GetResponse Privacy Policy
Effective Date: 23 October 2024
We realize that you care how your information is processed and shared. We also believe it is important to you to know how we treat that information, and we appreciate your trust in us to do that carefully and sensibly.
If you don’t have much time, please find below a summary of how GetResponse processes Personal Information.
WHO WE ARE. We are GetResponse Inc., a Delaware corporation located at 3 Germay Dr Ste,5 PMB 15672,Wilmington, DE 19804. We process Personal Information of our Customers and our Platform Users as a data controller (under the GDPR), which the CCPA defines as a business. We also act as a data processor (under the GDPR), which the CCPA defines as a service provider – when our Customers engage us in data processing in order to enable them to carry out operations on that data using our tools and services.
HOW WE PROCESS YOUR INFORMATION. As a Data controller we will process your Data to enable you to create an Account, to provide you with our Service, and if you agree or we have a legitimate interest, to send you marketing communication, which we may tailor to your interests.
WHY WE PROCESS YOUR INFORMATION. We have the right to process your Information for different reasons. The most important one is that we need it to carry out the agreement concluded with you the moment you accept our Terms of Service and to enable you to use our Platform. There are also other reasons that require us to process the Information, e.g. preparing an answer to your queries or your consent to receive our newsletter.
TO WHOM WE DISCLOSE YOUR INFORMATION. We disclose your Personal Information only to service providers, who support us in the role of the data processor/service provider, or the data controller/business. We do not sell your Personal Information to any third parties.
YOUR RIGHTS. You have the right to access or request deletion of your Personal Information. In some cases, you also have other rights, for example, to opt-out from processing of your Personal Information and to Information portability.
Please read the entire content of our Privacy Policy below, to fully understand how we will process your Personal Information and how you can exercise your rights connected to its processing.
This Privacy Policy describes how we protect Personal Information of our Customers and Users, and how we collect, receive, use, store, share, transfer, and process your Personal Information, as well as your rights in determining what we do with the information that we collect or hold about you as our User or Customer. We appreciate the trust you put in us, and we assure you that we make every effort to give you full control over your Personal Information.
If GetResponse Inc. is a data processor or service provider then it collects information under the direction of our Customers and has no direct relationship with the individuals whose Personal Data it processes. If you are a client of one of our Customers and would no longer like to be contacted by one of our Customer that use our service, please contact the Customer that you interact with directly. We may transfer Personal Information to companies that help us provide our service. When we act as data processor or service provider transfers to subsequent third parties are covered by the service agreements with our Customers.
By using our Service or our Platform, you accept all rules applied by GetResponse, so please read this Privacy Policy carefully beforehand. If you don’t agree to this Privacy Policy or can’t comply with it, you shouldn’t begin to use our Service or our Platform.
I. Glossary of basic concepts
Below you’ll find the list of basic concepts that will help you better understand this Privacy Policy:
Account – individual space provided to the Customer on the GetResponse Platform (after logging in) for the purpose of using the Service.
Contacts – persons whose data (in particular email addresses) is processed using the Service, or to whom Customers send electronic communication (in particular email communication).
Customer – person using our Service to conduct their commercial or professional activities, regardless of the legal form of such activities.
Information concerning activity within the Platform or Service – information concerning your activity within the Service or Platform, information concerning your session, your device and operational system, browser, localization and unique ID as registered and stored with the use of cookie or tracking scripts. This information includes in particular: browsing history, clicks within the Platform, visits to the main page and subsections of the Platform, dates of creating an Account and logging into the Account, information related to the use of individual services in the Platform and Service, history and activities connected to our email communication with you.
Information provided as Account details – Personal Information given by the User in the “Account details” tab, consisting of first name, last name, company or organization, address, email address, phone number, country, time zone, payment information, industry, number of employees.
GetResponse (we, us) – GetResponse Inc., a Delaware corporation located at 3 Germay Dr Ste,5 PMB 15672,Wilmington, DE 19804 or our affiliates.
Personal Information/ Personal Data – data that identify you as a specific individual: i.e. your name, email address, phone number, geographical address, and/or company name, processed in relation to the use of the Service or Platform.
Platform – websites that are hosted by GetResponse, especially US and Canadian domains listed under the address: https://www.getresponse.com/change-language. Customer can log in to their Account via the Platform.
Privacy Policy – this Privacy Policy.
Privacy Settings – space in the Customer Account where the Customer can manage their preferences of privacy protection and exercise their rights as data subjects.
Processing – operations performed on Personal Information such as collection, recording, storage, adaptation or alteration, disclosure, creating backup copies, and other operations necessary to provide the Service or use the Platform.
Registration Information – information given in registration forms available in the Platform: email address, name.
Service – all services provided by GetResponse electronically in the Software-as-a-Service model (SaaS), including in particular providing the Customer with the possibility of using the Account, managing the Information entrusted to GetResponse for the purpose of processing, and conducting marketing campaigns.
Terms of Service – https://www.getresponse.com/legal/terms-us for self service Accounts or https://www.getresponse.com/legal/max-terms-of-service for MAX or MAX2 Accounts.
User – the person using the Platform or GetResponse’s newsletter recipient.
II. Who are we? Our contact details.
1. GetResponse as data controller/business and data processor/service provider
GetResponse undertakes to process your Personal Information in accordance with all applicable privacy and data protection laws, regulations, frameworks and requirements (collectively, “Applicable Privacy Laws”), including the California Consumer Privacy Act of 2018 (the “CCPA”) applicable to Personal Information of customers defined therein; the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”) applicable to Processing that falls within the scope thereof and other Applicable Privacy Laws of the United States and other countries.
For the purpose of the CCPA, with respect to Personal Information of Customer GetResponse serves the role or the “business” (as defined by the CCPA); and with respect to Personal Information of Contacts we are the “service provider” (as defined by the CCPA). Accordingly, pursuant to the GDPR – we are either the “data controller” (as defined by the GDPR) as to Personal Information of Customer, and “data processor” (as defined by the GDPR) as to Personal Information of Contacts.
Unless stated otherwise, we process your Personal Information as a data controller/business in connection with your use of the Service or the Platform. As such, we determine the purposes and means of the processing of Personal Information.
When you visit the Platform or use the Service, we receive and may collect two types of information: (1) Information concerning activity within the Platform or Service and cookies, and (2) Personal Information you knowingly choose to disclose, which is collected on an individual basis.
If you click on a link on the Platform, it may redirect you to a third-party website, causing you to leave our website. We are not responsible for the privacy practices of third-party sites, and we encourage you to read their privacy statements.
In some circumstances we also process Personal Data on your behalf. In these cases, you determine the scope of Personal Data you want us to process and purposes for which you use the Service. You can find more about this matter in section VII.3 Why do I enter into a data processing agreement with GetResponse.
Our contact details: GetResponse Inc., a Delaware corporation located at 3 Germay Dr Ste,5 PMB 15672,Wilmington, DE 19804.
To exercise your rights, give or withdraw consent, and talk about all security aspects of your Personal Information you can contact us via form available here.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request
If you want to exercise your rights granted to you by the CCPA, please contact us via form available here.
2. Data Protection Officer
GetResponse’s Polish affiliate has designated a Data Protection Officer (DPO), who you can reach out to about anything related to your Personal Data Processing. You can easily contact the DPO:
- via form available here
- in writing: Data Protection Officer, GetResponse S. A. Al. Grunwaldzka 413, 80-309 Gdańsk, Poland
III. How do we use the Information? Your Personal Information and how we process it.
The rules of how we process your Information, along with the purposes and scope of the processing vary depending on whether you are our Customer or Platform User.
We only process Personal Information relevant for the purposes of processing. We do not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We take reasonable steps to ensure that the Personal Information is reliable for its intended use, accurate, complete, and current.
Below, we list purposes for which we Process Personal Information depending on the specific purposes we need it for.
1. To provide the Service or Platform
While providing the Service or Platform, we carry out a set of operations that include: administrative activities related to concluding an agreement based on the acceptance of the Terms of Use, creating a Customer Account and Customer authentication within the Account, providing materials requested by Customers or Users (also those who do not have an Account, but use our Platform), activities related to the performance of the Service, including sending you communication related to use or functioning of the Service (in particular system and transactional e-mails), providing Customer support, handling complaints and other requests, charging due fees, seeking redress, and monitoring the quality of the Service and Platform.
What Information do we use and for what purposes?
To create your Account and provide the Service, we process the following Information:
- Registration Information and the password you set up.
We only store encrypted passwords and we do not have access to them.
To provide you with our Services (i.e., after you log in to your Account as our Customer), we process the following Information:
- Information provided as Account details,
- Personal Information included in the content you send using the Service, including images, videos, files, documents or audio files,
- Information concerning activity within the Platform or Service.
As a data processor/service provider, we also process Personal Data entrusted to us by the Customer for the purpose of using the Service.
You can use the Platform without creating an Account, e.g., by downloading e-books and other training materials, by signing up for our newsletter on new articles on our blog or in Resources, by signing up for a webinar, training, or another event we organize or participate in, by submitting a draft to our blog.
To enable you to use our Platform, we process the following Information:
- Information concerning activity within the Platform or Service,
- Registration Information.
2. For legitimate interests
We process Personal Information for legitimate interests of GetResponse described below, taking into consideration the relationship with our Customers or Users.
What Information do we use and for what purposes?
1. For analytical purposes. To keep statistics on the use of the Service and the Platform, helping us to improve the Service and the Platform, monitor trends and features’ usage, and to ensure network and information security, we process the following Information:
- email address, country, industry
- Information concerning activity within the Platform or Service.
As is true of most websites, we gather certain Information concerning activity within the Platform or Service automatically and store it in log files. This information includes browser type, referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyse trends, to administer the website, to track Users’ movements around the website and to gather demographic information about our User base as a whole.
2. To exercise legal claims. If necessary, to establish, exercise, or defend legal claims, we process the following Information:
- Information provided as Account details,
- Information concerning activity within the Platform or Service necessary to establish a claim,
- other data necessary to support the claim, establish the scope of damage and other circumstances regarding the damage.
3. To answer your queries and contact you. To respond to your queries, petitions, and complaints, we may process the following Information:
- Information provided as Account details,
- Information concerning activity within the Platform or Service that’s the subject of your query, petition, or complaint,
- Information included in the query, petition, or complaint and the attached documents.
4. To conduct Customer satisfaction surveys. To verify Customer satisfaction with the Platform or Service, we may process the following Information:
- Registration Information,
- answers to our survey questions.
5. To prevent fraud and abuse. To monitor, prevent, detect, and combat fraud and abuse, including sending unsolicited content (SPAM), to protect our Customers against such abuse and to ensure network and information security, we may process the following Information:
- Information provided as Account details,
- Information concerning activity within the Platform or Service necessary to verify potential fraud or abuse,
- Information entrusted by the Customer for the purposes of providing the Service.
We may use, reproduce and disclose your Data, including Data concerning activity within the Platform, that is anonymized, de-identified, or is otherwise not reasonably associated or linked to the Customer or your Account (or any other identifiable individual person or entity) (“Anonymized Data”) for analysis of trends, Platform’s usage and features’ effectiveness. This right to use Anonymized Data will survive termination of the deletion of the Account. We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, insights about the sector, demographic, marketing and advertising, and other business purposes. We may share this aggregated Anonymised Data with the public.
3. To send marketing communication
What Information do we use and for what purposes?
To send our Customers and Users marketing and promotional communication regarding our Service or Platform, we may process the following Information:
- Registration Information
4. For marketing purposes, including creating your profile
- Tailoring our Platform and Service to your preferences
We want our Service and Platform, including our marketing communication (as long as you agreed to receive it), to be tailored to your needs and preferences (profiling). We describe the nature of the profiling we carry out below.
What Information do we use and for what purposes?
To develop sales and marketing of our services, including creating Customer or User profiles, tailored to your interests and preferences, we process the following Information:
– Registration Information,
– Information provided as Account details,
– Information concerning activity within the Platform or Service.
If you have agreed to receive marketing and promotional materials, we will match the marketing and promotional content related to our products and services to your profile based on the above data. We will not send you communication about third-party products or services.
5. Remarketing (displaying ads outside of the Platform)
To reach you with our marketing communication, including ads, outside of our Platform, and measure their effectiveness, we use the services of third-party providers. These services display our marketing communication on websites other than the Platform. To do this, we use special codes to download information about your activity within the Platform, Service or in connection with ads. We use cookies and Google enhanced conversions function, which allows us to more closely observe marketing activities and improve the management of these activities. You can find more information about cookies and other tracking technologies in the Cookies Policy.
Specific provisions required by the California Consumer Privacy Act of 2018 (the “CCPA”)
List of categories GetResponse has collected about Customers, governed by the CCPA, in the last twelve (12) months:
Category | Examples | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | yes |
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.Some personal information included in this category may overlap with other categories. | yes |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | no |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | yes |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | yes |
G. Geolocation data. | Physical location or movements. | yes |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | yes |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | no |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | no |
K. Inferences drawn from other Personal Information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | yes |
IV. Why do we process your Personal Information? The business and commercial purpose for collecting Personal Information (as required by the CCPA), and the legal basis of Processing (for Processing governed by the GDPR).
1. To provide the Service or Platform
We process your Personal Information because it is necessary to enable you to use our Service or Platform. In other words, we need to process your Personal Information to enable you to sign up as our Customer or order our materials as our User. Otherwise, we wouldn’t be able to provide the Service or enable you to use the Platform. Thus, your Personal Information needs to be Processed, so we may perform the contract and provide our services (Art. 6.1(b) of the GDPR).
If you decide to upload and share with us selected images, videos, files, documents or audio files while using our Service you do it voluntary, so you can use them in certain features of our Service for creating your Content. Uploading such files is optional. We store your uploaded files on our servers and don’t use them for any our own purposes nor share them with any third party. You decide if, how and when you want to use them in any of your Content created via our Service.
2. For legitimate business interests
We Process your Personal Information for our legitimate business interest (Art. 6.1(f) of the GDPR):
- For analytical purposes. We believe we have a legitimate interest in analysing Service and Platform operations and Customer and User satisfaction. We consider processing this data beneficial to Customers and Users. Our aim is to constantly develop the Platform and to provide the Service of the highest quality of the Service.
- To exercise legal claims. We believe we have a legitimate interest in processing your Data if it’s necessary to exercise claims concerning the use of the Service or the Platform that’s unlawful or incompatible with the Terms of Service or to defend ourselves against such claims.
- To answer your queries and contact you. We believe we have a legitimate interest in replying to petitions and queries made through one of the available channels. We consider processing this Data beneficial for you because it allows us to help you and respond to your queries.
- To conduct customer satisfaction surveys. We believe we have a legitimate interest in verifying if our Customers and Users are satisfied and what would help us improve the quality of the Service and the Platform.
- To prevent fraud and abuse. We believe we have a legitimate interest in conducting necessary verification to detect and prevent potential fraud and abuse, including spam detection. We understand processing this Personal Data is beneficial for all parties involved, especially for you and your subscribers, because it allows us to set up precautions, protecting you and your subscribers against third parties sending malicious software or attempting fraud.
- To provide direct marketing activities. We believe we have a legitimate interest in conducting direct marketing activities towards Customers or Users that may be interested in our products and services.
3. To send you marketing communication.
This processing is based on your consent when necessary (Art. 6. sec. 1(a) of GDPR).
4. For marketing purposes including creating your profile and ads’ measurements
The legal basis for processing your Personal Data are legitimate interests of GetResponse (art. 6 sec. 1 (f) GDPR).
We have a legitimate interest in analyzing how our Customers and Users use our Service and Platform or interact with our ads, to improve them, and promote our products and services to and expand our Customer base and number of Users.
Customers and Users of the Platform who voluntarily complete our registration forms, or have expressed their interest in receiving marketing communication to their email address, or agree to the use of cookies give us their free, specific, informed, and unambiguous consent. Hence, we have inferred that they would have a reasonable expectation to receive such communication, be provided with ads and that we may analyze their effectiveness. At the same time, they expect that the communication we will send should be consistent with their interests. Personalized marketing communication allows our Customers to use our Service more effectively and benefit from our attractive offers.
For profiling, we use only the Personal Data our Customers or Users provide us with or the Personal Data concerning their activity within the Platform or Service. We’re only interested in what you do on our Platform or when you use our Service, and not what you do on other websites. That’s why we decided that our interests are justified, legitimate, and at the same time, they don’t violate the rights or freedoms of our Users or Customers, which may override them.
Please remember, that if you want to change your marketing preferences you can contact us at any time.
5. To fulfill our legal obligations in terms of accounting and taxation
We process your Personal Information to fulfill our legal obligations in terms of accounting and taxation, if you are our Customer or we bought any services from you. The legal basis for such processing is art. 6 sec. 1 (c) GDPR.
V. Who we disclose your Personal Information to, sources and categories thereof.
We use the services of third-party providers, who provide us with services related to: supporting certain features of the Service (webinars), SMS, hosting, customer support, tracking security incidents and responding to them, diagnosing and solving problems with the Service or Platform, web push notification display, analysis of our marketing campaigns efficiency e.g. Google as well as analysis of use of the Service and Platform.
With your consent, we also cooperate with service providers who don’t act on our exclusive request and who themselves determine how they process Personal Data, in order to carry out remarketing campaigns and statistical analysis.
We partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests.
If you do not want us to share your Personal Information with these companies, please contact us as describe in this Privacy Policy.
In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your Personal Information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
In case of GetResponse Inc. is involved in a merger, acquisition, dissolution, sale of all or a portion of its assets, or other fundamental corporate transaction, we reserve the right to sell or transfer your information as part of the transaction. In such an event, you will be notified via email and/or a prominent notice on our website of any change in ownership, incompatible new uses of your Personal Information, and choices you may have regarding your Personal Information.
Because our servers and operations are in the United States, the Personal Information and data that you provide to us (regarding you, your Contacts or otherwise) may be transferred to, collected, stored, or processed in the United States. We may also transfer that information or data to our affiliates, contractors or others, in the United States or elsewhere. In each case, we will do so only to the extent necessary to provide you the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. We are responsible for the processing of Personal Information we receive and subsequently transfer to a third party acting as an agent on our behalf. We comply with the applicable data protection laws and GetResponse confirms that the conditions set in Chapter V of the GDPR are met.
In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the last twelve (12) months, GetResponse has disclosed the following categories of Personal Information of Customers governed by the CCPA, for a business purpose (as defined by the CCPA): Identifiers, Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), Commercial Information, Internet or other similar network activity, Geolocation data.
In most cases we receive Personal Information directly from you when you contact us, set up an Account, enter data into forms, enroll for subscriptions or webinars, or conclude an agreement with us. Sometimes we may rely on publicly accessible information from the Internet, such as online registers or social media platforms. If you are a contact person or representative of the business entity, we may receive your Personal Information from your employer or contractor being that business entity.
VI. Data Privacy Framework Statement
General information
GetResponse Inc. complies with the EU-U.S. Data Privacy Framework Principles and Swiss-U.S. Data Privacy Principles as set forth by the U.S. Department of Commerce and the European Commission and the Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for Personal Data transfers to the United States from the European Union / European Economic Area, and Switzerland while ensuring data protection that is consistent with EU and Swiss law.
GetResponse Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) and Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.You can find us on the Data Privacy Framework list here.
GetResponse commits to subject to the DPF Principles all Personal Data received from the European Union and Switzerland in reliance on the relevant parts of the DPF.
Other Covered Entities
GetResponse Services Inc., 1011 Centre Road, Suite 322, Wilmington, DE 19805, USA
Independent Recourse Mechanism
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF GetResponse Inc. commits to resolve DPF Principles-related complaints about our collection or use of your Personal Information. All EU and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF should first contact GetResponse Inc. at:
– via form available here
– in writing: GetResponse Inc., 3 Germay Dr Ste, 5 PMB 15672, Wilmington, DE 19804, USA.
GetResponse Inc. has further committed to refer unresolved complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from Us, or if We have not addressed your complaint to your satisfaction, please visit JAMS’s website for more information or to file a complaint click here. The services of JAMS are provided at no cost to you.
Binding Arbitration
Under specific conditions described on the Data Privacy Framework website here, you may be entitled to invoke binding arbitration after all other dispute resolution procedures have been exhausted. For additional information seek advice here.
U.S. Federal Trade Commission Enforcement
Our Data Privacy Framework compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Onward Personal Data transfers
We have responsibility for the processing of Personal Data We receive under the Data Privacy Framework. We remain liable under the Data Privacy Framework if our Processor processes any Personal Data in a manner inconsistent with the Data Privacy Framework and Applicable Laws, unless We prove that We are not responsible for an event resulting in the violation of the rights and freedoms of natural persons or other damage.
In the event of further onward Personal Data transfer, We commit to conclude a formal data processing agreement with a processor acting on our behalf or to regulate the principles of data processing to other data recipients.
VII. Selling Personal Information
GetResponse does not sell your Personal Information to any third parties.
VIII. Your rights. You have control over your Personal Information.
We make sure that our Customers and Users can exercise their rights concerning their Information. You may exercise your rights by filing a demand via form available here.
If you are a California resident, and the CCPA applies to you, you can also contact us via form available here.
All you need to do is to inform us about the reason for your motion and the right you want to exercise. If you have an Account in the Service, you can exercise some of your rights directly after you log in to your Account. Please remember that if you change your settings in the Account, we may need up to three (3) hours to apply the changes into our systems due to technical reasons. This explains why during that time you may still be receiving emails from our system while it is updating your settings.
Very often we act as a data processor/service provider of Personal Information. This is mainly the case of processing of Personal Information of Contacts on behalf of our Customers using our Service. In such cases, if you are a Contact and want to exercise your data protection rights or have any questions about how your Personal Information is handled by us as a data processor/service provider, you should contact your data controller/business covered by the CCPA, who the Customer who has decided to entrust us with your Personal Information. You should also refer to separate privacy policies adopted by such Customer.
If you do not want to receive communication from one of our Customers using our Service, please unsubscribe directly from that Customer’s e-mail communication or contact that Customer directly to amend or delete your Personal Information. If you contact us directly, we may remove or update your Personal Information within a reasonable time and after informing the Customer of your request.
We will respond to your request within 45 days. In some cases, we may not be able to comply with your request – should this happen, we will always let you know about it and give you reasons for our refusal.
Please be informed that any disclosures we provide will only cover the 12-month period preceding your verifiable request’s receipt. For data portability requests, we will select a format to provide Personal Information that should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
If we decide it’s necessary, we may ask you some additional questions or ask you to provide us with additional documents to confirm your identity.
It may sound obvious, but for the sake of clarity, we would still like to point out that exercising your rights described below is free of charge, with the possible exception of providing additional copies of your Personal Information.
Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please contact us as describe in this Privacy Policy.
You have the following rights:
1. Right of disclosure or access
You have the right to access Personal Information about you that we hold, and the right to request disclosure of your Personal Information we possess, receive additional details regarding your Personal Information we collect and its use purpose, including any third party with which we share it.
If you have an Account with the Service, you can directly access your Personal Information you have provided at all times, after logging into your Account. You can also file a request via a form available here.
2. Right of correction
You are also able to correct or amend your Personal Information where it is inaccurate or has been processed in violation of the data protection laws.
You can do it yourself in your Account or ask us to correct or amend your Personal Information via a form available here.
If you a California resident, and the CCPA applies to you, you can also contact us via form available here.
3. Right to deletion
You have the right to deletion of Personal Information we have collected. We’ll treat your demand to erase all your Personal Information as a demand to delete your Account.
We will keep some of your Personal Information despite the demand to erase it if it’s necessary for complying with legal obligations, detect security incident, exercise a legal rights, establishing, pursuing, or defending a claim, or otherwise as specified by applicable law. It especially refers to Personal Information concerning your name, surname, email address, and the Platform or Service use history, which we keep being able to address complaints and claims connected to the Platform or use of the Service.
4. Right of Personal Information portability
In response to a request for disclosure, we must provide Personal Information in a readily useable format to enable you to transmit the Personal Information from us to another entity without hindrance. We will send your Personal Information in a .CSV format. This format is commonly used and machine-readable and enables the transmission of your Personal Information to another entity.
5. Choice Principle (Opt out)
We offer you the opportunity to choose (opt out) whether your Personal Information is
- to be disclosed to a third party, or
- to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.
You may request an opt out from:
- processing your email address to send you our marketing communication to your email address,
- collecting your data by cookies. Read more in the Cookies Policy,
- any profiling being shared with third parties.
Your opt out request is effective upon execution, and it does not affect the lawfulness of the earlier processing. You can always opt out without detriment. It may, however, render you unable to use some of the features of the Platform or the Services which we may legally render only with your consent (e.g., receiving the newsletter on the new updates in our Resources).
You may opt out in one of the following ways:
- by clicking “unsubscribe” in the email you received,
- if you agreed to the use of cookies – in your browser settings,
- as described in section Our contact details.
6. Non-Discrimination
In any time, we will not discriminate against you for exercising any of your CCPA rights. According to that, unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
7. Right to limit use and disclosure of sensitive Personal Information
You can direct us to only use your sensitive Personal Information (for example your precise geolocation data, contents of mail, email, and text messages) for limited purposes, such as providing you with the services you requested.
Limit the Use of My Sensitive Personal Information
IX. Other useful information
1. Do I have to provide GetResponse with my Personal Information?
Sometimes we ask you to provide us with your Personal Information. Providing:
- Registration Information
- Information provided as Account details, and
- other data (indicated as mandatory) in registration forms
is essential for us to create your Account, send you the requested materials or enable you to participate in a chosen event. If you don’t provide us with the relevant Information, you will not be able to use some or all features of the Platform or Service. Providing us with Information other than the mandatory Information is voluntary.
2. How long do you store my Personal Information?
If you are our Customer and have self-service Account, we store your Personal Information for the time during which you have an Account with our Service. When you deactivate your self-service Account, we’ll store your Information for 60 days for the sole purpose of enabling you to reactivate the self-service Account. During that time, we’ll only store your Information without any other processing activities subject to our other obligations or rights arising from applicable laws or public authority orders. After that time, we’ll delete your Personal Information from the main database, without the possibility to recover it. In the next 120 days, your Personal Information will be subject to encryption and stored in backup copies only. The said 120-day period is required to delete the Personal Information completely due to the specifics of the backup copy operations.
If the Customer has MAX or MAX2 Account, we store your Personal Information for the time during which you have an Account with our Service. When you deactivate your MAX or MAX2 Account, we’ll store your Personal Information for 30 days for the sole purpose of enabling you to reactivate the MAX or MAX2 Account. During that time, we’ll only store your data without any other processing activities subject to our other obligations or rights arising from applicable laws or public authority orders. After that time, we’ll delete your Personal Information from the main database, without the possibility to recover it. In the next 7 days, your Personal Information will be subject to encryption and stored in backup copies only. The said 7-day period is required to delete the Personal Information completely due to the specifics of the backup copy operations.
We’ll store the Personal Information of the Users who are not our Customers for the time corresponding to the lifecycles of the cookie files saved on their devices. You will find the details of how we use cookies in our Cookies Policy.
We’ll store the Personal Information of our newsletter subscribers or persons who have agreed to receive marketing content from us until they resign.
After expiration of the periods described above, your Information will be erased, excluding the following data:
- name,
- surname,
- email address,
- Service usage history,
- and information about expressed consents.
We’ll store this Information only for as long as we need to handle complaints and manage claims related to the use of the Service, and to the limited, necessary extent for as long as is required by tax and accounting regulations.
3. Why do I enter into a data processing agreement with GetResponse?
If GDPR applies to your processing of Personal Data, because:
- you offer goods or services (paid or free-of-charge) to data subjects in the EEA; or
- you monitor behaviour of such data subjects,
you engage GetResponse in the processing of the Personal Data necessary to provide you with the Service on terms and conditions stipulated in the Terms of Service or Data Processing Agreement, which constitutes an integral part of these Terms.
If GetResponse Inc. is a data processor or service provider then it collects information under the direction of our Customers and has no direct relationship with the individuals whose Personal Data it processes. If you are a client of one of our Customers and would no longer like to be contacted by one of our Customer that use our service, please contact the Customer that you interact with directly. We may transfer Personal Information to companies that help us provide our service. When we act as data processor or service provider transfers to subsequent third parties are covered by the service agreements with our Customers. Data obtained from our Customers through Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.
4. Does GetResponse process Personal Information of children?
We do not process Personal Information of children. The Service and Platform are directed to adults, i.e., those who are over 18 (eighteen) years old and those who perform commercial activities. When you start using the Platform or Service, you declare that you are over 18 years old. We ask minors not to share any information with us, especially Personal Information. If we learn that we have collected or received Personal Information from a minor, we will delete that Personal Information. If you believe we might have any information from or about a minor, please contact us via a form available here.
5. How does GetResponse protect my Personal Data?
We take reasonable and appropriate measures to protect your Personal Information from less, misuse and unauthorized access, disclosure, alteration and destruction. The Platform uses encrypted data transmission (SSL, secure socket layer) during registration and login, which guarantees the protection of the Information identifying you and significantly impedes account data interception by unauthorized systems or people.
Still, no system can be guaranteed to be 100% secure. If you have questions about the security of your Personal Information, or if you have reason to believe that the Personal Information that we hold about you is no longer secure, please contact us immediately as described in this Privacy Policy.
6. Does GetResponse use cookies?
We and our partners use cookies or similar technologies to analyse trends, administer the website, track Users’ movements around the website, and to gather demographic information about our User base as a whole. You will find the details concerning the use of cookies in our Cookies Policy.
Our Service includes social media features, such as Facebook “Like” button and Twitter re-tweets, join or like on LinkedIn, vote or subscribe on YouTube, as well as share buttons or interactive actions. These features collect the user’s IP address, the pages visited on the site or service, and set cookies to enable the features to function properly. Social media features are either hosted by a third party or hosted directly on the Service. Interactions with these features are governed by the privacy notices of the social media companies that provide them.
7. Mobile messages
No mobile information will be sold or shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be sold or shared with any third parties.
8. Automated processing
If you are our Customer and use the MAX or MAX2 plan, your data provided in the Account details and Data regarding activity on the Website or Service may be processed in an automated manner in a tool supporting customer service and analytics of the Account use, to send alerts and create automated processes.
X. Updating our Privacy Policy
We review this Privacy Policy on regular basis, and at least every 12 months. We may change this Privacy Policy at any time. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your Account. If we make changes to this Privacy Policy, we will notify you by publishing information here before the changes take effect. If, however, we make material changes to this Privacy Policy, we may also send you a separate notification to the email address you provided us with prior to the change becoming effective. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practice.
The Privacy Policy does not restrict any of your rights under the applicable Terms of Service or applicable provisions of the law.