GetResponse Privacy Policy

TRUSTe

If you don’t have much time, please find below a summary of how GetResponse processes Personal Information.

WHO WE ARE. We are GetResponse Inc., a Delaware corporation located at 71 Summer Street, 5th Floor, Boston, Massachusetts 02110. We process Personal Information of our Customers and our Platform Users as a data controller. We also act as a data processor – when our Customers engage us in data processing in order to enable them to carry out operations on that data using our tools and services.

HOW WE PROCESS YOUR INFORMATION. As a Data controller we will process your Data to enable you to create an Account, to provide you with our Service, and if you agree, to send you marketing communication, which we may tailor to your interests.

WHY WE PROCESS YOUR INFORMATION. We have the right to process your Information for different reasons. The most important one is that we need it to carry out the agreement concluded with you the moment you accept our Terms of Service and to enable you to use our Platform. There are also other reasons that require us to process the Information, e.g. preparing an answer to your queries or your consent to receive our newsletter.

WHO WE DISCLOSE YOUR INFORMATION TO. We disclose your Information only to service providers who support us in the role of data processors or separate data controllers. We do not sell your Personal Information to any third parties.

HOW WE COMPLY WITH PRIVACY SHIELD. For Personal Information we receive from the European Economic Area and Switzerland, we participate and comply with the EU-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.

YOUR RIGHTS. You have the right to access or request deletion of your Personal Information. In some cases, you also have other rights, for example, to opt-out from processing of your Personal Information and to Information portability.

Please read the entire content of our Privacy Policy below, to fully understand how we will process your Personal Information and how you can exercise your rights connected to its processing.

Privacy Policy

This Privacy Policy describes how we protect Personal Information of our Customers and Users. We appreciate the trust you put in us, and we assure you that we make every effort to give you full control over your Personal Information. Below we have described, as transparently as possible, the scope of Information we process when providing the Service and the Platform, the purposes and methods of processing, security measures, and your rights connected with the processing of your Personal Information. By using our Service or our Platform, you accept all rules applied by GetResponse, so please read this Privacy Policy carefully beforehand. If you don’t agree to this Policy or can’t comply with it, you shouldn’t begin to use our Service or our Platform.

Glossary of basic concepts

Below you’ll find the list of basic concepts that will help you better understand this Policy:

Account - individual space provided to the Customer on the GetResponse Platform (after logging in) for the purpose of using the Service.

Contacts - persons whose data (in particular email addresses) is processed using the Service, or to whom Customers send electronic communication (in particular email communication).

Customer - person using our Service to conduct their commercial or professional activities, regardless of the legal form of such activities.

Information concerning activity within the Platform or Service - information concerning your activity within the Service or Platform, information concerning your session, your device and operational system, browser, localization and unique ID as registered and stored with the use of cookie or tracking scripts. This information includes in particular: browsing history, clicks within the Platform, visits to the main page and subsections of the Platform, dates of creating an Account and logging into the Account, information related to the use of individual services in the Platform and Service, history and activities connected to our email communication with you.

Information provided as Account details – Personal Information given by the User in the “Account details” tab, consisting of first name, last name, company or organization, address, email address, phone number, country, time zone, payment information, industry, number of employees.

GetResponse (we, us) - GetResponse Inc., a Delaware corporation located at 71 Summer Street, 5th Floor, Boston, Massachusetts 02110.

Personal Information - information of our Customers, information entrusted to us by our Customers for processing and information of our Users, processed in relation to the use of the Service or Platform.

Platform - websites that are hosted by GetResponse, especially US and Canadian domains listed under the address: https://www.getresponse.com/change-language. Customer can log in to their Account via the Platform.

Policy - this Privacy Policy.

Privacy Settings - space in the Customer Account where the Customer can manage their preferences of privacy protection and exercise their rights as data subjects.

Processing - operations performed on Personal Information such as collection, recording, storage, adaptation or alteration, disclosure, creating backup copies, and other operations necessary to provide the Service or use the Platform.

Registration Information - information given in registration forms available in the Platform: email address, name.

Service - all services provided by GetResponse electronically in the Software-as-a-Service model (SaaS), including in particular providing the Customer with the possibility of using the Account, managing the Information entrusted to GetResponse for the purpose of processing, and conducting marketing campaigns.

Terms of Service - https://www.getresponse.com/legal/terms-us.

User - the person using the Platform.

Capitalized terms that are not expressly defined in this document have the meanings assigned to them in the GetResponse Terms of Service.

Who are we? Our contact details.

GetResponse as data controller and data processor

GetResponse undertakes to process your Personal Information in accordance with all applicable privacy and data protection laws, regulations, frameworks and requirements (collectively, “Applicable Privacy Laws”). To the extent your Contacts are located outside of the United States, these may include (without limitation) provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”, “GDPR”), and Applicable Privacy Laws of the United States or other countries. For purposes of General Data Protection Regulation and similar EU member state frameworks, GetResponse is the “data controller” with respect to Customer Personal Information, and the “data processor” with respect to Personal Information of Contacts.

Unless stated otherwise, we process your Personal Information as a data controller in connection with your use of the Service or the Platform. As such, we determine the purposes and means of the processing of Personal Information.

In some circumstances we also process Data on your behalf. In these cases, you determine the scope of Data you want us to process and purposes for which you use the Service. You can find more about this matter in section VII.3 Why do I enter into a data processing agreement with GetResponse.

Our contact details: GetResponse Inc., a Delaware corporation located at 71 Summer Street, 5th Floor, Boston, Massachusetts 02110.

To exercise your rights, give or withdraw consent, and talk about all security aspects of your Personal Information you can contact us via email privacy@getresponse.com.

Data Protection Officer

GetResponse has designated a Data Protection Officer - Lukasz Kolodziejczyk (DPO), who you can reach out to about anything related to your Personal Data processing. You can easily contact our DPO:

  • via email: privacy@getresponse.com
  • in writing: Data Protection Officer, GetResponse Inc., a Delaware corporation located at 71 Summer Street, 5th Floor, Boston, Massachusetts 02110

How do we use the Information? Your Personal Information and how we process it.

The rules of how we process your Information, along with the purposes and scope of the processing vary depending on whether you are our Customer or Platform User.

We only process Personal Information relevant for the purposes of processing. We do not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We take reasonable steps to ensure that the Personal Information is reliable for its intended use, accurate, complete, and current.

Below, we list the information about the Information we process concerning the specific purposes we need it for.

To provide the Service or Platform

While providing the Service or Platform, we carry out a set of operations that include: administrative activities related to concluding an agreement based on the acceptance of the Terms of Use, creating a Customer Account and Customer authentication within the Account, providing materials requested by Customers or Users (also those who do not have an Account, but use our Platform), activities related to the performance of the Service, including sending you communication related to use or functioning of the Service (in particular system and transactional e-mails), providing Customer support, handling complaints and other requests, charging due fees, seeking redress, and monitoring the quality of the Service and Platform.

What Information do we use and for what purposes?

To create your Account and provide the Service, we process the following Information:

  • Registration Information and the password you set up.

We only store encrypted passwords and we do not have access to them.

To provide you with our Services (i.e., after you log in to your Account as our Customer), we process the following Information:

  • Information provided as Account details,
  • Personal Information included in the content you send using the Service,
  • Information concerning activity within the Platform or Service.

As a data processor, we also process Personal Data entrusted to us by the Customer for the purpose of using the Service.

You can use the Platform without creating an Account, e.g., by downloading e-books and other training materials, by signing up for our newsletter on new articles on our blog or in Resources, by signing up for a webinar, training, or another event we organize or participate in, by submitting a draft to our blog.

To enable you to use our Platform, we process the following Information:

  • Information concerning activity within the Platform or Service,
  • Registration Information.

For legitimate interests

We process Personal Information for legitimate interests of GetResponse described below, taking into consideration the relationship with our Customers or Users.

What Information do we use and for what purposes?

  • For analytical purposes. To keep statistics on the use of the Service and the Platform, helping us to improve the Service and the Platform, and to ensure network and information security, we process the following Information:
    • email address,
    • Information concerning activity within the Platform or Service.
  • To exercise legal claims. If necessary, to establish, exercise, or defend legal claims, we process the following Information:
    • Information provided as Account details,
    • Information concerning activity within the Platform or Service necessary to establish a claim,
    • other data necessary to support the claim, establish the scope of damage and other circumstances regarding the damage.
  • To answer your queries. To respond to your queries, petitions, and complaints, we may process the following Information:
    • Information provided as Account details,
    • Information concerning activity within the Platform or Service that’s the subject of your query, petition, or complaint,
    • Information included in the query, petition, or complaint and the attached documents.
  • To conduct Customer satisfaction surveys. To verify Customer satisfaction with the Platform or Service, we may process the following Information:
    • Registration Information,
    • answers to our survey questions.
  • To prevent fraud and abuse. To monitor, prevent, detect, and combat fraud and abuse, including sending unsolicited content (SPAM), to protect our Customers against such abuse and to ensure network and information security, we may process the following Information:
    • Information provided as Account details,
    • Information concerning activity within the Platform or Service necessary to verify potential fraud or abuse,
    • Information entrusted by the Customer for the purposes of providing the Service.

To send marketing communication

What Information do we use and for what purposes?

To send our Customers and Users marketing and promotional communication regarding our Service or Platform, we may process the following Information:

  • Registration Information

For marketing purposes, including creating your profile

  • Tailoring our Platform and Service to your preferences

    We want our Service and Platform, including our marketing communication (as long as you agreed to receive it), to be tailored to your needs and preferences (profiling). We describe the nature of the profiling we carry out below.

    What Information do we use and for what purposes?

    To develop sales and marketing of our services, including creating Customer or User profiles, tailored to your interests and preferences, we process the following Information:

    • Registration Information,
    • Information provided as Account details,
    • Information concerning activity within the Platform or Service.

    If you have agreed to receive marketing and promotional materials, we will match the marketing and promotional content related to our products and services to your profile based on the above data. We will not send you communication about third-party products or services.

  • Remarketing (displaying ads outside of the Platform)

    To reach you with our marketing communication outside of our Platform, we use the services of third-party providers. These services display our marketing communication on websites other than the Platform To do this, we use codes to download information about your activity within the Platform or Service. You can find more information on this topic in the Cookie Policy.

Why do we process your Data? The legal basis (for data subjects from the European Economic Area).

To provide the Service or Platform

We process your data because it is necessary to enable you to use our Service or Platform. In other words, we need to process your Personal Data to enable you to sign up as our Customer or order our materials as our User. Otherwise, we wouldn’t be able to provide the Service or enable you to use the Platform.

We need to process your data to perform the contract and provide our services. Art. 6.1(b) of GDPR).

For legitimate business interests

Our legitimate interests constitute the legal basis for processing your personal data (Art. 6.1(f) of GDPR). Below you’ll find a list of our legitimate interests.

  • For analytical purposes. We believe we have a legitimate interest in analysing Service and Platform operations and Customer and User satisfaction. We consider processing this data beneficial to Customers and Users. Our aim is to constantly develop the Platform and to provide the Service of the highest quality of the Service.
  • To exercise legal claims. We believe we have a legitimate interest in processing your Data if it’s necessary to exercise claims concerning the use of the Service or the Platform that’s unlawful or incompatible with the Terms of Service or to defend ourselves against such claims.
  • To answer your queries. We believe we have a legitimate interest in replying to petitions and queries made through one of the available channels. We consider processing this Data beneficial for you because it allows us to help you and respond to your queries.
  • To conduct customer satisfaction surveys. We believe we have a legitimate interest in verifying if our Customers and Users are satisfied and what would help us improve the quality of the Service and the Platform.
  • To prevent fraud and abuse. We believe we have a legitimate interest in conducting necessary verification to detect and prevent potential fraud and abuse, including spam detection. We understand processing this Data is beneficial for all parties involved, especially for you and your subscribers, because it allows us to set up precautions, protecting you and your subscribers against third parties sending malicious software or attempting fraud.

To send you marketing communication.

This processing is based on your consent (Art. 6. sec. 1(a) of GDPR).

For marketing purposes including creating your profile

The legal basis for processing your Personal Data are legitimate interests of GetResponse (art. 6 sec. 1 (f) GDPR). We have a legitimate interest in analysing how our Customers and Users use our Service and Platform, to improve and expand our customer base. Users of the Platform who have expressed their interest in receiving marketing communication to their email address give us their free, specific, informed, and unambiguous consent. Hence, we have inferred that they would have a reasonable expectation to receive such communication. At the same time, they expect that the communication we will send should be consistent with their interests. Personalized marketing communication allows our Customers to use our Service more effectively and benefit from our attractive offers. For profiling, we use only the Data our Customers or Users provide us with or the Data concerning their activity within the Platform or Service. We’re only interested in what you do on our Platform or when you use our Service, and not what you do on other websites. That’s why we decided that our interests are justified, legitimate, and at the same time, they don’t violate the rights or freedoms of our Users or Customers, which may override them.

Who we disclose your data to.

We use the services of third-party providers, who provide us with services related to: supporting certain features of the Service (webinars), hosting, customer support, tracking security incidents and responding to them, diagnosing and solving problems with the Service or Platform, web push notification display, analysis of marketing campaigns efficiency as well as analysis of use of the Service and Platform.

We also cooperate with service providers who don’t act on our exclusive request and who themselves determine how they process personal data, in order to carry out remarketing campaigns and statistical analysis.

We are responsible for the processing of Personal Information we receive under each Privacy Shield Framework and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions.

In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We do not sell your Personal Information to any third parties.

Privacy Shield Notice

We comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://privacyshield.gov.

With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the Privacy Shield Principles, GetResponse commits to resolve complaints about our collection or use of your Personal Information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact us at: privacy@getresponse.com.

GetResponse has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive time acknowledgement of your complaint from us, or if we have not resolved your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Your rights. You have control over your Personal Information.

We make sure that our Customers and Users can exercise their rights concerning their Information. You may exercise your rights by filing a demand to the following email address: privacy@getresponse.com. All you need to do is to inform us about the reason for your motion and the right you want to exercise. If you have an Account in the Service, you can exercise some of your rights directly after you log in to your Account. Please remember that if you change your settings in the Account, we may need up to 3 hours to apply the changes in our systems due to technical reasons. That’s why during this time you may still receive an email message from our system while it’s updating your settings.

Very often we act as a processor of Personal Information. This is mainly the case of processing of Personal Information of Contacts on behalf of our Customers using our Service. In such cases, if you are a Contact and want to exercise your data protection rights or have any questions about how your Personal Information is handled by us as a data processor, you should contact your data controller, i.e. the Customer who decided to entrust us with your data. You should also refer to separate privacy policies adopted by this Customer.

If you do not want to receive communication from one of our Customers using our Service, please unsubscribe directly from that Customer’s e-mail communication or contact that Customer directly to amend or delete your Personal Information. If you contact us directly, we may remove or update your Personal Information within a reasonable time and after informing the Customer of your request.

We will respond to your request within 30 days. In some cases, we may not be able to comply with your request – should this happen, we will always let you know about it and give you reasons for our refusal.

If we decide it’s necessary, we may ask you some additional questions or ask you to provide us with additional documents to confirm your identity.

It may sound obvious, but for the sake of clarity, we would still like to point out that exercising your rights described below is free of charge, with the possible exception of providing additional copies of your Information.

You have the following rights:

Right of access

You have the right to access Personal Information about you that we hold.

If you have an Account with the Service, you can directly access your personal data you provided at all times, after logging into your Account. You can also file a request by sending an e-mail to privacy@getresponse.com.

You are also able to correct or amend your Personal Information where it is inaccurate or has been processed in violation of the data protection laws.

You can do it yourself in your Account or ask us to correct or amend your Personal Information by sending an e-mail request to privacy@getresponse.com.

Right to deletion

You have the right to deletion of Personal Information we have collected. We’ll treat your demand to erase all your Personal Information as a demand to delete your Account.

We will keep some of your Information despite the demand to erase it if it’s necessary for performing our legal duties or establishing, pursuing, or defending a claim. It especially refers to Personal Information concerning your name, surname, email address, and the Platform or Service use history, which we keep being able to address complaints and claims connected to the Platform or use of the Service.

Right of Data portability

In response to a request for disclosure, we must provide Personal Information in a readily useable format to enable you to transmit the Information from us to another entity without hindrance. We will send your Personal Data in .CSV format. This format is commonly used and machine-readable and enables the transmission of your Data to another entity.

Choice Principle (Opt out)

We offer you the opportunity to choose (opt out) whether your Personal Information is

  • to be disclosed to a third party, or
  • to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.

You may request an opt out from:

  • processing your email address to send you our marketing communication to your email address,
  • collecting your data by cookies. Read more in the Cookies Policy.

Your opt out request is effective upon execution, and it does not affect the lawfulness of the earlier processing. You can always opt out without detriment. It may, however, render you unable to use some of the features of the Platform or the Services which we may legally render only with your consent (e.g., receiving the newsletter on the new updates in our Resources).

You may opt out in one of the following ways:

  • by clicking “unsubscribe” in the email you received,
  • if you agreed to the use of cookies – in your browser settings,
  • as described in section Our contact details.

Other useful information

Do I have to provide GetResponse with my Personal Information?

Sometimes we ask you to provide us with your Personal Information. Providing:

  • Registration Information
  • Information provided as Account details, and
  • other data (indicated as mandatory) in registration forms

is essential for us to create your Account, send you the requested materials or enable you to participate in a chosen event. If you don’t provide us with the relevant Information, you will not be able to use some or all features of the Platform or Service. Providing us with Information other than the mandatory Information is voluntary.

How long do you store my Personal Information?

If you are our Customer, we store your Personal Information for the time during which you have an Account with our Service. When you deactivate your Account, we’ll store your Information for 60 days for the sole purpose of enabling you to reactivate the Account. During that time, we’ll only store your Information without any other processing activities subject to our other obligations or rights arising from applicable laws or public authority orders. After that time, we’ll delete your Personal Information from the main database, without the possibility to recover it. In the next 120 days, your Personal Information will be subject to encryption and stored in backup copies only. The said 120-day period is required to delete the Personal Information completely due to the specifics of the backup copy operations.

We’ll store the Personal Information of the Users who are not our Customers for the time corresponding to the lifecycles of the cookie files saved on their devices. You will find the details of how we use cookies in our Cookie Policy.

We’ll store the Personal Information of our newsletter subscribers or persons who have agreed to receive marketing content from us until they resign.

After expiration of the periods described above, your Information will be erased, excluding the following data:

  • name,
  • surname,
  • email address,
  • Service usage history,
  • and information about expressed consents.

We’ll store this Information only for as long as we need to handle complaints and manage claims related to the use of the Service, and for as long as is required by tax and accounting regulations.

Why do I enter into a data processing agreement with GetResponse?

If GDPR applies to your processing of Personal Data, because:

  • you offer goods or services (paid or free-of-charge) to data subjects in the EEA; or
  • you monitor behaviour of such data subjects,

you engage GetResponse in the processing of the personal data necessary to provide you with the Service on terms and conditions stipulated in the Terms of Service and Data Processing Agreement, which constitutes an integral part of these Terms

Does GetResponse process Personal Information of children?

We don’t process Personal Information of children. The Service and Platform are directed to adults, i.e., those who are over 18 (eighteen) years old and those who perform commercial activities. When you start using the Platform or Service, you declare that you are over 18 years old. We ask minors not to share any information with us, especially Personal Information.

Security. How does GetResponse protect my Personal Data?

We take reasonable and appropriate measures to protect your Personal Information from less, misuse and unauthorized access, disclosure, alteration and destruction. The Platform uses encrypted data transmission (SSL, secure socket layer) during registration and login, which guarantees the protection of the Information identifying you and significantly impedes account data interception by unauthorized systems or people.

More about security.

Does GetResponse use cookies?

You will find the details concerning the use of cookies in our Cookie Policy.

Updating our Privacy Policy

We review this Privacy Policy on regular basis, and at least every 12 months. We may change this Privacy Policy at any time. Unless stated otherwise, our current Privacy Policy applies to all Information that we have about you and your Account. If we make changes to this Privacy Policy, we will notify you by publishing information here before the changes take effect. If, however, we make material changes to this Policy, we may also send you a separate notification to the email address you provided us with.

The Privacy Policy does not restrict any of your rights under the https://www.getresponse.com/legal/terms-us or applicable provisions of the law.