Data Processing

Effective Date: 12/26/2019

By using services from Critical Impact, you instruct Critical Impact to process any personal data you provide to Critical Impact in alignment with Critical Impact’s Terms of Use, Privacy Policy, and CCPA Privacy Policy. You also agree to the processing of any personal data that Critical Impact provides to you in connection with the services. In addition, clients authorize the engagement of any other third parties as sub-processors.

Client Obligations

By use of Critical Impact services, you agree to comply with data protection obligations and other obligations with respect to any and all personal data by adhering to the Critical Impact Service Agreement, Anti-Spam policies, and Privacy Policy along with all local data protection laws to which you are subject. Critical Impact will inform you if, in Critical Impact’s opinion, you have violated any data processing obligation.

Details of Data Processing

Subject Matter: All Critical Impact services, client provided data, and related technical support to clients, including all publicly available information that is transmitted or retrieved from Critical Impact’s sub-processors.

Duration of the Processing: As identified in the Critical Impact Terms of Use.

Nature and Purpose of the Processing: Critical Impact provides an email service, marketing platform and other related services as identified in our Privacy Policy.

Categories of Data: As outlined in our Privacy Policy, CCPA Privacy Policy, and CCPA Policy For Our Client’s Subscribers.

Data Subjects: Personal data submitted, stored, sent, or received via Critical Impact services that may concern the client or subscribers of the client.

Client Response

  • Providing written responses to all reasonable requests for information made by clients and their subscribers.
  • In the event of a personal data breach, reasonably assisting clients with data security audits, including inspections, conducted by the client, auditors, law enforcement, or other supervisory authorities.
  • Providing notice to clients regarding personal data breaches without undue delay.
  • Reasonably assisting clients with their obligations to Supervisory Authority Data Protection Impact Assessments and Prior Consultation taking into account the nature of processing and data involved.

Data Rights

Right to be informed: You or your subscribers can ask about personal data, how it is used, and why it is being used at any time.

Right of access: As outlined in our Privacy Policy.

Right of rectification: You or your subscribers can update (or request updates to) personal information at any time.

Right of erasure: You may cancel your Critical Impact account at any time and may additionally request that Critical Impact erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Your subscribers may also request that you or Critical Impact do the same for their personal data. Critical Impact reserves the right to keep the minimum amount of information that helps us prevent fraud to keep your delivery rates the highest they can be.

Right to restrict processing: You may suspend your account at any time which restricts the sending of email. Your data will still be processed for other actions such as billing and by our sub-processors. You may backup and deactivate a list to verify subscriber data and reactivate within 30 days. You may cancel your account to restrict all data processing of your data and your subscribers and reactivate your account as long as we have not yet deleted your information according to our retention policies.

Right to data portability: You may export any of your lists, or selected information within any list, at any time while your account is active by logging into your Critical Impact account.

Right to object: You may unsubscribe from any of Critical Impact’s emails at any time. Your subscribers may unsubscribe from your emails at any time.

Critical Impact does not discriminate against a customer, price services differently, or reduce quality of service based on exercising of the above data rights.

Sub-Processors

You may opt-in to be informed of sub-processor additions excluding those on our list of sub-processors below by contacting us. You may independently contact any of these sub-processors directly to have your information erased that they store about you. This may include information you provided to Critical Impact or information Critical Impact procured from the sub-processor.

Sub ProcessorPurpose
AmazonCloud Infrastructure Hosting
GoogleBusiness Analytics
SalesforceCustomer Sales Management
ZendeskCustomer Support

Changes to These Disclosures

We reserve the right to amend these disclosures at our discretion and at any time. When we make changes to these disclosures, we will post the update on this page and update the effective date. Your continued use of Critical Impact’s services following the posting of changes constitutes your acceptance of such changes.

Menu