Last updated: May 14th 2019
Conversion Crimes operates https://conversioncrimes.com (the “Site”). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.
We use your Personal Information only for providing our services and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.
1. Information Collection And Use
1.1 While using our Site and when creating an account with us, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.
1.3 Personally identifiable information held and analyzed may include, but is not limited to; your name, email address, language, birth year, family info and occupation. We will let you know prior to collection whether the information you are providing is compulsory or voluntary, and the consequences of not sharing the information. And we will keep this information as long as a valid business purpose exists.
1.4 Access to personally identifiable data can be gained upon request of access, correction or deletion by completing a Support Form or by emailing email@example.com with the subject line; “Personal data”.
1.5 We collect personally identifiable information to create your Customer or Tester profile. This will help us match Testers to the tests they are eligible to complete. It will also help us understand our Customer needs and what they would like to achieve with using Conversion Crimes.
1.6 We do not collect payment information. Our payments are processed through Paypal.
1.7 Conversion Crimes provides access to “Dashboard” and related services that allows Conversion Crimes Users (or “Customers”) to create usability tests “User Tests”. Conversion Crimes also allows individuals taking part in such User Tests, “Testers”, to perform and record tests set by “Customers”.
1.8 Your personally identifiable information will not be shared with any 3rd parties (Testers see paragraph 1.17). Unless it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
1.9 Under GDPR rules, we collect personally identifiable information for the following lawful bases;
Consent – you have given clear consent for us to process your personal data for a specific purpose.
Contractual – processing your personal data is required to fulfil a contract between you and us, and we have asked you to take specific steps before entering into a contract.
Legitimate Interests – it is in ours and your legitimate interests for us to keep or use your personal data.
1.10 We at Conversion Crimes have an appointed Data Protection Officer who handles and manages all of our Customer and Tester data. You can contact our Data Protection Officer at firstname.lastname@example.org with the subject line; “GDPR support”.
1.11 Information you share with us will be used for your Customer or Tester profile. As a Tester, we will use this data to assign suitable “Tests” of which you are eligible to carry out. The criteria of which will be set by the Customer who creates the test. (This also means Customers may have access to your data as a Tester. See paragraph 1.17).
1.12 As a Customer, your information will be used to create your Conversion Crimes Customer profile, it may also be used by us if we need to contact you regarding your account or for other reasons.
1.13 Other ways we use your information include, but is not limited to;
Fulfilling orders and providing the services.
Addressing and responding to issues.
Detecting, preventing or otherwise addressing fraud, security, unlawful or technical issues.
Improving and enhancing our services.
Provide analysis or valuable information back to our Customers and Testers.
Removal of data
1.14 You may request to have your data removed at any time by contacting us at email@example.com or by completing a Support Form, provided such removal complies with all applicable laws or regulations, including criminal offence data.
1.15 At Conversion Crimes we reserve the right to erase Customer or Tester data from our Site, at our own discretion whenever we deem necessary.
1.16 Customers will have responsibility to ensure that the information provided by Testers during User Tests, is collected and processed in accordance with applicable laws. Conversion Crimes will not process Tester Data for other purposes or by other means than as instructed by Customers, or as necessary to provide the Services.
1.17 Your personal data, as a Tester, may be shared with Conversion Crimes Customers in accordance with our Terms & Conditions. It will only be shared with the Customers who created the test you take. The information that can be shared with Conversion Crimes Customers may include, but may not be limited to; your name, family information, occupation and/or language.
California Online Privacy Protection Act (CalOPPA)
1.18 In accordance with CalOPPA laws, we agree to the following:
Users can visit our site anonymously.
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
1.20 You can change your personal information by logging in to your account or by contacting us via a Support Form or by emailing firstname.lastname@example.org with the subject line; “Personal information change request”.
General Data Protection Regulation (GDPR)
The GDPR applies to ‘controllers’ and ‘processors’. A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. The GDPR places specific legal obligations on the processor; for example, a processor is required to maintain records of personal data and processing activities. Whoever is responsible for a breach will have legal liability. However, a controller is not relieved of obligations where a processor is involved – the GDPR places further obligations on the controller to ensure their contracts with processors comply with the GDPR. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU. The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities – See more at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/711097/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf.
1.21 In accordance with GDPR laws, we agree to the following;
We have reviewed the purposes of our processing activities, and selected the most appropriate lawful basis (or bases) for each activity.
We have checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
We have documented our decision on which lawful basis applies to help us demonstrate compliance.
Where we process special category data, we have also identified a condition for processing special category data, and have documented this.
Where we process criminal offence data, we have also identified a condition for processing this data, and have documented this.
1.22 For Customers in the European Economic Area (EEA), or for Customers engaging Testers in the EEA, the Customer will be the “controller” as defined by the European Union’s General Data Protection Regulation (GDPR).
Personal Information Act (PIPEDA)
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations. It sets out the ground rules for how businesses must handle personal information in the course of commercial activity.
1.23 Under PIPEDA law, we agree to the following;
Accountability: We are responsible for the personal information under our control.
Consent: Individuals’ consent is needed for the collection, use or disclosure of personal information.
Limiting Collection: Information is collected by fair and lawful means and is limited to the data needed for the purpose identified by us.
Limiting Use, Disclosure, and Retention: Personal information will only be used or disclosed for the purposes for which it was collected and must be kept solely for the duration required to serve those purposes unless you consent otherwise or it is required by law.
Accuracy: Personal information must be as accurate, complete, and as up-to-date as possible in order to properly satisfy the purposes for which it is to be used.
Safeguards: Personal information will be protected through appropriate security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.
Openness: We will be open about our policies and practices relating to the management of personal data and ensure that such information is easily available to you in a generally understandable format.
Individual Access: Upon request, you will be informed of the existence, use, and disclosure of your personal information and be given access to it. You have the right to challenge the accuracy and completeness of that information and have it amended as appropriate. We may deny access to personal data if the information cannot be disclosed for legal, security, or commercial proprietary reasons or is subject to solicitor-client or litigation privilege.
Challenging Compliance: You can challenge our compliance with PIPEDA’s principles and address your challenge to our Privacy Officer in charge of PIPEDA compliance by emailing email@example.com with the subject line; “PIPEDA compliance challenge”, or by completing a Support Form.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
1.24 In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur, we will notify the users via on-site notification within 7 business days.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
1.25 We collect your email address in order to:
Send information, respond to inquiries, and/or other requests or questions.
Process orders and to send information and updates pertaining to orders.
Send you additional information related to your product and/or service.
Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
1.26 To be in accordance with CAN-SPAM, we agree to the following:
Not use false or misleading subjects or email addresses.
Identify the message as an advertisement in some reasonable way.
Include the physical address of our business or site headquarters.
Monitor third-party email marketing services for compliance, if one is used.
Honor opt-out/unsubscribe requests quickly.
Allow users to unsubscribe by using the link at the bottom of each email.
1.27 If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Children Online Privacy Protection Act (COPPA)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
1.28 We do not specifically market to children under the age of 13 years old.
2. Log Data
2.1 Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”).
2.2 This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services such as Google Analytics – www.google.com/policies/privacy/partners which collects, monitors and analyzes this data.
2.3 If a visitor arrives at Conversioncrimes.com via an external source, we will record this.
3.1 We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that is relevant to our services.
3.2 We may also use your personal information to contact you in the following regards, including, but not limited to; password changes, account verification and test notifications.
Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive.
4.1 Like many sites, we use “cookies” to collect information, which may also be shared with Google Analytics – www.google.com/policies/privacy/partners which will collect, monitor and analyze our cookie data. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
4.2 We collect this information to better understand how our visitors use our site and thus improve our visitor’s user experience. We also collect this information to protect and monitor the security of the site.
5.1 Any information stored on the Conversion Crimes website will be treated as confidential and accessed by authorized personnel only. The security of your personal information is important and appropriate organizational, technical and security measures will be taken to ensure that your information isn’t lost, stolen, damaged or destroyed. However, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. All sending and sharing of information is done at the senders own risk.
5.2 We use regular Malware Scanning. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
5.3 In addition, all sensitive/personal information you supply is encrypted via Secure Socket Layer (SSL) technology.
5.4 We implement a variety of security measures to maintain the safety of your personal information when a user places an order, enters, submits, or accesses their information. All transactions are processed through a gateway provider (www.paypal.com) and are not stored or processed on our servers.
Conversion Crimes Inc.
2261 Market Street #4237
San Francisco CA, 94114