PRIVACY POLICY

Updated: 30 August 2017

At Tooltip we are committed to maintaining the confidentiality and security of any personal information about our Customers, their employees and users. Privacy protection is always at the top of our priorities, and we are focused on protecting it from unauthorized access. This Privacy Policy supplements our Service Agreement and spells out how we collect, use, and disclose information from or about you through our products and services.

Users can access our services (the “Service”) via our website www.tooltip.io, customer domains, applications on Devices, APIs, and third-parties. A “Device” is any device used to access the Tooltip Service, including without limitation a computer, mobile phone, tablet, or other electronic device. By using
our Service you are consenting to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy. The use of information collected through our services shall be limited to the purpose of providing the service for which our customers (“Customer”) have engaged Tooltip.

Information we collect and store

Information you provide

When your account is created, we securely collect some personal information, such as your name, email address, phone number, credit card or other billing information.

Log data

When you use our Service, we automatically collect certain information from your Device, its software, and your activity using the Services. This may include, for example (but without limitation), the Device's Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, domains where you use our services, information you search for on our website and inside our products, locale preferences, identification numbers associated with your Devices, date and time stamps associated with transactions, system configuration information, metadata, and interactions with the Services and products.

Cookies

We also use “cookies” to collect information, provide and improve our Services to you. A cookie is a small file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to the Service.

We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service, to monitor aggregate usage and web traffic routing on the Service, and to enable third-party vendors, including Google, to serve ads based on someone's past visits to our website. This also enables third-party vendors, including Google, to show our ads on sites across the internet. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.

Our affiliates use cookies to make it easier for us to gather analytics about product usage and to help us provide interactive support for our users. The use of cookies by our affiliates is not covered by our privacy policy. We do not have access or control over these cookies.

Information about your users

As part of our Services you may install our products on your domains. In this case we also use “cookies” and other means to collect information about your users, but only to the extent necessary for us to provide our services to you. This information typically includes, but is not limited to, your users' location (based on their device IP address), device language preferences and previous activity with our Service.

We never deliberately collect personally identifiable information about your users. All data is aggregated and impersonalized, and is discarded once it's no longer needed to provide our Service.

How we use personal information

Personal information

In the course of using the Service, we may collect or otherwise obtain information that can be used to contact or identify you (“Personal Information”).

Personal Information is or may be used: (i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to recommend follow-up reminders, assign tasks, or personalize the service, and (iv) to provide or offer software updates and product announcements.

Analytics

We also collect some information (ourselves or using third party services) that requires using logging and cookies, such as IP address, which can sometimes be correlated with Personal Information.

We use this information for the above purposes and to monitor and analyze use of the Service, for the Service's technical administration, to increase our Service's functionality and user-friendliness, to verify users have the authorization needed for the Service to process their requests, and for advertising purposes.

As of the date this policy went into effect, we use Google Analytics. Visitors can opt out of Google's use of cookies for advertising purposes by visiting Google's Ads Settings.

Learn more about the privacy policy of Google Analytics and how to opt out.

Sharing information and Disclosure

Data Retention

Our intention is to retain your information for as long as your account is active or as needed to provide you with the Services. If you wish to cancel your account or request that we no longer use your information to provide you Services, you may delete your account.

We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it.

Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion. In addition, we do not delete information from our servers files if you have that information in common with other users.

No Sale of Personal Information

We do NOT sell Personal Information to third parties. Period.

Service Providers, Business Partner and Other parties

We may use certain trusted third-party companies and individuals to help us provide, analyze, and improve the Service (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service's features).

These third parties may have access to your information for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy. As of the date this policy went into effect, we use Amazon's storage service to store some of your information (for example, your files).

More information on Amazon data security 

Third-Party Products or Services

As of the date this policy went into effect, Tooltip has never in the past and does not intend to share your information with a third-party product or service.

In the future, with your consent, we may share your information with a third-party product or service (for example when you choose to access our Services through such a product or service).

We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy that is acceptable to you.

Compliance with Laws and Law Enforcement Agencies Requests

We may disclose to third parties data stored in your account and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation, or compulsory legal request, such as to comply with a subpoena; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Tooltip or its users; or (d) to protect Tooltip's rights.

If we provide any data stored in your account to a law enforcement agency, we will remove Tooltip's encryption from the information before providing it to law enforcement.

Business Transfers

If Tooltip is involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, but we will notify you (for example, via email, sign in notification, and/or a prominent notice on our website) if that happens or if your information otherwise becomes subject to a different privacy policy in lieu of this one. We will also notify you of choices you may have regarding the information.

Changing or Deleting Personal Information

If you are a registered user, you may review, update, correct, or delete certain Personal Information provided in your registration or account profile by changing your account settings.

If your personally identifiable information changes, or if you no longer desire our Service, you may update or delete it by making the change in your account settings, although (in some cases) we may retain copies of your information if required by law, to protect our rights, or if it is not technically reasonably feasible to remove it.

For questions about your Personal Information on our Service, please contact us at privacy@tooltip.io 

Changes to Privacy Policy

Data Retention

If we make a change to this privacy policy, we will provide you with notice (for example, by email, a sign-in notification, or some other means) prior to the change becoming effective.

By continuing to use the Service after those changes become effective, you are agreeing to be bound by the revised Privacy Policy.

Data Processing Agreement

Data Processor Status

Within the scope of this Service Agreement, Tooltip shall act as a Data Processor and Customer shall act as Data Controller.

By using Tooltip Service Customer recognizes Tooltip as a Data Process and hereby contracts Tooltip services in said capacity, in compliance with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Processing of Customer Data

Customer hereby instructs Tooltip to process Customer Data.

Tooltip will comply with all applicable data protection laws in the processing of Customer Data; and not process Company Data other than on the relevant Company’s documented instructions, apart from the scrope of Tooltip's Services to Customer.

Data Processor Personnel

Tooltip Personnel shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any other Contracted Processor who may have access to the Customer Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Customer Data, as strictly necessary for the purposes of providing Tooltip Service to Customer, and to comply with applicable laws in the context of that individual's duties to Tooltip, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

Data Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of data processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Tooltip shall in relation to the Customer Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

In assessing the appropriate level of security, Tooltip shall take into account in particular, the risks that are presented by data processing, specifically a personal data breach.

Subprocessing

Tooltip shall not appoint (or disclose any Customer Data to any Subprocessor unless required or authorized by the Customer.

Data Subject Rights

Taking into account the nature of data processing, Tooltip shall assist the Customer by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer obligations, as reasonably understood by Customer, to respond to requests to exercise Data Subject rights under the data protection laws.

Tooltip shall:

promptly notify Customer if it receives a request from a Data Subject under any data protection law in respect to Customer Data; and

ensure that it does not respond to that request except on the documented instructions of Customer or as required by applicable laws to which Tooltip is subject, in which case Tooltip shall to the extent permitted by applicable laws inform Customer of that legal requirement before Tooltip responds to the request.

Personal Data Breach

Tooltip shall notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Data, providing Customer with sufficient information to allow the Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the data protection laws.

Tooltip shall co-operate with the Customer and take reasonable commercial steps as are directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

Data Protection Impact Assessment and Prior Consultation

Tooltip shall provide reasonable assistance to the Customer with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Customer reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other data protection law, in each case solely in relation to processing of Customer Data by, and taking into account the nature of the data processing and information available to Tooltip as Data Processor.

Deletion or Return of Customer Data

Subject to this Service Agreement, Tooltip shall promptly and in any event within 30 days of the date of termination of any Services involving the processing of Customer Data, delete and procure the deletion of all copies of said Customer Data.

Audit

Tooltip shall make available to the Customer on request all reasonable information available to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the processing of the Customer Data.

Information and Audit rights of the Customer only arise to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of data protection law.