Platform Privacy Notice

 

SalesLoft, Inc. (“we”) are committed to safeguarding the privacy of registered users of the SalesLoft platform; this Notice sets out how we will treat your personal data when we act as the controller of that data, including when its processing is governed by the EU General Data Protection Regulation (GDPR).

Summary

Definitions

We use the term “personal data” to refer to any information collected or processed by or in connection with the platform that directly or indirectly identifies you or factors specific to you, such as your name, IP address or user preferences.

Below we describe the ways in which we handle your personal data. These ways also include the lawful grounds (sometimes also referred to as “legal basis”) which serve as the justification under GDPR for the processing of your personal data. If there is no lawful ground for processing your personal data, neither we nor anyone else is permitted to access or process your personal data under GDPR.

What personal data do we collect?

We may collect, store and use the following kinds of information and personal data (“Collected Information”):

(a) information and personal data about your visits to and use of our platform. We collect personal data about your computer and your visits to the platform, including your IP address, geographical location, browser type, referral source, length of visit and number of page views, all of which are also Collected Information.

(b) information about any transactions carried out between you and us on or in relation to the platform, including information relating to any purchases you make of our goods or services. We collect:

  • First and last name
  • Title
  • Position
  • Employer
  • Contact information (company, email, phone, physical business address)
  • ID data
  • Professional life data
  • Personal life data
  • Connection data
  • Localization data
  • Application usage data
  • Email communication data
  • Call recording data

(c) information that you provide to us for the purpose of registering with us on the platform and/or subscribing to our website services and/or email notifications. We collect first and last name, email address, and phone number for these purposes.

Cookies and Other Tracking Technologies We Use

We use cookies on the platform. A cookie is a text file sent by a web server to a web browser, and stored by the browser. The text file is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may send one or more cookies which may be stored by your browser on your computer. The information we obtain from cookies is part of the Collected Information. Our advertisers and service providers may also send you cookies.

Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.). This will, however, have a negative impact upon the usability of many websites, including access of the platform.

To improve our services and the platform, we may retain third party service providers to operate this site and help us monitor, collect and analyze information regarding your interactions with the platform and data you input, including through the use of such providers’ cookies on your computer.

For more information about cookies and other tracking technologies we use, please see our Cookies Policy here.

Why We Use Collected Information

Collected Information, including personal data, will be used to:

(a) administer and improve the platform’s usability;

(b) improve your browsing experience by modification and replacement of text, images, videos, links to increase relevance to the visitor;

(c) send to you marketing and other communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you by post or, where you have specifically consented, by email or similar technology.

(d) to provide other companies with statistical information about our users. Information we provide to other companies will not identify any individual user.

(e) if you so elect, to connect a 3rd party email account to your SalesLoft account. This allows you to compose and send email messages in SalesLoft. We then import replies to messages you send to access in SalesLoft. You will also have the option to import and update events on your linked calendar. We employ a software technology called web beacons in our HTML-based emails to let you know which emails have been opened by a recipient. Please note that to the extent that you elect to connect with a Gmail account, our use of Collected Information will be further limited as indicated in the “Additional Limits on Use of Your Google User Data” section of this Privacy Policy.

Lawful Grounds

If you are a registered platform user, the lawful ground for processing your personal data is your employer’s need to allow you to perform your employment contract or otherwise allow you to perform your duties in connection. If you do not provide personal data to us you may be in breach of your employment contract as you may not be able to perform your assigned functions.

If you are a registered platform user, the lawful ground for processing your Collected Information is our legitimate interest in understanding how users interact with the platform, and in promoting our products and services.

Sharing Collected Information

We may share Collected Information about you:

(a) to enable our third party subprocessors to provide data center hosting services, database hosting services, dialer infrastructure services, email sync services, and to enable our third party processors to provide sales and marketing operations services;

(b) to the extent that we are required to do so by law;

(c) in connection with any legal proceedings or prospective legal proceedings;

(d) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

(e) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Security of Collected Information

We will take reasonable precautions to prevent the loss, misuse or alteration of your personal data. Data transmission over the Internet is inherently insecure and we cannot guarantee the security of data sent over the Internet.

We will store all the personal data you provide or that we collect about you on our secure servers.
You are responsible for keeping your passwords confidential. We will not ask you for your passwords.

Transfers of Collected Information for GDPR

We are located in the United States. By submitting your personal data via t the platform, will transfer your personal data to us. We will process transferred personal data pursuant to the EU-U.S and the Swiss-U.S. Privacy Shield Frameworks. The European Commission has issued an adequacy decision that entities like ours that certify to the EU-U.S. Privacy Shield principles are considered to offer adequate protection to personal data, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We adhere to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for the personal data you provide or we obtain about you. Please click here to view our Privacy Shield Policy.

We may transfer your personal data to third parties, as described in Sharing Collected Information, pursuant to the onward transfer principles of the EU-U.S. Privacy Shield. We use these third-parties to perform certain functions offered as part of our products and services, e.g. data center hosting services, a SaaS survey solution, and SaaS IT service management software. These providers all certify compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Framework and are restricted from direct access to your personal data but, if necessary, may be granted access to your personal data only to the extent necessary to permit them to perform their contracted services, are bound by confidentiality agreements and are restricted from using the personal data for other purposes.With respect to personal data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.

Retention of Your Personal Data

We retain your personal data until data is requested to be purged from our systems by an authorized member of your organization.

Additional Limits on Use of Your Google User Data:

Notwithstanding anything to the contrary in this Privacy Policy, if you provide the SalesLoft platform access to the following types of your Google user data,

  • Gmail (read, write, modify, and control) the platform’s use of such data will be subject to these additional restrictions:
    1. The platform will only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a solution that allows your users of the platform to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide, support and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
    2. The platform will not use this Gmail data for serving advertisements.
    3. The platform will not allow humans to read this data unless (1) we have your affirmative agreement for specific messages, (2) doing so is necessary for security purposes such as investigating abuse, (3) to comply with applicable law, or (4) for the platform’’s internal operations and even then only when the data have been aggregated and anonymized.

We reserve the right to amend this section from time to time to comply with the “Google API Services: User Data Policy,” to the extent it relates to our use of such Gmail data.

For the avoidance of doubt, the additional restrictions contained in this section shall only apply to Gmail data received through the Google OAuth API, to the extent such use is applicable to you.

Changes to this Notice

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

Third party websites

The platform may contains links to other websites and third party products, which you may elect to use in your sole discretion. We are not responsible for the privacy policies of third party websites or such site operators’ actions including the collection or use of your personal data.

Access to Your Personal Data

If you use the platform, upon request, SalesLoft will grant you reasonable access to your personal data and allow you to correct, amend or delete information that is demonstrated to be inaccurate or incomplete. See Contact Us.

Notwithstanding the foregoing, as a platform user, we depend on you to update and correct your personal data to the extent necessary for the purposes for which that data was collected, such as contact information you provide so that we can provide you invoicing information.

Your Rights

You are entitled to have any inadequate, incomplete or incorrect personal data corrected (that is, rectified).

You also have the right to request access to your personal data (including receiving a copy thereof) as well as additional information about the processing.

If we ever process your personal data on the lawful ground of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Further, you are entitled to have your personal data erased, under certain circumstances.

As from May 25, 2018, you also have the following additional rights:

  • Data portability – if ever we rely (as the lawful ground for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party (such as your employment contract), and the personal data is processed by automatic means, you have the right to receive all such personal data which you have provided us in a structured, commonly used and machine-readable format, and also to require that it be transmitted to another controller where this is technically feasible.
  • Right to erasure – you are entitled to have your personal data erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds (see below) or where personal data is unlawfully processed, provided that applicable law does not provide otherwise.
  • Right to restriction of processing – you have the right to restrict the processing of your personal data (that is, allow only its storage) where:
    • you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
    • where the processing is unlawful but you do not want us to erase the personal data;
    • where we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise or defence of legal claims; or
    • where you have objected to processing justified on legitimate interest lawful grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing. Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defense of legal claims.
  • Right to object to processing  (including profiling) based on legitimate interest grounds – where we rely upon legitimate interests to process personal data, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defense of legal claims, or applicable law requires otherwise.
  • Right to object to direct marketing (including profiling) – you have the right to object to our use of your personal data for direct marketing purposes (including profiling).

You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal data infringes applicable law.

You may contact us if you wish to exercise any of your rights in respect of your personal data processed via the platform.

Contact Us

To exercise your rights, or if you have any questions about this GDPR Data Privacy Notice or our treatment of your personal data, please send us an email at privacy@salesloft.com or by post to SalesLoft, Inc., 1180 West Peachtree Street NW, Suite 600, Atlanta, GA 30309.

In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your Personal Information. EU or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact us at:

Mike Meyer

SalesLoft, Inc.
1180 West Peachtree Street NW,
Suite 600
Atlanta, GA 30309

Or at: mike.meyer@salesloft.com

SalesLoft has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss Privacy Shield Principles to an independent dispute resolution mechanism operated by JAMS. If you do not receive timely acknowledgment of your complaint or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield to file a complaint or obtain more information.

Under certain conditions, which are described in greater detail on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.