Privacy policy

Effective as of 27 June, 2018


Last modified: August 20, 2020

1. Introduction

Framework(“we”, “us”, or “our”) provides a marketing, social media and analytic platform through a Software as a Service (SaaS) model. At Frameworkthe privacy and security of our customers, third parties and visitors are of paramount importance. This Privacy Policy (“Policy”) explains how Frameworkprocesses information that can be used to directly or indirectly identify the data subject through the use of its website and platform.


We at Frameworkcollect e-mail addresses and some personal information about clients who communicate with us via email or register with us to open an account (“Clients”). This Privacy Policy describes how we collect, process, use and share collected data and other useful information from our Clients and their Customers (“Customers’) when they use the Website www.Frameworkconsulting.ca (“Website”) and our Subscription Service (“Subscription Service”). It also describes Client’s, and Customer’s choices regarding use, access and correction of their personal data. The use of information collected through our service shall be limited to the purpose of providing the service for which the client has engaged.


If you do not agree with the data practices described in this Policy, you should not use the Website or the Subscription Service.


For the purposes of this Policy, Frameworkwants to introduce new GDPR key definitions:


Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.


Processing: any operation or set of operations performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


Controller: the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data; where the purposes and means of processing are determined by EU or Member State laws, the Controller (or the criteria for nominating the Controller) may be designated by those laws.


Processor: a natural or legal person, public authority, agency or any other body, which processes Personal Data on behalf of the Controller.


Any information stored on Framework's platform is treated as confidential. All information is stored securely and accessed by authorized personnel only. Framework implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.


Identification of the controller and data processor


Current European Data Protection Law distinguishes between the Controller and the Processor of the information. In general, the Client is the Controller of the Customer Data. As a general rule, Framework is the Client’s Processor which processes Customer’s Personal Data on behalf of the Client.



2. EU-US Privacy Shield and Swiss-U.S. Privacy Shield

Framework(and its parent/subsidiary company(ies) [Framework Consulting Corp. .] participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.


Framework is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Framework complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.


With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Framework is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In certain situations, Framework may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.


Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

3. Legal Basis for Processing Personal Information (European Territory Visitors only)

If a visitor is from the European Territories (European Economic Area and Switzerland), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.


However, we will normally collect Personal Data from our Clients or their Customers where the processing is in our legitimate business interests to, for example, administer our platforms and services and fulfill our contractual obligations as a service provider. Personal Data is used to improve the content of our Web pages and the quality and maintenance of our Services in order to provide a tailored experience of our Website and Services.


Our legal basis for processing Personal Data in certain circumstances will also be based on the consent Data Subject to do so or where we need the Personal Data to perform a contract or enter into a contract with them. In some cases, we may also have a legal obligation to collect Personal Data from Data Subjects.


Framework legitimate interest to process Personal Data is balanced against our Client’s and their Customer’s data protection rights and freedoms.

4. Information we Collect and Receive

Framework may collect and receive Client or Customer Data in several ways:


Visitors’ Data: Customers and individuals to whom a Client grants access to a Website embedded with our Marketing Software routinely send Customer Data to Framework when using the Services.


Customers’ Data: Customer who may decide to sign for Client services or newsletter or products provides Framework with an email address, a phone number, a password, a domain and/or any other details of similar accounts. Furthermore, Clients who purchase our Services will provide us with billing information, home or working address as well as credit card and banking information.


In such cases, Framework servers collect information automatically when Customers access or use the Website or Services and collect them in log file format. Information may include the Internet Protocol (IP) address, the address of the web page Customers has visited before using the Website or Services, the type of browser and its configuration, the date and time they used the Services, information about browser settings and plugins, as well as language preferences and cookie information.


How We Use Personal Information


We use the personal information we collect to, among other things, anticipate and resolve problems with the Site, personalize your service, investigate misuse of Site and develop and market products and services that may be of interest to you.


Framework collects information about the devices that access the Services, including the type of device, operating system used, device configuration, application IDs, unique device identifiers, and failure data. Whether or not all or part of this information is collected often depends on the type of device used and its configuration.


Framework receives information that helps us estimate Customer’s location. We can use an IP address received through the Customer’s browser or device to determine their approximate location. Framework may also collect information on the location of devices according to the consent process provided by the Customer’s device.


Cookies are small text files that we send to Customer’s computer or mobile device. They are unique to their account or their browser. Framework uses sessions cookies to improve the overall experience of the user by memorizing their login credentials or tracking the pages throughout the duration of time the user spends on the website. Framework and our partners use cookies and similar technologies on our Websites and Services that help us collect information, to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our use base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website. The Websites and Services may also include cookies and similar tracking technologies from Third Parties, which may collect other information about Customers through the Websites and Services, as well as through other websites and online services.


Framework contracts with Third Parties (companies and people) to provide services to our Clients and their Customers and may need to share information with them to provide information, products or services to them. In general, Third Party Services are software that integrates with our Services and they may share information with Framework. For example, if a cloud storage application has been activated to import files into a Landing Page, Framework may receive the username and email address of the user.


Third Party may also receive information from organizations, industries, website visitors, marketing campaigns, affiliates, and subsidiaries. Framework may combine data collected with the previous information and collect new information about the relationship between IP addresses and postal codes or countries.



5. Sharing and Using Personal Information

Sharing Personal Information


Personal Data is not shared with or sold to other organizations for commercial purposes, except to provide products or services Clients or Customers have requested. However, under the following circumstances, it might be possible to share Personal Data:


In order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law.


To comply with applicable legislation. If we receive a request for information, we may disclose Information if we believe it is reasonable to disclose this information in accordance with the requirements of applicable legislation, regulations and legal procedures.


During a change in Framework activity. Framework may participate in a merger, acquisition, bankruptcy, dissolution, reorganization, financing, a public offering of securities, acquisition of all or part of our company. Then, in measures that contemplate such activities (for example, due diligence), some or all of Personal Data may be shared or transferred, in accordance with standard confidentiality agreements.


Using Personal Information


The Website is not intended for or targeted at children under 13 and we do not knowingly or intentionally collect information about children under 13. If you believe that we have collected information about a child under 13, please contact us at frameworkconsulting.ca@gmail.com, so that we may delete the information.


Client’s and Customer’s testimonials on our Website are pre-approved by them as they might contain personal information. We obtain each Client’s or Customer’s consent via email prior to posting their names and testimonials.


Framework Clients use the Subscription Service to build webpages that their Customers can visit to learn more about their business. Framework does not control the content of these webpages or the information that is gathered and managed by its Customers. That information belongs to them and is used, disclosed and protected by them according to their own privacy policies which are independent of Framework's Policy.


Framework acknowledges the right of its Clients’ and their Customers to access their Personal Data stored on its platform, which can be amended, deleted or updated at any time.


Additional Limits on Use of Your Google User Data


Additional Limits on Use of Your Google User Data: Notwithstanding anything else in this Privacy Policy, if you provide the App access to the following types of your Google data, the App’s use of that data will be subject to these additional restrictions:


The App will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read,and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

The App will not use this Gmail data for serving advertisements.

The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.


Referrals


If you choose to use our referral service to tell a friend about our website, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the website. Framework [stores] this information for the sole purpose of sending this one-time email [and tracking the success of our referral program]. Your friend may contact us at support@Framework consulting.ca to request that we remove this information from our database.

6. Data Transfer and Transfer Mechanisms

Framework is committed to provide the highest degree of security to data processing. For these reasons, in the context of data transferring with countries outside EEA, it is paramount that controller and processors undertake adequate organizational and technical measures for data processing. Framework uses the following transferring instrument:


Standard Contractual Clause (“SCCs”): Set of data protection clauses adopted by the Commission

These are known as the ‘standard contractual clauses’ (sometimes as ‘model clauses’). There are four sets that Commission adopted under the Directive. They must be implemented by the data exporter (based in the EEA) and the data importer (outside the EEA).


The clauses contain contractual obligations on the data exporter and the data importer, and rights for the individuals whose personal data is transferred. Individuals can directly enforce those rights against the data importer and the data exporter. Within this context, Framework acts as data importer. Specifically, data importer means:


“the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC”


In the context of SCCs, Framework is committed to


Ensure personal data should be collected only for specified, explicit and legitimate purposes;

Recognizing data access to any concerned data subject while providing the opportunity to change or delete data;

Providing data subjects with adequate and appropriate remedies including compensation or damages through the competent court.

SCC’s provide adequate security in relation to data transfer establishing a legal framework towards:


Obligation of data exporter;

Obligations of data importer;

Third-party beneficiary clause;

Cooperation with Data Protection Authority;

Liability

When operating as data importer, Framework is free to include any other clauses on business related issues which they consider as being pertinent for the contract as long as they do not contradict the standard contractual clauses.


For further information about how Framework is implementing SCCs please check the Data Protection Agreement.

7. Sub-processors

Sub-processor(s): a natural or legal person, public authority, agency or any other body hired by Framework to process Personal Data on behalf of the Controller.


Client agrees that Framework may engage Sub-processors to process Personal Data on its behalf.


Framework will notify the Client if it adds or removes Sub-processors 10 days prior to any such changes.


Where Framework enters into an agreement with Sub-processors, Framework will ensure that equivalent data-protection terms are transferred to the Sub-processors which provides at least the same level of protection for the Client and its Customers’ Personal Data as those set-out in this Privacy Policy, to the extent applicable to the nature of the services provided by such Sub-processors.


Framework will remain responsible for each Sub-processor’s compliance with the obligations under this Privacy Policy and for any acts or omissions of such Sub-processor that causes Framework to breach any of its obligations under this Privacy Policy.

7. Sub-processors

Sub-processor(s): a natural or legal person, public authority, agency or any other body hired by Framework to process Personal Data on behalf of the Controller.


Client agrees that Framework may engage Sub-processors to process Personal Data on its behalf.


Framework will notify the Client if it adds or removes Sub-processors 10 days prior to any such changes.


Where Framework enters into an agreement with Sub-processors, Framework will ensure that equivalent data-protection terms are transferred to the Sub-processors which provides at least the same level of protection for the Client and its Customers’ Personal Data as those set-out in this Privacy Policy, to the extent applicable to the nature of the services provided by such Sub-processors.


Framework will remain responsible for each Sub-processor’s compliance with the obligations under this Privacy Policy and for any acts or omissions of such Sub-processor that causes Framework to breach any of its obligations under this Privacy Policy.

Entity Name

Purpose

Applicable Services

Entity Country

Cloudflare, Inc.

Cloudflare, Inc. (“Cloudflare”) provides content distribution, security and DNS services for web traffic transmitted to and from the Services. This allows Framework to efficiently manage traffic and secure the Services. The primary information Cloudflare has access to is information in and associated with the Framework website URL that the End-User is interacting with (which includes End-User IP address). All information (including Service Data) contained in web traffic transmitted to and from the Services is transmitted through Cloudflare’s systems, but Cloudflare does not have access to this information.

All

United States

Woopra

Woopra, Inc. (“Woopra”) is a third-party analytics provider that Framework uses to capture how users interact with the Service. Framework uses this information to analyze and improve the Services. The primary information Woopra has access to is information in and associated with the Framework website URL that the Client and End-User is interacting with, such as time spent on page, items clicked (including Service Data contained in those items), Client email addresses, End-User email addresses, etc.

All

United States

Pipedrive

Pipedrive is a cloud-based sales software company accessible as a web application and mobile app. It is considered a customer relationship management tool (CRM) for salespeople in scaling companies.

Main User Accounts

United States

Zapier

Zapier is an American for-profit corporation and a web-based service that allows end users to integrate the web applications they use.

All

United States

Authorize.Net

Authorize.Net is a United States-based payment gateway service provider, allowing merchants to accept credit card and electronic check payments through their website and over an Internet Protocol connection. Founded in 1996, Authorize.Net is now a subsidiary of Visa Inc.

Main User Accounts

United States

8. Data Subject’s Rights (European Territory Visitors Only)

Clients and Customers who provide us with their personal information should be informed of the following rights that they may exercise at any time:


Right of access – The right to obtain from the Controller confirmation as to whether or not their Personal Data is being processed.


Right of rectification – The right to obtain from the Controller, without undue delay, the rectification of inaccurate Personal Data concerning them.


Right to erasure – The right to obtain from the Controller the erasure of their Personal Data without undue delay.


Right to the restriction of processing – The right to obtain from the Controller restriction of processing their Personal Data.


Right to object – The right to object at any time to the processing of their Personal Data.


The aforementioned rights are not absolute. The exercise of Data Subject rights must meet precise conditions included in the General Data Protection Regulation.


In order to exercise the previous rights, requests must be sent directly to the Controller. Once it receives the request, Framework will process the request on behalf of the Controller.


Upon request Framework will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account, contacting us at support@Frameworkconsulting.ca . We will respond to your request within a reasonable timeframe. Framework acknowledges that you have the right to access your personal information. Framework has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Framework Client (the data controller). If requested to remove data we will respond within a reasonable timeframe.

9. Important Information for California Residents

This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.

Your California privacy rights.

You have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.


Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:


The categories of Personal Information that we have collected.

The categories of sources from which we collected Personal Information.

The business or commercial purpose for collecting and/or selling Personal Information.

The categories of third parties with whom we share Personal Information.

Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.

Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.

Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.


Deletion. You can ask us to delete the Personal Information that we have collected from you.


Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying your services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.

How to exercise your information, access and deletion rights.

You may submit a request to exercise your information, access or deletion rights by emailing us at support@frameworkconsulting.ca. We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.


Personal Information that we collect, use and disclose. The list below describes the categories of Personal Information we collect by reference to the categories specified in the CCPA:


Identifiers, such as Registration and Contact Information, including your real name, email address, postal address, account name, and other similar identifiers.

Commercial information, such as Payment Information, including the record of purchase of the Services.

Financial information, such as Payment Information, including your credit card and other billing information.

Online identifiers, such as Technical, Usage and Location Information, including Internet Protocol address, cookie identifiers, and computer or device identifiers.

Internet or network information, such as Technical, Usage and Location Information and Third Party Platform Information, including the pages you view, items you click, advertisements you interact with, and social media content you engage with.

Geolocation data, such as your device’s precise location when you choose to share it and the approximate location associated with your IP address.

Professional or employment information, such as Registration and Contact Information, Payment Information and Customer Data, including your People’s title and organizational affiliation.

Sensory information, such as photos of yourself or of People in Customer Data that you submit.

Inferences drawn from any of the above information to create a profile reflecting your preferences, characteristics, and behavior.

The sources from which we collect these categories of Personal Information are described in the section above entitled how we obtain information, the business/commercial purposes for which we use these categories of Personal Information are described in the section above entitled Sharing and Using Personal Information. The categories of third parties to which we disclose these categories of Personal Information for business purposes are described in the section above entitled How We Use Personal Information. Based on our understanding of the term “sell” under the CCPA, we do not “sell” your Personal Information.

10. Changes

Framework may modify this Policy at any time. Legislation, regulations and industry standards evolve, so these changes may be necessary; or maybe they could be due to changes in our activity. We will post the changes on this page and encourage you to review our Policy to stay informed. Should we implement changes that substantially alter your privacy rights, Framework will provide additional notice. If you do not agree with the changes in this Policy, you will be unable to properly use Framework Services and Website.

11. Security

Framework takes the security of its Clients and Customers’ data very seriously. Framework strives to protect the other information that they provide us with loss and misuse, as well as against unauthorized disclosure or access. These measures take into account the sensitivity of information we collect, process and store, as well as the state of current technology. Framework uses industry leading 256-bit SSL encryption to keep any information collected and/or transmitted to our Website or Third-Party apps secure. Furthermore, Personal Data we collect are anonymized or at least pseudonymized.

12. Data Retention

Framework will keep the Client Data in accordance with the Client’s instructions, including any terms applicable in the Agreement with the Customer and in the use of the functionality of the Services by the Client, as well as in accordance with the provisions of the applicable legislation.


We will retain any Personal Data and data we collect in behalf of our clients for as long as the account is active and for a period of time consistent with the original purpose of collection, including to pursue our legitimate business interests, comply with our legal obligations, resolve disputes and enforce applicable agreements.


The Controller has the duty of limiting the period for which Personal Data is stored. The Controller will periodically review and evaluate that time period in order to respect data privacy expectations.

13. Payment Information

When you make a purchase on the Offerings, any credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor Authorize.net. We never receive or store your full credit card information. Authorize.net commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Authorize.net may use your Payment Information in accordance with their own Privacy Policy here: https://usa.visa.com/legal/global-privacy-notice.html

14. Account Removal

If you want to remove your account from our database, please fill out this form.

You need to provide a valid ID in order for this to be processed.

15. Questions

Any questions, concerns, or complaints regarding this Privacy Notice or the way we collect and handle your information as a Processor, please contact our Data Protection Officer (DPO) by email at frameworkconsulting.ca@gmail.com.


Framework will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner.


Physical Address: 1412 Broadway, 21st Floor, New York, NY 10018

Contact Number +1.800.824.9619

Email : frameworkconsulting.ca@gmail.com

SUBSCRIBE TO OUR BLOG

Your email will be used to send you relevant marketing content and blog updates. You can unsubscribe at any time using the link in our emails.

Copyright © 2023 Framework Consulting Corp. All rights reserved.