Privacy


1 February 2024

Introduction

We are very pleased to welcome you to our website and/or mobile app and would like to thank you for the interest you have shown in our company and our products.

This privacy policy (“Policy”) is designed to explain how TouchPoint, Inc. and its subsidiaries (hereafter referred to as “TouchPoint” or the “Company”) collect, use and disclose the personal information we receive when you use our websites (each, a “Website”), use our mobile applications (each, an “App”), use our products or services, or otherwise interact with us (collectively, when you use our “Services”).

Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not download, register with, or use the App or access the Website. By downloading, registering with, or using the App or by accessing the Website, you agree to this Policy.

1. Personal Data Collection

Personal data, or personal information, refers to any information that can directly or indirectly identify you. The personal data we collect when you use the Services includes the following:

  • First and last name;
  • Email address;
  • Username;
  • Password;
  • Phone number;
  • Shipping and billing address;
  • Geolocation;
  • Payment card information (collected directly by a third party payment service provider); and
  • Any other information you share with us voluntarily.

We also collect other information automatically about your visit to our Website or use of our App. For example, we may capture your browser type and settings, device information, date and time of access, referring webpage, and IP address (which is often considered personal data) in order to monitor the number of people that visit our Website and compile aggregated statistics to improve our Website. See discussion of our use of cookies in the sections below.

2. Personal Data Use

We use the personal data we collect for the following purposes:

  • To provide and improve our Services and otherwise ensure the proper operation of our day-to-day business;
  • To respond to, or request, your inquiries, comments, feedback, and questions;
  • To send administrative information to you, for example, information regarding our Services or changes to our terms and conditions;
  • To send you marketing communications regarding our Services;
  • To understand your needs and interests, and personalize your experience with our Website and our communications;
  • To prevent fraud, criminal activity, or misuse of our Website, and to ensure the security of our IT systems, architecture, and networks;
  • To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties; and
  • For any other purpose that you specifically authorize based on your consent.

3. Personal Data Disclosures

In the following circumstances, we may share your personal data with third parties. We do not sell, lease, or rent your personal data.

Disclosures to Vendors and Service Providers: To assist us in providing our Services, we may share personal data with vendors or service providers, such as providers of hosting services, cloud services, email solutions, data analytics services, or support and maintenance services for the Website. These companies do not have any independent right to share or use this information.

Disclosures to Business Partners: We may also share personal data with our business partners and affiliates.

Business Transfers: If we are involved in a merger, acquisition, or other corporate transaction, we may share your personal data during the diligence process with counterparties and others assisting with the transaction, as well as to a successor as part of such a transaction.

Legal Requirements: We may also share personal data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to cooperate with law enforcement, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users, or the public, or (v) protect against legal liability.

Consent: We may also share your personal data to other third parties if we receive your consent to do so.

4. International Data Transfers

Please note that your personal data may be transferred to jurisdictions other than where you are located. For example, personal data may be stored and processed in other countries within the EU and outside of the EU (including the United States).

Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. But where necessary, we utilize a valid transfer mechanism, such as the European Union Standard Contractual Clauses, to facilitate transfers to countries that are not recognized as providing an adequate level of data protection.

5. Personal Data Retention

We will retain personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an on-going relationship with our customer and provide the Services; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

6. The Use of Cookies

Our Website uses cookies. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. While most browsers are set to accept cookies by default, you can set yours to refuse cookies or alert you before accepting them however, we would like to make you aware of the fact that in this case it is possible you will not be able to use all the functions of this Website. Our Website uses necessary cookies which help the website run, functional cookies which help maintain your preferences over time and remember you when you return to the Website, analytics cookies which help us understand how visitors use the Website, and targeting cookies which help personalize our advertising efforts. A listing of the cookies currently in use on our Website is provided at the end of this Policy. If you are accessing any of our sites from an IP address with cookie requirements you will see a message informing you that we use cookies and will be able to see more information by clicking on “show details”.

7. Tracking Services

Our Website uses Google Analytics 4 (GA4), a web analysis service from Google Inc. (“Google”). GA4 uses cookies to analyze your use of the Website. The information the cookie generates about your use of this website is transferred to and stored on a server operated by Google in the USA. Google will use this information on behalf of the operators of this Website; to evaluate the use of the Website by its users, so as to create reports about website activity. Due to Google's commitment to user privacy, GA4 does not log IP addresses. You can opt-out of Google Analytics by downloading Google’s Opt-Out Browser Add-on .

We may also use other tracking services, such as (but not limited to) Salesforce Marketing Cloud (SFMC) and GeoLocator. These work in a similar way to Google Analytics. If you have any concerns, further information about these can be obtained by contacting us at the contact information listed below.

Some internet browsers have “Do Not Track” or “DNT” features which, when turned on, send a signal to a website that the individual visiting the website does not wish to be tracked. Such browser features and industry standards are not uniform, so our Website does not respond to DNT signals, but you can set your browser settings to restrict the placement of cookies as described above.

8. Security

We implement technical and organizational measures designed to prevent unlawful access to or use of your data.

All our employees and all third parties involved with data processing are bound by an undertaking to handle personal data confidentially. All third party contracts in which personal data is shared are properly reviewed to ensure safeguarding of data.

In the case of personal data we collect and process, the information shall be transferred in encrypted form, to prevent misuse of the data by third parties. Our security measures are being continually revised in line with technological developments.

9. External Links

Where appropriate, you will find links on our Website to third party internet sites for your information. We have no influence on the content or the design of external pages that are operated by third parties and this Privacy Policy does not apply to third party websites. For this reason, we recommend that you review the online privacy policy of any website you visit to determine how the operator handles personal information collected through its website.

10. Children’s Data

Our Website and our Services are not intended for use by children under the age of 16 and we do not knowingly collect personal information from children under 16. If we learn we have inadvertently collected personal information from children under 16 years old, we will take steps to delete that information.

11. Changes to this Policy

We reserve the right to change this Policy. In this case, we will also adjust this Policy accordingly. The date at the top of this document indicates when this Policy was last revised. Any changes will become effective when we post the revised Policy on the Services. Use of the Services following these changes signifies acceptance of the revised Policy. If the changes to the Policy are material changes, we will notify you the next time you visit our website or via email.

12. Additional Information for Individuals in the European Economic Area (EEA), Switzerland and the United Kingdom (UK)

In addition to the disclosures made elsewhere in this Privacy Policy, we provide this additional information for individuals in the EEA, Switzerland and the UK. TouchPoint acts as a data controller for purposes of the personal data we collect when providing our Services. Our legal basis for processing the personal data we collect in the EEA, Switzerland and the UK, can vary depending on the manner in which you use our Website or Services or otherwise engage with us. To the extent we rely on our legitimate interests as a legal basis for processing your personal information, we have considered the balance between our own interests (among other things, the lawful and efficient operation of our Website and Services) and your interests and we believe that (a) you would reasonably expect us to carry out the kind of processing referenced herein and (b) such processing will not cause you any harm and/or will not seriously impact your rights and freedoms with regard to data privacy. To the extent we rely on your consent as a legal basis for processing your personal information, you have the right to withdraw such consent given to us for the processing of your personal information at any time, although such withdrawal will not affect the lawfulness of our processing prior to your withdrawal. We may also process personal data where necessary for our compliance with legal obligations to which we are subject. We also reserve the right to process personal data in the event we believe doing so is necessary to protect the rights of the data subject or another person.

Individuals located in the EEA, Switzerland, or the UK, have the following rights:

  • The right to be informed about the collection and use of your personal data;
  • The right to access your personal data and if technically possible to have this transferred to another controller or to receive a copy;
  • The right to have inaccurate personal data rectified, or completed if it is incomplete;
  • The right to restrict, or object to, processing;
  • The right to request erasure of your personal data (in certain circumstances);
  • The right to lodge a complaint with any supervisory authority if you have a concern about the manner in which we are processing personal data.

If you wish to exercise any of these rights, you may contact us at the contact information listed below.

13. California Residents: Your Rights

In addition to the disclosures made elsewhere in this Privacy Policy, we provide this additional information for individuals in California pursuant to the the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”).

Category Examples Source Purpose of Collection Categories of Third Parties to Whom Disclosed Categories of Third Parties to Whom Sold/Shared
A. Identifiers. A real name, postal address, unique personal identifier, online identifier, IP address, email address, account name, or other similar identifiers. Directly from you; Indirectly from your activity on our Website or App To provide our Services, administer our Website, send communications, meet security, legal, compliance and regulatory obligations, and for marketing purposes. To our service providers so they may help us provide our Services None
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, physical characteristics or description, address, telephone number, credit card number, debit card number, or any other financial information, medical information. Directly from you; Indirectly from your activity on our Website or App To provide our Services, administer our Website, send communications, meet security, legal, compliance and regulatory obligations, and for marketing purposes. To our service providers so they may help us provide our Services None
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Not collected.
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Directly from you; Indirectly from your activity on our Website or App To provide our Services, administer our Website, send communications, meet security, legal, compliance and regulatory obligations, and for marketing purposes. To our service providers so they may help us provide our Services None
E. Biometric information. Not collected. N/A
F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. Indirectly from your activity on our Website or App To provide our Services, administer our Website, send communications, meet security, legal, compliance and regulatory obligations, and for marketing purposes. To our service providers so they may help us provide our Services None
G. Geolocation data Physical location or movements Third party extension To provide the user the correct website To our service providers so they may help us provide our Services None
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. Not collected.
I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Not collected. N/A N/A N/A N/A
J. Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Not collected.
K. Sensitive Personal Information Personal information that reveals a consumer’s account log-in in combination with any required password; geolocation information. Indirectly from you as you use our Website or App To provide our Services; To administer and improve our Website and Services To our service providers so they may help us provide our Services None

TouchPoint does not use sensitive personal information for purposes of inferring characteristics about a consumer. California residents have the following rights:

  • the right to confirm whether we process your personal information, and to access and receive a copy of your personal information;
  • the right to know the categories of personal information collected about you, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing the personal information, and the categories of third parties to whom the personal information was disclosed;
  • the right to correct your personal information;
  • the right to delete your personal information; and
  • the right to opt-out of sale or sharing of your personal information for cross-context behavioral advertising (please note we do not sell or share as those terms are defined by the CCPA).

Additionally, residents of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.

Requests to exercise these rights may be made using the contact information listed below. Please note that certain exceptions may apply to these rights, including the right to delete. TouchPoint will not discriminate against you for exercising any of these rights.

Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access, correction, and deletion, your request must be verifiable before we can fulfill the request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf.

14. Contact Information

If you have any further questions about this Policy, your rights or about the processing of your personal data, you can contact our data privacy specialists directly at FOI@touchpointinc.com.

For your protection, we request that all inquiries or complaints be submitted via email to the address listed above. Where necessary, we may ask for additional information to verify your identity before carrying out a request.