This document was last updated on November 5, 2021.
1. WHAT INFORMATION WE COLLECT
Please note that some of your information is collected and stored even before you log in, when you access our site. We collect your information in the following ways:
• Information you provide directly to us. When you subscribe to our newsletters, register for one of our webinars, sign up for our services, request us to contact you, or through other interactions with us, we may ask you for certain personal information, such as your name, birthdate, postal address, e-mail address, telephone number, company name, job title, or payment information. When you request support from us, we may also collect information from you such as contact information, documentation, screenshots, or other information you or we may believe is helpful to solving the issue. When you speak with our customer service or sales representative on the phone, your calls may be recorded and/or monitored for quality assurance, training and research purposes.
• Information we collect automatically when you visit our websites. We and our third-party partners, such as our advertising and analytics partners, collect information about your visits to our websites and your interactions with our ads or content, together with information such as your IP address, cookies, and other tracking technologies (e.g., web beacons, device identifiers, and pixels).
• Information we get from third parties. Third party sources of information include:
• Demographic, lead, and interest data. We may obtain information from outside companies such as those that collect customer information including demographic and interest data. Examples of this information include your employment status, your job title with your current employer, and your business contact information. We use this data and combine it with other information we have about you to help us predict your preferences and to direct marketing offers that might be more relevant to you. We also obtain where permitted by law contact information and other marketing lead information from third parties, website “refer-a-friend” options or social media platforms and may combine it with information we have to contact you or direct Subflow marketing offers to you.
• Information about our customers’ users. Our customers and other third parties may also provide us with personal information about our customers’ users and others. For example, we may receive personal information and other information from our customers, message senders, mobile network operators, databases with information relevant to mobile telephone numbers submitted to our services, and other third parties. This information may include, without limitation, telephone numbers, telephone numbers’ validity, type (e.g., mobile, landline, etc.), corresponding device status (e.g., whether or not it is currently available for messaging), roaming status, carrier, country of location, and whether or not the number has been ported and is used to help us provide our services.
• Information collected in connection with your use of services delivered via our platform. We and our service providers may collect information in connection with your use of communications services delivered via our platform.
• Communications usage information. This includes information about your communications delivered via our platform such as the time and duration of usage, source and destination identifiers, completion status, location, IP address, and amount of usage.
• Communications content. To enable you to send and receive communications via our platform, we need to be able to handle the content of the messages, calls, and other communications channels used by you. This also includes, for example, voicemails and call recordings recorded via our services.
• Device information. Where we have provided end user equipment to you, such as an analog telephone adapter or a VoIP phone, or you have installed our software on your device, we collect device-specific information from you. This includes, for example, your hardware model, operating system version, firmware, browser information, device and network configuration, device identifier, IP address, device performance, signal strength, call quality, telemetry, and mobile or wireless network information. We use the device information we collect in order to deliver and improve our services.
• Your contact lists and address book. If you use our mobile apps, we may request your permission to access and store the contact list or address book maintained on your mobile phone, tablet, or other broadband-connected device. Your contact list is considered your personal data. We may use your contact list information to facilitate certain services where selected by you such as to enable you to make calls easily and to facilitate calls, texts, and other services. We may also facilitate the delivery of messages to individuals in your contact list that you wish to invite to download our mobile apps so that you can utilize our services with these selected individuals, although it is always your choice to send invites to such individuals. We will not use your contact list information for other purposes without first notifying you of the proposed use. You do not have to allow us to access your contact list information, but if you do not, certain features of our mobile apps may not be available to you. You may at any time opt out from allowing this access via the privacy settings on your device.
2. WHY WE COLLECT YOUR INFORMATION AND HOW WE USE IT
How we use the information we collect depends on which of our services you use, how you use them, and specific preferences you may have communicated to us. We list below the specific purposes for which we collect your information.
• To deliver our services. We use your information because it is necessary to perform our obligations in delivering our services to our customers. This includes delivering your communications to the intended end user, processing transactions with you (such as billing), authenticating you when you log into our platform, providing customer support, and operating and maintaining our services. We also need your information to communicate with you about the services, including registration confirmations, purchase confirmations, expiration or renewal reminders, responding to your requests, and sending you notices, updates, security alerts, administrative messages, and other communications necessary to usage of the services.
• To carry out core activities relating to our services. To effectively deliver our services to you, we use your information to engage in important supporting activities such as:billing and collections, including maintenance of records in the event of a subsequent billing dispute; preventing fraud, violations of our acceptable use policies, and unlawful activities; troubleshooting, quality control, and analytics; and monitoring the performance of our systems and platform.
• For research and development. We are constantly looking for ways to improve our services, to make them more reliable, secure, and useful to you and our users generally. We use data regarding our users’ communications on our platform to understand how our services are performing and how they are being used in order to identify areas where we can do better. For instance, we may use message delivery and call connection information to gauge the effectiveness of our routing to ensure that your messages are delivered and your calls are connected. We and our service providers may use your information to assess the level of interest in, and use of, our services, our communications to our customers, and our other messaging campaigns, both on an individual basis and in the aggregate. We also use information about your use of our websites to understand how our website visitors are using our websites. Among other things, this usage information, along with tracking technologies, enables third-party analytics companies, such as Google Analytics, to generate analytics reports on the usage of our services. To opt out of your usage information being included in our Google Analytics reports, you may follow these instructions.
• To comply with legal requirements. Applicable laws or regulations may require our processing of your data, such as laws mandating retention of communications data.
• To protect our legitimate business interests and legal rights. Where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
• According to your explicit consent. If we wish to use your information for certain purposes which require consent under applicable law, we will first seek out and obtain your consent. This may include, for example, testimonials or case studies that identify you in your individual capacity.
3. EUROPEAN ECONOMIC AREA USERS AND OUR “LAWFUL BASES” FOR USING THEIR DATA
European data protection law requires organizations like us to provide a lawful basis to collect and use your information. Our lawful basis to collect and use information from our EEA users include when:We need it in order to provide you with the services and to carry out the core activities related to our provision of the services.We need to comply with a legal obligation. We have a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services and to protect our legal rights and interests.You give us your consent to do so for a specific purpose.
4. WHO WE SHARE YOUR INFORMATION WITH AND WHY?
We may share your information as detailed below:
• Third-party service providers that help us to deliver the services and allow us to operate our businesses.Communications providers. As the provider of a communications platform, we share the data we collect from you with communications providers (including traditional PSTN telecommunications companies and over-the-top communications service providers) as necessary in order to provide you with the services. These are the telecommunications companies, for instance, who we need to ensure your calls, messages and other communications reach the people you want to contact.Business operations vendors. We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. We only work with carefully selected vendors, and we require any vendors with whom we share personal data to protect the confidentiality of such information and use it solely for the purposes for which it was shared.Partners. In the event that you purchase services offered by Subflow or a partner through a special marketing arrangement (for example, through a co-branded advertisement or offer, or an arrangement where we and a partner market or offer the other’s products or services), we may share your information with these third parties in connection with their services, such as to assist with billing and collections, to provide localized support, and to provide customizations. We may also share information with these third parties where you have agreed to that sharing.
• Compliance with law enforcement requests and applicable laws; enforcement of our rights. We may disclose personal data as required by applicable law, regulation, legal process or government request; to protect Subflow, our services, our customers or the public from harm or illegal activities; and to enforce our agreements, policies and service terms.
• With your explicit consent. We share information about you with third parties when you give us consent to do so. For example, we often display use cases or testimonials of satisfied customers on our public websites and require your consent to identify you in your individual capacity. If you are a business customer, and have requested this, your business name and phone number may be included in public directories. • Sharing with senders and recipients of communications. The name on your account, or a portion thereof, and/or your phone number may be displayed to people that you make calls to and to other users of the services so that they may contact you. Depending on the service you’re using, you may be able to control what’s displayed by adjusting your settings within the mobile app or your customer account, or by contacting customer care at the address provided when you signed up for the services.
• Subflow affiliates; business transactions. We share your information with and among our corporate affiliates in order to operate and improve the services we provide to you; and we may share your information in connection with a sale, merger, liquidation, or reorganization of our business or assets.
• HOW WE PROTECT YOUR INFORMATIONSubflow has implemented administrative, physical, and technical safeguards to help protect the personal data that we transmit and maintain. However, no system or service can provide a 100% guarantee of security, especially a service that relies upon the public internet. Therefore, you acknowledge the risk that third parties may gain unauthorized access to your information. Although we take reasonable steps to prevent it, Subflow does not warrant that information will not be accessed or disclosed through a breach of any of our security protocol. Keep your account password secret and please let us know immediately if you think your password was compromised. Remember, you are responsible for any activity under your account using your account password or other credentials.
5. WHERE WE STORE YOUR INFORMATION AND INTERNATIONAL TRANSFERS
• International transfers within Subflow and its corporate affiliates. To facilitate our global operations, we transfer information among our corporate affiliates in countries whose privacy and data protection laws may not be as robust as the laws of the countries where our customers and users are based. We utilize standard contractual clauses approved by the European Commission and rely on the European Commission’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.
7. HOW LONG WE STORE YOUR INFORMATION
We store your information until it is no longer necessary to provide the services or otherwise relevant for the purposes for which it was collected. This time period may vary depending on the type of information and the services used, as detailed below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from anonymized information retained or used for these purposes.
• Customer account information. We store your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services.
• Communications usage information. While you’re an active customer, we retain the communications usage information generated by your use of the services until the information is no longer necessary to provide our services, and for a reasonable time thereafter as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services.
• Marketing information, cookies and web beacons. If you have elected to receive marketing e-mails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our services, such as when you last opened an e-mail from us or visited our websites. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
• Device information. We collect device-specific information from you when we have provided end user equipment to you, such as an analog telephone adapter or a VoIP phone, or you have installed our software on your device. If you do not revoke our access to this information via the privacy settings on your device, we will retain this information for as long as your account is active.
8. HOW TO ACCESS AND CONTROL YOUR INFORMATION
• Opt out of communications. You may opt out of receiving promotional communications from us by using some or all of the following methods: the unsubscribe link within each e-mail, updating your e-mail preferences within your service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional e-mail list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our services. Depending on your type of account with Subflow, you may be able to opt out of some notification messages in your account settings.
• Your rights as an EEA resident. If you are from the EEA, you may have broader or additional rights, including: to be provided with a copy of your personal data held by us;to request the rectification or erasure of your personal data held by us;to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);to object to the further processing of your personal data, including the right to object to marketing and profiling; andto request that your provided personal data be moved to a third party.Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.If you do not want your personal data used by Subflow for any direct marketing purposes, or shared with third parties for their own marketing use, then you may opt out of such use or sharing by contacting us, even if you have previously consented to such use.If you have any concerns or complaints regarding the treatment of your personal data by us, or you believe we have breached any privacy law in relation to your personal data, please contact us. We will treat any concerns or complaints confidentially. We will promptly investigate any concern or complaint that you raise with us.You can exercise the rights listed above at any time by contacting us and if you feel that your request or concern has not been satisfactorily resolved, or our response is not provided within a reasonable time, you may approach your local data protection authority (links here for residents of the EEA or Australia). The Information Commissioner is the supervisory authority in the United Kingdom and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
9. YOUR RIGHTS AS A CALIFORNIA RESIDENTThis section applies only to California consumers. It describes how we collect, use, and share California consumers’ personal information in our role as a business, and the rights applicable to such residents. For purposes of this section "personal information" has the meaning given in the California Consumer Privacy Act (“CCPA”). Subflow does not sell your personal information or your end users’ personal information.We process your personal information only in order to provide the services and we do not retain, use, or disclose your personal information outside of the scope of the agreement we have with you.
10. HOW WE COLLECT, USE, AND SHARE YOUR PERSONAL INFORMATION
We have collected the following statutory categories of personal information in the past twelve (12) months:
• Identifiers, such as name, e-mail address, mailing address, fax number and phone number. We collect this information directly from you or from third party sources.
• Customer records information, such as your Social Security number for a limited purpose like tax reporting relating to a payment for a customer referral or to facilitate an international money transfer.
• Information collected in connection with your use of our services, including communications usage information and the communications content processed through the services.
• Internet or network information, such as browsing and search history. We collect this information directly from your device.
• Geolocation data, such as IP address. We collect this information from your device.
• Financial information, such as payment details or financial account numbers in the process of providing you with our services. We collect this information from you.
• Inferences based on your use of the services and browsing history.
• Other personal information, in instances when you interact with us online, by phone or e-mail in the context of receiving support from our sales and customer service teams.
11. YOUR CALIFORNIA RIGHTSYou have certain rights regarding the personal information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.The right of access means that you have the right to request that we disclose what personal information we have collected, used and disclosed about you in the past 12 months. The right of deletion means that you have the right to request that we delete personal information collected or maintained by us, subject to certain exceptions. The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights. Subflow does not sell personal information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199).“California's “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California consumers asking about the businesses' practices related to disclosing personal information to third parties for the third parties' direct marketing purposes. Alternately, such businesses may have in place a policy, as we do, only to disclose personal information of consumers to third parties for the third parties' direct marketing purposes if the consumer has opted into such information-sharing.
12. HOW TO EXERCISE YOUR CALIFORNIA RIGHTSYou can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your personal information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your personal information. Please email us at email@example.com if you would like to exercise your rights pursuant to CCPA or learn more about your rights or our privacy practices.
13. OTHER IMPORTANT INFORMATION
• Information from children. Subflow does not sell products or services for purchase by children and we do not knowingly solicit or collect personal data from children or teenagers under the age of eighteen. If you believe that a minor has disclosed personal data to Subflow, please contact us.