745 Atlantic Ave, Boston, MA 02111, USA
Funderful contact email: hello[at]funderful.com
Effective date: May 25, 2018
Customer Data – any Personal Data that Funderful processes on behalf of Customer as a Data Processor in the course of providing Services
Data Protection Laws – all data protection and privacy laws applicable to the processing of Personal Data under the Agreement, including, where applicable, EU Data Protection Law
Data Controller – an entity that determines the purposes for which and the means by which Personal Data is processed
Data Processor – an entity that processes Personal Data on behalf of the Data Controller
Data Subject – an identified or identifiable natural person
EU Data Protection Law – (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive”) and on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation, hereafter – “GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (as may be amended, superseded or replaced)
Personal Data – any information relating to a Data Subject
Services – any product or service provided by Funderful to Customer pursuant to the Agreement
Subprocessor – any third party Data Processor engaged by Funderful to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement
1. Processing of Customer Data
1.1. As between Funderful and Customer, Customer is the Data Controller of Customer Data, and Funderful shall process Customer Data only as a Data Processor acting on behalf of Customer.
2. Types of Data collected
2.1. Among the types of Personal Data that Funderful collects (by itself or through third parties), there are:
- Customer and Users: identification, publicly available social media profile information, e-mail, IT information (IP addresses, usage data, cookies data, navigation data, browser data); financial information (credit card details, account details, payment information).
- Subscribers: identification and publicly available social media profile information (full name, gender, geographic location, picture), chat history, navigation data (chatbot usage information) and other data submitted, stored, sent or received by end users and other personal information, the extent of which is determined and controlled by the Customer in its sole discretion.
2.3. Failure to provide certain Personal Data may make it impossible for Data Controller to provide its services.
2.4. Data Controller is responsible for any Personal Data of third parties obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to this Application.
3. The use of the collected Data
3.1. The Customers Data is collected to allow the Data Processor to provide its Services to Data Controller.
3.2. Customer agrees that it shall comply with its obligations as a Data Controller under Data Protection Laws in respect of its processing of Customer Data and any processing instructions it issues to Funderful, and it has provided notice and obtained (or will obtain) all consents necessary under Data Protection Laws for Funderful to process Customer Data and provide Services pursuant to the Agreement.
3.4. Funderful can use Customer’s information if justified by legitimate interests . The usage of the information may also be necessary for our Company’s business interests, including but not limited to evaluate and review Company’s business performance, create financial statements, improve Services or to identify potential cyber security threats. Funderful is obligated to retain certain information because of legal requirements, e.g, commercial or tax laws.
3.5. Funderful may use Customer’s email address and names for own email marketing campaigns. Customer can object to this use at any time by following the link to unsubscribe at the bottom of the marketing emails.
4.1. Customer agrees that Funderful may engage Subprocessors to process Customer Data.
4.2. Information about Funderful’s Subprocessors is available in Appendix 1 below and may be updated by Funderful from time to time. Customer hereby authorizes these specific Subprocessors.
4.3. When requested by the Customer, Funderful shall make available to Customer current list of all Subprocessors used for the processing of Customer Data.
5. Mode and place of processing the Data
5.1. The Data Controller processes the Data of prospective users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
5.2. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, client customer manager) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of these parties may be requested from the Data Controller at any time.
6. Data Retention time
6.1. The Data is kept for the time necessary to fulfil the purposes for which we collect the personal information, in accordance with our legal obligations and legitimate business interests, or stated by the purposes outlined in this document, and the Customer can always request that the Data Controller suspend or remove the data.
7. Facebook permissions asked by this Application
8. The rights of Data subjects
8.1. Data Subjects have the right, at any time, to exercise their rights under the Data Protection Laws with respect to Personal Data (including access, rectification, restriction, deletion or portability of Personal Data, as applicable), to the extent permitted by the law.
8.2. Funderful will provide reasonable assistance, including by appropriate technical and organizational measures and taking into account the nature of the Processing, to enable Customer to respond to any request from Data Subjects.
8.3. Requests should be sent directly to the Data Controller, who shall be solely responsible for responding to any Data Subjects’ requests.
9. Data Breach
9.1. Funderful shall, to the extent permitted by law, notify Customer upon Company or any Subprocessor becoming aware of a Data Breach affecting Customer Data. Company will reasonably investigate the situation and take other steps, in accordance with any applicable laws and regulations.
10. Additional information about Data collection and processing
10.1. The Customer’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services. The Customer declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.
11. Additional information about Customer’s Personal Data
11.2. For operation and maintenance purposes, Funderful and any third party services may collect files that record interaction with the Application (System logs) or use for this purpose other Personal Data (such as IP Address).
11.3. This Application does not support “Do Not Track” requests.
For providing quality services to the Customer Funderful engages carefully selected Subprocessors, who provide following services, but not limited to:
- Online social media and social networking services;
- Cloud communication services;
- Customer support software services;
- Email server and automation software services;
- Hosting services;
- Payment and billing software services;
- Communications software services;
- Issue tracking software services.