Privacy Policy - SalesMath

PRIVACY POLICY

In this Privacy Policy, we will describe how SalesMath (we) processes the Personal Data of its Clients, Users, the representatives of its Clients, and any other data subjects (you) in relation to their use or propagation to of our Services. This Privacy Policy applies only if we process your Personal Data as a data controller within the meaning of the GDPR. 

Please note that we primarily process the Personal Data under our possession on behalf of our Clients and therefore act as a data processor within the meaning of the GDPR. For example, if you are a User that has been authorised the access to the Services by the Client, we only process your Personal Data in order to fulfil the Agreement concluded between us and the Client and the respective Client is the data controller as regards your Personal Data and is responsible for the processing thereof. 

Please also note that any User Content submitted by the Users or the Clients is under the control and responsibility of the respective Client and we have no control over it. We therefore act as a data processor within the meaning of the GDPR as regards any Personal Data contained in the User Content. We only process such Personal Data in order to fulfil the Agreement concluded between us and the Client and the respective Client is the data controller as regards your Personal Data and is responsible for the processing thereof. 

When we are processing Personal Data as a data processor acting on behalf of a controller, our processing activities take place on the basis of a data processing agreement concluded between us and the Client (see section 7 of the ToS). If you are a User or a third person whose Personal Data we process on behalf of our Clients, we advise you to get acquainted with the Personal Data processing and protection principles and policies implemented by the respective Client.

Any capitalised terms used in this Privacy Policy shall have the meanings outlined in section 1 of this Privacy Policy. Other terms should be understood as defined in the GDPR, unless otherwise defined herein. 

  1. Definitions
  • “We/us/our/party/SalesMath” – SalesMath OÜ, a private limited company incorporated in Estonia, address Pärnu mnt 12, 10148, Tallinn, commercial registry code 14480854.
  • “Agreement” – a contract entered into between the Client and us for the use of the Services under the ToS, procedures and other terms and conditions for using the Services that may be published from time to time by us and made available to you by us. 
  • “Client” – natural or legal person who has entered into the Agreement with us for the purposes of using the Services. Taking into account the characteristics of the Services, it is assumed that the Client is acting in an economic or professional capacity.
  • “Client Account” – A profile connected to a specific Client for the use of the Services used to identify the Client, provide the Users connected to the Client with access to the Services, and to change and save settings.
  • “Data Protection Laws” – GDPR and any other relevant applicable data protection regulations.
  • “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
  • “Personal Data” – means information that can be used to identify natural person, either alone or in combination with other information. Unless specified differently herein, Personal Data should be understood broadly.
  • “Service” or “Services” – means sales conversation intelligence platform as well as our other products, software, apps and services made available to you.
  • “ToS” – the terms and conditions that govern the use of the Services by Clients. The latest version of the ToS is available at https://salesmath.ai/tos. 
  • “User” – a natural person who uses the Services under the authorization of the Client.
  • “User Account” – The User profile connected to the Client Account for the use of the Services, which is used to identify the User, provide personal access to the Services.
  • “User Content” – is all information generated by Users and Clients and transmitted, whether publicly or privately, to or through our Services.
  1. Collecting your Personal Data
    1. We collect your Personal Data in the following ways:
  • You provide us your Personal Data yourself
  • Your Personal Data is provided to us by the representative of the Client or a User
  • We receive your Personal Data from a third party (e.g. when a third party payment service provider confirms whether your payment was successful or not)
  • We have collected your Personal Data by automatic means. See our Cookie Policy available at https://salesmath.ai/cookie-policy
  1. Categories of Personal Data processed and the legal basis for processing
    1. The categories of Personal Data that we process include the following: 
  • Identification data (name, date of birth, personal identification code)
  • Contact data (address, phone number, e-mail address)
  • Employment data (Client’s company, position within the Client’s company)
  • Communications data (e-mails, messages sent to us)
  • Client and User Account log-in data
  • Data related to the use of the Services
    1. We usually process these Personal Data for following purposes:
  • For the purpose of concluding and performing the Agreement with the Client. This includes providing customer support and contacting you otherwise as regards the Services. In such case, the legal basis for processing is the performance of the Agreement or taking steps at your request prior to entering into the Agreement if you are the Client (GDPR article 6(1)(b)) or our legitimate interest to enable the use of or the legitimate interests of the Client to use the Services as requested by the Client if you are the representative of the Client or a User (GDPR article 6(1)(f)). In such case, taking into account the categories of Personal Data processed, your interests or fundamental rights and freedoms which require protection of personal data usually do not override our legitimate interest.
  • For the purpose of marketing our Services. This includes sending you offerings, newsletters or other updates about our Services or business. In such case, we usually ask for your consent and the legal basis processing is your consent (GDPR article 6(1)(a)), unless we have legitimate interest to process your Personal Data for such purpose (GDPR article 6(1)(f)). We have legitimate interest to send you marketing materials if you have previously used our Services (including trial or demo version) and have not indicated that you oppose to us processing your Personal Data for such purpose. In such case, your interests or fundamental rights and freedoms which require protection of personal data usually do not override our legitimate interest.
  • For the purpose of improving and/or developing our Services. In order to be able to ensure the quality, security and functionality of, as well as to be able to further develop our Services, we may need to process the Personal Data of the Clients, Users or third persons from time-to-time. Please note that where possible, we shall anonymise the data. In other cases, we process the data on the basis of your consent (GDPR article 6(1)(a)), if we have asked you for it, or in our legitimate interest (GDPR article 6(1)(f)). In such case, your interests or fundamental rights and freedoms which require protection of personal data usually do not override our legitimate interest.
    1. We may also process your Personal Data to safeguard our rights (e.g. establishing, exercising and defending legal claims). The legal basis for such processing is our legitimate interest to do so (GDPR article 6(1)(f)). In such case, your interests or fundamental rights and freedoms which require protection of personal data usually do not override our legitimate interest. 
    2. Additionally, we may process your Personal Data in order to fulfil our legal obligations (e.g. taxing, book keeping, responding to law enforcement agencies and courts). The legal basis for such processing is our obligation to comply with applicable laws and regulations (GDPR article 6(1)(c)).
  1. Processing on the basis of consent
    1. When processing is based on your consent, you can withdraw your consent at any time via your User or Client Account, or by  contacting us on the contact details below, or by clicking on the ‘unsubscribe’ link at the end of each marketing e-mail. Please note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. 
  2. Disclosing your Personal Data
    1. We only disclose your Personal Data to our services providers who process the Personal Data on our behalf and therefore act as data processors within the meaning of GDPR, or to third parties who shall receive and process the Personal Data for their own purposes and act as separate data controllers as regards your Personal Data. We only disclose your Personal Data to third parties when we have a legal basis to do so. 
    2. When we disclose your Personal Data to our data processors, the following applies:
  • We only use service providers (data processors) who we have carefully selected and whose Personal Data processing practices we have total trust in. We remain fully responsible for the processing of Personal Data by our data processors.
  • We only use the following categories of data processors: IT service providers, data collection, management and storage providers, e-mail service providers, messaging service providers, customer relationship management and feedback service providers, direct marketing service providers, payment service providers and accountants.
  • Should you require more detailed information as regards the data processors we use (e.g. their names and location) please contact us on the contact details below. 
    1. We may disclose your Personal Data to the following third parties:
  • If you’re the User or the Client’s representative, we may share your Personal Data with the Client if it is necessary to fulfil our obligations under the Agreement with the Client. The legal basis for such sharing are our legitimate interests to enable the use of or the legitimate interests of the Client to use the Services as requested by the Client. In such case, your interests or fundamental rights and freedoms which require protection of personal data usually do not override our legitimate interest.
  • We may need to share your Personal Data with third persons in relation to our need to protect our legal rights (e.g. attorneys and debt collection agencies). The legal basis for such sharing is our legitimate interest to protect our legal rights. In such case, your interests or fundamental rights and freedoms which require protection of personal data usually do not override our legitimate interest.
  • We may share your Personal Data with other third persons in order to fulfil our legal obligations (e.g. auditors, authorities). The legal basis for such sharing is compliance with our legal obligations. 
  • If you have given your explicit consent to disclose your Personal Data to certain third parties.
    1. We only transfer and store your Personal Data outside the EU where we have a lawful basis to do so, including to a recipient who is: (i) in a country which provides an adequate level of protection for Personal Data (including in the United States if the recipient company is certified under the Privacy Shield); or (ii) under an instrument which covers the EU requirements for the transfer of Personal Data outside the EU.
    2. Should you require more detailed information as regards transferring your Personal Data outside the EU (e.g. the names of the recipients and the exact legal basis for any such transfer), please contact us on the contact details below. 
  1. Security
    1. We take appropriate technical and organizational security measures in protecting your Personal Data, taking into account (i) the state of the art, (ii) costs of implementation, (iii) nature, scope context and purposes of the processing, and (iv) risks posed to you. Such security measures include, but are not limited to, encrypted storage and access controls.

      6.1.1. All connections to SalesMath are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS.

      6.1.2. Data access and authorizations are provided on a need-to-know basis, and based on the principle of least privilege.
    1. However, please be aware that no security measure is perfect. Our efforts notwithstanding, we cannot guarantee that your Personal Data, during transmission over the internet or while stored in our systems or those of our service providers or while otherwise in our care, will be absolutely safe from unauthorised or unlawful processing or accidental loss, alteration or destruction, or that they will indeed be intact and confidential at all times or shortly available after any Service incident. Note also that we cannot control, and are not responsible for, the actions of other parties with whom you share (or instruct us to share) your Personal Data.
  1. Data retention
    1. We retain your Personal Data for as long as necessary for the purposes they were collected for, as long as necessary to safeguard our rights, or as long as required by the applicable law. Please note that if the same Personal Data is processed for several purposes, the Personal Data will be retained for the longest retention period applicable. 
    2. If you’re a Client, the representative of the Client, or a User, we retain your Personal Data as follows:
        • In accordance with Estonian accounting and taxation laws, billing information is retained for a period of 7 years as of the end of the relevant financial year.
        • In accordance with the maximum limitation period for claims arising from a transaction if the obligated person intentionally violated the person’s obligations and for claims arising from Estonian law, we shall retain any Personal Data related to such claims for a maximum of 10 years from the date when the claim falls due.  
  1. Your rights
    1. To the extent required by applicable Data Protection Laws, you have all the rights of a data subject as regards your Personal Data. Such rights include the following:
        • Request access to your Personal Data 
        • Obtain a copy of your Personal Data
        • Rectify inaccurate or incomplete Personal Data;
        • Demand erasure Personal Data
        • Restrict the processing of Personal Data
        • Portability of Personal Data
        • Object to processing of Personal Data which is based on legitimate interest and which is processed for direct marketing purposes
    1. Should you believe that your rights have been violated, you have the right to lodge a complaint with the data protection authority or the court. However, we kindly ask you to contact us first with any complaints. In order to exercise your rights, please contact us on the contact details below. Please note that you can exercise some rights (e.g. review and update your Personal Data) already by logging into the Client Account or User Account.
  1. Amending this Privacy Policy
    1. Should our Personal Data processing practices change or should there be a need to amend the Privacy Policy under the applicable Data Protection Laws, other applicable legal acts, case-law or guidelines issued by competent authorities, we are entitled to unilaterally amend this Privacy Policy at any time. In such case, we will notify you by e-mail reasonably prior to the amendments entering into force.
  2. Governing law
    1. As we are a company registered in the Republic of Estonia, the processing of your Personal Data shall be governed by the laws of the Republic of Estonia. 
  3. Contact
    1. In case you have any question regarding the processing of your Personal Data by us or you would like to exercise your rights as a data subject, please contact us on the following contact details: info@SalesMath.ai

Privacy Policy valid from 14th of Jan 2019