Groove Privacy Policy

Updated May 21, 2018

Groove is a hosted web application ("Service") developed and maintained by Groove Networks, LLC., doing business as "Groove".

We care about your personal data you entrust with us. Demonstrating Groove’s engagement in personal data protection we are bringing you the key facts about how we handle personal data processing in Groove.

We are GDPR ready

GDPR is the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Data Protection Officer

Groove Networks LLC, 2 Dearborn St. Newport, RI United States is a data controller and a processor of personal data provided in Service.

Groove has its headquarters in the USA so we have appointed a representative and internal data protection officer ("DPO") for you to contact if you have any questions or concerns about Groove’s personal data policies or practices.

You can reach out to our Data Protection Officer at dpo@groovehq.com.

What do we do:

We provide a web application for help desk support. The main activity of Groove is gathering Your data from various channels (like email, twitter, facebook or widget you embed on your site - for a full list, see our Knowledge Base), grouping it, cross referencing and categorizing in order to make it accessible in the most user-friendly way, allowing you to deliver best possible support for your customers.

In order to perform our Service we process:

How do we collect personal data:

Visitors data

Where the website is used for informational purposes, so that You do not register as a user of the website or transmit other information to us, we do not collect any personal data, with the exception of the data which Your browser transmits to us in order to allow You to access the website. This data is:

Your personal data

Groove collects personal data (name, email) during registration process and when You add new Agents. Groove also collects personal data such as IP address and API token when You use our Service.

If You activate new features it’s possible new personal data will be collected. We will always inform You on the legal grounds and purposes of data collecting and also enable You to study the current Privacy Policy.

Your customer data

As a processor we do not collect any personal data without Your consent – we process Your customers’ personal data on Your behalf, which You have collected and explicitly provided to the Service. All this data belongs to You, we store it on our servers to support all of the Service’s features and remove them whenever You instruct us to.

We also provide You with features that enable You to profile Your customers by tracking their movements on the Knowledge Base (KB),by tracking read emails opened by Your customers as also we collect Your customers’ satisfaction ratings (for further information please visit Tracking and Profiling).

What kind of data do we process

Your personal data

We collect information how You use our Service, i.e. which features You use the most, which pages You visit, which buttons You click. We use cookies – you can find more info in the Cookies section.

Your customer data:

This category is all data You give us access to in order for us to process it, store it and present it to You in the most productive and user-friendly way to help You deliver the best support experience for Your customers.

We also build on top of these channels to give You additional features, such as collecting information regarding the time of opening an email by Your customer, tracking Your customers' movements on KB and collecting Your customers’ satisfaction ratings.

We also collect Your customers' data which Your browser sends to us - please look at Visitors data.

We enable You to use third-party services.

If anything is unclear please contact our DPO at dpo@groovehq.com.

What are the legal grounds for processing data

We process Your data either on contractual ground (processing is necessary for the fulfillment of a contract or in order to take steps at Your request prior to entering into a contract) or when You have given us Your explicit consent.

We process Your customer data as processor pursuant to Data Processing Agreement.

What are the purposes of processing data:

Your personal data

Service performance purposes means all data processing relevant to providing You with Service. This is information which we need for creating an account for You (name, e-mail address, billing information) but also to develop and maintain our Service (cookies, API token, internet protocol (IP). Groove analyzes trends, tracks Your movements so we can adjust Service to Your needs.

Marketing purposes mean that we want to inform You about our new features and products and send You a newsletter regarding it via email.

You can always withdraw Your consent – more at Right to withdraw consent.

Your customer data

We process Your customer data on Your behalf so you can use Groove.

We provide You with features that enable You to profile Your customers (tracking read emails, tracking online movements in Knowledge Base, tracking customers’ satisfaction ratings).

Tracking and Profiling

Your personal data

We use online tracking which means Groove collects certain information automatically and stores it in log files and databases. The information includes internet protocol (IP) addresses, browser type, operating system and other usage information about the use of the Grooves’ website, including a history of the pages You visit in Groove. Groove analyzes trends, tracks Your movements, and gathers this information in order to make better decisions in terms of product development, so it better suits Your needs and also for assisting us in debugging issues You report to us via our own support channels.

Although online tracking is an automated process in which we collect personal data (Your movements online) Groove does not make any predictions or draws no conclusion about an individual – You – on that account. We use online tracking only for Service development. We don’t create any profiles nor do we make any decisions concerning You that are made based on online tracking. We are not profiling You.

Your customer data:

We use email read receipt tracking as a feature of Service. We collect Your customers’ satisfaction ratings.

We use Knowledge Base as a feature of Service. Your customers can be tracked while using Knowledge Base. We collect their internet protocol (IP), the region or general location where Your customers’ computer or device is accessing the internet. We use cookies to track Your customers activity on the Knowledge base. Based on collected data Groove provides You with a statistical report. You may on that account make predictions or draw conclusions. Your customers are being profiled on Your behalf.

If you are a customer please contact your data controller – this is an entity you interact directly with.

In case of any doubts please contact our dpo@groovehq.com.

Cookies

A cookie is a small amount of data which often includes an anonymous unique identifier that is sent to Your browser from a web site’s computers and is stored on Your computers hard drive. Cookies are required to use Groove in order to uniquely identify Your browser and user preferences while logged in. We use non-permanent cookies that last for up to two weeks, after which You will be required to log in to the Service again.

You can control and/or delete cookies as You wish using Your browser preferences. You can delete all cookies that are already on Your computer and You can set most browsers to prevent them from being placed. If You do this, however, You may have to manually adjust some preferences every time You visit Groove and some services and functionalities may not work.

Who do we disclose Your data to

We cooperate with several third parties, however we do not disclose any personal data to them without Your demand or consent. If You wish to use any of third-parties services You will be asked to agree to third parties’ terms and conditions (including privacy policies).

We are not liable for third parties compliance to data protection however we do not cooperate with any entity which does not demonstrate strong data protection care.

The list of third parties can be found here.

Where and to whom do we transfer Your data

In order to maintain and develop Service Groove engages another entities. You gave us general written authorisation in Data Processing Agreement.

The list of sub-processors be found here.

Groove notifies You if we intend to change the list so You have the opportunity to object to such changes.

Your rights

Access

You have a right to be informed about Your personal data processing, including the source of Your data collection, purpose of its processing and how long it will be stored .

If You have any question regarding Your personal data please contact our DPO at dpo@groovehq.com.

Rectification:

You have a right to access and change Your personal data provided during registration or creating an account. You can do this in the Profile section of Your Account Settings.

More info about Your rights as a Service user here (active link – Knowledge Base).

Erasure ("right to be forgotten"):

In line with GDPR enforcement of the right to be forgotten, Groove introduces internal procedures which will streamline this process.

In other words You (as an Account owner and/or Admin) can decide whether You wish to permanently delete a whole account, a user account or just specific personal data. If You decide so the process will be irreversible.

Deletion can be performed by either using a "delete" function next to an appropriate piece of data in the Service (for example, Delete Ticket) or by contacting us on support@groovehq.com when a built-in option is not available.

Groove reserves the right to refuse permanent deletion for a legitimate reason, in particular but not limited to if current business affairs are not yet finished.

Restriction on processing:

You have a right to demand ceasing processing your data or restricting its processing with respect to exceptions set forth in art. 18 GDPR.

If You have any question regarding Your restriction rights please contact our DPO at dpo@groovehq.com.

Portability:

If You need to export/import data to the Service in a way which is not available, please contact us at support@groovehq.com so we can help You with Your custom needs.

However, we also have exposed an API which allows You to easily access Your data in a portable way as well import data from other systems.

You can read more about the API here: https://www.groovehq.com/docs

Right to withdraw consent:

You always can withdraw Your consent for processing Your data for marketing. To do so just contact us at support@groovehq.com.

Lodge a complaint

You have a right to lodge a complaint with the appropriate data protection authority if You have concerns about how Groove processes Your personal data. For more information please contact our DPO at dpo@groovehq.com.

Cross-border US - EU transfer

Groove is established in the United States. Information we collect from You and on Your behalf will be processed in the United States.

The United States has not sought nor received a finding of "adequacy" from the European Union under Article 45 of the GDPR. Groove relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, Groove collects and transfers to the U.S. personal data only: with Your consent; to perform a contract with You; or to fulfil a compelling legitimate interest of Groove in a manner that does not outweigh Your nor Your customers’ rights and freedoms. Groove endeavours to apply suitable safeguards to protect the privacy and security of Your and Your customers’ personal data and to use it only consistent with Your relationship with Groove and the practices described in this Privacy Policy.

Data storage

Groove stores Your and Your customers’ personal data on the servers of the cloud-based database management services Groove engages, located in the United States. Groove is hosted at AWS which announced compliance with GDPR. For more information on their servers and security, please see AWS security whitepaper (https://aws.amazon.com/whitepapers/overview-of-security-processes/).

Full list of hosting providers can be found here.

Groove notifies You if we intend to change the list so You have the opportunity to object to such changes.

For more information regarding data storage contact our DPO at dpo@groovehq.com.

Retention

We keep all Your data that You have provided to us for the duration of Your business relationship with us and we remove data:

Most of personal data is deleted once You demand it or our business relation is ceased, however we keep Your name and email address longer until all possible business affairs are finished.

For more information please contact our DPO at dpo@groovehq.com.

Security of data

We are committed to ensuring the best security for You, which means choosing the best hosting providers and data storage solutions, including those having ISO 27001 and PCI Level 1 certifications. We ensure encryption of communication not only between You and our servers but also internally between parts of our Service.

Groove restricts access to Your personal data to those employees who need to know that information to provide benefits or services to You. We maintain an internal Security Policy which ensures that all sensitive information is always transferred using secure, encrypted channels. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of Your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Legal obligations regarding data.

Groove discloses personal data we process if necessary for the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Changes and updates to the Privacy Policy

As Groove changes from time to time, this Privacy Policy is expected to change as well. We reserve the right to amend the Privacy Policy at any time, for any reason. We will inform You about that change by sending to You an email. Remember to check our Privacy Policy website.

Contact & Questions

In case of any queries please contact Groove’s DPO at dpo@groovehq.com.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.