Effective September 19, 2022
This Privacy Notice for Dromo, Inc. (”Company”, ”Dromo”, ”we”, ”us”, or ”our”), describes how and why we might collect, store, use, and disclose (”process”) your information, including personal information, when you use any of our websites or any of the applications, software, products, and services we provide (collectively, the ”Service”), such as when you:
- visit our website at https://dromo.io, any subdomains therein, or any other website we control that links to this Privacy Notice (the ”Site”);
- upload data utilizing our Service; or
- engage with us in other related ways, including at any events or in any personal communication.
Depending on the context, ”you” means a Visitor, Customer, or End User:
- When you visit the Site without being logged into a Dromo account, or otherwise communicate with Dromo, we refer to you as a ”Visitor.”
- When you create a Dromo account; use or manage an account; or direct the use of an account in the performance of its functions, we refer to you as a ”Customer” or ”Account Holder.”
- When you utilize a Service that requires a Dromo license key to operate correctly, we refer to you as an ”End User.”
This Privacy Notice applies only to personal information. Except where explicitly stated, this Privacy Notice does not apply to personal data, if any, collected from End Users.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. Our Terms of Service, available at https://dromo.io/legal/terms, govern all use of the Service. If you do not agree with our policies and practices, please do not use our Service. If you still have any questions or concerns, please contact us at firstname.lastname@example.org.
End Users may transform, generate, and share data with you through their use of the Service, and you may also collect identifying information about the End User at the time the data is shared (collectively, ”End User Data”). You may elect to store this data in a Dromo-accessible environment. Dromo does not have any control over, nor knowledge of, the contents of such End User Data, including the presence or nature of any personal information that may be contained within. Where your End User Data contains personal information, you warrant that you have a lawful basis to control or process that data under applicable law.
We handle End User Data in the following ways:
- We will store all End User Data alongside a reference to the license key used to upload it and the Account Holder responsible for that license. This Account Holder has ultimate control over and responsibility for the data.
- We will process End User Data only in the ways necessary to provide the Service and perform our contract with you.
- We will delete End User Data immediately upon your request via our application programming interface (API) or upon account termination.
The personal data we collect depends on how you interact with us, the services you use, and the choices you make. We collect information about you from different sources and in various ways when you use our Service, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.
We collect personal information that you voluntarily provide to us when you register for an account, express an interest in obtaining information about us or our Service, use the Service, or otherwise contact us.
Personal Information Provided by You. The personal information you provide may include the following:
- phone numbers
- email addresses
- mailing addresses
- job titles
- contact preferences
- billing addresses
- content submissions
- debit/credit card numbers
Sensitive Information. We do not knowingly collect or process sensitive information.
Social Login Data. We may provide you with the option to register with us using your existing third-party account details, like your Google or Github account. If you choose to register in this way, we will collect the information as described below.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
If you purchase or cancel a service license or other product from us, we automatically collect certain information about your transaction, such as the name and quantity of the item(s) purchased or canceled, the value exchanged, the date and time, and your contact information.
We also automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
The information we collect includes:
- Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Service and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Service (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).
- Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion, subject to any consent requirements under applicable law. If you interact with us via a social login platform using an existing account (e.g., Google or Github), we may receive personal information about you. Any personal information that we collect from your social media account depends on your social media account’s privacy settings.
We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Legitimate Interests. We may process your data when it is reasonably necessary to achieve our legitimate business interests.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
- For investigations and fraud detection and prevention
- For business transactions provided certain conditions are met
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
- For identifying injured, ill, or deceased persons and communicating with next of kin
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
- If the collection is solely for journalistic, artistic, or literary purposes
- If the information is publicly available and is specified by the regulations
We process your personal information for a variety of reasons, depending on how you interact with our Services. These reasons include (along with their legal basis for processing):
- To facilitate account creation and authentication and otherwise manage your account (Performance of a Contract). We may process your information so you can create and log in to your account, as well as keep your account in working order. If you choose to link your account to an existing third-party account (such as your Google or Github account) using a social login feature, we use the information you allowed us to collect from those third parties to facilitate the account creation and log-on process for the performance of the contract.
- To deliver and facilitate delivery of services to you (Performance of a Contract). We may process your information to provide our products and deliver our services including troubleshooting, improving, and personalizing the features on the Service.
- To respond to your inquiries or offer support to you (Performance of a Contract, Legitimate Interests). We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
- To fulfill and manage your orders (Performance of a Contract, Legitimate Interests). We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services, and for business operations such as billing and accounting.
- To protect our Service (Legitimate Interests). We may use your information as part of our efforts to keep our Service safe and secure (for example, for fraud monitoring and prevention).
- To request feedback (Legitimate Interests). We may use your information to request feedback and to contact you about your use of our Service.
- To send you administrative information (Legitimate Interests). We may process your information to send you details about our products and services, changes to our terms and policies, confirmations, technical notices, updates, security alerts, support and administrative messages, and other similar information, and to ensure the delivery of this information.
- To send you promotional communications (Legitimate Interests, Consent). We may process your information to communicate with you about new services, features, offers, promotions, or other relevant information about our Service; and to measure the effectiveness of these communications.
- To advertise to you (Consent). We may process your information to advertise to you, including through interest-based advertising subject to any consent requirements under applicable law, and to measure the effectiveness of our advertisements.
- To share your contributions with others (Consent). If you provide us with contributions on the Site that are intended for display or consumption by others on the Site, we may process it for that purpose.
- To post testimonials (Consent). We post testimonials on our Site that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and the content of the testimonial. If you wish to update or delete your testimonial, please contact us at email@example.com and include your name, testimonial location, and contact information.
- To meet our legal obligations (Legal Obligations). We may use your information to enforce our terms, conditions, and policies for business purposes; to comply with legal and regulatory requirements; or in connection with our contract.
- To respond to legal requests (Legal Obligations). If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- To save or protect an individual’s vital interest (Vital Interests). We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.
We share personal data as described below, including with your consent or as necessary to complete your transactions or provide the services you have requested or authorized. In addition, we may share each of the categories of your personal data described above with the types of third parties described below for the following business purposes.
Service providers. We share your personal data with service providers who process the information on our behalf to provide or improve our Service. For example, our service providers may perform payment processing, customer support ticketing, network data transmission, web analytics, marketing operations, security, and other similar services. While Dromo processes all personal data in the United States, our service providers may process data outside of the United States or the European Union. Such processing by service providers will be in compliance with applicable law including any relevant transfer mechanism. A list of subprocessors is included at https://dromo.io/legal/subprocessors.
For security purposes. We will disclose personal data if we believe it is necessary to:
- protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
- perate and maintain the security of the Service, including to prevent or stop an attack on our systems or networks; or
- protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
For legal disclosure. Dromo may disclose personal data or other information we collect about you to law enforcement or other governmental agencies if required in response to a valid legal process.
Change in control or sale. We may share your personal data if we are involved in a merger, sale, or acquisition of corporate entities or business units as described in this Privacy Notice.
No selling of personal data. We do not sell your personal data for monetary or other consideration as defined under California and Nevada state laws. You can learn more about the CCPA and how we comply with it below. We may share de-identified information in accordance with applicable law.
Our Service may offer you the ability to register and log in using third-party account details (like your Google or Github accounts). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, and other information you choose to make public on that platform. We will use the information we receive only for the purposes that are described in this Privacy Notice or that are otherwise made clear to you on the relevant Service. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their Privacy Notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.
Our servers are located in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information, in the United States and other countries.
If you are a resident in the European Economic Area (EEA) or United Kingdom (UK), then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.
Dromo relies on the European Commission-approved Standard Contractual Clauses (”SCCs”) as a legal mechanism for data transfers from the EU. SCCs are contractual commitments between companies transferring personal data, binding them to protect the privacy and security of such data. Dromo adopted SCCs so that the necessary data flows can be protected when transferred outside the EU to countries which have not been deemed by the European Commission to adequately protect personal data, including protecting data transfers to the United States. SCCs governing controller-to-processor (Module 2) and processor-to-processor (Module 3) arrangements are available on request, and can be incorporated into the Customer Agreement by reference via a Supplement to the Agreement (the ”Supplement”). To request a copy of the Supplement for your review and execution, please contact us at firstname.lastname@example.org, indicate if you require Module 2 or Module 3, and indicate if you require an international data transfer addendum (IDTA) for transfers out of the UK.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). Actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable Customers to delete their data, and our legal or contractual obligations.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We do not knowingly solicit data from or market to children under 13 years of age. By using the Service, you represent that you are at least 13 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Service. If we learn that personal information from users less than 13 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.
If you become aware of any data we may have collected from children under age 13, please contact us at email@example.com.
In some regions (like the EEA and UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you are a resident in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here:
If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
If you have questions or comments about your privacy rights, you may email us at firstname.lastname@example.org.
Account Information. If you would at any time like to review or change the information in your account or terminate your account, you can:
- Log in to your account settings and update your account.
- Contact us using the contact information provided.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Service and/or comply with applicable legal requirements.
Cookies and similar technologies. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies this could affect certain features or services of our Service. To opt-out of interest-based advertising by advertisers on our Service visit http://www.aboutads.info/choices/. Specific information about how you can refuse certain cookies is set out in our Cookie Notice, available at https://dromo.io/legal/cookies.
Opting out of email marketing. You can unsubscribe from our promotional communication email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us at email@example.com. You will then be removed from the promotional communication email list - however, we may still communicate with you, for example to send you service-related emails that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information. California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at firstname.lastname@example.org.
If you are under 18 years of age, reside in California, and have a registered account with the Service, you have the right to request removal of unwanted data that you publicly post on the Service. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Service, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).
California Consumer Privacy Act (”CCPA”) Privacy Notice
The California Code of Regulations defines a “resident” as:
- every individual who is in the State of California for other than a temporary or transitory purpose and
- every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as “non-residents. If this definition of “resident” applies to you, we must adhere to certain rights and obligations regarding your personal information.
What categories of personal information do we collect?
We have collected the following categories of personal information in the past twelve (12) months:
|Identifiers||Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name||Yes|
|Personal information categories listed in the California Customer Records statute||Name, contact information, education, employment, employment history and financial information||Yes|
|Protected classification characteristics under California or federal law||Gender and date of birth||No|
|Commercial information||Transaction information, purchase history, financial details and payment information||Yes|
|Biometric information||Fingerprints and voiceprints||No|
|Internet or other similar network activity||Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements||Yes|
|Geolocation data||Device location||Yes|
|Audio, electronic, visual, thermal, olfactory, or similar information||Images and audio, video or call recordings created in connection with our business activities||No|
|Professional or employment-related information||Business contact details, job title, work history and professional qualifications||Yes|
|Education information||Student records and directory information||No|
|Inferences drawn from other personal information||Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics||Yes|
We may also collect other personal information outside of these categories in instances where you interact with us in-person, online, or by phone or mail in the context of:
- providing help through our customer support channels;
- participating in customer surveys; or
- facilitating the delivery of our Services and responding to your inquiries.
How do we use and share your personal information?
We collect and share your personal information through:
- Targeting cookies/Marketing cookies
- Social logins. We may use social login features to allow you to log in using an account administered by a third party (e.g., Google, Github). We may place a cookie in your browser to enable the feature to work correctly. By authorizing this feature, you agree to the use of this cookie and consequently the transfer of personal information to the corresponding third party service. We have no control over the essence and extent of these transmitted data as well as their additional processing.
More information about our data collection and sharing practices can be found in this Privacy Notice. You may contact us by email at email@example.com.
If you are using an authorized agent to exercise your right to opt-out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf.
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” your personal data.
We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:
- Category A. Identifiers, such as contact details, like your real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name
- Category B. Personal information, as defined in the California Customer Records law, such as your name, contact information, education, employment, employment history and financial information.
- Category D. Commercial information, such as transaction information, purchase history, financial details and payment information.
- Category F. Internet or other electronic network activity information, such as browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements.
- Category I. Business contact details, job title, work history and professional qualifications.
- Category K. Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found here.
Dromo has not sold any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. Dromo will not sell personal information in the future belonging to Visitors, Customers, End Users, or any other users.
Your rights with respect to your personal data
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.
Depending on the circumstances, you have a right to know:
- whether we collect and use your personal information;
- the categories of personal information that we collect;
- the purposes for which the collected personal information is used;
- whether we sell your personal information to third parties;
- the categories of personal information that we sold or disclosed for a business purpose;
- the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and
- the business or commercial purpose for collecting or selling personal information.
In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.
We will not discriminate against you if you exercise your privacy rights.
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
- You may object to the processing of your personal data.
- You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the data.
- You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
- You may request to opt-out from future selling of your personal information to third parties. Upon receiving a request to opt-out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.
To exercise these rights, you can contact us by email at firstname.lastname@example.org. If you have a complaint about how we handle your data, we would like to hear from you.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request to us using the contact info below.
If you have questions or comments about this notice, you may email us at email@example.com, or by post to:
Dromo, Inc. Data Privacy Unit 519 W 22nd St, Ste 300 #87630 Sioux Falls, South Dakota 57105-1745
Dromo, Inc. has appointed Maetzler Rechtsanwalts GmbH & Co KG to be its representative in the EEA. If you are a resident in the European Economic Area, you may contact them directly regarding our processing of your information, by post to:
Maetzler Rechtsanwalts GmbH & Co KG Schellinggasse 3/10 1010 Wien Vienna Austria