Updated: May 6, 2019
PRIVACY CERTIFICATION: EU – U.S. PRIVACY SHIELD FRAMEWORK
1. Information we collect
When you use our Website, you may provide PandaDoc with two main types of information: (1) Non-Personal Information and (2) Personal Information. We collect information from you when you (a) use and/or access our Website, (b) open and/or respond to our emails, (c) contact PandaDoc, (c) visit any page online that displays our content, (d) purchase products through our Website, and/or (e) provide information to any of our Service Providers. To view our Website you do not need to submit any Personal Information other than your name, email address, general geographic location, profession and/or industry that you operate in.
1.1 Personal Information
1.2 Non-Personal Information
“Non-Personal Information” is general user information that does not contain personally identifiable information, which is collected on an aggregate basis as you use our Website. We collect Non-Personal Information such as:
- Device Data: We use device data, which is information concerning a device you use to access, use, and/or interact with the Website, such as operating system type and/or mobile device model, browser type, domain, and other system settings, the language your system uses and the country and time zone of your device, geo-location, unique device identifier and/or other device identifier, mobile phone carrier identification, and device software platform and firmware information.
- Aggregate: We may collect non-identifying and statistical information about the use of our Website, such as how many visitors visit a specific page, how long they stay on that page and which links, if any, they click on. This information represents a generic overview of our users, including their collective habits. Information collected in the aggregate is not associated with you as an individual. We may share user information in the aggregate with third parties.
- Other Tracking Technologies: We may supplement information you provide to us with information from other sources, such as information to validate and/or update your address and/or other demographic information. This information is used to maintain the accuracy of information on our Website and for internal analysis. We may also use clear gifs, pixel tags and web beacons, which are tiny graphic images placed on website pages and/or in our emails that allow us to determine whether you have performed specific actions and are further used to track online movements of our users. In contrast to cookies, which are stored on your computer’s hard drive, clear gifs are embedded invisibly on web pages. We do not tie the information gathered by clear gifs to your Personal Information.
1.3 Information you provide by using the Website
1.4 Information you send to other Users
2. How we use and share information
2.1 General Use
- operate, maintain, and improve our sites, products, and Website;
- respond to comments and questions and provide customer service;
- provide technical support;
- send information including confirmations, invoices, technical notices, updates, security alerts, support and administrative messages;
- communicate about promotions, upcoming events, other news about products and services offered by us and our selected partners;
- send you reminders, support and marketing messages;
- manage our administration of the Website;
- link or combine user information with other Personal Information we get from third parties, to help understand your needs and provide you with better service;
- perform analytics and conduct research;
- protect, investigate, and deter against fraudulent, unauthorized and/or illegal activity;
- to process orders and/or otherwise provide and deliver products and services you request;
- to process and deliver orders for additional services;
- identify you as a user in our system;
- facilitate the creation of and secure your Account on our network; and/or
- develop and improve marketing and advertising for the Website and partner services.
The information collected in the aggregate enables PandaDoc to better understand your use of the Website and to enhance your enjoyment. We may use financial information to process payment for any purchases made on the Website, enroll you in one of our accounts and/or other related services in which you elect to participate. If you use the Website, you agree to receive certain communications from us including but not limited to the following:
Special Offers, Newsletters and Updates. We will occasionally send you information on products, special deals, promotions and newsletters. You can sign up for these emails from us at any time on our website. Out of respect for your privacy, you may elect not to receive these types of communications by changing your account setting through the Website.
Customer Service. Based upon the personally identifiable information you provide us, we will communicate with you in response to your inquiries, to provide the services you request and to manage your account. We will communicate with you by email or telephone, as you may elect.
Supplementation of Information. In order to process your credit card orders, we use a third party provider to validate and verify your account information. All billing and account information is transmitted via https, which is a secure encrypted protocol system.
2.2 Parties with whom we may share your information
We also may be required to disclose an individual’s Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. For example, we will disclose your Personal Information in the following circumstances: (i) to investigate and defend PandaDoc members against any third party claims and/or allegations and/or otherwise to protect PandaDoc from liability, (ii) to investigate, prevent and/or take action regarding suspected and/or actual illegal activities, (iii) to assist government enforcement agencies, respond to a legal process and/or comply with the law, (iv) to exercise or protect the rights, property and/or personal safety of the users of the Website and/or (v) to protect the security and/or integrity of the Service. In response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorize us to) disclose your name, city, state, telephone number, email address, user ID history, fraud complaints, and usage history, without a subpoena, in connection with an investigation of fraud, intellectual property infringement, piracy, and/or other unlawful activity.
2.4 Business Transitions
3. Information Choices
Depending on the situation, PandaDoc may obtain consent to the collection of Personal Information in different ways. Express consent may be obtained verbally, online and/or in writing. Implied consent may be obtained through your use of our Website and related services, and/or when you approach us to obtain information, inquire about or request services from us. PandaDoc will offer individuals the opportunity to choose (opt out) whether their Personal Information is to be used for any purpose other than what it was collected for. We respect your privacy and give you an opportunity to opt out of receiving announcements of certain information. Although we think that you benefit from a more personalized experience when we know more about you and what you like, you can limit the information you provide to PandaDoc, and you can limit the communications that PandaDoc sends to you. If you visit our Website and volunteer personally identifiable information, you can opt out of receiving notifications, and you may review, modify, update, and/or delete such Personal Information by contacting us and/or by changing your preferences on the Website. Please be aware that even after your request for a change is processed, PandaDoc may, for a time, retain residual information about you in its backup and/or archival copies of its database. Please be aware that we may still email you non-commercial emails related to your account and your transactions through our Website. PandaDoc may retain information (including without limitation your account information) for a commercially reasonable time for backup, archival, and/or audit purposes. In some cases, if you choose not to provide PandaDoc with requested information, you may not be able to use and/or access our Website.
3.1 Your California Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to receive: (a) information identifying any third party companies to whom PandaDoc may have disclosed Personal Information to for direct marketing, within the past year; and (b) a description of the categories of Personal Information disclosed. To obtain such information, please email your request to email@example.com and we will provide a list of categories of Personal Information disclosed within thirty (30) days after receiving such a request. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted in ways other than those specified above.
4. Service Eligibility and Changes
4.1 Children and Minors
PandaDoc does not knowingly collect personally identifiable information from children under the age of thirteen (13). If we learn that we have collected Personal Information from a child under age thirteen (13), we will delete such information as quickly as possible. If you believe that a child under the age of thirteen (13) may have provided us Personal Information, please contact us at privacy@PandaDoc.com. By using the Website, you represent that you are at least eighteen (18) years old and understand that you must be at least eighteen (18) years old in order to create an account and/or purchase the goods and/or services through the Website.
5. Other websites and services
6. How we protect information
We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your Personal Information safe by not disclosing your password and by logging out of your account after each use. We follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it. We periodically review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. Because the internet is not a completely secure environment, PandaDoc cannot warrant the security of any information you transmit to PandaDoc or guarantee that information on the Website may not be accessed, disclosed, altered and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. In addition, while we take reasonable measure to ensure that Service Providers keep your information confidential and secure, such Service Provider’s practices are ultimately beyond our control. We are not responsible for the functionality, privacy and/or security measures of any other organization. By using our Website, you acknowledge that you understand and agree to assume these risks.
7. Privacy Shield Compliance
Personal Information may be transferred abroad (including outside the EU for our users in the EU) in connection with PandaDoc’s provision of hosted application services and related support services to our users. PandaDoc strives to collect and use Personal Information in a manner consistent with the laws of the countries in which we do business and is self-certified to the ‘EU-US Privacy Shield Framework’ developed by the U.S. Department of Commerce in coordination with European Commission. Pursuant to the Privacy Shield Principles, PandaDoc is liable for the onward transfer of EU personal data to third parties acting on our behalf, unless we can prove we were not a party giving rise to the damages.
7.1 Data Integrity Purpose Limitation
PandaDoc will use Personal Information and User Content only for purpose of delivering the services made available in the Website, which is in the confines of document generation and electronic execution, and to facilitate the services you request related thereto. PandaDoc will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current. We may occasionally contact you to determine that your data is still accurate and current.
153 Kearny Street, 5th Floor
San Francisco, CA 94108
7.3 Onward Transfers
PandaDoc will offer users in the EU whose Personal Information has been transferred to the United States the opportunity to opt out from: (a) the disclosure of personally identifiable information to a non-agent third party (other than Service Providers); and (b) the use or disclosure of Personal Information for a purpose other than the purposes for which the information originally was collected or subsequently authorized by the individual or a compatible purpose. If PandaDoc were to receive “sensitive Personal Information” (which includes, without limitation, Personal Information specifying medical and/or health conditions, racial and/or ethnic origin), PandaDoc will request and obtain affirmative consent before disclosing such information to a non-agent third party and before using such information for a purpose other than the purpose originally disclosed and/or a similar purpose. PandaDoc will provide you with reasonable mechanisms to exercise your choices should such circumstances arise. PandaDoc will not transfer Personal Information originating from the EU to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by the principles of the ‘EU-US Privacy Shield Framework’. We will only transfer data to our agents, resellers or third party Service Providers who need the information in order to provide services to or perform activities on behalf of PandaDoc, including without limitation in connection with the delivery of services or products, PandaDoc management, administration and/or legal responsibilities. PandaDoc will make sure that any third party agents receiving Personal Information subscribes to the ‘EU- US Privacy Shield Principles’.
7.4 Data transfers
7.5 Recourse, Enforcement and Liability
If the Personal Information in question was transferred from the EU to the United States, and for some reason a complaint or dispute cannot be resolved through our internal process, we have further committed to refer unresolved ‘EU-US Privacy Shield’ complaints to an independent dispute resolution mechanism located in the United States.
PandaDoc has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
9. How to contact us