Privacy Policy

Reportz Privacy Policy

This privacy policy was last updated on May 31st, 2018

Reportz (“we“, ” us“ or ” our“) is a marketing KPI dashboard software developed by Four Dots DOO/a Four Dots. We are committed to lawful, transparent and fair handling of your personal data and your data privacy. Please read our privacy policy carefully to understand our practices regarding your personal data and how we will treat it. Since our lawful bases for collecting data are covered in our Reportz Legal Obligations section, and details on how we handle cookies in the Reportz Cookies Policy page, this privacy policy will illustrate your rights as a user, and explain what security measures we are taking in order to protect your data.

This privacy policy applies to your access to and use of:

• the website reportz.io (“Website”,”Service”) including all content, services and products available at or through the website.
• Reportz web app

(together the “Platform”, “Service”, “Website” )

This privacy policy, along with our Cookie Policy, sets out the basis on which any personal data we collect from you, or that you provide to us will be processed by us.

By accessing and/or using the Website, you are accepting and consenting to the practices described in this policy. This Privacy Policy is only applicable to the Website and Services available thereon, and not applicable to any other sites that you may be able to access from our Website via links, each of which may have data collection, storage, and use practices and policies that differ materially from this Privacy Policy.

Contact information Four Dots

Four Dots DOO, Mileticeva 28, 21000 Novi Sad, Serbia

Email: [email protected]

Contact information Reportz

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [email protected].

Definitions

Personal data – is any information relating to an identified or identifiable natural person (‘data subject’). In a nutshell, any data that can identify or point in the direction of a living person.

Usage Data – is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Processing – is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.

User/Client Data – for any personal data you upload, transmit or connect while using Reportz services – the natural person or persons to which this data relates are your data subjects and you are data controller. In our Terms and Conditions and Privacy Policy, we refer to this data as User/Client Data.

Authorised Users – employees, agents, consultants or independent contractors of the client who are authorised by the client to use the Services and the documentation

Controller – can be the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Reportz is a controller when handling data provided by our newsletter subscribers; data needed to communicate with our clients; and usage data meant to help us optimize the Website for our users.

Processor – can be a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Reportz is a processor, for instance, when analyzing User/Client Data to provide our clients with the the services they requested.

Using Reportz to manage your data means that you have engaged Reportz as a data processor to carry out certain processing activities on your behalf.

About this Policy

This Policy details:

What personal information do we collect

How do we collect your information

How long will Reportz retain your data

How do we use the collected data

Reportz as a processor of User/Client Data

Who processes your information

Third party service providers

How do we protect your data

What do we do in case of data breach/loss

Where and how is your data stored

What are your rights regarding your personal data we process or control

Security

Our policy regarding minors and date relating to them

Links to other websites

Do Not Track

Privacy Policy updates and changes

What personal information do we collect, how do we collect it, and how long do we keep it

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

1) Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

• Email address – Needed for us to contact you, send newsletters, report issues with your data, and prevent abuse. Under the Legitimate interest lawful basis, we sometimes retain customer emails, so as to prevent the abuse of our free trial system, as elaborated on our Legal Obligations page.
• First name and last name – Needed for us to contact you, send newsletters, report issues with your data, and prevent abuse. We delete this data as soon as it’s no longer needed
• Cookies and Usage Data – We use cookies in order to provide a better service or identify which pages on the Website are of special interest. A cookie is a small piece of information which a website stores on your web browser and which can later be retrieved. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

If you have previously opted in to receive these types of communiqués from us, we may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

2) Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. This data is not shared with others and is only used to help us provide our users with a better browsing experience. The data is periodically reviewed and erased or anonymised when no longer needed.

3) Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier.

Cookies are sent to your browser from a website and stored on your device. They are used to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.
• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
• Security Cookies. We use Security Cookies for security purposes.

4) Integration Data

When authorizing any of the integrations offered with the service, our code will have access to any data made available by the integrations API. If the integration requires a specific set of permission scopes to be authorized by the user, the API data accessed will also be limited to these scopes.

Data retreived from certain integrations may be cached for a short period and may be stored on our servers to improve the deliverability of data with the service.

The data obtained from integrations will only be used in the dashboard and reports that you and your users have access to. The data is not used internally or any place that you do not have access to.

Reportz will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

How do we use the collected data

We use this data to provide you with information and services that you request or subscribe to; to send you information about our company or our products or services, or to contact you when necessary (i.e. notices relating to the Service; service alerts; respond to your questions and concerns). We also use your personal data to bill you for our paid Services. While we reserve the right to send you email concerning your account billing status and service alerts, you may opt out of our general marketing and promotion emails.

Reportz as a processor of User/Client Data

Depending on the context of personal information you provide, Reportz may be the data controller (“controller”) or data processor (“processor”) of your personal information under this policy. Reportz is a processor of Client Data, personal information submitted to the Service or collected through the Service on behalf of or at the direction of subscribers.

Article 28 of the GDPR specifies that the relationship between the controller and the processor should be made in writing (electronic form is acceptable under subsection (9) of the same Article). Reportz’ Terms and Conditions and Privacy Policy serve as your data processing agreement, setting out the instructions that you are giving to Reportz with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. Reportz will only process your Client Data based on your written instructions as the data controller unless required by law to act without such instructions.

You or other authorised users of Reportz may upload and transmit Client Data as part of the Service that contains personal data relating to you or other individuals. We do not view or control such Client Data and simply process the Client Data on behalf or you or the owner of the Application in accordance with our Terms and Conditions. You expressly acknowledge that you or the person uploading, connecting or transmitting the Client Data (as applicable) retain sole responsibility for the Client Data and for obtaining all relevant consents, from the individual to which any personal data contained within the Client Data relates, to the processing of that personal data as part of the Service, and that such personal data is not covered by this Privacy Policy. Client Data is processed in the EEA and in the US. It is the responsibility of the Client to ensure that it has a suitable privacy policy in place to cover the transmission and processing of the Client Data and any personal data that it contains.

Who processes your information

We may disclose your personal data to the following persons:

1. Disclosure of information within Reportz: We limit access to your personal data to employees who reasonably need to process such information as described under this policy. In this situation we:

• shall take commercially reasonable steps to ensure the reliability and appropriate training of any Authorized Employee.
• shall ensure that all Authorized Employees are made aware of the confidential nature of Personal Data and have executed confidentiality agreements that prevent them from disclosing or otherwise processing, both during and after their engagement with processor, any Personal Data except in accordance with their obligations in connection with the Services.
• shall take commercially reasonable steps to limit access to Personal Data to only Authorized Individuals.

2. Disclosure of information to particular third parties: We may disclose your personal data to the following third parties:

• other members of our group (which means our subsidiaries, our parent company and its subsidiaries, for the purposes outlined in this Privacy Policy
• to contractors, service providers such as Intercom, and other third-parties we use to support our business. These entities have to be GDPR compliant, are bound by contractual obligations to keep personal information confidential and can use it only for the purposes for which we disclose the information to them.

3. Disclosure of information in certain circumstances: We may also disclose your personal data:

• in the event we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or asset;
• if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligations, or in order to enforce or apply our terms for use of the Reportz Website and other agreements; or to protect the rights, property or safety of Reportz, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Beyond this, we will not share your personal data with any other person without your consent.

Third party service providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We may use third-party Service Providers for:

1) Monitoring and analyzing the use of our Service

• Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

• Hotjar

Hotjar is used to track and record user behavior on our Website, and is meant to help us improve our service. You can view their GDPR compliance page here https://www.hotjar.com/legal/compliance/gdpr-commitment.

2) Payments processing

• FastSpring

We may provide paid products and/or services within the Service. In that case, we use a third-party service for payment processing – FastSpring.

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.

3) Customer management and communication

• Intercom

We use Intercom to communicate with our customers and provide them with necessary support.

You can review their GDPR compliance info here.

• Mailchimp

Used to reach our customers with newsletters, Website updates and promotional emails they have consented to. You can learn more about their adherence to GDPR by visiting this page.

4) Data Sources Integrations

Apart from these third party providers mainly acting as data controllers, Reportz offers a number of data sources integrations. The list of these integrations, along with the links to their Privacy Policies or GDPR compliance pages, is below:

Google Products

When you connect any of your Google accounts, we only store the associated email or account name so you can find it easier and both token and refresh token in encrypted form.

When you create a widget and pull some data we might cache that data for faster loading in which case we use pseudonymization. When pulling your reporting data, we might also fetch your account currency setting for data formatting purposes (where applicable).

We never access your data without your interaction except for caching purposes which only applies to the reporting data eg. data you see in widgets.

• Google Analytics

Scope: https://www.googleapis.com/auth/analytics.readonly

When creating or editing a widget, Reportz will pull your Properties, Views, Segments, Custom Dimensions and Custom Metrics data for that purpose only. When a widget is created we pull your reporting data based on the selected options from the form.

• Google Search Console

Scope: https://www.googleapis.com/auth/webmasters.readonly

When creating or editing a widget, Reportz will pull your Sites for that purpose only. When a widget is created we pull your reporting data based on the selected options from the form.

• Google Sheets

Scope: https://www.googleapis.com/auth/drive.readonly

When creating or editing a widget, Reportz will pull your Spreadsheets, Sheets and selected Sheet data and metadata for that purpose only. When a widget is created we pull your Sheet data and metadata based on the selected options from the form.

• Google Ads

Scope: https://www.googleapis.com/auth/adwords

When creating or editing a widget, Reportz will pull your Ad Accounts (Customers), Campaigns and Ad Groups for that purpose only. When a widget is created we pull your reporting data based on the selected options from the form.

• Google My Business

Scopes: https://www.googleapis.com/auth/plus.business.manage

When creating or editing a widget, Reportz will pull your Accounts and Accounts Locations for that purpose only. When a widget is created we pull your reporting data based on the selected options from the form.

Mailchimp

When creating or editing a widget, Reportz will pull your account data such as data for campaigns, audiences, reporting, and e-commerce for that purpose only. Apps will not have access to your account settings, billing data, or user management information. When a widget is created we pull your reporting data based on the selected options from the form.

Other Sources

• Ahrefs
• Rank Ranger
• SEMrush
• Facebook Ads
• Facebook Social
• Instagram
• Serpstat
• Salesflare

How do we protect your data

In order to ensure the correct use of information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the information we collect in association with the Service. Please be aware, however, that no data transmissions over the Internet or other networks can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security or integrity of any information you transmit to us or that you authorize us to collect on your behalf. You transmit information to us, and authorize us to collect information on your behalf, at your own risk. Once we receive your information, we make reasonable efforts to protect it from unauthorized access, disclosure, alteration, or destruction. If you have any questions about security on our Site, you can contact us at [email protected].

What do we do in case of personal data breach

If we are the data controller, when Reportz learns of a security systems breach which is likely to result in a high risk to their rights and freedoms, we will attempt to notify the data subject electronically within 72 hours so they can take appropriate protective steps. If we are the data processor, we will attempt to inform the controller of the breach, without undue delay. Reportz may post a notice through the Service if a security breach occurs. If this happens, you will need a web browser enabling you to access the Service. Reportz may also notify you via email in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

Where and how is your data stored

Your information collected through Reportz Services may be stored and processed in the United States, Europe, or any other country in which Reportz or its subsidiaries, affiliates or service providers maintain facilities. Reportz may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Economic Area (EEA) or other regions with laws governing data collection and use, please note that we will generally not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.

If such transfers to countries without an adequacy decision by the European Commission turn out to be necessary, Reportz puts appropriate safeguards through contractual obligations.

What are your rights regarding your personal data we process or control

As a data subject, ie. someone whose personal data we are using, you have the following rights (some of which are relevant to us only when we are in the position of data controller):

Right to be informed

Refers to your right to be informed if we start collecting your data, why we are collecting it and where the data is coming from, in a timely and clear fashion. As consent or contract are the most common basis for our data collection, in most cases, where required, we will ask for your consent before starting to keep any kind of track of your data. Depending on the data we need and the type of our relationship with the data subject in question, we will ask for their consent through a site pop-up, an email, or another appropriate method.

Right of access

Should you send a request to access your data, held by us, we have one month to comply. You can make the request verbally, or in writing, and are to be granted access to your data without having to pay us a fee. You can make the request at [email protected].

Right to rectification

If you feel that some of your personal data that we are storing is incorrect, you can make a verbal or written request to have us make the necessary corrections. We maintain a procedure in order to help you confirm that your Personal Information remains correct and up-to-date. We have one month to respond, but can also contest that the data is accurate and that there is no need for correction, should we determine there is grounds for such refusal to comply.

Right to erasure – right to be forgotten

If you want your data removed from our database, you have the right to demand it be erased. If your written or verbal request is valid, we will have one month to comply to it. You can ask for data to be erased if we obtained it on the grounds of your consent and you are no longer willing to provide it; if we no longer need it for whatever it was originally needed for, and in a number of other cases. The only exception to this being us keeping your email address in a separate database to prevent abuse, on the grounds of legitimate interest lawful basis.

Reportz will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Reportz will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. You can make the request at [email protected].

Right to restrict processing

Where personal information is subjected to restriction in this way we will only process it with your consent or for the establishment, exercise, or defence of legal claims. This right includes restricting the processing of your personal information to only include storage of your personal information (e.g. during the time when Reportz assesses whether you are entitled to have personal information erased). You can make the request at [email protected].

Right to data portability

If we are using your personal data, you have the right to expect us to be prepared to safely and promptly send that data to you, or, if technically feasible, to a third party of your choice, in a machine readable format. This right only applies to us when we are in the position of a data controller. You can make the request at [email protected].

Right to object

Where we are relying upon legitimate interest to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the personal information for the establishment, exercise, or defence of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis. You can notify us of your objection at [email protected].

Right not to be subject to automated decision-making

Mostly related to profiling and automated marketing campaigns. Data subjects have the right to demand to be exempt from such practices, while we are obliged to give them means of easily communicating their desire to be excluded.

Right to withdraw consent

Where you have provided us with your consent to process personal information, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can do this by:

• using certain web browser and opt-out options discussed in this Privacy Policy to limit the personal information you provide to us or our third-party partners,
• Contact us at [email protected]
• following the unsubscribe instructions included in emails,
• by accessing the email preferences in your account settings page in the application

Security

Despite us doing everything in our power to ensure the safety of your personal data, intrusions are always possible. In order to maximize the privacy of your data, and to minimize the impact of possible breaches, we are required to:

1. Perform regular risk assessments, ensuring we are aware of the potential impact of security breaches.
2. Segment our data and keep close record of who has access to which data segments, not only to compartmentalize the potential damage, but also to be able to establish culpability.
3. Inform you (or your data controller, if we are only processing the data) of any security breaches.
4. Adapt our policies and their implementation to ensure maximum security.
5. Encrypt all sensitive data (tokens, keys).
6. Pseudonymize 3rd party data.

Our policy regarding minors and data relating to them

Our Websites and Services are not intended for children under 16 years of age. No one under age of 16 years old may provide any personal information to or on the Websites and Services.

We do not knowingly collect personal information from children under 16 years old. If you are under 16 years old, do not use or provide any information on our Websites or Services including on or through any of their features, register on the Websites or Services, make any purchases through the Websites or Services, use any of the interactive or public comment features of our Websites or Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 years old, we will delete that information without undue delay.

If you believe we might have any information from or about a child under 16 years old, please contact us at [email protected].

Links to other websites

The Site contains links to other websites. We are not responsible for the privacy practices or the content of such websites. We also make our blog and our social media accounts available to you. Please understand that any information that is disclosed and/or shared on these platforms becomes public information. We have no control over its use and you should exercise caution when deciding to disclose your Personal Information and any other information you consider private.

Do Not Track

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Changes to our Privacy Policy

Reportz reserves the right to make any and all necessary changes to this Policy at any time and for any reason. We will notify you of any changes and/or modifications to the Policy by updating the “Last Modified” date on this Policy, or when required, directly by asking for your consent.

You are encouraged to periodically review this Policy to stay informed of updates. You shall be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Policy by your continued use of Reportz services after the date such revised Policy is posted, except in cases where your explicit consent is required.

Contact Us

If you have any questions about this Privacy Policy, please contact us by email [email protected]