Terms and Privacy
Policy of Privacy
This Policy is incorporated into and is subject to the NectarCRM Terms of Service. Capitalized terms used, but not defined in this Policy, have the meaning given to them in the NectarCRM Terms of Service and in the Lei Geral de Proteção de Dados in its fifth article.
- “Customer” means a NectarCRM customer.
- “Customer Data” means personal data, reports, addresses and other files, folders or documents in electronic form that a Service User stores on the Service.
- “Personal Data” means any information relating to an identified or identifiable natural person.
- “Public Area” means the area of the Site that can be accessed by Users and Visitors, without the need to log in.
- “Restricted Area” means the area of the Site that can only be accessed by Users and where access requires login.
- “User” means an employee, agent or representative of a Customer, who primarily uses restricted areas of the Site for the purpose of accessing the Service in that capacity.
- “Visitor” means an individual who is not a User, and uses the public area but does not have access to the restricted areas of the Site or Service.
2. The information we collect about the service
We collect different types of information from or through the Service. The legal bases for the processing of personal data by NectarCRM are primarily that the processing is necessary to provide the Service in accordance with NectarCRM’s Terms of Service and that processing is carried out in NectarCRM’s legitimate interests, which are explained in more detail in the How We Use the Information We Collect section, from this policy. We may also process data with your consent, requesting it as appropriate.
2.1 Information provided by the user
When you use the Service, as a User or Visitor, you may provide and we may collect Personal Data. Examples of personal data include name, email address, mailing address, cell phone number and credit card or other billing information. Personal Data also includes other information, such as geographic area or preferences, when that information is linked to information that identifies a specific individual. You may provide us with Personal Data in a number of ways on the Service. For example, when closing a contract between the parties, when registering for an Account, using the Service, posting Customer Data, interacting with other users of the Service through communication or messaging features, or sending us customer service related requests.
2.2 Information collected by customers
A customer or user can store or upload customer service data. NectarCRM has no direct relationship with the individuals whose personal data it hosts as part of customer data. Each Customer is responsible for notifying its customers and third parties of the purpose for which the Customer collects their Personal Data and how such Personal Data is processed on or through the Service as part of Customer Data.
NectarCRM may carry out random inspection and verification routines on the lawfulness of the imputation of data performed by the customer and, as provided for in this document, will take the necessary measures to ensure that rules and legislation are complied with.
2.3 “Automatically Collected” Information
When a User or Visitor uses the Service, we may automatically record certain information from the User’s or Visitor’s device using various types of technology, including cookies, “clear gifs” or “web beacons”. This information “collected automatically” may include IP address or other address or device ID, web browser and/or device type, the pages or websites visited shortly before or shortly after using the Service, the pages or other content that the User or Visitor views or interacts with in the Service and the dates and times of visiting, accessing or using the Service. We may also use these technologies to collect information about a Visitor or User’s interaction with email messages, such as whether the Visitor or User opens, clicks, or forwards a message. This information is collected from all users and visitors.
2.4 Integrated Services
You may have the option of accessing or registering for the Service through the use of your username and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google Account or if otherwise, you have the option to authorize an Integrated Service to provide Personal Data or other information to us. By authorizing us to connect to an Integrated Service, you authorize us to access and store your name, email address(es), date of birth, gender, current city, profile picture URL and other information that the Integrated Service makes us available, and use it and disclose it in accordance with this Policy. You should check your privacy settings on each Integrated Service to understand what information the Integrated Service makes available to us and make any necessary changes.
2.5 Information from other sources
We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, credit rating agencies and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
3. How we use the information we collect
We use the information collected in a variety of ways to provide the Service and operate our business, including the following:
We use the information – in addition to Customer Data – to operate, maintain, improve and provide all features of the Service, provide you with requested services and information, respond to comments and questions, and provide support to users of the Service. We process Customer Data only in accordance with instructions provided by the applicable Customer or User.
We use the information to understand and analyze the usage trends and preferences of our Visitors and Users, to improve the Service and to develop new products, services, features and functionality. If this objective requires NectarCRM to process the Customer data, the data will only be used anonymously or aggregate.
We may use a Visitor or User’s email address or other information – in addition to Customer Data – to contact that Visitor or User (i) for administrative purposes such as, but not limited to, customer service, to solve intellectual property violations, privacy rights violations or defamation issues related to the Customer Data or Personal Data posted on the Service or (ii) with updates on promotions and events, related to products and services offered by us and third parties we work with. You may opt-out of receiving any promotional communications as described below under “Your Choices”.
3.4 Cookies and Tracking Technologies
We use the information collected automatically and other information collected on the Service through cookies and similar technologies to: (i) personalize our Service, such as remembering a User or Visitor’s information so that the User or Visitor do not need to re-enter it during a visit or on subsequent visits; (ii) provide personalized advertisements, content and information; (iii) monitor and analyze the effectiveness of the Service and marketing activities of third parties; (iv) monitor aggregate website usage metrics, such as total number of visitors and pages viewed; and (v) track your entries, submissions and status on any promotions or other activities on the Service. You can obtain more information about cookies by visiting http://www.allaboutcookies.org .
We take steps to protect the technical information collected for the use of Google Analytics. The data collected will only be used on a need-to-know basis to resolve technical problems, administer the Site and identify visitor preferences; but in that case the data will be in a non-identifiable form. We do not use any of this information to identify visitors or users.
3.6 Additional limits on the use of your Google user data
- The Software will only use access to read, record, modify or control Gmail message bodies (including attachments), metadata, headers and settings to provide a web email client that allows users to compose, send, read and process emails and do not transfer such Gmail data to third parties unless it is necessary to provide and improve these features, comply with applicable law, or be part of a merger, acquisition or asset sale;
- The Software will not use this Gmail data to serve ads;
- The Software will not allow humans to read this data unless we have your affirmative agreement for specific messages; this is necessary for security purposes such as investigating abuse, complying with applicable law or for the Application’s internal operations, and even then only when the data has been aggregated and anonymized.
4. To whom we disclose information
Except as described in this Policy, we will not knowingly disclose Personal Data or Customer Data that we collect or store on the Service to third parties without the consent of the applicable Visitor, User or Customer. We may disclose information to third parties if you consent to do so, as well as in the following circumstances:
4.1 Unrestricted information
Any information you voluntarily choose to include in a Public Area of the Service, such as a public profile page, will be available to any Visitor or User who has access to that content.
4.2 Other users in your corporate account
Certain information regarding the use of the NectarCRM services is available to the administrators of your NectarCRM account and, depending on the settings chosen by the account users, also to other users for the purpose of providing the services from NectarCRM.
4.3 Service Providers
We work with third-party service providers who provide websites, application development, hosting, maintenance and other services for us. These third parties may have access to or process Personal Data or Customer Data as part of providing these services to us. We limit the information provided to these service providers to what is reasonably necessary for the performance of their functions, and our contracts with them require them to maintain the confidentiality of such information.
4.4 Non-Personally Identifiable Information
4.5 Law enforcement, legal process and compliance
We may disclose Personal Data or other information if required by law or in good faith that such action is necessary to comply with applicable laws, in response to a face-to-face court order, subpoena or court order or other government, or otherwise cooperate with law enforcement or other government agencies.
We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive or illegal uses or activities, (iii) investigate and defend against any claims or claims made by third parties, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights to enforce our contracts, or protect the rights, property, or safety of the third.
4.6 Change of ownership
5. Your choices
5.1 Access, correction, exclusion
We at NectarCRM respect your privacy rights and provide you with reasonable access to Personal Data that you may have provided through your use of the Services. If you wish to access or amend any other Personal Data we hold about you, or request that we delete or transfer any information about you that we obtain from an Integrated Service, you may contact us as set out in “How to get in touch with us”. At your request, we will have any references to you deleted or blocked in our database.
You may update, correct or delete your account information and preferences at any time by visiting the account settings page on the Service. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information submitted for backups, archiving, fraud and abuse prevention, analysis, satisfying legal obligations or where we otherwise reasonably believe we have a legitimate reason to do so.
You may refuse to share certain Personal Data with us, in which case we may not be able to provide you with some of the features and functionality of the Service.
At any time, you may object to the processing of your Personal Data on legitimate grounds, unless otherwise permitted by applicable law. If you believe that your right to privacy granted by applicable data protection laws has been violated, please contact the NectarCRM Data Protection Officer at firstname.lastname@example.org. You also have the right to file a complaint with the authorities of protection of data.
5.2 Navigation information
You can choose not to collect browsing information about your site visit by Google Analytics using the opt-out feature of Google Analytics Google Analytics .
5.3 Deactivation of commercial communications
If you receive commercial and marketing emails from us, you can unsubscribe at any time by following the instructions contained in the email or by sending an email to the address provided in the “How to get in touch with us” section.
Please be aware that if you opt-out of receiving commercial emails from us or modify the nature or frequency of promotional communications you receive, it may take up to ten (10) business days for us to process your request. In addition, even after you opt-out of receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.
NectarCRM has no direct relationship with Customer’s customers or third parties whose Personal Data may be processed on behalf of a Customer. An individual seeking to access, or seeking to correct, amend, delete inaccurate data or withdraw consent for further contact must forward his inquiry to the Customer or User which deals directly. If the Customer requests NectarCRM to remove the data, we will respond to your request within thirty (30) days. We will delete, amend or block access to any Personal Data that we are storing only if we receive a written request from the Customer responsible for such Personal Data, unless we have a legal right to retain such Personal Data. We reserve the right to retain a copy of this data for purposes of filing or defending our rights in legal proceedings.
6. Third Party Services
The Service may contain features or links to websites and services provided by third parties. All information provided on websites or third parties services are provided directly to the operators of these services and are subject to those operators’ policies, if there is any, which govern privacy and security, even if accessed through the Service. We are not responsible for the content or the practices and policies of privacy and security of third party websites or services to which links or accesses are provided through the Service. We recommend that you know the privacy and security policies of third parties before providing information.
7. Interest-Based Advertising
Interest-based advertising is the collection of data from different sources and across different platforms in order to predict an individual’s preferences or interests and deliver to that individual, or their computer, smartphone or tablet, advertising based on their presumed preference or inferred interest from the collection of data belonging to that individual or to others who may have a similar profile or interests.
We work with a variety of third parties to try to understand the profiles of people most likely to be interested in NectarCRM’s products or services so that we can send them promotional emails or display our advertisements on websites, mobile devices and applications from other entities.
These third parties include: (a) advertising networks, which collect information about a person’s interests when they view or interacts with one of your advertisements; (2) attribution partners, which measure the effectiveness of certain ads; and (3) business partners, who collect information when a person views or interacts with one of their advertisements.
In collaboration with these third parties, we collect information about our customers, prospects and others over time and across different platforms when they use or interact with those platforms. Individuals can submit information directly on our Sites or on platforms run by third parties or by interacting with us, our advertisements or emails you receive from us or third parties. We may use special tools commonly used for this purpose, such as cookies, beacons, pixels, tags, mobile advertising codes, flash cookies and similar technologies. We may have access to databases of information collected by our business partners.
We, or third parties we work with, use the information collected as described above to understand the various activities and behaviors of our customers, website visitors and others. We, or these third parties, do this for a variety of reasons, including: recognizing new or returning visitors to our Sites; present more personalized content; to provide you with more useful and relevant ads – for example, if we know which ads are shown, we may try not to show them repeatedly; to identify visitors across third-party devices, sales channels and websites, or display or send personalized or targeted advertisements and other personalized content more focused on a person’s perceived interest in products or services similar to those we offer.
Our interest-based ads may be served to you in emails or on third-party platforms. We may serve these advertisements about our products or services or send commercial communications directly to ourselves or through these third parties.
Visitors may opt-out of receiving interest-based advertising by publicity networks that may be delivered to them in our platform and other websites by visiting the following websites: http://www.aboutads.info/consumers ; and http://www.networkadvertising.org .These features will disable a Visitor among many, but not all, interest-based advertising activities in which we or third parties engage.
7.1 The following types of cookies are used on the website:
- Strictly Necessary/Essential Cookies – These cookies are essential to allow you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, the requested services cannot be provided. These cookies do not collect information that identifies a visitor;
- Performance Cookies – These cookies collect information about how visitors use a website, for example, which pages visitors go to most often, and whether they receive error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve the functioning of a website;
- Functionality Cookies – These cookies allow the website to remember choices you make (such as your username, language or the region you are in) and provide you with enhanced and more personal features. For example, a website may provide local weather reports or traffic news by storing the region you are currently in, in a cookie. These cookies may also be used to remember changes made to text size, fonts and other parts of web pages that you can customize. They can also be used to provide requested services, such as watching a video or commenting on a blog. The information collected by these cookies may be anonymous and cannot track your browsing activity on other websites;
- Behaviorally-targeted advertising cookies – These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an ad, as well as help measure the effectiveness of advertising campaigns. They may also be placed by advertising networks with the permission of the website operator. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Often, targeting or advertising cookies will be linked to website functionality provided by another organization.
7.2 Os seguintes cookies são usados no site:
|Nome do Cookie
|Tipo do cokie
|Used to attribute site interactions to the same visitor.
|This cookie is used to determine whether the visitor has visited the site before or is a new visitor to the site.
|Detects the current site’s SEO ranking. This service is part of a third-party statistics and analysis service.
|Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
|Helps identify visitor sessions.
|Integration between Google Tag Manager and Google Analytics.
|Helps reduce traffic rate to Google servers.
|Google / Youtube
|These cookies are set via incorporated YouTube videos.
|Used by Google DoubleClick to record, report and measure user actions with the ad and present you with targeted ads.
|Remember your preferences and other information (preferred language, search results, Google SafeSearch filter activation).
|Used by Google DoubleClick to record, report and measure user actions with the ad and present you with targeted ads.
|LinkedIn ads ID sync.
|Browser identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform.
|Used to save the 2FA state of a logged in user.
|Used to remember the user’s language setting.
|Used to make a probabilistic match of a user’s identity outside designated countries.
|Used to optimize data center selection.
|Used to ensure there is a correct SameSite attribute for all cookies in this browser.
|Identifies browsers for the purpose of providing advertising and website analytics services.
|Identifies browsers for the purpose of providing advertising and website analytics services.
8. Privacy of minors and children
Protecting children’s privacy is especially important. Our Service is not directed to children under the age of 18 and we do not knowingly collect Personal Data from children under the age of 18 years old without obtaining parental consent.
- If you are under 18 years old, do not use or access the Service anytime or in any way;
- If we become aware that Personal Data has been collected on the Service of persons under 18 years old and without consent verifiable by parents, we will take appropriate measures to delete these information;
- If you are a parent or guardian and you discover that your child under 18 has obtained an Account in the Service, you may notify us at email@example.com and request that we delete the Personal Data of this child from our systems.
If you have any questions about this topic, please contact us as indicated in the “How to get in touch with us” section. Please be aware that while we offer this opt-out feature, the removal of content may not guarantee complete or in-depth removal of that content or information.
9. Data security
We follow generally accepted industry standards to protect information sent to us, both during transmission and after we receive it. We maintain administrative, technical and physical safeguards measures to protect Personal Data from accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use TLS technology to encrypt data during transmission over the public internet, and we also employ application layer security features to further anonymize Personal Data.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that this information cannot be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or administrative safeguards. If you believe that your Personal Data has been compromised, please contact us as set out in the “How to get in touch with us” section.
If we become aware of a breach of security systems, we will inform you and the authorities of the breach, in accordance with applicable law.
10. Data retention
We only retain Personal Data collected from a User while the User’s account is active or not for a limited period, as long as it is necessary to fulfill the purposes for which we initially collected them, unless required by law. We will retain and use the information necessary to comply with our legal obligations, resolve disputes and enforce our agreements as follows:
- The content of closed accounts is deleted within three months from the closing date;
- Backups are kept for 3 months;
- Billing information is retained for a period of up to 7 years from your provisions to NectarCRM in accordance with applicable Brazilian accounting and tax laws.
While we may allow you to adjust your privacy settings to limit access to certain Personal Data, please remember that no security measures are perfect or impenetrable. We are not responsible for bypassing any privacy settings or security measures on the Service. In addition, we cannot control the actions of other users with whom you may choose to share your information. Beyond that, even after the information posted on the Service is removed, caching and archiving services may have saved this information and other users or third parties may have copied or stored information available on the Service. We cannot and do not guarantee that information you post or transmit to the Service will not be viewed by persons not authorized.
12. Data transfer
13. Data Protection
The PARTIES guarantee that any and all Treatment of Personal Data carried out within the scope of the Agreement will always be made using a valid, legitimate and appropriate legal basis for the Treatment, in the manner authorized by the applicable legislation, which may be, for example:
- The unequivocal, free and informed consent of the holder, exclusively for the purposes determined in the Agreement;
- The legitimate interest of the controller of the Treatment hypothesis;
- To comply with a regulatory obligation;
- To fulfill the contract signed with the Personal Data owner.
The user declares that he is aware and agrees, as well as he will take all measures to make his partners, employees and customers also aware of all the consents and notices necessary to allow the legal processing of data and about the LGPD. In addition, warn that NectarCRM may have access, use, maintain and process, electronically and manually, information and data provided by Users and their customers (“Protected Data”), exclusively for the specific purposes of providing the Services and using the Platform.
The Parties declare that they are aware of the applicable rights, obligations and penalties contained in the Lei Geral de Proteção de Dados Pessoais (Law 13.709/2018) (“LGPD”), and undertake to adopt all reasonable measures to guarantee, for themselves, as well as its personnel, collaborators, employees and subcontractors who use the Protected Data to the extent authorized in said LGPD.
In the event of improper access, leakage of personal data, or even any violation of the LGPD rules or the rules issued by the ANPD as a result of the execution of this Agreement, the PARTY that has caused the leak will be liable, judicially or extrajudicially, for any damages suffered by the holders of the leaked data, including before the ANPD (Autoridade Nacional de Proteção de Dados – “National Data Protection Authority”).
If any holder of Personal Data Treated by the PARTIES under this contract makes a request to any of the PARTIES in the exercise of their rights provided for in the relevant data protection legislation, for example, but without limitation, request the change, update, correction, access, portability or deletion of your Personal Data, the PARTIES shall communicate this fact immediately to each other and proceed to attend the request made by the holder of the Personal Data free of charge.
The PARTIES recognize that after reaching the purpose of the Treatment regarding the Permitted Uses and/or ending the relationship between the PARTIES, they will destroy the Personal Data or guarantee its effective Anonymization, unless, by legal obligation, it has to keep them, such as obligations arising from sectoral regulations. Furthermore, Personal Data will be excluded from the PARTIES’ systems, upon request from the holders of the respective Personal Data, unless there is any legal or contractual basis for their maintenance, such as a possible legal obligation to data retention or need to preserve the rights of PARTIES.
The Customer or User is the data controller under the terms of Regulation for any Customer Data that contains Personal Data, which means that this party controls the way in which that Personal Data is collected and used, as well as the determination of the purposes and means of processing such Personal Data.
NectarCRM is not responsible for the content of Personal Data contained in Customer Data or other information stored on its servers (or on the servers of its subcontractors), at the discretion of the Customer or User, nor is NectarCRM responsible for the manner in which the Customer or User collects, handles the disclosure, distributes or processes this information.
14. Secrecy, Confidentiality
By virtue of this instrument, the parties may have access to information that is protected by commercial secrecy, and both must maintain secrecy and treat as confidential any and all information oral, written or codified, obtained as a result of the provision of services, being prohibited any form of disclosure, partial or complete, of this information to any third party or even its use for any purpose, jointly or not, with any supplier, representative, customer or competitor (current or potential) of either party, without its express authorization, regardless of whether it results in harm or benefit.
-Will be considered confidential information that:
a) are not available to the public;
b) were not made available to the public by the owner of the information;
c) were not known to any of the parties before having access to certain information under this contract;
d) don’t have their disclosure determined by court order or administrative authority in the exercise of their powers;
e) do not come to the knowledge of any of the parties of different origin of this contract.
If any relevant information of a confidential nature arrives unduly comes to the knowledge of third parties, through a negligent or malicious act of any of the Parties and/or any other persons under their responsibility, such occurrence will be considered an infraction by the party involved, with the appropriate consequences.
The expressly authorized use, by a given Party, of information of a confidential nature to which it has access due to of this tool, held by the other Party and/or by any other company directly or indirectly related to it, will cease at the same time in which the discontinuance of service provision (campaign, promotion, publicity and/or advertising) linked to information of a confidential nature whose use has been authorized is requested; or due to the termination of this contract.
The conditions set forth will also affect business models, market strategies, commercial standards or projects of a commercial nature that may be presented to the other party, obliging the recipient of the information to maintain due confidentiality, not being able to appropriate such information, present, sell or negotiate with third parties, or in any way take advantage, for yourself or for others, of such information, for the entire contractual and post-contractual period, as defined in the caput.
The information and data used by NectarCRM are the exclusive property of its users, and NectarCRM is fully responsible for the correct use that its employees, agents or appointed third parties may make of such information, including preventing any cession, commercialization or duplication undue. The same responsibility extends to the results, reports and any other documents, equally the exclusive property of its users.
15. Changes and updates to this policy
Please review this page periodically to be aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, indicate the date of the last revision, and comply with applicable law. Your continued use of the Service after the revised Policy takes effect indicates that you have read, understood and agreed to the current version of the Policy.
16. How to get in touch with us
This Policy is incorporated into and subject to the NectarCRM Terms of Service. Capitalized terms used but not defined in this Policy have the meaning given to them in the Terms of Service of NectarCRM.