NOTE TO CUSTOMER END USERS
Our Services allow Customers to create automated workflows, sometimes using application programming interfaces, or APIs. A Customer may use our Services to store Customer End User Personal Data and to transmit Customer End User Personal Data to other data processors. We do not control Customer use of the Personal Data they collect from End Users in connection with the Services.
Customers may store and transmit information using the Services which may include:
- name, email address, physical address, phone number, and other similar contact information;
- payment information, including credit card and bank account information;
- information about location;
- information about a Customer End User organization and contacts, such as colleagues or people within your organization;
- usernames, aliases, roles, and other authentication and security credential information;
- content of feedback, testimonials, inquiries, support tickets, and any phone conversations, chat sessions and emails with or to us;
- images (still, video, and in some cases 3-D), voice, and other identifiers that are personal.
- information regarding identity, including government-issued identification information;
- corporate and financial information; and
- VAT numbers and other tax identifiers.
If you are a Customer End User and desire to exercise any of your rights with respect to your Personal Data, please contact the Customer directly, and we will cooperate with them with respect to any lawful request.
CATEGORIES OF PERSONAL DATA WE COLLECT
For anyone who visits the Site, we may collect information automatically using web tracking technologies such as cookies, web beacons, pixel tags, clear GIFs and third party tracking services in order to ensure that the Site and Services operate efficiently and to collect data related to usage of the Site and Services such as, but not limited to, the IP Address, browser type, language preference, referring site, and the date and time of each visitor or Customer request.
Cookies: If you access the Services, we may use a technology called "cookies." A cookie is a piece of information that the computer that hosts our Services gives to your browser when you access the Services. Our cookies help provide additional functionality to the Services and help us analyze Services usage more accurately. For instance, our Services may set a cookie on your browser that allows you to access the Services without needing to enter a password more than once during a visit to the Services. Our cookies will not collect Personal Data except with your permission. On most web browsers, you will find a "help" section on the toolbar. Please refer to this section for information on how to receive notifications when you are receiving a new cookie and how to turn cookies off. We recommend that you leave cookies turned on because they allow you to take advantage of the full capability of our Services' features.
"Web Beacons" (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user's device, web beacons are typically embedded invisibly on web pages (or in an e-mail).
If you are a visitor considering subscribing to the Services and make any inquires to us regarding your interest, we will collect your name, email address and other contact information you provide us with in order to respond to your inquiry.
With respect to Customers, when you register or purchase our Services, we collect the name, business you work with, email address, mailing address and password to provide you with access to the Services. Our payments processor will collect your billing information (credit card information, address, and name) to process the payments for the Services.
To use the Services, our software will need to connect with the various online third-party services you want us to integrate with ("Third-Party Services"), so we will need to collect the usernames and passwords for such Third Party Services ("Login Credentials").
We also will collect the IP address, device ID, browser data, location, and the website that directed you to the Site in connection with your account information and use history to administer the Services, provide support, improve your experience and monitor the Services for fraud, misuse and other reasons permitted by law.
HOW WE USE YOUR PERSONAL DATA
Providing the Services
We use Personal Data to provide the Services, process payments and provide customer support for Customers. If you provide Personal Data for a certain reason, we may use the Personal Data in connection with the reason for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem. Also, if you provide Personal Data to obtain access to the Services, we will use your Personal Data to provide you with access to the Services and to monitor your use of the Services. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (c) and (f) of the GDPR.
Direct Marketing and Improvement of the Services and Site
Paragon and its subsidiaries and affiliates (the "Paragon Related Companies") may also use your Personal Data and other personally non-identifiable information collected through the Services to help us improve the content and functionality of the Services, to better understand our users and to improve the Services. Paragon and its affiliates may use this information to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each communication we send you will contain instructions permitting you to "opt-out" of receiving future communications. In addition, if at any time you wish not to receive any future communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below. For persons located in EEA lawful basis in the processing of such Personal Data is under Article 6.1 (f) of the GDPR.
Detecting of Fraud and Misuse
We review logs and Personal Data to detect fraud, misuse, illegal activity or violation of our terms. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (d) and (f) of the GDPR
Third-Party Service Integration
Our Services allow Customers to integrate and create commands for Third-Party Services. To take advantage of this feature, Customers may need to authenticate, register for or log into Third-Party Services through the Services or on the websites of their respective providers. When a Customer logs into Third-Party Services through the Services, or enables linking between Third-Party Services and the Services, we will collect relevant information necessary to enable the Services to access those Third-Party Services and Customer data and content contained within those Third-Party Services ("Login Credentials"). We store Customer Login Credentials long enough to enable linking to the Third-Party Services.
We may retain certain personally non-identifiable information related to the data or content linked between Third-Party Services (for example, date sent, link configuration, names of the Third-Party Services), for the purpose of improving our Services and as described below in the "Aggregated Personal Data" section. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (c) and (f) of the GDPR.
Aggregated Personal Data
In an ongoing effort to better understand and serve the users of the Services, Paragon often conducts research on its Customer demographics, interests and behavior based on the Personal Data and other information provided to us, such as company size and location, industry, job titles, and Site usage analytics. This research may be compiled and analyzed on an aggregate basis, and Paragon may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally, and we do not collect or use such data on Customer End Users. Paragon may also disclose aggregated user statistics in order to describe our Services to current and prospective business partners, and to other third parties for other lawful purposes.
SHARING OF PERSONAL DATA WITH THIRD PARTIES
Paragon will not sell or rent to any third party any of the Personal Data that Customers provide to us. We share Personal Data as set forth below.
Paragon is not in the business of selling your Personal Data. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
Third Party Integrations
We will share Customer login data and Personal Data of Customer End Users in order to provide the Services as instructed by Customer.
Your Paragon Team Members
If you are invited to join a Paragon team account, and you accept the invitation, you are agreeing that certain of your Personal Data will be shared with the team account holder and other team members. In particular, the team account holder will have access to your name, email address, avatar (if any) and task usage, and other team members will have access to your name, email address and avatar (if any). Any Personal Data you share via a team account, including workflows you create or Third-Party Services you link to, will be available to all team members of the team account you have joined. To remove yourself from a team, please contact us at firstname.lastname@example.org and we will confirm removal before implementing.
Law Enforcement and Internal Operations
We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as payments processing software maintenance, data hosting, sending email messages, etc. We have to share your Personal Data with such third-parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have Binding Corporate Rules or other acceptable legal basis for transfer and protection of Personal Data.
Third Parties Collecting Data on Our Behalf
We currently use the subprocessors listed at: https://security.useparagon.com/#subprocessors
TRANSFER OF DATA
If you are providing your Personal Data to us directly to use our Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.
It may be possible to visit the Site without providing any Personal Data. However, if you choose not to provide any Personal Data, you may not be able to use certain Services.
Changing, Updating and Removing Personal Data
You may correct, update, amend, remove, or ask to have your Personal Data removed by making the change on your user account settings page dashboard within your account, or by contacting us at email@example.com.
Generally speaking, we will still retain your Personal Data for as long as your account is active, as needed to provide you the Services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. While we will remove Personal Data from use in connection with the Services, will retain Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements or as otherwise required by law.
Removal from Communications
You can choose at any time to opt out of receiving marketing communications from us by following the removal instructions on the bottom of our communications to you.
The Personal Information that you provide can be accessed at any time through your account, or you can contact our customer support at firstname.lastname@example.org if you need help accessing your account.
Choices for EU, UK AND EEA Residents
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following additional rights:
Right to Withdraw Consent
You have the right to withdraw consent where such consent is required to share or use data, and you may request that we delete your Personal Data.
If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings.
Right to be Forgotten
As detailed above, you can delete your Personal Data by logging into your account and deleting your account or, to the extent required by law, you may request to do so at email@example.com subject to our confirmation of your identity. However, since your Personal Data is required for us to provide the Services to you, deleting it or making such a request will also terminate your access to the Services. Deleting your Personal Data does not mean that all of it will be removed. We take steps to delete Personal Data and content that is no longer necessary in relation to provide the Services by deleting it within 12 months of you terminating your account.
If you are located in the EEA and wish to make a request for removal (Right to Be Forgotten), you may contact us at firstname.lastname@example.org:
If we are legally required to comply with such a request, we will confirm your identity and delete your personal data in such time frame as required by law.
We may be required by law or to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Services. We may de-identify and anonymize some data for purposes of retaining it.
If you are located in the EEA or the UK and you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.
California Privacy Rights
If you are a resident of the State of California, you have the following rights:
- to request we grant you access to your Personal Data that we collect, use, disclose, or sell (if applicable) about you;
- to request that we delete Personal Data about you;
- to opt-out of the sale of Personal Data, if applicable;
- to non-discriminatory treatment for exercise of any of your data protection rights; and
- If you request that we grant you access to your Personal Data, you have the right that such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.
Exercising Your Rights: You may be able to delete or change your information within your account dashboard. California residents can also exercise the above privacy rights by emailing us at: email@example.com.
Verification: in order to protect your Personal Data from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not provide or delete your Personal Data.
Authorized Agents: you may submit a request to know or a request to delete your Personal Data through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us.
LINKS TO OTHER WEBSITES
We are very concerned with safeguarding your information. Paragon takes reasonable steps and has organizational and technical measures in place intended to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, including encrypting, logins, metadata and other data stored by Paragon or transmitted via the Services including, but not limited to restricting access to Personal Data and encryption of data in transit and at rest as well. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to Paragon via the Services.
Your access to and use of the Services is subject to the Terms of Service at https://useparagon.com/terms-of-service/.
You may contact us at firstname.lastname@example.org.