third-party sources. We may also use information in other ways with consent or as permitted by applicable law. By using the Sites, our Users agree that we are licensed to collect, use, share and store anonymized (or pseudonymized) aggregated data collected through the Creatio Services for benchmarking, analytics, A/B testing, metrics, research, reporting, machine learning and other business purposes.
- Automated Decisions. To the extent permitted by applicable law, we may collect data in an automated manner and make automated decisions, including using machine learning algorithms, about individual Users of the Creatio Services to provide or optimize the Creatio Services offered and/or delivered, for security or analytics purposes, and for any other lawful purpose.
3. SHARING OF INFORMATION
- To the extent permitted by applicable law, we may share and disclose information, including personal information, as set forth below:
- Customers. We may share information with our customers and their service providers and other platforms that may assist those customers.
- Affiliates and Agents. We may share information with our affiliates, any business partners or agents acting on our behalf. Please refer to the websites of such third-party suppliers for their Privacy Policies and other information on such supplier.
- Online e-commerce: When you transact through the Sites, you may interact with third-party providers that host online e-commerce platforms that allow us to sell and bill those Services to you. Your data may be stored on such third-parties’ data storage, databases and general application(s) platform(s).
- Service Providers. We may share information with our service providers (e.g., data storage service providers), agents, vendors and other third-parties we use to support and advertise the Creatio Services and our business. We share personal information with such third-parties to the extent necessary to provide services to us, and pursuant to binding contractual obligations.
- Advertising and Marketing. To the extent permitted by applicable law, we may share information with third-parties for marketing, advertising, promotions, contests, or other similar purposes. If required by applicable law, we will share such data for advertising and marketing purposes only in an aggregate, anonymous, and de-identified manner.
- Non-personally identifiable information. We may make certain automatically collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including, for example, compliance with various reporting obligations; for business or marketing purposes; and/or to assist such parties in understanding User interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Services.
- Mergers, Acquisitions, Divestitures. We may share, disclose or transfer information to a buyer, investor, new affiliate, or other successor in the event Creatio, or any affiliate, portion, group or business unit thereof, undergoes a business transition, such as a merger, acquisition, joint venture, consolidation, reorganization, divestiture, liquidation or dissolution (including bankruptcy), or a sale or other transfer of all or a portion of any assets of Creatio or any affiliates or during steps in contemplation of such activities (e.g., negotiations and due diligence).
- Law Enforcement and National Security. We may share information with legal, governmental, or judicial authorities, as instructed or required by those authorities or applicable laws, or to comply with any law or directive, judicial or administrative order, legal process or investigation, warrant, subpoena, government request, regulatory request, law enforcement or national security investigation, or as otherwise required or authorized by law.
- Protection of Rights, Property or Safety. We may also share information if, in our sole discretion, we believe disclosure is necessary or appropriate to protect the rights, property or safety of any person, or if we suspect fraud or other illegal activity,
- We may also disclose personal information for other purposes or to other third-parties when a User has consented to, or requested, such disclosure, or where a User has obtained permission from another individual, or where such disclosure is otherwise legally permitted for legitimate business purposes and, for customer data, with such customer’s authorization or otherwise in accordance with our agreement with such customer.
4. COOKIES AND SIMILAR TECHNOLOGIES
- We may use session cookies and persistent cookies in connection with the Sites or for providing the Creatio Services to you. Session cookies refer to cookies that are operable for the duration of your visit only and are deleted when you close your browser. Session cookies are typically used to track your navigation of the Sites in order to support the function or security of the Sites. Session cookies may also be used to avoid data re-entry such as information you might provide within forms available on the Sites. Persistent cookies refer to cookies that are stored following your visit. Persistent cookies are not deleted from your browser at the end of a session and are typically used to remember your preferences for future visits and/or to provide targeted advertising based on your activities on the Sites.
- These cookies make websites easier to use as you won’t need to repeatedly select your preferences each time you visit. A good example would be a website with language settings – perhaps you choose to change the content language from English to French. The next time you visit the website, your preference will be remembered.
- We may use the following types of cookies and similar technologies:
- Essential/strictly necessary cookies required for the operation of the Creatio Services. They include, for example, cookies that enable you to log into secure areas. Strictly necessary cookies facilitate the operation of our websites. Without the use of these cookies, portions of our websites will not function properly.
- Analytical/performance cookies that collect information about how you use the Creatio Services. They allow us to recognize and count the number of visitors and to see how visitors move around our Sites. This helps us to improve the way our Sites work. These cookies are sometimes placed by third-party providers of web traffic analysis services.
- Functional cookies that remember choices you make and recognize you when you return. This enables us to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region) or allow the pre-population of certain resource request forms, making it easier for you to access Creatio content.
- Targeting cookies that collect information about your browsing habits such as the pages you have visited and the links you have followed. We use this information to make our Sites more relevant to your interests, and, if we enable advertising, to make advertising more relevant to you, as well as to limit the number of times you see an ad. These cookies are usually placed by third-party advertising networks. They remember the other websites that you visit, and this information is shared with third-party organizations, for example, advertisers.
- Opting out: Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may encounter issues using the Sites and accessing certain pages, specifically password-protected pages.
- As part of improving the Creatio Services, we may deploy third-party technology on our Sites to collect and transfer information using web beacons, and in certain configurations, using tracking tag pixels and cookies (“Tag Data”). This third-party technology may automatically collect Tag Data from your browser. Some of the Tag Data collected may be considered personal data in your jurisdiction, such as IP address and online identifiers (cookies) and some may be considered non-personal information, such as browser version, operating system, pages viewed, and timestamps.
- We may use third-party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects your information regarding Google Analytics and how you can opt-out, please see https://tools.google.com/dlpage/gaoptout.
5. DATA RETENTION
- To the extent permitted by applicable law, we may retain information for as long as the account of the User for whom we collected the information is active, for at least six (6) months thereafter, or as long as is reasonably necessary to provide the Creatio Services or as needed for other lawful purposes. If, however, we become aware that you inadvertently or intentionally submitted or transmitted Protected Health Information or sensitive personal information to us, you will be considered to have explicitly consented to us processing that Protected Health Information or sensitive personal information for the purposes of deleting the same and we will not retain such information. We may retain cached or archived copies of information. We may retain anonymized or pseudonymized, aggregated data indefinitely, to the extent permitted under applicable law. We may be required to retain some data for a longer period of time because of various laws and regulations or because of contractual obligations. We also will retain information as long as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. Once information is no longer needed for the purposes for which it was collected, we will take reasonable steps to de-identify and/or destroy it.
6. CHOICES AND OPT-OUT
- To the extent required by applicable law, or otherwise in our discretion, we will allow Users to limit use of personal information. If at any time after providing us with your personal information such information changes or you change your mind about receiving information from us, you may request access to your data or that your data be changed.
- To the extent required by applicable law, or otherwise in our discretion, we will allow Users to limit use of personal information. If at any time after providing us with your personal information such information changes or you change your mind about receiving information from us, you may request access to your data or that your data be changed.
- Where you provide us with your personal information (e.g. when you contact us to obtain information about a Creatio product or service), we may use your personal information for direct marketing. This includes the use of personal information to:
- invite you to a user conference; and/or
- notify you about an existing or new product or service.
- If you prefer not to receive these communications from us, you may ask us at any time to stop sending you direct marketing information or to stop being contacted by us. You can do this by emailing us at: email@example.com.
7. CROSS-DEVICE TRACKING
- When you use your mobile device to interact with us or use the Creatio Services, we may receive information about your mobile device, including a unique identifier for your device. We and our service providers and third-parties we collaborate with, including ad networks, may use cross-device/cross-context tracking. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.
8. EMPLOYMENT OPPORTUNITIES
- We provide you with a means for submitting your resume or other personal information through our Sites and/or Services for consideration for employment opportunities at Creatio. Personal information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your personal information within Creatio, or keep it on file for future use, as we make our hiring decisions.
9. THIRD PARTY SITES
- To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of personal information, we employ administrative, technical and organizational measures that are reasonably designed to help safeguard the information we collect. Only authorized Creatio personnel have access to the personal information, including server logs and cookie utilization data, that we collect. These individuals are required to follow strict security policies and procedures. Creatio may use data encryption, network channel encryption, firewall, malware and threat protection, access protection controls, and other physical and logical security measures to help prevent unauthorized access to such personal information. Creatio may also place internal restrictions on who in the Company may access data to help prevent unauthorized access to such information.
- Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Therefore, despite our efforts, we cannot guarantee its absolute security. We do not warrant or represent that personal information about you will be protected against loss, misuse, or alteration by third-parties.
- If you use the Creatio Services, you are responsible for maintaining the confidentiality of your access information and password. You are responsible for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your password. We cannot secure any personal information that you release on your own, that you request us to release or that is released through another third party to whom you’ve given access.
- Where required under applicable law or by contract, we will notify the appropriate parties or individuals of any loss, misuse or alteration of personal information so that such parties or individuals can take the appropriate actions for the due protection of their rights. If such personal information is information of a Creatio customer, we will notify such customer and coordinate with them regarding any required notices to particular individuals.
12. SENSITIVE PERSONAL INFORMATION
- “Sensitive personal information” is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
- We do not knowingly or intentionally collect sensitive personal information or Protected Health Information (as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and summarized by the U.S. Department of Health & Human Services here: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html ) from individuals through the Creatio Services. You must not submit to us sensitive personal information or protected health information of any kind through the Creatio Services. If, however, you inadvertently or intentionally submit or transmit sensitive personal information and/or protected health information to us, you will be considered to have explicitly consented to us processing that information. In such case, we will use and process protected health information and sensitive personal information solely for the purposes of deleting it, if and when we become aware of the same.
13. INTERNATIONAL DATA TRANSFERS
- The Sites may be provided using resources and servers located in various countries around the world, including the United States and other countries. Therefore, personal information about Users may be transferred, processed and stored outside the country where the Creatio Services are used, including to countries outside the European Union (“EU”), European Economic Area (“EEA”) or Switzerland, where the level of data protection may not be deemed adequate by the European Commission. With respect to Europe, we may use standard data protection clauses adopted by supervisory authorities and approved by the European Commission to safeguard transfers.
14. CALIFORNIA PRIVACY RIGHTS
15. QUESTIONS, COMPLAINTS AND DISPUTES
- If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact our Privacy Officer by email at firstname.lastname@example.org. We will respond to your inquiries as soon as is practicable.
- CLASS ACTION WAIVER. YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
- “Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person; and
- “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Personal Data may be transferred outside of Europe, provided that certain conditions as set out in the applicable legislation are complied with. Your Personal Data will also be processed by personnel operating outside Europe who work for us. This includes personnel engaged in, among other things, the fulfilment of your order and the provision of support services. We are party to data transfer agreements with each of our service providers and the members of our group and we will (i) keep each document up to date with current law, and (ii) only engage in personally identifiable information transfers from Europe to outside Europe in accordance with such an agreement or an alternative means of transfer in compliance with data protection legislation. We may also process personal data submitted relating to individuals in Europe via other compliance mechanisms, including use of the European Union Standard Contractual Clauses.
- Our legal basis for the processing of Personal Data are: (i) consent or (ii) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of the Creatio Services, preventing fraud, ensuring information and network security, direct marketing and advertising, and complying with industry practices.
- Data Transfers:
- Where personal data is transferred from the EU or Switzerland to the US in the context of an employment relationship, we will cooperate in investigations by and comply with the advice of EU data protection agencies and the Swiss Federal Data Protection and Information Commissioner (FDPIC).
- The Services may be provided using resources and servers located in various countries around the world, including the United States and other countries. Therefore, personal information about individuals or customers may be transferred, processed and stored outside the country where the Services are used, including to countries outside the European Union (“EU”), European Economic Area (“EEA”) or Switzerland, where the level of data protection may not be deemed adequate by the European Commission. In the case of such transfers, Creatio will rely upon a compliant transfer mechanism, such as standard contractual clauses. We will only transfer data to our agents, resellers or third-party service providers (such as travel service providers, accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of Creatio, including in connection with the delivery of Services or products, Creatio’s management, administration, or legal responsibilities.
- Additional Rights: Under European law, you may have one or more of the following additional rights:
- Access. To request a copy of the Personal Data we have collected about you by contacting us.
- Rectification & Erasure. To request that we rectify or delete any of the Personal Data about you that is incomplete, incorrect, unnecessary or outdated.
- Objection. To object, at any time, to Personal Data about you being Processed for direct marketing purposes.
- Restriction of Processing. To request restriction of Processing of Personal Data about you for certain reasons, such as, for example, if you consider Personal Data about you collected by us to be inaccurate or you have objected to the Processing and the existence of legitimate grounds for Processing is still under consideration.
- Data Portability. To request and receive the Personal Data we have collected about you in a commonly used and machine-readable form.
- Right to Withdraw Consent. If Personal Data about you is processed solely based on your consent and not for any other legitimate interest, to withdraw your consent at any time, without affecting the lawfulness of our Processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services.
- Right to Lodge a Complaint with a DPA. If you believe our Processing of Personal Data about you is inconsistent with the applicable data protection laws, to lodge a complaint with your local supervisory data protection authority (“DPA”).
- To exercise any of the above listed rights, please contact us as set forth below and provide sufficient details so that we can respond appropriately. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify the identity of the individual submitting a request before we can address such request. If the request relates to data our customers collect and process through the Creatio Services, we will refer the request to that customer and will support them in responding to the request. For Creatio customers, certain information may be reviewed, corrected and updated by logging into the Creatio Services account and editing the profile information.
- Questions and Complaints. If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact our Privacy Officer by email at email@example.com.
- Compelled Disclosures. We may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
C. CONTACT INFORMATION
- Website: https://www.creatio.com/company/contacts
- Postal Address:
- CREATIO EMEA LTD
- 1 Kinyra Street
- Kinyras Tower, 3rd Floor, 1102
- Nicosia, Cyprus
- Attention: Data Privacy Officer