privacy policy

Publish Date: This policy was updated on March 30, 2023.

Critical Impact Software, Inc. (“Critical Impact,” “Us,” or “We”) is committed to protecting the privacy of the users of the https://criticalimpact.com web site (the “Site”) and the services offered through the Site, including by way of example the email and other communications sent through those services (the “Services”). This privacy policy (the “Policy”)) discloses Critical Impact’s information privacy practices for the Site and Services. This policy is intended to inform users of our Services and other visitors to the Site of the information collection and use practices of the Site and Services.

Critical Impact complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. Critical Impact has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Critical Impact commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Critical Impact at privacy@criticalimpact.com or postal mail to:

Critical Impact
Attn: Jamieson McNeil, Privacy Manager
210 W 4th St., Suite 150
Winston-Salem, NC
27101, USA

Critical Impact has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.

Finally as a last resort and under limited circumstances EU and Swiss individuals with residual complaints can invoke a binding arbitration option before the Privacy Shield panel.

Critical Impact is subject to the regulatory and enforcement powers of the United States Federal Trade Commission (FTC).

Please see the Notification of Changes section below for information regarding changes to this Policy. If you have questions or concerns regarding this Policy, you should contact Critical Impact by e-mail at privacy@criticalimpact.com.

COLLECTION AND USE OF INFORMATION GENERALLY.
Critical Impact collects information directly from the users of our Site and Services. Critical Impact also receives information regarding users from our customers and from other third parties. We will not sell, share, transfer, or use the information we collect from users or receive from our customers or other third parties regarding users other than as stated in this Policy.

In addition, we will not sell, share, transfer, or use the information we receive from our customers or from other third parties regarding users except in accordance with the directions of those customers and other third parties.

COLLECTION AND USE OF INFORMATION BY OUR CUSTOMERS AND OTHER THIRD PARTIES.
Certain of the web sites of Critical Impact’s customers, advertisers or affiliates and other third-parties may be accessible through the Site or through email or other communications sent through the Services. You may be asked to provide personally identifiable information (or other information) to these customers or other third parties through these web sites or through the communications sent to you through the Services, including by way of example when you click on a link on the Site to one of these other web sites or on a link in an email or other communication sent through the Services. These customers and third parties maintain their own privacy and data collection policies and practices. This Policy covers only information collected through the Site and Services and does not extend to our customers or any third parties. CRITICAL IMPACT IS NOT RESPONSIBLE FOR THE POLICIES OR PRACTICES OF OUR CUSTOMERS OR ANY THIRD PARTIES. YOU SHOULD REVIEW THE APPLICABLE PRIVACY POLICIES OF OUR CUSTOMERS AND ANY THIRD PARTIES BEFORE PROVIDING THEM WITH ANY PERSONALLY IDENTIFIABLE INFORMATION.

COLLECTION AND USE OF PERSONALLY IDENTIFIABLE INFORMATION BY CRITICAL IMPACT.
We only collect and use personally identifiable information regarding users of the Site or Services as described in this Policy. In addition, we do not process or use personally identifiable information that we collect or that is received from our customers or from other third parties in a way that is incompatible with the purposes for which it was collected or received or subsequently authorized by you. Except as noted in this Policy, personally identifiable information collected by Critical Impact on the Site or through the Services is NOT shared with third parties without your consent.

We may automatically collect personally identifiable information from you when you access the Site or use or access the Services. We may also collect personally identifiable information from you through a number of voluntary sources on the Site or through the Services, including through emails or other communications sent through the Services. For example, these sources may include responses, registrations, surveys, reviews, comments, confirmations, emails, postings, messages, telephone calls, written correspondence or other electronic submissions and communications sent by you to the Site or through the Services. The personally identifiable information we may collect from you will include, by way of example:
• Domain name and Internet Protocol (IP) address;
• E-mail address;
• Contact information (including, name, address, zip code, country, and phone number);
• Gender;
• Financial information, such as account or credit card numbers;
• User-specific and aggregate information on areas of the Site accessed and the Services used;
• Username and password information for the Site or Services; and
• Other information you volunteer to the Site, through the Services or through other means of communication, such as responses, registrations, surveys, reviews, comments, confirmations, emails, postings, messages, telephone calls, written correspondence or other electronic submissions and communications sent by you to the Site or through the Services.

YOU SHOULD NOT PROVIDE CRITICAL IMPACT WITH ANY PERSONALLY IDENTIFIABLE INFORMATION (OR SUBMIT OR POST ANY PERSONALLY IDENTIFIABLE INFORMATION TO THE SITE OR IN RESPONSE TO ANY EMAIL OR OTHER COMMUNICATION) UNLESS YOU WOULD LIKE THAT INFORMATION TO BE USED IN ACCORDANCE WITH THIS POLICY.

If you register for the Site or Services through a third-party, the personally identifiable information you have provided in connection with your registration may be imported into your account on for the Services. The personally identifiable information we may collect from you will also include any information imported from any such third-party.

The personally identifiable information that Critical Impact collects from users of the Site or Services (both registered and unregistered) may be used for a variety of purposes, including by way of example:
• Providing the Services;
• Customizing advertising or other content displayed on the Site or through the Services;
• Customizing the layout of the Site or Services;
• Notifying users of the Site or Services about updates to and activities on the Site or Services and about goods and services that we feel may be of interest to you;
• Improving the content of the Site or Services;
• Analyzing data and patterns regarding usage of the Site or Services;
• Contacting users of the Site or Services for marketing purposes; and
• Contacting users of the Site or Services for information verification purposes.

USE OF PERSONAL INFORMATION RECEIVED FROM THE EU and Switzerland
When Critical Impact is a data controller. Critical Impact adheres to the Privacy Shield Principles as described in this Policy with respect to the personal data we collect from EU and Swiss data subjects, which includes data used to establish accounts, process orders, process payments and otherwise provide the Services.

When Critical Impact is a data processor: Critical Impact’s obligations with respect to personal data for which we are solely a data processor, such as personal data received from our customers or from other third parties that we use to generate and transmit email and other communications through the Services, are defined in our agreements with those customers and are not included in this Policy. In those circumstances, we receive personal data from the EU and/or Switzerland as an agent for the customer or other third party merely for processing.

COLLECTION AND USE OF NON-PERSONALLY IDENTIFIABLE INFORMATION BY CRITICAL IMPACT.
Where possible, our server automatically recognizes and collects certain non-personally identifiable information regarding visitors to the Site and users of the Services, including by way of example, IP address, browser type, and other information regarding the system and connection of each visitor or user. We also collect information about how visitors access and use the Site and Services, including by way of example what pages of the Site are viewed and what portions of services are used. When providing the Services, we collect information regarding the performance of the Services, which includes metrics related to the deliverability of emails and other electronic communications. This information allows us to improve the content of the Site and Services, facilitate research and analysis of the Site and Services, and develop and refine our Services. Sometimes, we utilize the services of a third party to help us understand this information better, although the information that is disclosed to these entities remains at all times in anonymous and non-personally identifiable form. We may also provide this information to our customers in anonymous and non-personally identifiable form.

CHILDREN.
The Site and Services are not directed to children under 13 years of age. Critical Impact does not knowingly solicit or collect personal information from children under 13 years of age.

DISCLOSURE AS REQUIRED BY LAW.

Though we make every reasonable effort to preserve user privacy, we may need to disclose personally identifiable information of certain users of the Site or Services when we have a reasonable and good-faith belief that the disclosure is necessary to enforce the Terms of Use for the Site, comply with a judicial proceeding, court order or other legal process, or to otherwise enforce or protect Critical Impact’s rights under applicable law, including, without limitation, Critical Impact’s intellectual property rights. In this situation we will use reasonable efforts to provide notice of this disclosure to all affected users, to the extent reasonably possible under the circumstances. We may also be required to release the personal information of EU and/or Swiss individuals in response to lawful requests by public authorities including to meet national security or law enforcement requirements.

ENHANCEMENT OF PERSONAL INFORMATION.
We may combine and enhance the information we collect from our users with third party data and information to better target our advertising and provide pertinent offers in which we think our users would be interested. Certain summary demographics are also used in our research product offerings. Individual personally identifiable information we collect is never used in our research product offering and is never tied back to an individual user or resold for any purposes.

SENSITIVE INFORMATION.
Critical Impact does not knowingly solicit or collect, and you should not provide, any information regarding your medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information.

SERVICE ANNOUNCEMENTS AND CUSTOMER SERVICE.
On occasion it is necessary to send out service related announcements. For instance, if the Site or any of the Services is temporarily suspended for maintenance we might send users an email. We also communicate with users to provide customer service in accordance with our Terms of Service. Generally, users may not opt-out of these communications without also deactivating their account and ceasing use of the Services. These communications are not promotional in nature.

PROMOTIONAL OFFERS AND UPDATES.
We may send new registrants of the Site or Services a welcoming email and/or login credentials. Established members may occasionally also receive information on products, services and promotions, and occasional newsletters. Out of respect for the privacy of our users we present the option to not receive these types of communications.

CHOICE AND OPT-OUT.
We provide you with a choice whether to receive certain emails and other communications through the Site and Services.

We provide you the opportunity to ‘opt-out’ of having your personally identifiable information used for certain purposes. If you are a user of the Site or Services and you no longer wish to receive emails or other communications from us or have your email address or other contact information shared with third parties, you may opt-out of receiving email or other communications from us or having your email address or other contact information shared with third parties. Some communications (e.g. important account notifications and billing information) are considered transactional and are necessary for all Critical Impact customers. Customers must cancel their Critical Impact account to unsubscribe from these communications.

All opt-out requests can be made by emailing us at: privacy@criticalimpact.com. Please note that it may take up to 10 days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.

COOKIES AND WEB BEACONS.
“Cookies” include commonly used pieces of information in the form of small files that are placed on an individual’s hard drive to enable the individual to more easily communicate and interact with the Site and Services. We may use cookies on the site or in communications sent through the Services for various purposes, including by way of example:
• Saving user preferences;
• Customizing content of the Site for individual users;
• Ensuring that users are not repeatedly sent the same banner ads;
• Recording session information;
• Saving certain information about users of the Site and others who visit the Site; and
• Facilitating and enhancing interaction with the Site.

Critical Impact does not use cookies to retrieve information from a computer that is unrelated to Critical Impact or the Site or Services.

A cookie does not collect or keep your name or other personally identifying information; however, we may link the information obtained through cookies to other personally identifiable information to give us a better understanding of your preferences, so that we can provide a more meaningful experience to you on our Site and through our Services.

“Web beacons” (also known as “single-pixel” or “clear” GIFs) include electronic images imbedded in the Site or in communications sent through the Services which are invisible to users. Web beacons collect information, such as identifiers, time and date of access, and descriptions of the pages or communications in which the web beacons are imbedded. The Site and communications sent through the Services may include web beacons. We may use the web beacons on the Site and in communications sent through the Services for various purposes, including by way of example to track users who have visited our Site, viewed advertisements on the Site or in communications sent through the Services, or otherwise accessed communications sent through the Services.

Most browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may also be able to refuse certain web beacons by adjusting the settings on your browser or email software. Please refer to your browser or email software instructions or help screen to learn more about these functions.

ACCESS, REVIEW, AND UPDATE OF INFORMATION.

Critical Impact acknowledges the EU and Swiss individual’s right to access their personal data.
Critical Impact takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and current. The users of the Site or Services should email us at privacy@criticalimpact.com to review, delete, deactivate, update or change any personal information that was previously provided to or collected by Critical Impact.

CONSENT TO THE USE OF THIRD PARTY PROVIDERS.
In addition to the specific third parties noted in this Policy, Critical Impact may also contract with Agents to provide various services to Critical Impact relating to the Site or Services on an outsourced basis rather than performing the services itself (as used here, “Agents” are persons on companies who act on behalf of or under the direction of Critical Impact). For example, Critical Impact may contract with Datacenters that house computer and other equipment owned/leased by Critical Impact to perform all or a portion of the Services for Critical Impact, and/or the following list of services accessible within the platform:  (1) Email Inbox previews, (2) Email creation/editing, (3) Salesforce.com integration, (4) Google Analytics integration, (5) Zapier ecommerce integration.

By visiting the Site or using the Services, all visitors consent to Critical Impact providing both personal and non-personal information received from those visitors to these Agents for the purpose of enabling the third party provider to provide these outsourced services to Critical Impact. In addition, all visitors consent to the collection, maintenance, and processing of their personal and non-personal information by Critical Impact and these Agents.

Critical Impact shall remain liable under the Principles if its agent processes personal information in a manner inconsistent with the Principles, unless the agent proves that it is not responsible for the event giving rise to the damage.

NOTIFICATION OF CHANGES.
We may notify users of any changes to this Policy. Notification will be made by way of an e-mail or by posting of the changes on the Site . Changes to this Policy will be effective immediately following posted changes or notifications via email. Your continued use of the Site or Services after any change has become effective will constitute your acceptance of that change.

Until we receive written notice from a user to the contrary, we will use information we collect from users in accordance with the version of the Policy effective when the information was last collected. Users may contact us in writing, regarding any change to this Policy, including to prevent their information from being used pursuant to any change to this Policy, by emailing us privacy@criticalimpact.com.

SECURITY.
We will use at least industry standard security measures on the Site to protect the loss, misuse and alteration of the information under our control. While there is no such thing as “perfect security” on the Internet, we will take all reasonable steps to insure the safety of your personal information. For example, our policy is that only those individuals who need your personally identifiable information to perform a specific job are granted access to that personally identifiable information. Likewise, all employees and contractors are kept up-to-date on our security and privacy practices. Finally, the servers that we store personally identifiable information on are kept in a secure environment.

VERIFICATION.

Critical Impact utilizes a self-assessment approach to ensure its compliance with this Policy. We regularly verify that this Policy is accurate, comprehensive, prominently displayed, completely implemented and conduct our self-assessment on an annual basis. We appropriately train our employees and have internal procedures for conducting objective compliance reviews.

ENFORCEMENT.
Critical Impact encourages individuals covered by this Policy to raise any concerns about our processing of personally information by contacting Critical Impact as set forth below.

CONTACT INFORMATION.
All inquiries concerning this Policy and the Site or Services in general may be sent to privacy@criticalimpact.com.

TRANSFER OF INFORMATION.
If Critical Impact elects, in its reasonable discretion, to transfer ownership or control of the Site or Services to a third party, whether or not in the context of an acquisition, merger, or reorganization, you consent to the transfer of your personally identifiable information and non-personally identifiable information by Critical Impact to that third party, provided that all use of your information by that third party remains subject to the terms of this Policy and any applicable requirements of the Privacy Shield Principles.