CirclyApp (“CirclyApp” and also referred to as “our”, “us” and “we”) understands the importance of your privacy and takes privacy matters very seriously.
Please read this policy carefully. If you do not agree with this Policy, do not access or use our Services or interact with any other aspect of our business.
CirclyApp offers mind-mapping, productivity, visualisation and collaborative tools, including our web and mobile products, which help you stay productive and organized, create interactive visualisations, as well as interact and communicate with others. We also own and operate several websites and offer related services, like support. We refer to all these products, together with our other services and websites as “Services” in this Policy.
Our office is at:
Amsterdam 1017 BZ
The processing of users’ personal data is necessary to provide the main components of the Services, so contract is our lawful basis for the processing. Before we process any user’s personal data, we offer our terms and conditions which must be accepted as a legally binding agreement between us and the user. The contractual exchange between parties is the Services offered by us, and the subscription payments offered by the subscribers to our Services. Some users intend to enter into a subscription, and agree to our terms and conditions in order to trial the Services before purchase. In the case of users who wish to trial the Services before purchase, the element of exchange offered by the users is the data we use for analysis to improve the Services we offer.
We process the personal data of our users to comply with our obligations under the contract and to carry out what they ask. The processing is necessary for performing the contract, and is a targeted and proportionate way of carrying out the purposes for processing.
Some purposes for processing are non-essential components of the Services. Consent is the lawful basis for processing users’ personal data for the non-essential components of the Services. The non-essential components of the Services include communicating with users for notifications, mentions, reminders, daily summaries, and direct marketing related to the Services. Consent may be given for each non-essential item individually to allow granular control over the processing of users’ personal data.
If you register for a CirclyApp account, we will use your information to provide the Services to you. When you register with us or buy from us, the information you provide will be used for the purposes:
- To provide the Services you require. The Services consist of multiple interconnecting components to process your data in a way that enables the functionality and the security we need to provide to you. The key components of the Services consist of:
- Authenticating access to user accounts.
- Systems communications, transfers, storage, retrieval, updates and erasures of data as essential components of the Services.
- Processing subscription payments.
- Communicating notifications, mentions, reminders and daily summaries related to the features of the Services. The account settings in your user account allow you to configure your preferences and provide consent for receiving notifications, mentions, reminders and daily summaries related to the features of the Services.
- Creating data backups according to our data retention policy.
- To communicate with you about our Services. This will include sending you relevant direct marketing information, promotions, product updates, tips, etc to ensure you get the most out of our Services. Our marketing emails contain a link to unsubscribe, so you may opt-out from receiving our marketing communications at any time.
- For continual product development and improvement. We may also use this information to resolve app crashes and technical issues with our Services.
- To communicate with you for providing customer support related to the Services. We may ask you to provide information related to the way you use the Services to enable us to resolve your customer support enquiries.
- To communicate with you for providing essential system notifications.
- For continual product development and improvement. We may also use this information to resolve app crashes and technical issues with our Services.
- For asking feedback. If you do not object, we may use the information we hold on you to contact you for feedback on your use of our software and/or services, and/or website.
- For analytics and analysis. This will include collecting statistical data on sales patterns and the usage of our Services to allow us to identify patterns and opportunities related to sales, feature usage and the performance of the Services. We will use this statistical data to track and improve the Services.
- To protect our Services and users.
- As required by applicable law, to comply with legal process or regulation.
We collect a variety of personally identifiable information ("PII") about users of our Services in order to ensure a quality user experience. "PII" means information that we can use to identify or contact you, such as your name, address, telephone number, email address or other contact information. You are responsible for ensuring the accuracy of all PII that you submit to us. Inaccurate information may affect your experience when using the Services and/or our ability to contact you as described in this Policy. PII collected by us is protected as personal data under applicable data protection law. PII does not include "Aggregated Information" which is information or data we collect where individual user identities have been removed, including metadata on your use of the Services, IP address logs, device and location information. Aggregated Information helps us understand trends, user needs and other information to provide improved Services and may be used by us for any purpose. We may also collect other non-personally identifiable information about your use and interaction with our Services. "Non-personally identifiable information" means information where we cannot determine the identity of a natural person. Non-personally identifiable information is not treated as PII unless we combine it with or link it to PII that you give to us.
We collect information that you give to us when you register or use our Services. When you register for a CirclyApp user account ("Account") on the website or mobile application, you will be assigned a unique account identifier which will be associated with any information you give to us under your Account. You may also give us information to allow us to contact you or use certain features available through our Services without signing up for an Account, such as when you fill out a request form, provide feedback, email us, or engage in communications with our team.
Other users share / recommend our Services to you. We receive your email address from other Service users when they provide it in order to invite you to the Services.
Your emails, calls and other correspondence to and from us may be recorded for various purposes including: monitoring customer service quality or compliance, checking accuracy of the information you provide us, preventing fraud or providing training for our staff or customer service representatives. Any information obtained from you through Customer support will be treated in accordance with the provisions of this Policy.
- Platform, device and technical information. We collect information about your computer, phone, tablet or other devices you use to access the Services. This may include information about your browser, Operating System, IP address, device identifiers and crash data. How much of this information we collect depends on the type and settings of the device you use to access the Services.
- Cookies. A cookie is a small text file which is transferred from a website and stored on your computer’s hard drive. It enables a website to “remember” who you are. Cookies are used for authentication, tracking, and maintaining user-specific information (preferences, shopping cart, etc.) and often contain a unique and anonymous identifier. Browsers only allow websites to interact with their own cookies, not those from other websites. The settings in your browser allow you to accept or decline cookies depending upon your preferences. Web Beacons. A web beacon is a small transparent gif image that is embedded in an HTML page or email used to track when the page or email has been viewed.
We may receive information about you from outside sources, such as commercially available demographic or marketing information, and add or combine it with your information to provide better service to you and inform you of Services or other information that may be of interest to you. Our Site offers you the functionality of using your social media credentials (e.g. Facebook) to use single-sign-on to enter our Services and in that manner, we may also collect certain information from you as you log on. We will not collect more information from you when using your social media credentials beyond the information such third parties disclose to us.
CirclyApp will share your information in the following ways:
- Integrations with Third Parties. When you connect your account with a third-party service via an integration, we will share information about you that is required to provide the integration between the third-party service and our Services. We provide third-party integrations with several services including Google.
We declare that we carefully and respectfully process personal data belonging to data subjects who we identify as potential customers. In this case, legitimate interests is the legal basis we rely upon to justify the processing of this personal data. When using legitimate interests as the legal basis for processing personal data, we balance our legitimate interests, and the necessity to process the personal data, against the interests, rights and freedoms of the individuals concerned, always considering the particular circumstances.
When relying upon legitimate interests as the lawful basis for processing personal data, we always consider the purpose for processing the personal data, to ensure there is a legitimate interest behind the processing. Our purpose and legitimate interests for processing any personal data belonging to potential customers is to communicate with those individuals who we identify as suitable users of our products, to convert them to paying customers, and to increase sales. We also ensure the processing is necessary for the purpose. The processing of personal data is always a proportionate and adequately targeted way of achieving the purpose and is only carried out when no less intrusive alternatives can be identified to achieve the purpose. And we ensure our legitimate interests are balanced against, and not overridden by our data subjects’ interests, rights or freedoms. We always ensure there are no risks to our data subjects’ interests, rights or freedoms which would override our legitimate interests in processing their personal data, taking consideration of physical, financial or any other impact, including the ability to exercise rights, the control over the use of their personal data, and any social or economic advantages. We do not process any highly confidential or sensitive types of data, and do not process special category data, criminal offence data or personal data belonging to children, and our legitimate interests are balanced against the interests, rights and freedoms of the individuals.
Any personal data which we process must only be carried out in a way which satisfies the reasonable expectations of our data subjects, and is not processed in ways the individuals would not reasonably expect. Processing of personal data is carried out in a way which would be expected, to ensure our data subjects can maintain control over the use of their data, and so they are in an informed position to exercise their rights. Where we use legitimate interests as the lawful basis for processing any personal data belonging to our data subjects, we always assess and ensure that our data subjects would reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place. We may not necessarily have a pre-existing relationship with some of our data subjects whose personal data we may process. Whenever we obtain personal data from third parties, we ensure that our data subjects were informed at the time the data was provided that it may be passed for use by other parties, and that we qualify as a suitable party for processing the data, and the processing satisfies reasonable expectations. Whenever data is obtained from other sources, we ensure that our data subjects should reasonably expect their personal data to be available from those sources and that it is reasonably expected that their personal data would be processed in the ways which satisfy our purpose for processing.
We keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
We use industry standard protocols and technology to protect your registered user information and personal data in order to guard and encrypt data for transmission in a format that prevents data theft by unauthorized third parties, including internal reviews of our data collection, storage and processing practices, security measures, and physical security measures. However, please take into account that the Internet and email transmissions are not secure or error free communication means. Therefore, we cannot guarantee its 100% security. We also urge you to take additional steps on your own to safeguard and maintain the integrity of your information. For example, you should never share your Account or login information with other people and be sure to sign off when finished using a shared or public computer. We urge you to be aware that if you use or access our Services through a third party computer network (e.g., internet café, library) or other potentially non-secure internet connection, such use is not recommended and is solely at your own risk. It is your responsibility to check beforehand on the privacy and/or security policy of your network prior to accessing the Services. We are not responsible for your handling, sharing, re-sharing and/or distribution of your information except as set forth in the Policy.
We will only retain your information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request the information CirclyApp has stored about you.You will not have to pay a fee to access your information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Delete your account at any time.
- Object to processing of your personal data in certain circumstances.
These circumstances may occur where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You are able to exercise some of below mentioned rights through your Account with us. Otherwise, if you wish to exercise your rights under applicable data protections laws please write to us using the details provided below and include, at a minimum, the following information: (i) your complete name, address and/or email address in order for us to respond to your privacy request; (ii) attached documents establishing your identity; and (iii) a clear and concise description of the personal information with regard to which you seek to exercise any of your privacy rights. If you request rectification, please indicate the amendments to be made and attach documentation to back up your request.
We will handle all privacy requests in accordance with applicable data protection laws. Upon receipt of your privacy request, and after due review of its merit, we may then fulfill your request. If you ask us to delete your information, please note that we may not be able to delete all of your information from our databases but, if that is the case, we will mark such information as permanently inaccessible.
Email address: firstname.lastname@example.org
If you are located in the European Economic Area, Switzerland or United Kingdom, you also have the right to lodge a complaint with your local data protection authority or the Dutch Data Protection Authority, which is Circlyapp’s lead supervisory authority in the European Union:
Dutch Data Protection Authority Autoriteit Persoonsgegevens (AP) Postbus 93374 2509 AJ DEN HAAG Phone (+31) - (0)70 - 888 85 00 Fax: (+31) - (0)70 - 888 85 01.
We would, however, appreciate the chance to deal with your concerns before you approach the AP so please contact us in the first instance.
If you are a California resident, you may be entitled to additional rights over your personal information, as detailed in this section.
California Consumer Privacy Act (CCPA) Notice for California residents:
the California Consumer Privacy Act (CCPA) allows California residents to request from a business that collects personal information to give consumers access to and/or deletion of the personal information collected. Terms used in this CCPA Notice but not defined here will have the same meaning as defined under the CCPA.
1. CirclyApp does not sell your personal information to third parties.
2. CirclyApp discloses personal information for business purposes only.
• Business purposes can include such things as:
- our Services,
- maintaining and servicing accounts,
- providing customer service,
- processing or fulfilling orders and transactions,
- performing analytics and quality control,
- auditing transactions,
- researching and testing features and improvements,
- detecting and preventing fraud and security incidents,
- debugging or repairing technical errors,
- and marketing our Services.
If you are a California resident using the Services, you have the following rights:
- To request the categories of personal information that the business collected about you.
- To request the categories of personal information that the business disclosed about you for a business purpose.
- To request deletion of the personal information it has collected from you, subject to certain legal exceptions. For example, when the personal information is necessary to complete a transaction request or to comply with a legal obligation, Circlyapp may claim an exemption to deletion of your personal information.
- The right to be protected from discrimination for exercising your CCPA rights.
Businesses are prohibited from discriminating against you for exercising your rights under the CCPA, including by:
(A) denying you goods or services;
(B) charging you different prices or rates for goods or services,
including through the use of discounts or other benefits or imposing penalties; (C) providing you with a different level or quality of goods or services;
or (D) suggesting that you will receive a different price, rate, level, or quality of goods or services.
Nothing prohibits a business from charging a different price or providing a different level or quality of service if the difference is reasonably related to the value provided to the consumer by the consumer’s data.
• Your rights under CCPA may be exempted as permitted under the statute, particularly if you use the Services as an employee or agent under a business account. CirclyApp expressly reserves all rights to claim legal exemptions permitted under the CCPA.
For additional information about this CCPA Notice or to submit a CCPA request, please contact us.
You must be over the age of 13 to be a Registered User of CirclyApp.Circlyapp does not knowingly collect any kind of information from persons under the age of thirteen (13). By using our Services and/or browsing the Site, you hereby represent and warrant that
If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact our support services.