Privacy Notice

Data Controller and Data Processor

NotificationAPI’s business customers are the data controllers for most of the information that is entered into the NotificationAPI web application, website, and supporting systems or that is shared periodically with NotificationAPI employees to deliver services. This positions NotificationAPI as the data processor for most information stored and processed by NotificationAPI. There are some pieces of information that are collected directly by NotificationAPI to facilitate security, logging, and application performance. These items include IP address and behavior within the NotificationAPI platform. For these pieces of information, NotificationAPI acts as the data controller and processor. Additionally, NotificationAPI employs a variety of technologies and partners that periodically act as sub-processors (detailed list below). If users have any questions or concerns about the processing and handling of their personal information, they may reach out to NotificationAPI directly by email at security@notificationapi.com.

Types of Data Collected

The NotificationAPI web application and supporting applications collect the following types of personal data: cookies, usage data (e.g., page visits, clicks, time on page), email address, phone number, first name, last name, province, state, country, ZIP/Postal code, city, address, and company name.

Complete details on each type of personal data collected are provided in the dedicated sections of this Privacy Policy or by specific explanation texts displayed before the data collection.

The NotificationAPI web application may collect personal data that the user may freely provide, or, in case of usage data, collect when using this website, the NotificationAPI web application, and its supporting applications.

Specific data is required for the NotificationAPI web application and supporting applications to provide services. If data is mandatory, it is noted throughout the website and NotificationAPI web application. If the NotificationAPI website or NotificationAPI web application specifically states that data is not mandatory, users are free to not share this data without consequences to the availability or the functioning of the service.

Users who are uncertain about which personal data is mandatory are welcome to contact NotificationAPI at security@notificationapi.com.

Any use of cookies–or other tracking tools–by the NotificationAPI website, the NotificationAPI web application, and its supporting applications serves the purpose of providing the service for which NotificationAPI has been engaged, in addition to any other purposes described in the present document and the Cookie Policy.

Mode, Place, and Methods of Processing the Data

NotificationAPI takes appropriate security measures to prevent unauthorized access, disclosure, modification, or data destruction.

Data is processed using computers or tech-enabled tools, following organizational policies and procedures strictly related to the purposes indicated. In some cases, data may be accessible to NotificationAPI employees involved with the NotificationAPI website’s operation, the NotificationAPI web application (platform), and supporting applications. Data may also be accessible to external parties appointed, if necessary, as data processors or sub-processors by NotificationAPI. External parties may include third-party technical service providers, hosting providers, and IT companies.

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent. Exceptions are made only within the bounds of our legal basis for processing, as outlined in this policy.

Legal Basis of Processing

NotificationAPI may process personal data relating to users if one of the following applies:

• Users have given their consent for one or more specific purposes.
• Provision of data is necessary for the performance of an agreement with the user.
• Processing is necessary for compliance with a legal obligation.
• Processing is necessary for the legitimate interests pursued by the controller or by a third party.

In any case, NotificationAPI will gladly help clarify the specific legal basis that applies to the processing, mainly whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract.

Place

The data is processed at NotificationAPI’s operating offices, hosting facilities, and, for some data, third-party sub-processors. The majority of data is stored and processed within US. Upon request, the majority of the data can be stored and processed within Canada. In some cases data may be stored within the US or EU via third-party sub-processors.

Depending on the user’s location, data transfers may involve transferring the user’s data to a country other than their own. To find out more about the processing of such transferred data, users can consult the section containing details about the processing of personal data. Users are entitled to learn about cross-border data transfers. If any such transfer occurs, users can find out more by checking the relevant sections of this document or inquiring directly with NotificationAPI.

Retention Time

Personal data is processed and stored for as long as required to fulfill the purpose for which it is collected.

Therefore:

• Personal data collected for the performance of a contract between NotificationAPI and a business customer is retained until such contract has been entirely performed or the business customer asks for the data to be deleted.
• Personal data collected for NotificationAPI’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding NotificationAPI’s legitimate interests within the relevant sections of this document or by contacting NotificationAPI.

NotificationAPI may be allowed to retain personal information for a more extended period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, NotificationAPI may be obliged to retain personal data for a more extended period whenever required to perform a legal obligation or upon order of an authority.

Once the retention period expires, the user’s personal data will be securely deleted.

The Purposes of Processing

The data concerning the user is collected to allow NotificationAPI to provide its services, as well as for the following purposes: analytics, user database management, managing contacts and sending messages, handling payments, interaction with external social networks and platforms, remarketing and behavioral targeting, contacting the user, displaying content from external platforms, hosting and backend infrastructure, interaction with live chat platforms, and spam protection.

Users can find further detailed information about such purposes of processing and the specific personal data used for each purpose in the respective sections of this document.

Detailed Information on the Processing of Personal Data

Personal data is collected for the following purposes and using the following services and third parties:

Analytics

The services contained in this section enable NotificationAPI to monitor and analyze web traffic and can be used to keep track of user behavior.

HubSpot Analytics (HubSpot, Inc.)

HubSpot Analytics is an analytics service provided by HubSpot, Inc.

Personal data collected: email addresses, cookies and usage data.

Place of processing: US – Privacy Policy

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of this application, to prepare reports on its activities, and to share the reports with other Google services.

Google may use the data collected to contextualize and personalize the ads of its own advertising network.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy

FullStory

FullStory is an analytics service provided by FullStory, Inc.

Personal data collected: email addresses, cookies and usage data.

Place of processing: US – Privacy Policy.

Twitter Ads Conversion Tracking (Twitter, Inc.)

Twitter Ads conversion tracking is an analytics service provided by Twitter, Inc. that connects data from the Twitter advertising network with actions performed on this application.

Personal data collected: cookies and usage Data.

Place of processing: US – Privacy Policy.

Google Ads Conversion Tracking (Google Inc.)

Google Ads conversion tracking is an analytics service provided by Google Inc. that connects data from the Google Ads advertising network with actions performed on this application.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy. Privacy Shield participant.

Google Tag Manager (Google Inc.)

Google Tag Manager is an analytics service provided by Google Inc.

Personal Data collected: cookies and usage data.

Place of processing: US – Privacy Policy.

Contacting the User

Email Contact (The NotificationAPI Web Application)

By registering on the website or making a purchase, the user’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature, or important account information concerning the NotificationAPI web application.

Personal data collected: address, city, company name, cookies, country, email address, first name, last name, phone number, job role, province, state, usage data, and ZIP/Postal code.

Phone Contact (The NotificationAPI Web Application)

Users that provide their phone number might be contacted for commercial, promotional or im purposes related to the NotificationAPI web application or for fulfilling support requests.

Personal Data collected: phone number.

Contact Form (The NotificationAPI Web Application)

By filling in the contact form with their data, users authorize the NotificationAPI web application to use these details to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.

Personal data collected: address, city, company name, country, email address, first name, last name, phone number, job role, province, state, and ZIP/Postal code.

Displaying Content from External Platforms

This type of service allows users to view content hosted on external platforms directly from the pages of the NotificationAPI web application and interact with them.

This type of service might still collect web traffic data for the pages where the service is installed, even when users do not use it.

Google Fonts (Google Inc.)

Google Fonts is a typeface visualization service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages.

Personal data collected: usage data and various types of data as specified in the service’s privacy policy.

Place of processing: US – Privacy Policy. Privacy Shield participant.

YouTube Video Widget (Google Inc.)

YouTube is a video content visualization service provided by Google Inc. that allows the NotificationAPI website and NotificationAPI web application to incorporate content of this kind on its pages.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy.

Handling Payments

Payment processing services enable the NotificationAPI web application to process payments by credit card, bank transfer, or other means. The NotificationAPI web application shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of these services may also enable sending timed messages to the user, such as emails containing invoices or notifications concerning the payment.

Stripe (Stripe Inc)

Stripe is a payment service provided by Stripe Inc.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Place of processing: US – Privacy Policy.

Hosting and Back-End Infrastructure

This type of service has the purpose of hosting data and files that enable the NotificationAPI website and the NotificationAPI web application to run and be distributed. Additionally, these services provide the infrastructure to run specific features or parts of the application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the personal data is stored.

Amazon Web Services (AWS) (Amazon)

Amazon Web Services is a hosting and backend service provided by Amazon.com Inc.

Personal data collected: customer content and customer account data.

Place of processing: US (default) or Canada by user request – Privacy Policy.

Github

Github is a source code management and DevOps service provided by Github Inc.

Personal data collected: customer content and customer account data.

Place of processing: US – Privacy Policy.

Google Workspace

Google Workspace is suite of cloud applications for businesses provided by Google.

Personal data collected: customer content and customer account data.

Place of processing: US – Privacy Policy.

Logging and Error Handling

This type of service make it possible for NotificationAPI to log and monitor the usage its services in order to identify and resolve technical issues.

Lumigo

Lumigo is a back-end server monitoring and logging software.

Personal data collected: customer content and customer account data.

Place of processing: US – Privacy Policy.

Rollbar

Rollbar is a front-end monitoring services to identify web performance issues.

Personal Data collected: IP address, customer content

Place of processing: US – Privacy Policy.

Managing Contacts and Sending Messages

This type of service makes it possible to manage a database of email contacts, phone contacts, or any other contact information to communicate with the user.

These services may also collect data concerning the date and time when the message was viewed by the user and when the user interacted with it, such as by clicking on links included in the message.

Slack

Slack is a messaging tool used for communicating with customers who opt-in to using this service for communication with our team.

Personal data collected: email address, name, photo, IP, usage data

Place of processing: Australia, Canada, Japan, India, South Korea, and the United States – Privacy Policy.

HubSpot Email (HubSpot, Inc.)

HubSpot Email is an email address management and message sending service provided by HubSpot, Inc.

Personal data collected: email address and usage data.

Place of processing: US – Privacy Policy.

Twilio

Twilio is a telecom service for sending and receiving voice, SMS, MMS over the Internet.

Personal data collected: phone number, usage data.

Place of processing: US – Privacy Policy.

Twitter Remarketing (Twitter, Inc.)

Twitter Remarketing is a remarketing and behavioral targeting service provided by Twitter, Inc. that connects the activity of this application with the Twitter advertising network.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy – Opt Out.

Twitter Tailored Audiences (Twitter, Inc.)

Twitter Tailored Audiences is a remarketing and behavioral targeting service provided by Twitter, Inc. that connects the activity of this application with the Twitter advertising network.

Personal data collected: cookies and email address.

Place of processing: US – Privacy Policy – Opt Out.

AdWords Remarketing (Google Inc.)

Google Ads, formerly known as Google AdWords, is a remarketing and behavioral targeting service provided by Google Inc. that connects the activity of this application with Google’s advertising network and the DoubleClick cookie.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy – Opt Out.

Remarketing with Google Analytics (Google Inc.)

Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google Inc. that connects the tracking activity performed by Google Analytics and its cookies with the Google Ads advertising network and the DoubleClick cookie.

Personal data collected: cookies and usage data.

Place of processing: US – Privacy Policy – Opt Out. Privacy Shield participant.

Spam Protection

This type of service analyzes the traffic of the NotificationAPI website and the NotificationAPI application, potentially containing users’ personal data, with the purpose of filtering it from parts of traffic, messages, and content that are recognized as spam.

User Database Management

This type of service allows NotificationAPI to build user profiles by starting from an email address, a personal name, or other information that the user provides to this application and then tracking user activities through analytics features. This personal data may also be matched with publicly available information about the user (such as social networking profiles) and used to build private profiles that the NotificationAPI can display and use for improving this application.

Some of these services may also enable sending timed messages to the user, such as emails based on specific actions performed on the NotificationAPI website and NotificationAPI web application.

HubSpot CRM (HubSpot, Inc.)

HubSpot CRM is a user database management service provided by HubSpot, Inc.

Personal data collected: email address, phone number, and various types of data as specified in the service’s privacy policy.

Place of processing: US – Privacy Policy.

HubSpot Lead Management (HubSpot, Inc.)

HubSpot lead management is a user database management service provided by HubSpot, Inc.

Personal data collected: various types of data as specified in the privacy policy of the service.

Place of processing: US – Privacy Policy.

Selling Goods and Services Online

The personal data collected is used to provide the user with services or goods, including payment and possible delivery. The personal data collected to complete the payment may include the credit card information or the bank account used for the transfer, or any other possible means of payment. The kind of data collected by this application depends on the payment system used.

Printful

Printful is a mechandise fullfilment service by Printful Inc. or Printful Latvia for EEA residents. Only applicable to the users of our “Swag” section.

Personal data collected: Payment and billing information (payment method details, first and last digits of your payment card), shipping information.

Place of processing: US, Latvia, Poland, Spain, and the UK – Privacy Policy.

Further Information about Personal Data

The Rights of Users

Users may exercise certain rights regarding their data processed by NotificationAPI.

In particular, users have the right to do the following:

• Withdraw their consent at any time. Users have the right to withdraw consent after they have previously given their consent to the processing of their personal data.
• Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
• Access their data. Users have the right to learn if NotificationAPI is processing their data, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the data undergoing processing.
• Verify and seek rectification. Users have the right to verify their data accuracy and ask for it to be updated or corrected.
• Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, NotificationAPI will not process their data for any purpose other than storing it.
• Have their personal data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from NotificationAPI.
• Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used, machine-readable format, and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user’s consent, on a contract that the user is part of, or on precontractual obligations.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details About the Right to Object to Processing

Where personal data is processed for the public interest, in the exercise of an official authority vested in NotificationAPI or for the legitimate interests pursued by NotificationAPI, users may object to such processing by providing a ground related to their particular situation to justify the objection.

However, users must know that should their personal data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether the NotificationAPI is processing Personal Data for direct marketing purposes, users may refer to the relevant sections of this document.

How to Exercise These Rights

Any requests to exercise user rights can be directed to NotificationAPI through the contact details provided in this document (security@notificationapi.com). These requests can be exercised free of charge and will be addressed by NotificationAPI as early as possible and always within one month.

Cookie Policy

The NotificationAPI website and NotificationAPI web application use cookies.

To learn more and for a detailed cookie notice, the user may consult the Cookie Policy.

Additional Information about Data Collection and Processing

Legal Action

Users’ personal data may be used for legal purposes by NotificationAPI in court or the stages leading to possible legal action arising from improper use of this application or the related services. The users declare they are aware that NotificationAPI may be required to reveal personal data upon request of public authorities.

Additional Information About Users’ Personal Data

In addition to the information contained in this privacy notice, this application may provide users with additional and contextual information concerning particular services or the collection and processing of personal data upon request.

System Logs and Maintenance

For operation and maintenance purposes, this application and any third-party services may collect files that record interaction with this application (e.g., system logs) using other personal data (e.g., IP Address) for this purpose.

Information Not Contained in This Notice

More details concerning the collection or processing of personal data may be requested from NotificationAPI at any time. Users may use the contact information at the beginning of this document.

How “Do Not Track” Requests are Handled

This application does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor “Do Not Track” requests, users should read their privacy policies.

Changes to This Privacy Notice

NotificationAPI reserves the right to make changes to this privacy notice at any time by giving notice to users on this page and possibly within this application or–as far as technically and legally feasible–sending a notice to users via any contact information available to NotificationAPI. Users are strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed based on the users’ consent, NotificationAPI shall collect new consent from the user where required.

Definitions and Legal References

Customer Content

Any of the customer’s or customer’s end-users’ information entered into NotificationAPI or collected by NotificationAPI’s software on behalf of the customer, through the website, applications and APIs.

Customer Account Data

Account information, usage information or other metadata relevant to the customer’s account collected by NotificationAPI .

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information—including a personal identification number—allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through this application (or obtained by services employed in this application)can include: the IP addresses or domain names of the computers utilized, the Uniform Resource Identifier (URI) addresses, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the users’ browser and operating system, the various time details per visit (e.g., the time spent on each page within the application), and the information on the path followed within the application with particular reference to the sequence of pages visited, and other parameters about the device operating system or the users’ IT environment.

User

The individual using this application who, unless otherwise specified, coincides with the data subject.

Data Subject

The natural person to whom the personal data refers.

Data Processor

The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, as described in this privacy notice.

Sub-Processor

This refers to any additional third party who processes personal data on behalf of the data processor in fulfilling contractual obligations and services.

Data Controller

The person, public authority, agency, or other body that determines the purposes and means of processing personal data, including the security measures concerning the operation and use of this application.

This Application

The information technology system that collects and processes the personal data of the user.

Service

The service provided by the NotificationAPI platform or NotificationAPI team.

European Union (EU)

Unless otherwise specified, all references made within this document to the European Union (EU) include all current member states to the European Union and the European Economic Area.

Cookies

Small piece of data stored on the user’s device.

Legal Information

This privacy notice has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy notice relates to the NotificationAPI website, application, and supporting services unless otherwise stated within this document.

‍