We work hard to keep all our legal mumbo jumbo as simple as possible, but we still have to have it.
(together the "Platform") including all content, services and products available at or through the Platform.
By accessing and/or using the Platform, you are accepting and consenting to the practices described in this policy.
Depending on the context of personal information you provide, Cliff.ai may be the data controller ("controller") or data processor ("processor") of your personal information under this policy. Cliff.ai is a processor of Client Data, personal information submitted to the Services or collected through the Services on behalf of or at the direction of subscribers.
For the purpose of the General Data Protection Regulations (the "GDPR"), the data controller is Greendeck Technologies Ltd whose registered office is at Kemp House, 152-160 City Road, London, United Kingdom, EC1V 2NX, Company No. 11706916.
We may collect the following information:
We may process personal data in connection with the following purposes:
Client Supplied Data
Automatic Device Data
We shall not process personal data for any other purpose, unless such purpose is expressly communicated to you at the point your personal data is being collected.
If you have consented to receive marketing communications from us via email you can change your mind and withdraw that consent. You can opt-out by clicking on the Unsubscribe link at the bottom of the email you've received or updating your user account settings. Alternatively, you can send an email to customer service at [email protected].
The legal basis for which we act as Data Controller are as follows:
We may disclose your personal data to the following persons: 1. Disclosure of information within Cliff.ai: We limit access to your personal data to employees who reasonably need to process such information as described under this policy. In this situation we:
2. Disclosure of information to particular third parties: We may disclose your personal data to the following third parties:
Cliff.ai shall: a) notify the Client if it receives any complaint, notice or communication which relates directly to the processing of Personal Data, or to either party's compliance with Data Protection Laws, and shall fully co-operate and assist the Client in relation to any such complaint, notice, communication or non-compliance; and b) before disclosing Personal Data to any processor, enter into a contract with that processor under which the processor agrees to comply with obligations equivalent to those set out in these GDPR Terms; and c) before disclosing Personal Data to any of its employees and representatives, and the employees and representatives of each of its processors, in each case who have access to the Personal Data, ensure that those persons:
3. Disclosure of information in certain circumstances: We may also disclose your personal data:
Beyond this, we will not share your personal data with any other person without your consent.
We have implemented safeguards and procedures to protect your personal data against loss or theft as well as unauthorised access and undue disclosure. You can find more information about these safeguards at: https://support.cliff.ai/hc/en-us/articles/203759278-Cliff.ai-Security. We also use our best efforts to ensure that third parties who work with us agree to protect your personal data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential.
"Do Not Track" is a standard that is currently under development. Because it is not yet finalised, Cliff.ai adheres to the standards in this policy and does not monitor or follow any Do Not Track browser requests. That said, some of our features may have the ability to monitor or follow Do Not Track browser requests.
The GDPR gives you the right to access and request a correction of personal data held about you. Your right of access can be exercised in accordance with the GDPR. Some access requests may be subject to a reasonable fee to meet our costs in providing you with details of the personal data we hold about you.
You have the right to access and correct your personal information. If you want to review or correct your personal information, you can login to the application and visit your account profile page, typically designated as "My Account", or contact us at [email protected].
You have the right to request deletion of personal information we hold about you and we have the obligation to erase your personal information, where:
If you want to request removal of your personal information from our Websites or Services, you can login to the application or contact us at [email protected]. You can also request closure of your account. We will respond to your request within 30 days.
In some cases, we may not be able to remove your personal information, in which case we will let you know that we are unable to do so and why.
You have the right to receive or transfer a copy of your personal information, where:
This copy will be provided to you in a common machine-readable format. You may also require us to transmit it to another party where this is technically feasible.
If you want to request a copy of your personal information, you can contact us at [email protected].
You have the right to request the restriction of processing of your personal information, where:
Where personal information is subjected to restriction in this way we will only process it with your consent or for the establishment, exercise, or defence of legal claims. This right includes restricting the processing of your personal information to only include storage of your personal information (e.g. during the time when Cliff.ai assesses whether you are entitled to have personal information erased).
If you want to request restriction of processing of your personal information, you can contact us at [email protected].
Where we are relying upon legitimate interest to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the personal information for the establishment, exercise, or defence of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
If you want to object to the processing of your personal information, you can contact us at [email protected].
Where you have provided us with your consent to process personal information, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You can do this by:
You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the processing of your personal information infringes applicable laws.
If you need to report abuse, you can contact us at [email protected].
Our Websites and Services are not intended for children under 13 years old. No one under age 13 years old may provide any personal information to or on the Websites and Services.
We do not knowingly collect personal information from children under 13 years old. If you are under 13 years old, do not use or provide any information on our Websites or Services including on or through any of their features, register on the Websites or Services, make any purchases through the Websites or Services, use any of the interactive or public comment features of our Websites or Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 years old, we will delete that information without undue delay.
If you believe we might have any information from or about a child under 13 years old, please contact us using the information in the "Contact Information" section above.
Cliff.ai will, upon the Client's reasonable written request, provide all information necessary to demonstrate compliance with these GDPR Terms, and allow Customer or an auditor appointed by Customer to carry out audits, including inspections of facilities, equipment, documents and electronic data, relating to the processing of Personal Data by Cliff.ai or any processor, to verify compliance with these GDPR Terms.
Using Cliff.ai to manage your data means that you have engaged Cliff.ai as a data processor to carry out certain processing activities on your behalf.
Cliff.ai is responsible for the processing of personal information it receives, and subsequently transfers to a third-party acting as an agent on its behalf in accordance with our subscription agreements. Cliff.ai may use from time to time third-party service providers, contractors, and sub-processors to assist in providing the Services on our behalf. Cliff.ai maintains contracts with these third-parties restricting their access, use, and disclosure of personal information.
A subset of authorised Cliff.ai staff may, with the permission of an Authorised User, access your account in the course of diagnosing account issues or taking action on behalf of a Cliff.ai Client or Authorised User. This process is restricted to a minimal set of Cliff.ai staff members and only after receiving explicit, recorded consent from an Authorised User on the same account. All Client account access by Cliff.ai staff is logged and monitored.
Client Data may be stored by us or cached for performance purposes. Client Data can be deleted by you at any time by deleting the Service Account associated with that data. Please note that data used to render a given widget may be shared with other widgets on your account for the purposes of performance improvements and reducing the number of API requests to the source of that data. To ensure Client Data has been deleted all Service from that source should be deleted. If you choose to use our Datasets API to transmit Client Data, data received will be stored until such time as you delete or override the data.
Where we don't store the underlying data, we may rely on an upstream service to provide a snapshot. The length of time we cache Client Data for depends on the refresh intervals of the particular widget created. Under these circumstances, newly retrieved Client Data overwrites the old Client Data and the old Client Data is deleted.
Cliff.ai retains the personal information we process on behalf of our subscribers for as long as needed to provide the Services to our subscribers and in accordance with our subscription agreements. To the extent not deleted by our subscribers, Cliff.ai may also retain and use certain personal information for a reasonable period of time thereafter as necessary to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements.
Cliff.ai tools only use official APIs (application programming interfaces) for accessing data.
Data transfers are done using SSL encrypted HTTPS connections.
For logging into most of the data sources, our tools use OAuth. This is a secure authentication method, which means that you never have to type your password into our tools, as the authentication happens on a webpage hosted by the data source (eg. Google, Facebook or Microsoft).
Most other services we connect to also work with OAuth, and provide their own interface for revoking access rights.
There are a few services that still require you to type your username and password, or API key, into our tools. Any tokens, keys or passwords are stored encrypted in our systems.
Our security is audited annually by an external third party.
This Policy will be reviewed on annual basis and may updated from time to time to reflect changing legal, regulatory or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices.