{"id":12629,"date":"2024-10-18T12:28:04","date_gmt":"2024-10-18T12:28:04","guid":{"rendered":"https:\/\/emplifistg.wpenginepowered.com\/legal\/product-privacy-policy\/"},"modified":"2026-05-22T13:18:27","modified_gmt":"2026-05-22T13:18:27","slug":"product-privacy-policy","status":"publish","type":"page","link":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","title":{"rendered":"Product Privacy Policy"},"content":{"rendered":"","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"parent":10441,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-12629","page","type-page","status-publish","hentry"],"acf":{"hero_subhead_1":"","hero_subhead_2":"Last updated: May 15, 2026","hero_headline":"Product Privacy Policy","content":"<p>Your privacy is our concern, and we are serious about it. This Privacy Policy explains what type of information Emplifi may collect in connection with offering or providing any Emplifi\u2019s products, services, content, or applications (referred to collectively as the \u201c<strong>Services<\/strong>\u201d), and how that information is used and protected. It also sets out how you can contact us if you have any queries or concerns regarding your personal data.<\/p>\n<p>We reserve the right to make changes to this Privacy Policy at any time. Please check the Privacy Policy periodically for changes, although, if you are our customer, we may also notify you via email of any changes that, in our sole discretion, materially impact your use of the Services or the way we process your personal data. Your continued use of our Services covered by this Privacy Policy will signify your acceptance of all changes to this Privacy Policy made by us from time to time.<\/p>\n<h2><strong>1. About Emplifi and how we process personal data<\/strong><\/h2>\n<p>Emplifi is a provider of Software as a Service (SaaS) and AI-powered solutions for social media marketing, social commerce, social customer care and consumer service. Our Services include, without limitation, the Emplifi Social Marketing (with modules for Unified Analytics, Publisher, Listening, Influencers, UGC, Ratings &amp; Reviews and Community), Emplifi Care, Emplifi Agent and Service &amp; Agent Case Management, Emplifi Chatbot, Emplifi Live Advisor (video shopping), and the Emplifi Fuel autonomous customer-experience platform. Some of our Services include AI-powered features (including generative-AI features such as AI Composer, the Emplifi Bot, AI summarisation, AI sentiment and topic detection and agentic AI components). Where AI features process personal data, additional information about how we process that data, the lawful basis we rely on, and the safeguards we apply are set out in Section 9A (AI features and automated decision-making) below.<\/p>\n<p>For the purposes of this Privacy Policy, \u201cEmplifi\u201d or \u201cwe\u201d shall mean, as applicable:<\/p>\n<ul>\n<li>Emplifi Inc., with its principal place of business at 4200 Regent Street, Suite 200, Columbus, OH 43219, United States;<\/li>\n<li>Emplifi Czech Republic a.s., with its registered office at Plze\u0148, Pod V\u0161emi svat\u00fdmi 427\/17, Severn\u00ed P\u0159edm\u011bst\u00ed, 301 00, Czech Republic;<\/li>\n<li>Emplifi Canada Inc., with its principal place of business at 801, Grande All\u00e9e O., Suite 300, Quebec (Quebec) G1S 1C1;<\/li>\n<li>Sym-Sys Ltd (trading as \u2018Go Instore\u2019), with its registered office at 3rd Floor 1 Ashley Road, Altrincham, Cheshire, United Kingdom, WA14 2DT, United Kingdom; and\/or<\/li>\n<li>Pixlee TurnTo, Inc., with its principal place of business at 4200 Regent Street, Suite 200, Columbus, OH 43219, United States.<\/li>\n<\/ul>\n<p>For more information about Emplifi, please see the \u201cCompany\u201d section of our site at\u00a0<a href=\"https:\/\/emplifi.io\/company\/\">https:\/\/emplifi.io\/company<\/a>.<\/p>\n<p>We collect personal data from our customers and users of our Services to provide and manage the Services and other purposes set out in Section 3 below. We process this data as a so-called data controller. This Privacy Policy covers our processing of such personal data.<\/p>\n<p>We also process certain personal data on behalf of our customers. This is typically when you connect our Services with your internal systems such as your CRM, and we receive data from your systems, or when we interact with your customer on your behalf, for example in relation to a survey, giving feedback through a comment card or using any other Services powered by us, or when the provision of our Services or specific feature requires that our customers give us a permission such as an access token or other administrative permission to collect and process such data (jointly referred to as \u201cprivate data\u201d).<\/p>\n<p>We act as a so-called data processor with respect to private data of our customers and process their private data in accordance with their instructions. We always keep private data of each customer separate from our other customers\u2019 private data and keep them strictly confidential. The processing of private data is subject to data processing agreements. Unless expressly stipulated otherwise, this Privacy Policy does not cover our processing of private data as a data processor. Our rights and obligations with respect to such private data are stipulated in the data processing agreements.<\/p>\n<h2><strong>2. Data we collect<\/strong><\/h2>\n<h3><strong>Data of customers and users of our Services<\/strong><\/h3>\n<p>We collect your personal data when:<\/p>\n<ul>\n<li>We communicate with you during sales process or as part of customer support;<\/li>\n<li>You register for our Services, typically by completing a web registration form;<\/li>\n<li>You log in to our Services, either by entering your username (e-mail) and password, or using a social login such as Facebook Login or Sign In with X, or by any other similar authentication means that we may make available to you;<\/li>\n<li>You use our Services or otherwise interact with Emplifi, for example when you publish any images, content or other files or data on social media via our Services.<\/li>\n<\/ul>\n<p>When you create an account with Emplifi, we will ask you to complete a registration form indicating your identification and contact information such as your name, e-mail and\/or phone number, address, company name, if applicable, etc.<\/p>\n<p>If you log in to our Services using your social network account or otherwise interconnect your social network account with our Services, we receive basic personal details from your social network profile. The scope of details we receive depends on your social network account privacy settings and on your settings when logging into our Services, such as your social network ID, public profile information (such as name, profile picture, gender, age range, or country) and e-mail address. We may also receive additional information from your profile if you give us permission to access it or if such information is made available by the relevant social media platform; this information may include without limitation number of followers, profile description, and your image, depending on the social media service\u2019s API and your privacy settings for that service. If you continue to authorize us to access your social media data, we will periodically retrieve new data to update your profile. If you wish to change the scope of your social network profile information that we receive upon your registration, you should review the privacy policy or other guidance available on your social network\u2019s website and change your privacy settings.<\/p>\n<p>You can also log in to the Services using a Single-Sign-On (\u201c<strong>SSO<\/strong>\u201d) mechanism. When you use SSO to access our Services, Emplifi does not receive or store any personal data used for user authentication \u2013 those remain fully with your SSO provider. We may also collect your personal user data from Google through Google APIs that help us provide and improve our Services and their features. For more information see Section 9 below.<\/p>\n<p>For purposes of analysis and improvement of our Services, our servers may also automatically record information when you visit our website or use some of our Services. We do not link this automatically collected data to other information we collect about you. We retain this data in a database used only for internal purposes and do not sell data that we collected to third parties. Such data may include URL, IP address, browser type, internet service provider (ISP), mobile carrier, mobile device, operating system, referring\/exit pages, the URLs of sites from which you arrived or left a website, date\/time stamp, and clickstream data.<\/p>\n<p>If our Services are purchased by an entity, it is the individual users within such entity\u2019s organization who log into our Services platform and whose personal data are collected, as described above. Where such entity provides us directly with any personal data of its employees or other individual users that it authorized to access the Services, it must have all necessary consents, permissions, or registrations to process and to provide to us its employees\u2019 or users\u2019 personal data.<\/p>\n<h3><strong>Social media networks specifics<\/strong><\/h3>\n<p>To provide some of our Services, we analyze social media user profiles and other information that we receive directly from the social media platforms such as Facebook, X, LinkedIn and other, via these platforms\u2019 APIs. Such data include both non-personal data such as various statistics and metrics and personal data of the platforms\u2019 users. Where we source the data directly from the relevant platforms, via these platforms\u2019 public APIs, we determine the purpose of processing, which is developing and constantly enhancing our Services and offering them to our customers on a world-wide basis, via our web platform. In such cases, we are a data controller with respect to such data.<\/p>\n<p>Below are the most typical examples of data collected about social media platform users:<\/p>\n<ul>\n<li>Basic user profile information (such as the username, user photo);<\/li>\n<li>User generated content (such as posts, comments, pages, profiles, images or feeds) including its metadata (such as time and location of a post or comment);<\/li>\n<li>Contact details (such as name, email address, telephone number) if made public by the user;<\/li>\n<li>Additional individual information (such as age, gender, employer, profession, geographic location, education information, financial status, habits, and preferences) published by the user.<\/li>\n<\/ul>\n<p>We only process data that the social network users made available to general public, pursuant to the relevant platforms\u2019 terms, and that are generally accessible via the social network APIs, or data that our customers grant us permission to access (customer private data).<\/p>\n<p>In cases where we access your social media private data, we process them as your data processor. We need your permission and instructions to collect and process such data. This will be, for example, when we access Facebook Insights or facilitate and organize the communication (e.g. Facebook messages) between you and your end users within our customer care feature of the Community Service. The type and scope of personal data obtained from social media platforms depends on the type of the APIs and permissions set out by the respective platforms, and on the administrative permissions granted to us by our customers, where applicable.<\/p>\n<p>Analysis of data from social networks is the core of our certain Services and\/or features, such as Social Marketing Cloud. We analyze this data to provide our Services to our customers in the scope and manner set out by the social platform terms for app developers. If you do not grant us permission to access and use your private social media data, we will not access them, but the full scope of the Services and\/or their features may not work or may not be fully available to you.<\/p>\n<h2><strong>3. How we use the data<\/strong><\/h2>\n<p>We use your personal data for the following purposes:<\/p>\n<h3><strong>To provide the Services<\/strong><\/h3>\n<p>We may process your personal data to identify you when you login to your account and use our Services, to enable us to operate the Services and provide them to you. This may include verification of your payments, purchase orders and billing information. It may also include verification to determine free trial eligibility.<\/p>\n<h3><strong>To communicate with you<\/strong><\/h3>\n<p>We may process data of our customers or their individual users, in particular e-mail or other contact data, to communicate with our customers and users, for example, when we assist them with setting up or administering their account, when we provide customer care and support, send technical notices, updates of upcoming changes or improvements to the Services, reminders, security alerts and other support and administrative messages.<\/p>\n<h3><strong>To provide a better user experience<\/strong><\/h3>\n<p>We may process your personal data to learn how you use our Services to be able to continuously enhance user experience as well as provide our customers seamless customer support. We may process such personal data also to improve and enhance our existing Services and develop new offerings. This includes product and market statistics, research and analytics, benchmarks and other analyses to better understand your needs and the needs of users in the aggregate, diagnose problems and analyze trends. See Section \u200e7 below for more details.<\/p>\n<h3><strong>To protect our Services and secure our or third-party rights<\/strong><\/h3>\n<p>We process your personal data to keep the Service safe, secure and reliable. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm Emplifi, our customers and users.<\/p>\n<p>We may process some of the personal data when required by law or to establish, exercise or defend our legal claims or, where necessary, protect rights of Emplifi. For example, we may store data about how you use our Services, including payments for Services, to prove or otherwise support our rights.<\/p>\n<h3><strong>For marketing and sales purposes<\/strong><\/h3>\n<p>We may process your contact personal data, in particular e-mail, name, company and job title to offer you our new Services. For more details, please see Section \u200e8 below.<\/p>\n<h2><strong>4. Lawful basis<\/strong><\/h2>\n<p>For the purposes of providing the Services and to communicate with you, we process your personal data based on our contract with you (if you are our direct customer and an individual) or based on our legitimate interest to provide our Services to our customers (where our customer is your company or organization and you are an authorized user designated by your company or organization, or if you are social network user whose data are analyzed).<\/p>\n<p>For enhancing the Services and providing a better user experience, we process your personal data based on our legitimate interest to develop and improve our Services.<\/p>\n<p>To protect our Services and secure our or third-party rights, we process your personal data based on our legitimate interest to protect and secure our rights or claims or the rights of our customers or users.<\/p>\n<p>For marketing and sales purposes, we process your personal data based on your voluntary consent where you have given us such consent. In a limited scope permissible under applicable law, we may also use your electronic contact details to inform you about our Services without your explicit consent, based on our legitimate interest, as described in more detail in Section 8 below.<\/p>\n<p>Where we use your personal data for our legitimate interests, we consider any potential impact that such use may have on you. Our legitimate interests don\u2019t automatically override yours and we won\u2019t use your information if we believe your interests should override ours unless we have other grounds to do so (such as performance of contract, your consent, or a legal obligation). If you have any concerns about our processing, please refer to details of \u201cYour rights\u201d in Section 12 below.<\/p>\n<p>Jurisdiction-specific lawful bases. Where applicable law requires it, we rely on the following additional or alternative bases: (i) under the EU and UK GDPR, Article 6(1)(a) (consent), 6(1)(b) (contract), 6(1)(c) (legal obligation) or 6(1)(f) (legitimate interests); for any special-category data we process incidentally (for example through user-generated content posted on social media), an Article 9 condition such as Article 9(2)(e) (data manifestly made public by the data subject); (ii) under the UK GDPR as amended by the Data (Use and Access) Act 2025, where relevant, the \u201crecognized legitimate interests\u201d basis (such as for the security of network and information systems); (iii) under the California Consumer Privacy Act as amended by the California Privacy Rights Act, the business purposes set out in our notice at collection and any opt-out preference signals you provide (including the Global Privacy Control); (iv) under Quebec Law 25, your consent (which must be manifestly informed, specific and given expressly, separately for each purpose) or another statutory basis; (v) under the Brazilian LGPD, the relevant basis under Article 7 (or, for sensitive personal data, Article 11), most commonly contract performance, legitimate interest (subject to a balancing test) or consent; and (vi) under the Singapore Personal Data Protection Act 2012, your consent (or deemed consent under sections 15\u201315A), or an applicable exception including the Legitimate Interests or Business Improvement exceptions.<\/p>\n<p>AI-related processing. Where we process personal data through AI-powered or generative-AI features of our Services as a controller, we rely on legitimate interests (subject to a documented Legitimate Interests Assessment) or, where required, your explicit consent. Where we process such data on behalf of our customers as a processor, we do so strictly in accordance with our customer\u2019s documented instructions under the relevant Data Processing Agreement. We do not use customer personal data, prompts or inputs to train our or any third-party generative-AI foundation models without an explicit, written agreement to that effect.<\/p>\n<h2><strong>5. Retention periods<\/strong><\/h2>\n<p>We do not retain personal data for an indefinite period. Where we process personal data as data controller, we retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Policy and\/or any Services agreement, unless a longer retention is required by law (e.g. for tax or accounting purposes or due to other legal requirements) or storing of the data is needed for the establishment, exercise or defense of Emplifi legal claims; in such case, we will store only the data necessary for the enforcement of our claims or our defense for the period necessary in the given case and not exceeding the statutory limitation periods.<\/p>\n<p>Where we process personal data on behalf of our customers as a data processor, we retain such data for the duration of our agreement with such customers and delete them in accordance with our retention and backup processes automatically within 30 to 90 days after termination of the agreement (depending on the type of Service used by the customer), unless the customers ask us to erase them earlier.<\/p>\n<p>Specific retention principles. Retention periods are determined by reference to the purpose of the processing, the legal basis relied on, applicable statutory limitation periods, and the requirements of applicable law (including the necessity principle under the LGPD, the storage limitation principle under the EU and UK GDPR, and the retention obligations under section 25 of the Singapore Personal Data Protection Act 2012 and section 23 of Quebec Law 25). On written request, we will provide our customers with confirmation of deletion (or irreversible anonymization) of personal data following termination of the relevant Services agreement. Logs and back-ups containing personal data are retained for a maximum of 90 days following deletion from active systems unless a longer retention is strictly required for the establishment, exercise or defense of legal claims, or by applicable law.<\/p>\n<h2><strong>6. Sharing your personal data for legal and business purposes<\/strong><\/h2>\n<p>We may use and\/or disclose to third parties (including government bodies and law enforcement authorities, our affiliates, professional advisors and our vendors or subcontractors) information about you when:<\/p>\n<ul>\n<li>Complying with legal process;<\/li>\n<li>Enforcing or defending the legal rights of Emplifi, and in connection with a corporate restructuring such as a merger, business acquisition or insolvency situations;<\/li>\n<li>Preventing fraud or imminent harm; and<\/li>\n<li>Ensuring the security and operability of our network and services.<\/li>\n<\/ul>\n<p>This information will be shared provided that, in all such circumstances, we will only share the limited personal information that is required to be shared in the unique situation.<\/p>\n<p>If you are an influencer, you may opt to use our Services to disclose information to brands (our customers) that may hire you to promote their brands and products based on your skills, demographics, and other attributes.<\/p>\n<p>We share your data with our trusted business partners or individuals who process your data as our data processors on our behalf and pursuant to our instructions, in accordance with this Privacy Policy. We select our vendors very carefully and always ensure that they provide adequate data protection and security safeguards. To this effect, we have bound our data processors with data processing agreements concluded pursuant to Article 28(3) of the\u00a0<em>Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation)\u00a0<\/em>(\u201cGDPR\u201d). In addition, where our processors reside outside of the European Economic Area (EEA), unless the transfer to such processors is based on the European Commission\u2019s adequacy decision, we have concluded Standard Contractual Clauses (model clauses) approved by the European Commission (Commission Implementing Decision (EU) 2021\/914 of 4 June 2021) with such processors. The data processing agreements with our processors provide for, inter alia, audit rights, detail minimum security standards and measures that each our processor must maintain as well as their obligation to submit copies of their security audits and certificates (e.g., SOC2, ISO 27001). We also contractually require our processors to provide us with a prompt notice of any data breach or security incident concerning processed data. We continue to monitor for further guidance from the EU supervisory authorities, including on any additional supplementary measures that we may undertake and additional safeguards that we may require from our non-EU vendors to meet our obligations under EU data protection law.<\/p>\n<p>To the extent we act as a data processor with respect to our client\u2019s personal data (private data), we always enter into a data processing agreement with the data controllers (our clients) pursuant to Article 28(3) of the GDPR, which provides a mechanism for the engagement of sub-processors. Our current sub-processors who have access to private personal data of our clients are:<\/p>\n<p>For Social Marketing Services:<\/p>\n<ul>\n<li>Amazon Web Services, Inc., headquartered at 410 Terry Avenue, Seattle, WA 98109; used for hosting of the Services and data storage;<\/li>\n<li>Celonis S.L., Piazza Manuel Gomez Moreno 2, 28020 Madrid, Spain, used for custom third-party platform integrations \u2013 only optional;<\/li>\n<li>Databricks, Inc., headquartered at 160 Spear St., Ste 1300, San Francisco, CA 94105, United States; used for data processing optimization;<\/li>\n<li>Filestack, Inc., headquartered at 122 E Houston St, 2nd Floor, San Antonio, TX 78205, United States; used for file upload and data conversion services;<\/li>\n<li>OpenAI OpCo, LLC, headquartered at 3180 18th St., San Francisco, CA 94110, United States; a generative neural network machine learning model supplier \u2013 only optional;<\/li>\n<li>Veersa Inc, headquartered at 2510 E Sunset Road, Ste 5 PMB 667, Las Vegas, NV, USA (provides support and development operations)<\/li>\n<li>XynoTech, headquartered at B-112, Block 6, Gulshan-e-Iqbal, Karachi, Pakistan (development, implementation support and customer support).<\/li>\n<\/ul>\n<p>For Service and Agent Management and Social Customer Care Services:<\/p>\n<ul>\n<li>Amazon Web Services Inc., headquartered at 410 Terry Avenue, Seattle, WA 98109, United States; used for hosting of the Services and data storage;<\/li>\n<li>Celonis S.L., Piazza Manuel Gomez Moreno 2, 28020 Madrid, Spain, used for third-party platform integrations \u2013 only optional;<\/li>\n<li>Databricks, Inc., headquartered at 160 Spear St., Ste 1300, San Francisco, CA 94105, United States, used for data processing optimization;<\/li>\n<li>Filestack, Inc., headquartered at 122 E Houston St, 2nd Floor, San Antonio, TX 78205, United States, used for file upload and data conversion services;<\/li>\n<li>OpenAI OpCo, LLC, headquartered at 3180 18th St., San Francisco, CA 94110, United States; a generative neural network machine learning model supplier \u2013 only optional;<\/li>\n<li>Veersa Inc, headquartered at 2510 E Sunset Road, Ste 5 PMB 667, Las Vegas, NV, USA (provides support and development operations)<\/li>\n<li>XynoTech, headquartered at B-112, Block 6, Gulshan-e-Iqbal, Karachi, Pakistan (development, implementation support and customer support).<\/li>\n<\/ul>\n<p>For Voice of the Customer (VoC) Services:<\/p>\n<ul>\n<li>Celonis S.L., Piazza Manuel Gomez Moreno 2, 28020 Madrid, Spain; used for custom third-party platform integrations \u2013 only optional;<\/li>\n<li>iWeb Technologies Inc., 500-14 Place du Commerce, Nuns\u2019 Island, Montreal (Quebec) H3E 1T5, Canada; colocation facility used for hosting of the Services and data storage;<\/li>\n<li>OpenAI OpCo, LLC, headquartered at 3180 18th St., San Francisco, CA 94110; generative neural network machine learning model supplier \u2013 only optional;<\/li>\n<li>Veersa Inc, headquartered at 2510 E Sunset Road, Ste 5 PMB 667, Las Vegas, NV, USA (provides support and development operations)<\/li>\n<li>XynoTech, headquartered at B-112, Block 6, Gulshan-e-Iqbal, Karachi, Pakistan (development, implementation support and customer support).<\/li>\n<\/ul>\n<p>For Live Adviser:<\/p>\n<ul>\n<li>Amazon Web Services Inc., headquartered at 410 Terry Avenue, Seattle, WA 98109, United States; used for hosting of the Services and data storage;<\/li>\n<li>Celonis S.L., Piazza Manuel Gomez Moreno 2, 28020 Madrid, Spain; used for custom third-party platform integrations \u2013 only optional;<\/li>\n<li>Cometchat headquartered at 1002 Walnut St, Suite 200, Boulder CO, United States; provider of an in-app communication (chat) platform;<\/li>\n<li>Microsoft Corporation Inc., headquartered at One Microsoft Way, Redmond, WA 98052-6399, United States; used for hosting of the Services and data storage; analytics monitoring;<\/li>\n<li>OpenAI OpCo, LLC, headquartered at 3180 18th St., San Francisco, CA 94110, United States; generative neural network machine learning model supplier \u2013 only optional;<\/li>\n<li>Veersa Inc, headquartered at 2510 E Sunset Road, Ste 5 PMB 667, Las Vegas, NV, USA (provides support and development operations)<\/li>\n<li>Vonage, headquartered at 23 Main Street Holmdel, New Jersey, United States; used for video conversations;<\/li>\n<li>XynoTech, headquartered at B-112, Block 6, Gulshan-e-Iqbal, Karachi, Pakistan; used for development, implementation support and customer support.<\/li>\n<\/ul>\n<p>For UGC, Influencers\u00a0or Ratings and Reviews:<\/p>\n<ul>\n<li>Amazon Web Services Inc., headquartered at 410 Terry Avenue, Seattle, WA 98109, United States; used for hosting of the Services and data storage ;<\/li>\n<li>Celonis S.L., Piazza Manuel Gomez Moreno 2, 28020 Madrid, Spain; used for hosting of the Services and data storage \u2013 only optional;<\/li>\n<li>Fastly Inc., headquartered at 475 Brannan Street #300, San Francisco, CA 94107, United States; used for content caching and delivery: social media profile, images;<\/li>\n<li>Functional Software Inc. dba Sentry, headquartered at 45 Fremont Street, 8th Floor, San Francisco, CA 94105, United States; used for Javascript error detection and tracking;<\/li>\n<li>Heroku Inc., headquartered at 415 Mission Street Suite 300, San Francisco, CA 94105, United States; used for hosting;<\/li>\n<li>Intercom Inc., headquartered at 55 2nd Street 4th Floor, San Francisco, CA 94105 United States; used for in-app chat within the Pixlee platform for customers;<\/li>\n<li>Honeybadger Industries LLC, headquartered at 11410 NE 124th Street #246, Kirkland, WA, 98034, United States; used for error detection;<\/li>\n<li>OpenAI OpCo, LLC, headquartered at 3180 18th St., San Francisco, CA 94110, United States; generative neural network machine learning model supplier \u2013 only optional<\/li>\n<li>Redis Labs, Inc., headquartered at 1700 E El Camino, Mountain View, CA, 94041,United States; used for data storage:<\/li>\n<li>Segment.io, Inc., headquartered at 100 California St Suite 700, San Francisco, CA, 94111, United States; used for analytics tracking and loading;<\/li>\n<li>Twilio Inc., headquartered at 01 Spear Street, First Floor, San Francisco, CA, 94105, United States; used for outgoing email notifications and content solicitations;<\/li>\n<li>Veersa Inc, headquartered at 2510 E Sunset Road, Ste 5 PMB 667, Las Vegas, NV, USA (provides support and development operations)<\/li>\n<li>XynoTech, headquartered at B-112, Block 6, Gulshan-e-Iqbal, Karachi, Pakistan (development, implementation support and customer support).<\/li>\n<\/ul>\n<p>To the extent we act as a data controller with respect to personal data, we may use processors to process personal data on our behalf. Our current processors are:<\/p>\n<ul>\n<li>6Sense Insights, Inc, headquartered at., 450 Mission Street, Suite 201, San Francisco, CA 94105, United States; provider of website visitors monitoring and insight platform;<\/li>\n<li>Aircall SAS, headquartered at 42, rue du Faubourg Poissonni\u00e8re, 75010 Paris, France; supplier of a virtual call center;<\/li>\n<li>Alchemer LLC, 168 Centennial Parkway, Unit #250, Louisville, Colorado, 80027, United States; supplier of online survey tool;<\/li>\n<li>Amazon Web Services, Inc., headquartered at 410 Terry Avenue, Seattle, WA 98109, United States; used for hosting of the Services and data storage;<\/li>\n<li>Apify Technologies s.r.o., headquartered at Vodi\u010dkova 704\/36, Nov\u00e9 M\u011bsto, 110 00 Praha 1, Czech Republic; used for data extraction services;<\/li>\n<li>Asana, Inc., headquartered at 633 Folsom Street, Suite 100, San Francisco, CA 94107, United States; provider of collaboration, productivity and project tracking platform;<\/li>\n<li>Atlassian Pty Ltd., headquartered at Level 6 341 George St, Sydney, NSW 2000, Australia, used for management of internal processes and monitoring of employee tasks (internal ticketing system);<\/li>\n<li>Bigtincan Mobile Pty Ltd, headquartered at Level 9, 64 York Street, Sydney, NSW 2000, Australia; provider of learning management system for Emplifi customers;<\/li>\n<li>Calendly Inc., headquartered at 271 17th St NW Ste 1000, Atlanta, GA 30363, United States, supplier of appointment scheduling software;<\/li>\n<li>Clari Inc., headquartered at 1154 Sonora Ct, Sunnyvale, CA 94086, United States; used for pipeline management and analytics, business forecasting and call recording;<\/li>\n<li>Databricks, Inc., headquartered at 160 Spear St., Ste 1300, San Francisco, CA 94105, United States; used for data processing optimization;<\/li>\n<li>Docusign International (EMEA) Limited, headquartered at 5 Hanover Quay, Grand Canal Dock, Dublin, D02 VY79, Ireland; supplier of electronic signature platform;<\/li>\n<li>Filestack, Inc., headquartered at 122 E Houston St, 2nd Floor, San Antonio, TX 78205, United States, supplier of file upload and data conversion services;<\/li>\n<li>Gainsight, Inc., headquartered at 350 Bay Street, Suite 100, San Francisco, CA 94133, United States; provider of customer success and product experience tool;<\/li>\n<li>Google Inc., headquartered at 1600 Amphitheatre Parkway Mountain View CA 94043, United States; used in particular as e-mail client and as document storage;<\/li>\n<li>Keen LLC, 325 9th Street, San Francisco, CA, 94103, used for analytics storage, aggregation, and tracking;<\/li>\n<li>LeanData, Inc., headquartered at 2901 Patrick Henry Drive, Santa Clara, CA 95054 United States, used for lead and account matching and streamlining sales processes;<\/li>\n<li>Marketo, Inc., headquartered at 901 Mariners Island Blvd, San Mateo, CA 94404, United States; used to manage e-mail campaigns;<\/li>\n<li>Microsoft Corporation Inc., headquartered at One Microsoft Way, Redmond, WA 98052-6399, United States; used in particular as as document storage;<\/li>\n<li>Mixpanel, Inc., headquartered at 405 Howard Street, Floor 2, San Francisco, CA 94105, United States; used for Services monitoring and diagnostics;<\/li>\n<li>Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, CA 94065, United States; supplier of accounting, financial management and procure-to-pay platform;<\/li>\n<li>PossibleNOW, Inc., headquartered at 4400 River Green Parkway, Suite 100, Duluth, Georgia 30096, United States; used for management of do-not-contact and opt-out lists;<\/li>\n<li>Productboard Inc, headquartered at 333 Bush Street, Suite 2000, San Francisco, CA 94104, United States, used for management of customers\u2019 product feedback and roadmap requests;<\/li>\n<li>Qualified.com, Inc., headquartered at 140 New Montgomery, 2100A, San Francisco, CA 94105, United States, provider of pipeline generation and agentic marketing platform;<\/li>\n<li>Recurly, Inc., headquartered at 400 Alabama St #202, San Francisco, CA 94110, United States, card payment processing;<\/li>\n<li>Rybbon, LLC, headquartered at 6220 Stoneridge Mall Road, Pleasanton, CA 94588, United States; supplier of\u00a0gift and incentive management platform;<\/li>\n<li>Salesforce, Inc., headquartered at 415 Salesforce Street, 3<sup>rd<\/sup> Floor, San Francisco, CA 94105, United States; used for management of\u00a0 customer accounts, internal collaboration, communication and meetings and business intelligence and analytics;<\/li>\n<li>SolarWinds Worldwide, LLC, headquartered at 7171 Southwest Parkway, Bldg 400, Austin, Texas 78735, United States; used for backend error detection and tracking;<\/li>\n<li>Zendesk, Inc., headquartered at 1019 Market St, San Francisco, CA 94103, United States; used for client requests tracking (client ticketing system);<\/li>\n<li>ZenLeads, Inc, headquartered at 440 N Barranca Ave #4750 , Covina, CA 91723-1722, United States; provider of a sales intelligence platform;<\/li>\n<li>ZoomInfo Technologies LLC, headquartered at 805 Broadway St., Suite 900, Vancouver, WA 98660, United States; used for contact information verification and enrichment;<\/li>\n<li>Zoom Video Communications, Inc., headquartered at 55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA; supplier of a videoconferencing solution.<\/li>\n<\/ul>\n<p>Apart from third-party vendors, Emplifi may share data with its following subsidiaries:<\/p>\n<ul>\n<li>Astute Solutions B.V., with its registered office at Sloterdijk Teleport Towers, Kingsfordweg 151, 1043GR Amsterdam, Netherlands, ID No. 62626086;<\/li>\n<li>Astute Solutions (Australia) PTY LTD, with its registered office at Level 10, 530 Collins Street, Melbourne, VIC 3000, Australia , ID No. 14160077261;<\/li>\n<li>Pixlee TurnTo Ltd., with its registered office at WA14 2DT Altrincham, Cheshire, 3rd Floor 1 Ashley Road, United Kingdom, ID No. 11948926 ;<\/li>\n<li>Socialbakers UK Limited, with its registered office at WA14 2DT Altrincham, Cheshire, 3rd Floor 1 Ashley Road, United Kingdom;<\/li>\n<li>Socialbakers France, with its registered office at 8 rue d\u2019Ath\u00e8nes, 75009 Paris, France, ID No. 804803427;<\/li>\n<li>Socialbakers Germany GmbH, with its registered office at Amelia-Mary-Earhart Stra\u00dfe 8, 60549, Frankfurt am Main, Germany, ID No. HRB 98478;<\/li>\n<li>Socialbakers Singapore Pte. Ltd., with its registered office at 16 Raffles Quay, #33-03, Hong Leong Building, Singapore 048581, ID No. 201326967M;<\/li>\n<li>Wilke Global Limited, with its registered office at WA14 2DT Altrincham, Cheshire, 3rd Floor 1 Ashley Road, United Kingdom, ID No. 06069868.<\/li>\n<\/ul>\n<p>Your data may be shared with Emplifi affiliates in order for them to provide certain support services, marketing and pre-sales activities, or to offer their own products and services.<\/p>\n<h2><strong>7. Anonymous statistics<\/strong><\/h2>\n<p>We may use aggregated anonymized data derived from the personal data provided by you or collected by the program analytics such as user behavior and activities for our own statistics, for auditing, for the purposes of product and market research, for analytics (which helps us to optimize and improve our Services and their usability, the range of Services and to develop new technologies, products, and services), and for benchmarks and other analyses. Additionally, we may choose to publish such anonymized data and to share it with third parties outside of Emplifi. We will not directly or indirectly transfer any data received from you to (or use such data in connection with) any ad network, ad exchange, data broker, or other advertising or monetization-related toolset.<\/p>\n<h2><strong>8. Marketing communications<\/strong><\/h2>\n<p>We may contact you about our news, events, Services and their features or special offers that we believe may interest you, provided that we have the requisite permission to do so, either on the basis of your consent (where we have requested it and you have provided it to us), or our legitimate interests to provide you with marketing communications where we may lawfully do so, within the limits provided by law. In the latter case, we will only send you marketing communication if you are using or have recently used any of our Services and have not objected to receiving such information (by any means mentioned below).<\/p>\n<p>Your marketing communication preferences may be changed at any time by following the instructions below:<\/p>\n<ul>\n<li>If you would like to unsubscribe from an email sent to you, follow the \u2018unsubscribe\u2019 link and\/or instructions placed at the bottom of the email. We endeavor to promptly process any unsubscribe requests.<\/li>\n<li>Alternatively, you can contact us using the details in the \u201cContact Us\u201d section below to change your marketing communication preferences, including the withdrawal of your consent.<\/li>\n<\/ul>\n<p>If you have received unwanted, unsolicited emails sent via our system or purporting to be sent via our system, please forward a copy of that email with your comments to\u00a0<a href=\"mailto:support@emplifi.io\">support@emplifi.io<\/a>\u00a0for review.<\/p>\n<p>We may share your contact details with our vendors or business partners who provide the relevant services or functions on our behalf, including event organization, marketing, distribution of surveys customer service, or public relations. These third-party vendors have access to and may collect information only as needed to perform their functions on our behalf and are not permitted to share or use the information for any other purpose.<\/p>\n<p>Please note that we may occasionally send you important information (including via email) about our Services that you are using or have used including changes to applicable terms and conditions and\/or other communications or notifications as may be required to fulfill our legal and contractual obligations, as described in Section \u200e3 above. These important Service communications are not affected by your marketing communication preferences.<\/p>\n<p>Marketing under specific privacy regimes. Where required by EU or UK ePrivacy law (Directive 2002\/58\/EC and the UK PECR as amended by the Data (Use and Access) Act 2025), we obtain consent for electronic direct marketing or rely on the \u201csoft opt-in\u201d in respect of similar Services to existing customers, with a clear opportunity to opt out in every message. Under the California Consumer Privacy Act we do not \u201csell\u201d or \u201cshare\u201d your personal information for cross-context behavioral advertising in the senses defined in the CCPA; we honour the Global Privacy Control as a valid opt-out preference signal, and our notice at collection (available at <a href=\"https:\/\/emplifi.io\/legal\/privacy-policy\/\" target=\"_blank\" rel=\"noopener\">https:\/\/emplifi.io\/legal\/privacy-policy\/<\/a>) sets out the categories of personal information we collect and the purposes for which it is used. For Quebec residents, marketing communications are sent on the basis of express consent under sections 12 and 14 of Quebec Law 25 (or another lawful basis where available). For Brazilian data subjects, marketing is based on consent or another LGPD legal basis and is subject to the rights set out in Article 18. For Singapore individuals, marketing telephone calls and texts comply with the Do Not Call Registry under Part 9 of the Personal Data Protection Act 2012.<\/p>\n<h2><strong>9. Social Media Platform and Google API Disclosures<\/strong><\/h2>\n<p>Emplifi\u2019s use and transfer to any other app of personal data received from Google APIs (the raw data as well as data aggregated, anonymized, or derived from them) will adhere at all times to\u00a0<a href=\"https:\/\/developers.google.com\/terms\/api-services-user-data-policy#additional_requirements_for_specific_api_scopes\">Google API Services User Data Policy<\/a>, including the Limited Use requirements.<\/p>\n<p>Other social media platform APIs. Our Services connect to the public and authorized APIs of a number of other social media and messaging platforms, including (without limitation) Meta (Facebook, Instagram, WhatsApp, Messenger), X (formerly Twitter), LinkedIn, TikTok, YouTube, Pinterest, Snapchat, Reddit and Threads. Where we access these APIs we comply with each platform\u2019s developer terms, platform policies and any privacy or transparency requirements they impose, including (where applicable) Meta\u2019s Platform Terms and Developer Policies, the X Developer Agreement and Policy, the LinkedIn API Terms of Use and the TikTok Developer Terms of Service. We will not use platform data for purposes that are inconsistent with these terms or the consent (or other lawful basis) under which the data was originally collected by the platform. Where a platform\u2019s terms require additional disclosures (for example, the YouTube API Services or the Meta Platform Terms), those disclosures are incorporated by reference into this Privacy Policy.<\/p>\n<h2><strong>9A. AI features and automated decision-making<\/strong><\/h2>\n<p>Emplifi offers a range of AI-powered features across our Services, including features built on third-party large language models (such as those provided by OpenAI). Where personal data is processed in connection with these features, we apply the following safeguards:<\/p>\n<ul>\n<li>No model training on customer data without consent. We do not use customer personal data, prompts or inputs to train our or any third-party generative-AI foundation models without an explicit, written agreement with the customer to that effect, and our contracts with our generative-AI sub-processors prohibit them from doing so;<\/li>\n<li>Risk classification under the EU AI Act. Our AI features are designed to operate as low-risk or limited-risk systems under Regulation (EU) 2024\/1689 (the EU AI Act) and we apply transparency information under Article 50 where applicable. We do not deploy AI systems for purposes prohibited by Article 5 of the EU AI Act, and we do not deploy AI systems for high-risk use cases listed in Annex III without a documented Algorithmic Impact Assessment and the further safeguards required by Articles 9 to 15 and 26;<\/li>\n<li>Human-in-the-loop. Outputs from our AI features are intended to assist human users (for example, marketers and customer-care agents). They are not intended to be relied on as the sole basis for decisions that produce legal effects or similarly significant effects on individuals (within the meaning of Article 22 of the EU and UK GDPR, section 12.1 of Quebec Law 25 and Article 20 of the Brazilian LGPD). Customers are responsible for the human review, validation and final use of any AI-generated content they publish or rely on through the Services;<\/li>\n<li>Automated Decision-making Technology under California law. To the extent any of our Services would, in a particular customer deployment, constitute \u201cautomated decision-making technology\u201d under the California Consumer Privacy Act regulations effective 1 January 2026 (Cal. Code Regs. tit. 11, \u00a7\u00a7 7000 et seq.), we will (i) provide pre-use notices, (ii) honour opt-out and access requests in line with sections 7220 to 7222, and (iii) document the corresponding risk assessment;<\/li>\n<li>Quebec Law 25 and LGPD transparency. Where a decision is rendered exclusively by automated processing and produces legal or similarly significant effects on a Quebec resident, we will provide the information required by section 12.1 of Quebec Law 25 (including the principal factors and parameters that led to the decision and the right to submit observations to a person who can review the decision). Where Article 20 of the Brazilian LGPD applies, we will, on request, provide clear and adequate information about the criteria and procedures used for the automated decision and the data subject\u2019s right to request human review;<\/li>\n<li>UK GDPR (as amended by the DUAA). For solely or predominantly automated decisions about UK individuals, we operate within the safeguards introduced by the Data (Use and Access) Act 2025, including transparency, the right to obtain meaningful information about the logic involved, the right to contest the decision and the right to obtain human intervention;<\/li>\n<li>DPIAs. We complete and maintain a Data Protection Impact Assessment for each AI feature in our Services that processes personal data. DPIAs are reviewed by Emplifi\u2019s Data Protection Officer and updated when we make material changes to a feature, add new sources of personal data, or change the underlying foundation model or sub-processor (consistent with the European Data Protection Board\u2019s guidance on AI privacy risks and mitigations for large language models);<\/li>\n<li>Singapore Model AI Governance Framework. We aim to align our AI feature governance with the Singapore IMDA \/ AI Verify Foundation Model AI Governance Framework for Generative AI (May 2024) and, where relevant, the Model AI Governance Framework for Agentic AI (2026); and<\/li>\n<li>Opt-out. Customers can disable specific AI features at any time through their account settings or by contacting their Emplifi customer success contact or Emplifi support.<\/li>\n<\/ul>\n<h2><strong>10. Security and location of your data<\/strong><\/h2>\n<p>We have implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines in accordance with good industry practice while keeping in mind the state of technological development in order to protect your data against accidental loss, destruction, alteration, unauthorized disclosure or access or unlawful destruction. Such measures may include, without limitation, taking reasonable steps to ensure the reliability of employees having access to your data and providing for limited access rights and access controls; authentication; personnel training; regular backup; data recovery and incident management procedures; restrictions on storing, printing and disposal of personal data; software protection of devices on which personal data are stored; etc.<\/p>\n<p>We have also implemented Information Security Management in accordance with the requirements of information security standard \u2013 ISO 27001, including penetration tests, vulnerability scans, secure development frameworks access management, supplier management and compliance processes. We have also successfully completed a SOC 2 Type II audit of our platform performed by an independent auditing firm.<\/p>\n<p>Data collected from you may be transferred to, and stored and processed in, the United States (US) or any other country in which Emplifi, its affiliates, subcontractors, suppliers, or other vendors maintain facilities. While we reserve the right to change our business partners and \/or data locations, when we transfer any personal data to the USA or any other country outside the EU or EEA in which Emplifi, its affiliates, subcontractors, suppliers or vendors maintain facilities, we will implement such appropriate legal mechanism as are required by EU law to ensure an adequate level of personal data protection by such third parties receiving your personal data (for example, European Commission\u2019s Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision (EU) 2021\/914 of 4 June 2021) (the \u201cSCCs\u201d)). In light of the applicable case law of the Court of Justice of the European Union (CJEU), we have performed a review of our vendor ecosystem to ensure that all our US-based vendors have signed the European Commission\u2019s SCCs. Further, we have entered into robust data processing agreements signed with our non-EU (sub)processors which contain SCCs (unless the transfer to the (sub)processors is subject to European Commission\u2019s adequacy decision) and which define strict security standards and measures to be employed by each our (sub)processor (including state of the art encryption) including additional safeguards \/ supplementary measures as required by applicable EU privacy case law and guidelines. We also contractually require our (sub)processors to provide us a prompt notice of any data breach or security incident concerning processed data.<\/p>\n<p>Data Privacy Framework. Emplifi Inc. and Pixlee TurnTo, Inc. participate in and have certified compliance with the EU\u2013US Data Privacy Framework, the UK Extension to the EU\u2013US Data Privacy Framework, and the Swiss\u2013US Data Privacy Framework, as administered by the U.S. Department of Commerce. We are committed to subjecting all personal data received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant Data Privacy Framework to the Framework\u2019s applicable Principles. To learn more about the Data Privacy Framework, and to view our certifications, please visit <a href=\"https:\/\/www.dataprivacyframework.gov\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.dataprivacyframework.gov\/<\/a>. In compliance with the Data Privacy Framework Principles, we commit to resolve complaints about our collection or use of your personal information; EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the Data Privacy Framework should first contact us at dataprivacy@emplifi.io. We have further committed to refer unresolved complaints to an independent dispute resolution mechanism (and, where applicable, to the binding arbitration option). The U.S. Federal Trade Commission has jurisdiction over our compliance with the Data Privacy Framework.<\/p>\n<p>UK transfers (DUAA). For transfers from the United Kingdom to a third country, we use the UK International Data Transfer Agreement or the UK Addendum to the EU SCCs, supported by a transfer risk assessment. Following the entry into force of the data protection provisions of the Data (Use and Access) Act 2025 on 5 February 2026, our UK transfer assessments apply the \u201cdata protection test\u201d (whether the standard of protection in the destination is \u201cnot materially lower\u201d than the UK standard) in line with updated ICO guidance.<\/p>\n<p>Other jurisdictions. For transfers of personal information of Quebec residents, we conduct an assessment of privacy-related factors under section 17 of Quebec Law 25 prior to any communication of the information outside Quebec. For Brazil, transfers comply with the international data-transfer rules under Articles 33 to 36 of the LGPD and ANPD Resolution CD\/ANPD No. 19\/2024 (including the use of standard contractual clauses where applicable). For Singapore, transfers comply with section 26 of the Personal Data Protection Act 2012, ensuring a comparable standard of protection to that under the PDPA. For other jurisdictions in which we operate (including the United Arab Emirates and Australia), we apply the locally required transfer mechanism.<\/p>\n<p>Data breach notification. We have implemented a data breach response plan. Where required, we will notify the relevant supervisory authority (and, where applicable, affected individuals) without undue delay and, in any event, within the timescales set by applicable law \u00a0(for example, 72 hours under Article 33 GDPR; without undue delay under section 26C of the Singapore PDPA where the breach is notifiable; within 72 hours under Article 48 of the Brazilian LGPD as elaborated by ANPD Resolution No. 15\/2024). We require our processors and sub-processors to notify us promptly of any actual or suspected data breach or security incident.<\/p>\n<p>For data processing locations, please refer to the list of our sub-processors and their location listed in Section 6.<\/p>\n<h2><strong>11. Cookies<\/strong><\/h2>\n<p>We use cookies so that the users can login into the system and fully navigate within the system; turning off cookies would result in the user being unable to login to the system.<\/p>\n<p>Additionally, we use cookies and other technologies (such as site measuring software and user experience software) to enhance your online experience and learn about how you use our services in order to improve the quality of the Services. We may combine data gained through cookies with other data you provide to us.<\/p>\n<p>Further information relating to the use of cookies is available at\u00a0<a href=\"https:\/\/emplifi.io\/legal\/privacy-policy\/\">emplifi.io\/legal\/privacy-policy<\/a>.<\/p>\n<h2><strong>12. Your rights<\/strong><\/h2>\n<p>This Section describes your rights under the applicable laws and how to apply them. If you exercise any of your rights pursuant to this Section or pursuant to applicable laws, we will communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with your request to each recipient to whom the personal data have been disclosed pursuant to Section \u200e6 of this Privacy Policy, unless such communication proves impossible or involves disproportionate effort.<\/p>\n<p>If you wish to exercise these rights and\/or obtain all relevant information about the processing of your personal data, please contact us at\u00a0<a href=\"mailto:support@emplifi.io\">support@emplifi.io<\/a>. You will be asked to identify yourself; this is necessary to verify that the request has been sent by you. We will respond within 1 month after receipt of your request, but we retain the right to extend this period up to 2 months in exceptional circumstances. We will in any event inform you within 1 month after receipt of your request if we decide to extend the period for our response.<\/p>\n<p>In accordance with applicable laws and as further described below, you have the right to request access to your personal data and information about their processing, the right to rectification, erasure or portability (e.g. transfer of your personal data to another service provider) of your personal data we process, as well as the right to object to the processing of your personal data and\/or request restriction of such processing.<\/p>\n<p>Please note that your objection to processing could mean that we are unable to provide you with our Services or otherwise perform the actions necessary to achieve the purposes set out above (see Section \u200e3 \u2018How we use the data\u2019).<\/p>\n<p>It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us via the contact details in Section 14 \u2018Contact Us\u2019.<\/p>\n<h3><strong>Information about, access to, and rectification of your personal data<\/strong><\/h3>\n<p>According to applicable laws, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed (pursuant to the process described above), and, where that is the case, the right to access and rectify your personal data you have shared with us. Through your settings of the Services, you can access and update your account information and change your profile settings.<\/p>\n<p>If you wish to limit or change access to or the sharing of your personal data with a social network, please do this via your account settings on that social network.<\/p>\n<h3><strong>Accuracy of your personal data<\/strong><\/h3>\n<p>We take reasonable measures to ensure that you are able to keep your personal data accurate and updated. You can always approach us in order to obtain confirmation whether or not we still process your personal data.<\/p>\n<p>If you find out that your personal data processed by us is inaccurate or incomplete and you are unable to update your personal data according to Section 2 of this Privacy Policy, you may request us to update such personal data. We will verify your identity and update your personal data on your behalf.<\/p>\n<h3><strong>Erasure of your personal data<\/strong><\/h3>\n<p>You can ask us to erase your personal data at any time. If you approach us with such a request, we will delete all your personal data we have without undue delay, provided that your personal data is no longer necessary for the provision of the Services or other permitted purposes, in particular in connection with exercising and defending our legal rights, or meeting our legal obligations. We will also delete (and ensure deletion by the processors that we engage) all your personal data in case you withdraw your consent or in the circumstances that the law requires us to do so.<\/p>\n<h3><strong>Restriction of processing<\/strong><\/h3>\n<p>If you request us to restrict the processing of your personal data, e.g. in circumstances when you contest the accuracy, lawfulness or our need to process your personal data, we will limit processing of your personal data to the necessary minimum (storage) and, if applicable, will process them only for the establishment, exercise or defense of legal claims or, where necessary, for protection of rights of another natural or legal person, or other limited reasons dictated by the applicable law. In case the restriction is lifted, and we continue processing your personal data, you will be informed accordingly without undue delay.<\/p>\n<h3><strong>Portability of your personal data<\/strong><\/h3>\n<p>You have the right to receive personal data relating to you and which you have provided to us. If you approach us with such request, we will provide your personal data in commonly used and machine-readable format to you without undue delay from receipt of your request. If you request so, we will send your personal data to a third party (another data controller) which you will identify in your request, unless such request would adversely affect rights or freedoms of others and where technically feasible.<\/p>\n<h3><strong>Objection to processing<\/strong><\/h3>\n<p>You have the right to object to our using your personal data on the basis of our legitimate interests (refer to Section \u200e4 above to see when we are relying on our legitimate interests) (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. In such case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for their further processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of our legal claims. If you object to processing of your data for direct marketing purposes, we will cease to process your data for these purposes.<\/p>\n<h3><strong>Withdraw your consent<\/strong><\/h3>\n<p>If you have provided us any consent with the processing of personal data, for example for marketing communication, you can withdraw your given consent at any time without stating any reason. We will block your personal data for any further processing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing based on consent before its withdrawal.<\/p>\n<h3><strong>Complaint to a data protection authority<\/strong><\/h3>\n<p>You have the right to submit a complaint concerning our data processing activities to a competent supervisory authority. The Czech supervisory authority for Emplifi Czech Republic a.s. is\u00a0 \u00da\u0159ad pro ochranu osobn\u00edch \u00fadaj\u016f, Pplk. Sochora 727\/27, 170 00 Praha 7, Czech Republic. Depending on your location, you may also lodge a complaint with: the Information Commissioner\u2019s Office (ICO) in the United Kingdom; the Commission d\u2019acc\u00e8s \u00e0 l\u2019information du Qu\u00e9bec (CAI); the Office of the Privacy Commissioner of Canada (OPC); the California Privacy Protection Agency or California Attorney General; the Personal Data Protection Commission (PDPC) in Singapore; the Autoridade Nacional de Prote\u00e7\u00e3o de Dados (ANPD) in Brazil; or the supervisory authority in your jurisdiction of residence.<\/p>\n<h3><strong>Additional rights for California residents (CCPA\/CPRA)<\/strong><\/h3>\n<p>If you are a California resident, you have the rights to know, access, correct and delete your personal information; the right to opt out of the sale or sharing of your personal information; the right to limit the use and disclosure of sensitive personal information; the right to non-discrimination; and (with effect from 1 January 2026 \/ 1 January 2027 as applicable) the rights to opt out of, access, and (where applicable) appeal automated decision making technology used to make significant decisions about you, in accordance with the regulations adopted by the California Privacy Protection Agency. We honour Global Privacy Control (GPC) and other valid opt-out preference signals as a request to opt out of the sale and sharing of personal information. To exercise these rights, please email <a href=\"mailto:support@emplifi.io\" target=\"_blank\" rel=\"noopener\">support@emplifi.io<\/a>. You may use an authorized agent to submit a request on your behalf, subject to verification.<\/p>\n<h3><strong>Additional rights for Quebec residents (Law 25)<\/strong><\/h3>\n<p>If you are a Quebec resident, in addition to the rights set out above, you have the right to data portability under section 27 of Quebec Law 25 (the right to receive computerized personal information you provided to us in a structured, commonly used technological format and to have it transmitted to another person or body authorized to receive it, where technically feasible); the right to be informed of, and to request information about, decisions rendered exclusively by automated processing under section 12.1, including the principal factors and parameters that led to the decision and the right to submit observations to a person who can review the decision; and the right to deindexation in certain circumstances under section 28.1.<\/p>\n<h3><strong>Additional rights for Brazilian data subjects (LGPD)<\/strong><\/h3>\n<p>If you are a data subject in Brazil, you have the rights set out in Article 18 of the LGPD, including: the right to confirmation of the existence of processing; the right of access; the right of correction; the right to anonymization, blocking or deletion of unnecessary, excessive or non-compliant data; the right to data portability; the right to deletion of personal data processed with your consent; the right to information about public and private entities with which we have shared your data; the right to information about the possibility of refusing consent and the consequences of refusal; the right to revoke consent; and the right under Article 20 to request the review of decisions taken solely on the basis of automated processing of personal data that affects your interests.<\/p>\n<h3><strong>Additional rights for Singapore individuals (PDPA)<\/strong><\/h3>\n<p>If you are an individual in Singapore, you have the right to access and correct your personal data under sections 21 and 22 of the Personal Data Protection Act 2012 and (when in force) the right to data portability under the forthcoming Data Portability Obligation. You may also withdraw consent on which any processing is based.<\/p>\n<h3><strong>Additional rights for UK individuals (UK GDPR \/ DUAA)<\/strong><\/h3>\n<p>If you are in the United Kingdom, your rights under the UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025 mirror the rights set out above. We will respond to data-subject access requests within one month and, where the response involves a search of our systems, the search will be reasonable and proportionate. The DUAA also requires us to acknowledge data-protection complaints within 30 days; we will do so via the contact details in Section 14 below.<\/p>\n<h2><strong>13. Children<\/strong><\/h2>\n<p>Our Services are designed for business (B2B) use and are not directed to children. We do not knowingly collect personal information directly from children under the age of 16, and where required by applicable law (such as the U.S. Children\u2019s Online Privacy Protection Act for children under 13, the EU and UK GDPR for children below the relevant age of digital consent set by Member State law (typically between 13 and 16), Quebec Law 25 (which requires the consent of a person having parental authority for children under 14), the Brazilian LGPD (which provides specific protections for children and adolescents under Article 14), and the California Consumer Privacy Act (which now treats personal information collected from a consumer under the age of 16 as \u201csensitive personal information\u201d from 1 January 2026)) we do not knowingly collect, use or disclose such information without the verifiable consent of a parent or guardian or another lawful basis. If we become aware that we have inadvertently collected personal information from a child in circumstances that require parental consent and that consent has not been obtained, we will delete the information and close any related account without undue delay. We also recognize that the Services may incidentally process information about minors that has been published on social media by other users; we apply additional safeguards to such data, including (where applicable) the children\u2019s higher protection matters introduced by Part 5 of the UK Data (Use and Access) Act 2025 and the ICO Children\u2019s Code, and the protections set out in Brazil\u2019s ECA Digital and ANPD\u2019s 2026\u20132027 Priority Themes Map. If you are a parent or guardian and you believe that your child has provided personal information to us without your consent, please contact us using the details in Section 14 below and we will take appropriate action.<\/p>\n<h2><strong>14. Contact Us<\/strong><\/h2>\n<p>If you have any queries regarding our data collection and protection practices or your rights, please do not hesitate to contact our Data Protection Officer at\u00a0<a href=\"mailto:support@emplifi.io\" target=\"_blank\" rel=\"noopener\">support@emplifi.io<\/a>.<\/p>\n<p>EU representative. Where Article 27 of the EU GDPR applies, our EU establishment Emplifi Czech Republic a.s. (Plze\u0148, Pod V\u0161emi svat\u00fdmi 427\/17, Severn\u00ed P\u0159edm\u011bst\u00ed, 301 00, Czech Republic) acts as our point of contact for EU data subjects and supervisory authorities, and our DPO can be contacted at the email above.<\/p>\n<p>UK contact. For UK-related queries, please contact our DPO at the email above.<\/p>\n<p>Brazil DPO (Encarregado). Where Article 41 of the LGPD applies, please contact <a href=\"mailto:support@emplifi.io\" target=\"_blank\" rel=\"noopener\">support@emplifi.io<\/a> for the contact details of our designated Encarregado.<\/p>\n<p>Quebec privacy officer. Where required by section 3.1 of Quebec Law 25, the person in charge of the protection of personal information for Emplifi Canada Inc. can be contacted at <a href=\"mailto:support@emplifi.io\">support@emplifi.io<\/a>.<\/p>\n<p>Singapore DPO. The Data Protection Officer for Socialbakers Singapore Pte. Ltd. (16 Raffles Quay, #33-03, Hong Leong Building, Singapore 048581) can be contacted at <a href=\"mailto:support@emplifi.io\">support@emplifi.io<\/a> as required by section 11(3) of the Personal Data Protection Act 2012.<\/p>\n","page_cta_group":{"show_section":true,"use_global_cta":true,"section_subhead":"","section_headline":"","section_text_left":"","section_text_right":"","section_button":null},"awards_group":{"show_section":true,"use_global_awards_text":true,"section_subhead":"","section_headline":"","section_text":"","use_global_awards":true,"awards":false},"sidebar_type":"static","sidebar_builder":[{"acf_fc_layout":"table_of_contents","title":"TABLE OF CONTENTS","type":"automatic","links":[{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}},{"link":{"title":"Product Privacy Policy","url":"https:\/\/emplifi.io\/de\/legal\/product-privacy-policy\/","target":""}}]}],"form_embed":"","remove_gtm":false,"hide_social_sharing":true,"hide_sidebar":false,"marketo_form":"0"},"_links":{"self":[{"href":"https:\/\/emplifi.io\/de\/wp-json\/wp\/v2\/pages\/12629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emplifi.io\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/emplifi.io\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/emplifi.io\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/emplifi.io\/de\/wp-json\/wp\/v2\/comments?post=12629"}],"version-history":[{"count":0,"href":"https:\/\/emplifi.io\/de\/wp-json\/wp\/v2\/pages\/12629\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/emplifi.io\/de\/wp-json\/wp\/v2\/pages\/10441"}],"wp:attachment":[{"href":"https:\/\/emplifi.io\/de\/wp-json\/wp\/v2\/media?parent=12629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}