Privacy Policy

Effective Date: 19/11/2018

BY VISITING getform.io, YOU ARE CONSENTING TO OUR PRIVACY POLICY.

OVERVIEW

This privacy policy sets out how Getform Ltd. ("Getform", "we", "us" and "our") uses and protects any information that you give Getform when you visit our website and use our Services located at getform.io

Getform is committed to ensuring that your privacy is protected. Getform considers data protection and privacy to be of paramount importance. We never sell personal data and we carry out all processing operations in strict compliance with the EU General Data Protection Regulation (“GDPR”). Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. By engaging with our website located at getform.io and our Services you acknowledge you have read and understood this Privacy Policy. Data protection laws require companies to describe their role and responsibility when handling personal information. Additionally, we do not knowingly collect or process data about children.

AGREEMENT TO THE TERMS OF PRIVACY POLICY

Any Service provided by Getform is purely voluntary. You are not required to provide any personal information to us unless you choose to access features of the Service that require such information. If you do not agree with the terms of this Privacy Policy or Getform’s Terms of Use related to the Services, then please do not provide us with personal information, exit the Applications immediately, and refrain from using the Service.

Accordingly, by creating a Getform Account (as defined in the Terms of Use), or by otherwise accessing, visiting or using the Service, you expressly consent to our collection, use, disclosure and retention of your information as described in this Privacy Policy and in the Getform Terms of Use.

THE INFORMATION WE COLLECT ABOUT YOU

We value your trust. In order to honor that trust, Getform adheres to ethical standards in gathering, using, and safeguarding any information you provide. Getform is used by Getform “Users” and by Getform “Respondents”. The information we receive from Users and Respondents and how we handle it differs, as set out below.

Getform Users

As a User, we collect information relating to you and your use of our Services from a variety of sources:

Information we collect directly from the User

• Registration Information: Information you provide to us when you register an account
• “My Profile” settings: you can view and edit various preferences and personal details on “My Profile” settings. For example non-transactional communication preferences and account name.
• Getform Submission Data: We store your Getform form data (questions and responses) for you.
• Plan + Billing Info: We store information about your Plan. If you subscribe to a paid pro plan, we require you to provide your billing details

Information we collect about the User indirectly or passively when interacting with us

• Usage data: Getform collects usage data about Users whenever they interact with our services, including information they have elected to make publicly available.
• Device and application data: Getform collects data from the device and application the User uses to access our services, such as the IP address and browser type. We may also infer the geographic location based on the User IP address.
• Information from Third parties: Getform may collect User personal information or data from third parties if the User gives permission to those third parties to share such information with others or the data is extracted from publicly accessible sources.
• Information from cookies and page tags: Getform uses third-party tracking services that employ cookies to collect aggregated and anonymized data about visitors to our websites. This data may include usage and User statistics.

Getform Respondents

As a Respondent, when you respond to Getform forms hosted by Getform, we collect, on behalf and upon instructions of Getform’s Users, information relating to you and your use of our services from a variety of sources:

Information we collect directly from the Respondent: Getform responses

We collect and store the Getform form responses from Respondents. The Getform User is responsible for that data and manages it. The Getform User is usually the same person that invited the Respondent to take the Getform form and sometimes they have their own privacy policy.

When responding to a Getform form you may provide personal information or data. Please note that Getform is not responsible for the content of that Getform form, so if you have any questions about a Getform form you are taking, please contact the Getform User directly.

Information we collect about the Respondent from other sources on behalf of Getform’s Users

• Usage data: on behalf of Getform Users, Getform collects usage data about Respondents whenever they interact with our services.
• Device and application data: on behalf of Getform Users, Getform collects data from the device and application the Respondent uses to access our services, such as, among other, the IP address, browser type and operating system. We may also infer the geographic location based on the Respondent IP address.
• Information from cookies and page tags: Getform uses third-party tracking services that employ cookies to collect aggregated and anonymized data about visitors to our websites. This data may include usage and User statistics.

Getform’s obligations as data processor when processing Respondents’ data on behalf of Users

When Getform is processing Respondents’ Data on behalf of Users, the User who creates the Getform form is the Data Controller in relation to the data of Respondents using such Getform form, and Getform is the Data Processor of such Respondents data (hereinafter, User shall be referred to as the “Data Controller” and Getform as the “Data Processor). For the processing of Respondents’ data on behalf of the Data Controller, the Data Processor undertakes to fulfill the following obligations:

For the processing of Respondents’ data on behalf of the Data Controller, the Data Processor undertakes to fulfill the following obligations:

• a) To treat the personal data only to carry out the provision of the contracted Services, in accordance with the instructions given in writing, at any time, by the Data Controller (unless there is a legal rule that requires complementary processing, in such a case, the Data Processor will inform the Data Controller of that legal requirement prior to the processing, unless the Law prohibits it on public interest grounds).
• b) To maintain the duty of secrecy with respect to the personal data to which the Data Processor has access, even after the termination of the contractual relationship, and to ensure that their employees have committed to writing to maintain the confidentiality of the personal data processed.
• c) To ensure, taking into account the available technology, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, that they will apply adequate technical and organizational measures to ensure a level of security appropriate to the risk, including, where appropriate, among other things:
  • The pseudonymisation and encryption of personal data;
  • The ability to ensure the continued confidentiality, integrity, availability and resilience of the systems and services;
  • The ability to restore the availability and access to personal data quickly in the event of a physical or technical incident;
  • A process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures in order to ensure the safety of the processing;
• d) To keep under their control and custody the personal data to which they have access in relation with the provision of the Service, and to not disclose them, neither transfer or otherwise communicate them, not even for their preservation, to persons unrelated with the provision of the Service covered by this Agreement.

However, the Data Controller may authorize, expressly and in writing, the Data Processor to use another data processor (hereinafter, the “Subcontractor”), whose identification data (full company name and fiscal identification number) and subcontracted services must be communicated to the Data Controller, prior to the provision of the service, at least with one (1) month in advance. The Data Processor will also inform the Data Controller of any change envisaged in the incorporation or substitution of the Subcontractors, giving thus to the Data Controller the opportunity to object such changes.

In case of making use of the power recognized in the previous paragraph, the Data Processor is obliged to transfer and communicate to the Subcontractor the whole obligations that for the Data Processor derive from this Agreement and, in particular, the provision of enough guarantees that he will apply appropriate technical and organizational measures, so that the processing complies with the applicable regulations.

In any case, access to the data made by natural persons who render their services to the Data Processor, acting within the organizational framework of the latter by virtue of a commercial and non-labor relationship, is authorized. In addition, access to the data is granted to companies and professionals that the Data Processor has hired in their internal organizational framework in order to provide general or maintenance services (computer services, consulting, audits, etc.), as long as such tasks have not been arranged by the Data Processor with the purpose of subcontracting with a third-party all or part of the Services provided to the Data Controller.

• e) To delete or return to the Data Controller, at their choice, all personal data to which they have had access in order to provide the Service. Likewise, the Data Processor undertakes to delete the existing copies, unless there is a legal rule that requires the preservation of the personal data. However, employees and other personnel working for the Data Processor are entitled to access Users and Respondents data as required to carry out their obligations under the terms of their contract.
• f) To notify the Data Controller, without undue delay, of any personal data security breaches of which he is aware, giving support to the Data Controller in the notification to the Spanish Data Protection Agency or other competent Control Authority and, if applicable, to the interested parties of the security breaches that occur, as well as to provide support, when necessary, in the carrying-out of privacy impact assessments and in the prior consultation to the Spanish Data Protection Agency, where appropriate, as well as to assist the Data Controller so they can fulfill the obligation of responding to the requests to exercise certain rights.
• g) To bring, in writing, a record of all categories of processing activities performed on behalf of the Data Controller.
• h) To cooperate with the Spanish Data Protection Agency or with other Control Authority, at its request, in the fulfillment of its power
• i) To make available to the Data Controller the whole information necessary to demonstrate the fulfillment of the obligations established under this Agreement, as well as to allow and contribute to the performance of audits, including inspections, by the Data Controller or by a third-party authorized by them

If the Data Processor or any of his Subcontractors violates this Agreement or any regulation when determining the purposes and means of the processing, they shall be held responsible for such processing. Furthermore, if such Subcontractors are based in countries which do not have a legislation on data protection which is equivalent to the EU legislation (“Third Countries”), Data Processor shall establish all safeguards required by the EU legislation in order to comply with all obligations arising from transfers of data to Third Countries, and shall promptly inform Data Controller about such safeguards if so requested.

HOW WE PROTECT THE INFORMATION PROVIDED

We store your personal information only on servers with limited access that are located in controlled facilities, and use a variety of technologies and procedures intended to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

Nonetheless, no communication via the Internet can ever be 100% secure, and no security measures can ever be assured to be effective. Accordingly, you are advised to use caution and discretion when determining what personal information to disclose to us. If you have any questions about security on our Site, contact us as set below.

RIGHTS TO ACCESS, RECTIFICATION OR ERASURE, RESTRICTION AND OBJECTION, OF PROCESSING

As part of these terms you are prohibited from allowing any form of illegal data to enter our systems and we, Getform Ltd (Getform), will act only as a data processor for this data. The fundamental rights for the data subjects are your responsibility as the data controller, these include but are not limited to;

• The right to be informed
• The right of access
• The right of rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

In order to make things easier for you, and without prejudice to the legal requirements Getform must comply with under the laws, Getform allows you to exercise the above-mentioned rights by opening a support ticket via the Help Center or contact us on privacy@getform.io

USE OF COOKIES

A cookie is a small string of information that the website you visit transfers to your computer for identification purposes. Cookies can be used to follow your activity throughout the Getform Services and that information helps us to understand your preferences and improve your experience.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

CANCELING YOUR ACCOUNT

You may cancel your account and you may opt out of receiving any emails from Getform at any time by changing the settings in your account profile page. Deleting your account will cause all the Getform data in the account to be permanently deleted from our systems within a reasonable time period, as permitted by law and will disable your access to any other services that require a Getform account. We will respond to any such request, and any appropriate request to access, correct, update or delete your personal information within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).

INFORMATION FROM THIRD-PARTY SOURCES

The Site may contain links to third-party websites. Except as otherwise discussed in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you on our Site. Other sites accessible through our site via links or otherwise have their own policies in regard to privacy. We are not responsible for the privacy policies or practices of third-parties.

CONTACT US

You may request details of personal information which we hold about you under the Data Protection Act 1998. If you would like a copy of the information held on you, please reach out to us from our contact info given below.

If you believe that any information we are holding on you is incorrect or incomplete, you can contact us immediately to the contact information given below. We will promptly correct any information found to be incorrect. Questions or comments regarding this Privacy Policy can be submitted to us on privacy@getform.io