GetResponse Privacy Policy
Effective Date: 23 October 2024
If you don’t have much time, please find below a summary of how GetResponse processes Personal Data.
WHO WE ARE. We are GetResponse, a joint-stock company with its registered office in Gdansk (80-309), Grunwaldzka 413, National Court Register No. 0000942075, TAX ID (EU VAT) 9581468984. We process Personal Data of our Customers, our Platform Users and people we have contact with, as a data controller. We also act as a data processor – when our Customers engage us in Personal Data processing in order to enable them to carry out operations on that data using our tools and services. Read more.
HOW WE PROCESS YOUR PERSONAL DATA. As a Data controller we will process your Data to enable you to create an Account, to provide you with our Service, and if you agree, to send you marketing communication, which we may tailor to your interests. Read more.
WHY WE PROCESS YOUR PERSONAL DATA. We have the right to process your Data for different reasons. The most important one is that we need it to carry out the agreement concluded with you the moment you accept our Terms of Service and to enable you to use our Platform. There are also other reasons that require us to process the Data, e.g. making contact, preparing an answer to your queries or your consent to receive our newsletter. Read more.
WHO WE DISCLOSE YOUR PERSONAL DATA TO. We disclose your Data only to service providers who support us in the role of data processors or separate data controllers. Read more.
YOUR RIGHTS. You have the right to access, rectify or erase your Personal Data as well as to lodge a complaint with a supervisory authority. In some cases, you also have other rights, for example, to withdraw your consent for Data processing, to object to Data processing, and to Data portability. Read more.
Please read the entire content of our Privacy Policy below, to fully understand how we will process your Personal Data and how you can exercise your rights connected to Data processing.
Privacy Policy
This Privacy Policy applies to GetResponse S. A. (“GetResponse” “we” “our” or “us“). We respect your privacy rights and value your trust. This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your Personal Data, as well as your rights in determining what we do with the information that we collect or hold about you. This Privacy Policy also covers our collection, use and disclosure of Personal Data that we collect through our Service on GetResponse Platform. The use of information collected through our Service is limited to the purpose of providing the Service for which our Customers have engaged. This Privacy Policy describes how we protect Personal Data of our Customers, Users and people we contact. We appreciate the trust you put in us, and we assure you that we make every effort to give you full control over your Personal Data. Below we have described, as transparently as possible, the scope of data we process when providing the Service through the Platform, or making contact, the purposes and methods of processing, security measures, and your rights connected with the processing of your Personal Data.
By using our Service or our Platform, you accept all rules applied by GetResponse, so please read this Privacy Policy carefully beforehand. If you don’t agree to this Policy or can’t comply with it, you shouldn’t begin to use our Service on the Platform or engage in the contact with us.
I. Glossary of basic concepts
Below you’ll find the list of basic concepts that will help you better understand this Policy:
Account – individual space provided to the Customer on the GetResponse Platform (after logging in) for the purpose of using the Service.
Contacts – persons whose Data (in particular email addresses) is processed using the Service, or to whom Customers send electronic communication (in particular email communication).
Customer – person using our Service to conduct their commercial or professional activities, regardless of the legal form of such activities.
Data concerning activity within the Platform or Service – the Data concerning your activity within the Service or Platform, Data concerning your session, your device and operational system, browser, localization and unique ID as registered and stored with the use of cookie or tracking scripts. This Data includes in particular: browsing history, clicks within the Platform, visits to the main page and subsections of the Platform, Dates of creating an Account and logging into the Account, the Data related to the use of individual services in the Platform and Service, history and activities connected to our email communication with you.
Data provided as Account details – Personal Data given by the User in the “Account details” tab, consisting of: first name, last name, company or organization, address, email address, phone number, country, time zone, payment information, industry, number of employees.
Data subject – an identified or identifiable natural person.
GetResponse (we, us) – GetResponse joint-stock company with its registered office in Gdansk (80-309), Grunwaldzka 413, KRS No. 0000942075, Tax ID. 9581468984.
GDPR – Regulation (EU) 2016/679 of The European Parliament and of The Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal Data, Data – data of our Customers, data entrusted to us by our Customers for processing and data of our Users, processed in relation to the use of the Service or Platform, or data of people with whom we establish any contact.
Platform – websites that are hosted by GetResponse, especially EU domains listed under the address: https://www.getresponse.com/change-language. Customer can log in to their Account via the Platform.
Privacy Policy – this Privacy Policy.
Privacy Settings – space in the Customer Account where the Customer can manage their preferences of privacy protection and exercise their rights as data subjects.
Processing – operations performed on Personal Data such as collection, recording, storage, adaptation or alteration, disclosure, display, erasure, creating backup copies, and other operations necessary to provide the Service or establish contact.
Registration Data – the data given in registration forms available in the Platform: email address, name.
Service – all services provided by GetResponse electronically in the Software-as-a-Service model (Saas), including in particular providing the Customer with the possibility of using the Account, managing the Data entrusted to GetResponse for the purpose of processing, and conducting marketing campaigns.
Standard Contractual Clauses, SCC – contractual clauses annexed to the Commission Implementing Decision on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679.
Terms of Service – GetResponse Terms of Service.
User – the person using the Platform.
Capitalized terms that are not expressly defined in this document have the meanings assigned to them in the GetResponse Terms of Service.
II. Who are we? Our contact details.
1. GetResponse as data controller and data processor
Unless stated otherwise, we process your Personal Data as a data controller in connection with your use of the Service or the Platform, as well as when we contact you. As such, we determine the purposes and means of the processing of Personal Data.
In some circumstances we also process Data on your behalf. In these cases, you determine the scope of Data you want us to process and purposes for which you use the Service. You can find more about this matter in section VII.3 Why do I enter into a data processing agreement with GetResponse.
Our contact details: GetResponse S.A. (Polish joint-stock company), Grunwaldzka 413, 80-309 Gdansk, Poland.
To exercise your rights, give or withdraw consent, and talk about all security aspects of your Personal Data you can contact us via form available here.
2. Data Protection Officer
GetResponse has designated a Data Protection Officer – Marianna Koźlicka (DPO), who you can reach out to about anything related to your Personal Data processing. You can easily contact our DPO:
- via form available here
- in writing: Data Protection Officer, GetResponse S.A., Grunwaldzka 413, 80-309, Gdansk, Poland
III. How do we use the data? Your Personal Data and how we process it.
The rules of how we process your Data, along with the purposes and scope of the processing vary depending on whether you are our Customer, Platform User or person with whom we established contact. Below, we list the information about the Data we process concerning the specific purposes we need it for.
1. To provide the Service or Platform
While providing the Service or Platform, we carry out a set of operations that include: administrative activities related to concluding an agreement based on the acceptance of the Terms of Use, creating a Customer Account and Customer authentication within the Account, providing materials requested by Customers or Users (also those who do not have an Account, but use our Platform), activities related to the performance of the Service, including sending you communication related to use or functioning of the Service (in particular system and transactional e-mails), providing Customer support, handling complaints and other requests, charging due fees, seeking redress, and monitoring the quality of the Service and Platform.
What Data do we use and for what purposes?
To create your Account and provide the Service, we process the following Data:
- Registration Data and the password you set up.
We only store encrypted passwords and we do not have access to them.
To provide you with our Services (i.e., after you log in to your Account as our Customer), we process the following Data:
- Data provided as Account details,
- Personal Data included in the content you send using the Service, including images, videos, files, documents or audio files,
- Data concerning activity within the Platform or Service.
As a Data processor, we also process Personal Data entrusted to us by the Customer for the purpose of using the Service.
You can use the Platform without creating an Account, e.g., by downloading e-books and other training materials, by signing up for our newsletter on new articles on our blog or in Resources, by signing up for a webinar, training, or another event we organize or participate in, by submitting a draft to our blog.
To enable you to use our Platform, we process the following Data:
- Data concerning activity within the Platform or Service,
- Registration Data.
2. For legitimate interests
We process the data for legitimate interests of GetResponse described below, taking into consideration the relationship with our Customers or Users.
What Data do we use and for what purposes?
- For analytical purposes. To keep statistics on the use of the Service and the Platform or feature’s effectiveness helping us to improve the Service and the Platform, to monitor market trends, and to ensure network and information security, we process the following Data:
- email address, country, industry,
- Data concerning activity within the Platform or Service.
- To exercise legal claims. If necessary, to establish, exercise, or defend legal claims, we process the following Data:
- Data provided as Account details,
- Data concerning activity within the Platform or Service necessary to establish a claim,
- other Data necessary to support the claim, establish the scope of damage and other circumstances regarding the damage.
- To answer your queries and contact you. To respond to your queries, petitions, and complaints, we may process the following Data:
- Data provided as Account details,
- Data concerning activity within the Platform or Service that’s the subject of your query, petition, or complaint,
- Data included in the query, petition, or complaint and the attached documents.
- To conduct Customer satisfaction surveys. To verify Customer satisfaction with the Platform or Service, we may process the following Data:
- Registration Data,
- answers to our survey questions.
- To prevent fraud and abuse. To monitor, prevent, detect, and combat fraud and abuse, including sending unsolicited content (SPAM), to protect our Customers against such abuse and to ensure network and information security, we may process the following Data:
- Data provided as Account details,
- Data concerning activity within the Platform or Service necessary to verify potential fraud or abuse,
- Data entrusted by the Customer for the purposes of providing the Service.
We may use, reproduce and disclose your Data, including Data concerning activity within the Platform, that is anonymized, de-identified, or is otherwise not reasonably associated or linked to the Customer or your Account (or any other identifiable individual person or entity) (“Anonymized Data”) for analysis of trends, Platform’s usage and features’ effectiveness. This right to use Anonymized Data will survive termination of the deletion of the Account. We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, insights about the sector, demographic, marketing and advertising, and other business purposes. We may share this aggregated Anonymised Data with the public.
3. To send marketing communication
What Data do we use and for what purposes?
To send our Customers, Users and other contact people marketing and promotional communication regarding our Service or Platform, we may process the following Data:
- Registration Data for Customers,
- Other Personal Data obtained, in particular identification data (name, surname), contact details (e-mail address or telephone number), position and name of the business organization with which you are associated, as well as other data provided by you on social networking sites, such as like Linkedin.
4. For marketing purposes, including creating your profile
a. Tailoring our Platform and Service to your preferences
We want our Service and Platform, including our marketing communication (as long as you agreed to receive it), to be tailored to your needs and preferences (profiling). We describe the nature of the profiling we carry out below.
What Data do we use and for what purposes?
To develop sales and marketing of our Services, including creating Customer or User profiles, tailored to your interests and preferences, we process the following Data:
– Registration Data,
– Data provided as Account details,
– Data concerning activity within the Platform or Service.
If you have agreed to receive marketing and promotional materials, we will match the marketing and promotional content related to our products and services to your profile based on the above data. We will not send you communication about third-party products or services.
b. Remarketing (displaying ads outside of the Platform)
To reach you with our marketing communication, including ads, outside of our Platform and measure their effectiveness, we use the services of third-party providers. These services display our marketing communication on websites other than the Platform. To do this, we use special codes to download information about your activity within the Platform, Service, or in connection with ads. We use cookies, Google Ads tools and Google enhanced conversions function, which allows us to more closely observe marketing activities and improve the management of these activities. You can find more information about cookies and other tracking technologies in the Cookie Policy.
If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out here:
- Digital Advertising Alliance (DAA)’s self-regulatory opt-out page (http://optout.aboutads.info/)
- European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page (http://youronlinechoices.eu)
- Network Advertising Initiative (NAI)’s self-regulatory opt-out page (http://optout.networkadvertising.org/)
IV. Why do we process your Data? The legal basis.
1. To provide the Service or Platform
We process your Data because it is necessary to enable you to use our Service or Platform. In other words, we need to process your Personal Data to enable you to sign up as our Customer, or order our materials as our User. Otherwise, we wouldn’t be able to provide the Service or enable you to use the Platform.
We need to process your Data to perform the contract and provide our services. Art. 6.1(b) of GDPR).
If you decide to upload and share with us selected images, videos, files, documents or audio files while using our Service you do it voluntary, so you can use them in certain features of our Service for creating your Content. Uploading such files is optional. We store your uploaded files on our servers and don’t use them for any our own purposes nor share them with any third party. You decide if, how and when you want to use them in any of your Content created via our Service.
2. For legitimate business interests
Our legitimate interests constitute the legal basis for processing your Personal Data (Art. 6.1(f) of GDPR). Below you’ll find a list of our legitimate interests.
- For analytical purposes. We believe we have a legitimate interest in analysing Service and Platform operations and Customer and User satisfaction. We consider processing this data beneficial to Customers and Users. Our aim is to constantly develop the Platform and to provide the Service of the highest quality of the Service.
- To exercise legal claims. We believe we have a legitimate interest in processing your Data if it’s necessary to exercise claims concerning the use of the Service or the Platform that’s unlawful or incompatible with the Terms of Service or to defend ourselves against such claims.
- To answer your queries. We believe we have a legitimate interest in replying to petitions and queries made through one of the available channels. We consider processing this Data beneficial for you because it allows us to help you and respond to your queries.
- To conduct customer satisfaction surveys. We believe we have a legitimate interest in verifying if our Customers and Users are satisfied and what would help us improve the quality of the Service and the Platform.
- To prevent fraud and abuse. We believe we have a legitimate interest in conducting necessary verification to detect and prevent potential fraud and abuse, including spam detection. We understand processing this Data is beneficial for all parties involved, especially for you and your subscribers, because it allows us to set up precautions, protecting you and your subscribers against third parties sending malicious software or attempting fraud.
3. To send you marketing communication
This processing is based on your consent (Art. 6. sec. 1(a) of GDPR) or our legitimate interest (Art. 6(1)(f) of GDPR), which is the direct marketing of our services.
4. For marketing purposes including creating your profile and ads’ measurements
The legal basis for processing your Personal Data are legitimate interests of GetResponse (art. 6 sec. 1 (f) GDPR) related to direct marketing activities of our services and products.
We have a legitimate interest in analysing how our Customers and Users use our Service and Platform or interact with our ads, to improve them, and promote our products and services to expand our Customer base and number of Users.
Customers and Users of the Platform who voluntarily complete our registration forms, or have expressed their interest in receiving marketing communication to their email address, or agree to the use of cookies give us their free, specific, informed, and unambiguous consent. Hence, we have inferred that they would have a reasonable expectation to receive such communication, be provided with our ads, including outside the Platform, and that we may analyze their effectiveness. At the same time, they expect that the communication we will send should be consistent with their interests. Personalized marketing communication allows our Customers to use our Service more effectively and benefit from our attractive offers.
For profiling, we use only the Data our Customers or Users provide us with or the Data concerning their activity within the Platform or Service. We’re only interested in what you do on our Platform or when you use our Service. That’s why we decided that our interests are justified, legitimate, and at the same time, they don’t violate the rights or freedoms of our Users or Customers, which may override them.
5. To issue invoices if you use the Service in a paid plan or fulfil accounting obligations if we pay you
The legal basis for the processing of Personal Data necessary for us to issue an invoice for the use of the Service in a paid plan or fulfil accounting obligations if we pay you is art. 6 sec. 1 (c) GDPR, i.e. fulfilling the legal obligation incumbent on us as the controller to keep tax and accounting documentation.
V. Who we disclose your data to.
We only share personal information in ways that we tell you about. We do not sell or rent personal information to third parties and we do not share personal information with third parties that are not owned by us or under our control or direction except as described in this Privacy Policy.
1. We transfer your Personal Data to the following categories of recipients:
- Processors – service providers
We share personal information with service providers that help us with our business activities. They only are authorized to process that information as necessary and as directed by us. We use the services of third-party providers, who process your Personal Data as data processors on our behalf. They provide us with services related to: supporting certain features of the Service (webinars), hosting, customer support, tracking security incidents and responding to them, diagnosing and solving problems with the Service or Platform, analysis of our marketing campaigns efficiency e. g. Google as well as analysis of use of the Service and Platform, recruitment, payments and marketing activities, including outside of Platform (e.g. within the Google advertising network), or IT services, including scheduling and conducting online meetings, conducting surveys. - Other controllers
We cooperate with service providers who don’t act on our exclusive request and who themselves determine how they process Personal Data, in order to carry out remarketing campaigns and statistical analysis.
If we are required to disclose personal information as part of a legal process, we will take commercially reasonable steps to inform you as part of that process. We may also be required to disclose personal information in response to lawful requests by government authorities, including requests from national security agencies or law enforcement. Safety, fraud prevention, government requests and protection of our rights are all reasons where we may share personal information where we believe in good faith it is necessary.
2. Which countries is your data transferred to?
Recipients to whom we transfer the Data to are based mainly in Poland and other countries of the European Economic Area (EEA). If you use some functionalities of our Service, such as Chat, or in connection with our use of information society tools and services, your Personal Data may be transferred to third countries, i.e., outside the EEA. Data may be transferred only to third countries or entities for which an adequate level of data protection has been determined by the European Commission. In the absence of a decision by the European Commission, Personal Data may be transferred to a third country on the basis of appropriate safeguards, we use SCC as an appropriate measure to protect Personal Data in accordance with art. 46 GDPR. For marketing activities and analyses, including research on the effectiveness of our advertising, we use i. a. Google services, therefore Personal Data may be transferred outside the EEA to Google LLC in the USA, which has been included in the list of entities participating in the Data Privacy Framework, ensuring an adequate level of protection of personal data. In connection with the transfer of Personal Data outside the EEA, you may request information about the safeguards used in this respect, obtain a copy of these safeguards or information about the place where they are made available by contacting the Data Protection Officer.
VI. Your rights. You have control over your Data.
We make sure that our Customers, Users and other Data subjects can exercise their rights concerning their Data.
You may exercise your rights by filing a demand to the form available here. All you need to do is to inform us about the reason for your motion and the right you want to exercise. If you have an Account in the Service, you can exercise some of your rights directly after you log in to your Account. Please remember that if you change your settings in the Account, we may need up to 3 hours to apply the changes in our systems due to technical reasons. That’s why during this time you may still receive an email message from our system while it’s updating your settings.
If we decide it’s necessary, we may ask you some additional questions or ask you to provide us with additional documents to confirm your identity.
It may sound obvious, but for the sake of clarity, we would still like to point out that exercising your rights described below is free of charge, with the possible exception of providing additional copies of your Data.
Under GDPR you have the following rights:
1. Right to express and withdraw your consent
If we ask for consent to process your Data, you can always choose to give it or not. We inform you about the right to withdraw your consent before giving consent. In our Platform, we never ask for one consent for different Personal Data processing operations, and we never depend on the consent to execute the contract – including the provision of the Service – although consent is not necessary for its execution.
Additionally, you are entitled to withdraw any consent previously given at the point of creating an Account or using the Platform and Services, including:
- processing your email address to send you our marketing communication to your email address,
- collecting your data by cookies or similar technologies. Read more in the Cookies Policy.
Withdrawal of your consent is effective upon execution, and it does not affect the lawfulness of processing based on the consent before you withdraw it.
You can always withdraw your consent without detriment. It may, however, render you unable to use some of the features of the Platform or the Services which we may legally render only with your consent (e.g., receiving the newsletter on the new updates in our Resources).
You may withdraw your consent at any time in one of the following ways:
- by clicking “unsubscribe” at the bottom of any marketing email you received from us,
- if you agreed to the use of cookies – in your browser settings,
- as described in section Our contact details.
We treat withdrawing your consent to receive marketing communication as objecting to profiling for marketing purposes.
2. Right of access
You have the right to obtain confirmation if we process your Personal Data. If we do, you have the right to:
- receive information on the rules of such processing,
- access your Personal Data,
- receive a copy of your Data.
If you have an Account with the Service, you can directly access your Personal Data you provided at all times, after logging into your Account.
The first copy of your Data is free of charge. For any further copies you request, we may charge you a reasonable fee based on the administrative costs resulting from preparing this information.
3. Right to rectification
You have the right to rectify and complete the Personal Data you provide. You can do it yourself in your Account. Concerning other Personal Data, you have the right to have us rectify inaccurate personal data concerning you or complete your incomplete Personal Data.
4. Right to erasure (“right to be forgotten”)
On the grounds described by the law, you have the right to have us erase your Personal Data. We’ll treat your demand to erase all your Personal Data also as a demand to delete your Account after you additionally confirm such intention.
You have the right to have us erase your Personal Data if:
- the Personal Data has been unlawfully processed or has to be erased to comply with a legal obligation;
- your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you have withdrawn consent to the processing of your Data (and when there are no other legal grounds for processing);
- you have objected to the processing of your Data for marketing-related purposes;
- you have objected to the processing of your Personal Data in cases where the processing is based on our legitimate interest, e.g for statistical purposes of using the Platform or the Service and surveying customer satisfaction, and the objection has been considered legitimate.
We will keep some of your Data despite the demand to erase it if it’s necessary for performing our legal duties or establishing, pursuing, or defending a claim. It especially refers to Personal Data concerning your name, surname, email address, and the Platform or Service use history, which we keep to be able to address complaints and claims connected to the Platform or use of the Service.
5. Right to restriction of processing
If you file such a demand, we will make some of the features of the Platform or Service connected to the processing of the Data covered by your demand unavailable to you while we review it. During that time, we will not send you any communication including marketing communication.
You have the right to have us restrict the processing of your Data when one of the following applies:
- you contest the accuracy of your Data;
- the processing of your Data is unlawful, and you request the restriction of its use instead of erasing it;
- we no longer need your Personal Data to process it, but you require it to establish, exercise, or defend legal claims;
- you object to the processing of your Data.
6. Right to object
You have the right to object, on grounds relating to your specific situation, at any time, to the processing of your Data, providing that we are processing your Data based on our legitimate interests.
These cases are pointed out in the sections regarding the processing for legitimate interests and marketing purposes, including creating your profile.
In particular, you have the right to object to the processing of your Data for direct marketing purposes, including profiling. In such a case, we will no longer process your Data for these purposes and you will no longer receive any marketing information from us. Additionally, we’ll treat the withdrawal of the consent to receive marketing communication about our products or services as an objection to the processing of your Data for direct marketing purposes, including profiling.
Regarding the processing for legitimate interests as pointed out above, if your objection turns out to be legitimate and we don’t have any other legal grounds for processing your Data, we will remove the Data you don’t want us to process.
7. Right to data portability
If you set up a Customer Account or you consented to the processing of your Data, you have the right to receive your Personal Data you provided to us and transmit it to another controller in a structured, commonly used, machine-readable format. We will send your Personal Data in .CSV format. This format is commonly used and machine-readable, and enables the transmission of your Data to another data controller.
If you are our Customer you may exercise your right after logging in to your Account.
8. Right to lodge a complaint with a supervisory authority
You have the right to complain to a supervisory authority concerning the processing of your Data. In Poland the supervisory authority is the President of the Personal Data Protection Office.
VII. Other useful information
1. Do I have to provide GetResponse with my Personal Data?
Sometimes we ask you to provide us with your Personal Data. Providing:
- Registration data
- Data provided as Account details, and
- other data (indicated as mandatory) in registration forms
is essential for us to create your Account, send you the requested materials or for enable you to participate in a chosen event. If you don’t provide us is essential for us to create your Account, send you the requested materials or for enable you to participate in a chosen event. If you don’t provide us with the relevant Data, you will not be able to use some or all features of the Platform or Service. Providing us with Data other than the mandatory Data is voluntary.
Providing Personal Data for booking an individual online meeting is voluntary, but necessary to organize and conduct the meeting.
2. How long do you store my Personal Data?
If you are our Customer, we store your Personal Data for the time during which you have an Account with our Service. When you deactivate your Account, we’ll store your Data for 60 days for the sole purpose of enabling you to reactivate the Account. During that time, we’ll only store your Data without any other processing activities subject to our other obligations or rights arising from applicable laws or public authority orders. After that time, we’ll delete your Personal Data from the main database, without the possibility to recover it. In the next 120 days, your Personal Data will be subject to encryption and stored in backup copies only. The said 120-day period is required to delete the Personal Data completely due to the specifics of the backup copy operations.
We’ll store the Personal Data of the Users who are not our Customers for the time corresponding to the lifecycles of the cookies and similar technologies saved on their devices. You will find the details of how we use cookies and similar technologies in our Cookies Policy.
We’ll store the Personal Data of our newsletter subscribers or persons who have agreed to receive marketing content from us until they resign.
We process the Personal Data of people with whom we establish contact until the end of the conversation or possible cooperation, and in the case of direct marketing, no longer than until the objection is expressed.
After expiration of the periods described above, your Data will be erased, excluding the following data:
- name,
- surname,
- email address,
- Service usage history,
- and information about expressed consents.
We’ll store this Data only for as long as we need to handle complaints and manage claims, including those related to the use of the Service, and for as long as is required by tax and accounting regulations.
3. Why do I enter into a Data processing agreement with GetResponse?
If you are our Customer and you have an establishment within the European Economic Area (EEA) or if GDPR applies to your operations for other reasons, you engage GetResponse in the processing of the personal data necessary to provide you with the Service on terms and conditions stipulated in the Terms of Service.
If GetResponse S. A. is a data processor or service provider then it collects information under the direction of our Customers and has no direct relationship with the individuals whose Personal Data it processes. If you are a contact of one of our Customers and would no longer like to be contacted by one of our Customer that use our Service, please contact the Customer that you interact with directly. We may transfer Personal Data to companies that help us provide our Service. When we act as data processor or service provider transfers to subsequent third parties are covered by the service agreements with our Customers. Data obtained from our Customers through Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.
4. Does GetResponse process personal data of children or special categories of personal data?
We don’t process Personal Data of children, and we don’t collect special categories of Personal Data.
The Service and Platform are directed to adults, i.e., those who are over 18 (eighteen) years old and those who perform commercial activities. When you start using the Platform or Service, you declare that you are over 18 years old. We ask minors not to share any information with us, especially Personal Data.
5. How does GetResponse protect my Personal Data?
We implemented adequate and effective measures to ensure the security of your Personal Data. The Platform uses encrypted data transmission (SSL, secure socket layer) during registration and login, which guarantees the protection of the data identifying you and significantly impedes Account data interception by unauthorized systems or people.
6. Does GetResponse use cookies or similar tracking technologies?
You will find the details concerning the use of cookies or similar tracking technologies in our Cookies Policy.
7. Where does GetResponse get my Personal Data?
We received your Personal Data directly from you, from publicly available sources, or from your employer/contractor/entity you represent in connection with planning or establishing cooperation with GetResponse.
If we were the first to contact you, and the organization you are associated with is not in contact with us or has not established cooperation, we obtained your data from publicly available sources, including the Internet and social networking sites such as LinkedIn and related tools.
If you are a designated contact person or representative of an entity with which we are conducting talks or have established cooperation, from your employer/contractor/entity you represent, we receive data such as your name and surname, business telephone number or business e-mail address, place of work, position or information about the type of matters you deal with.
8. Automated processing
If you are our Customer and while using our chatbot you provide any personal data, this data may be processed in an automated manner.
VIII. CCPA
To the extent the California Consumer Protection Act (the „CCPA”) applies, we need to present you the following information:
For the purpose of the CCPA, with respect to Personal Information of Customer GetResponse serves the role or the “business” (as defined by the CCPA); and with respect to Personal Information of Contacts we are the “service provider” (as defined by the CCPA).
Your rights. You have control over your Personal Information.
We make sure that our Customers and Users can exercise their rights concerning their Personal Information. If you want to exercise your rights granted to you by the CCPA, please contact us via form available here.
All you need to do is to inform us about the reason for your motion and the right you want to exercise. If you have an Account in the Service, you can exercise some of your rights directly after you log in to your Account. Please remember that if you change your settings in the Account, we may need up to three (3) hours to apply the changes into our systems due to technical reasons. This explains why during that time you may still be receiving emails from our system while it is updating your settings.
Very often we act as a service provider of Personal Information. This is mainly the case of processing of Personal Information of Contacts on behalf of our Customers using our Service. In such cases, if you are a Contact and want to exercise your data protection rights or have any questions about how your Personal Information is handled by us as a service provider, you should contact your business covered by the CCPA, who the Customer who has decided to entrust us with your Personal Information. You should also refer to separate privacy policies adopted by such Customer.
If you do not want to receive communication from one of our Customers using our Service, please unsubscribe directly from that Customer’s e-mail communication or contact that Customer directly to amend or delete your Personal Information. If you contact us directly, we may remove or update your Personal Information within a reasonable time and after informing the Customer of your request.
We will respond to your request within 45 days. In some cases, we may not be able to comply with your request – should this happen, we will always let you know about it and give you reasons for our refusal.
Please be informed that any disclosures we provide will only cover the 12-month period preceding your verifiable request’s receipt. For data portability requests, we will select a format to provide personal information that should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic mail communication.
If we decide it’s necessary, we may ask you some additional questions or ask you to provide us with additional documents to confirm your identity.
It may sound obvious, but for the sake of clarity, we would still like to point out that exercising your rights described below is free of charge, with the possible exception of providing additional copies of your Personal Information.
You have the following rights:
1. Right of Disclosure or Access
You have the right to access Personal Information about you that we hold, and the right to request disclosure of your Personal Information we possess, receive additional details regarding your Personal Information we collect and its use purpose, including any third party with which we share it.
If you have an Account with the Service, you can directly access your Personal Information you have provided at all times, after logging into your Account. You can also file a request by a form available here.
You are also able to correct or amend your Personal Information where it is inaccurate or has been processed in violation of the data protection laws.
You can do it yourself in your Account or ask us to correct or amend your Personal Information via a form available here.
If you a California resident, and the CCPA applies to you, you can also contact us via form available here.
2. Right to Deletion
You have the right to deletion of Personal Information we have collected. We’ll treat your demand to erase all your Personal Information as a demand to delete your Account.
We will keep some of your Personal Information despite the demand to erase it if it’s necessary for complying with legal obligations, detect security incident, exercise a legal rights, establishing, pursuing, or defending a claim, or otherwise as specified by applicable law. It especially refers to Personal Information concerning your name, surname, email address, and the Platform or Service use history, which we keep being able to address complaints and claims connected to the Platform or use of the Service.
3. Right of Personal Information Portability
In response to a request for disclosure, we must provide Personal Information in a readily useable format to enable you to transmit the Information from us to another entity without hindrance. We will send your Personal Information in a .CSV format. This format is commonly used and machine-readable and enables the transmission of your Personal Information to another entity.
4. Choice Principle (Opt out)
We offer you the opportunity to choose (opt out) whether your Personal Information is
- to be disclosed to a third party, or
- to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.
You may request an opt out from:
- processing your email address to send you our marketing communication to your email address,
- collecting your data by cookies. Read more in the Cookies Policy.
Your opt out request is effective upon execution, and it does not affect the lawfulness of the earlier processing. You can always opt out without detriment. It may, however, render you unable to use some of the features of the Platform or the Services which we may legally render only with your consent (e.g., receiving the newsletter on the new updates in our Resources).
You may opt out in one of the following ways:
- by clicking “unsubscribe” in the email you received,
- if you agreed to the use of cookies – in your browser settings,
- as described in section Our contact details.
5. Non-Discrimination
In any time, we will not discriminate against you for exercising any of your CCPA rights. According to that, unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time
Additionally, to all information given above, in particular, referring to the purpose and the manner of processing of you Personal Data (“Personal Information” under the CCPA) you should know the following:
List of categories GetResponse has collected about customers, governed by the CCPA, in the last twelve (12) months:
Category | Examples | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | yes |
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | yes |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | no |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | yes |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | yes |
G. Geolocation data. | Physical location or movements. | yes |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | yes |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | no |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | no |
K. Inferences drawn from other Personal Information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | yes |
In the last twelve (12) months, GetResponse has disclosed the following categories of Personal Information of Customers governed by the CCPA, for a business purpose (as defined by the CCPA): Identifiers, Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), Commercial Information, Internet or other similar network activity, Geolocation data.
GetResponse does not sell your Personal Information to any third parties
We and third party service providers on our behalf collect information about your general location when you use or access our sites and services based on your IP address. We collect and use this location-related data in order to: display our sites and services in a language applicable to your location, answer your questions in one of languages supported by our Customer Service department, or to display our pricing in an applicable currency to your location.
IX. Updating our Privacy Policy
We may change this Privacy Policy at any time. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you and your Account. If we make changes to this Privacy Policy, we will notify you by publishing information here before the changes take effect.
If, however, we make material changes to this Policy, we may also send you a separate notification to the email address you provided us with.
The Privacy Policy does not restrict any of your rights under the Terms of Service or applicable provisions of the law.