Last updated January, 2024
What information we collect
In order to provide you with the Services, we must collect information including personally identifiable data (“Personal Information”).
The Personal Information we collect includes the following categories (depending on the Services you’re subscribing to):
- Contact information: first and last name, username, alias, mailing address, home/business address, email and phone number;
- Other identifying information: unique personal identifiers such as Social Security number, driver’s license, state identification card number, passport number or similar identifiers, social media usernames, passwords and other security information for authentication and access, physical characteristics or description, medical information or health insurance information; billing details, main contact persons, business needs and preferences; and videos and photos;
- Demographic information: gender, age, employment information and salary information;
- Financial Information: though we do not collect credit card or debit card numbers, we do collect bank account information and other financial information such as the four last digits of your credit card; transactions associated with your use of the Services, including the transaction ID, transaction category and type, merchant name, amount, currency, date, and location;
- Geolocation data;
- Internet and other electronic activity: IP address, browser type, search and click history; navigation within and use of our Websites and Services;
- Commercial information: products or services you offer or purchase using the Services;
- Inferences drawn from the categories described above in order to create customized Services to reflect your preferences, characteristics and behavior; and
- Free Text: Personal Information you provide us in an email/chat/text messaging or any other free-text entry box, either as part of your account or as part of any use the Services while connecting with other Users and any Personal Information you include in an email or text message while using the Services.
How we collect information
We collect Personal Information you provide us from your use of the Services, from any interaction between you and us and from other sources, all as further described below:
1. Information you provide us
- When you register as a Customer, use the Services or purchase an App on our App Market you will be required to provide us with information. To the extent applicable, such details will be provided by using your social network account (e.g. connecting your Facebook or Google account to our Services).
- When communicating with us through support tickets, emails and recorded calls you participate in.
- Unsolicited information you provide us through the Services or through any other means, for example by posting to any public areas and other unsolicited submissions, interacting with our social media sites such as Instagram, Facebook, and LinkedIn. Such information may be accessible to others and will not be treated as confidential. In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.
Please use caution when providing information to us and avoid any involuntary disclosure of Personal Information related to you, or to others without their consent.
2. Information we collect when you use our Services or from third parties
- Third-Party Services: when you link certain third-party services (e.g., Gmail, Outlook Calendar) to your account or when you otherwise interact with these services through or in connection with our Services you allow us to receive certain personal information retained by such third-party services.
- Social Platforms: social platforms give us automatic access to certain personal information retained by these social networks about you. This will include Facebook sign-in, Google sign-in and information from your public profile. In some cases, we will collect Personal Information from lead enhancement companies which help us to improve our service offering. You control the Personal Information you allow us to have access to through the privacy settings on the applicable social platforms and the permissions you give us when you grant us access to the Personal Information retained by the respective social platforms about you.
- Third-Party Service Providers: from third party services provider such as (i) analytics software and communication providers; (ii) security providers, fraud detection and prevention providers helping us for example to screen out Users associated with fraud; and (iii) advertising and marketing partners in order to monitor, manage and measure our ad campaign; all who have assured us that they have either obtained your consent for the provision of such information or that you have freely and publicly provided such information yourself.
- Non-Identifiable Information: when you interact with vcita through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. We will store such information ourselves or such information will be included in databases owned and maintained by our affiliates, agents or service providers. Our Services will use such information and pool it with other information. It is important to note that no Personal Information is available or used in this process.
- Aggregated Personal Information: in an ongoing effort to better understand and serve our Users, we often conduct research on our Users’ interests and behavior based on the Personal Information and other information provided to us, including through third party service providers. This research will be compiled and analyzed on an aggregate basis, and vcita will share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally.
How we use Personal Information related to you
We will use information that we collect about you for the following purposes:
- to provide and operate the Services;
- to determine and ascertain accounts, verify User identity;
- to process payments for you;
- to personalize the Services, customize your user experience with the Services, communicate with you and enable you to retrieve information related to you;
- to develop, improve, customize and provide maintenance to the Services, the experience of other Users and the offerings available through the Services;
- to be able to contact you for the purpose of providing technical assistance and support, to handle requests and complaints, and to collect feedback in connection with our performance of the Services;
- to send you updates, notices, announcements, and additional information related to the Services;
- to comply with any applicable laws and regulations;
- to analyze our performance and marketing activities;
- to use the information to create statistical, aggregated or anonymous data which will be used at our discretion for any purpose; and
- to allow us, and our selected third parties, to provide you with personalized interest based advertisements, which will be served either on the Services and/or on other websites, apps, and services, and to better understand your activity.
- No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; and the above categories will not be shared with any third parties.
Use of your Google data
- vcita uses Google OAuth in order to get access to your Google data as part of your registration to certain Services and if you choose to synchronize your Google Calendar or your Google Contacts with our Service.
- Necessary to Perform a Contract: we collect and process Personal Information related to you in order to provide you with the Services.
- With your consent: we ask for your agreement to process Personal Information related to you for additional specific purposes, and you have the right to withdraw your consent at any time.
Who we share Personal Information with and how
- Service Providers: we use third party service providers whose services and solutions complement, facilitate and enhance our Services, and who have confirmed that their privacy practices are consistent with ours. Some examples of such third-party service providers will include hosting and data storage services, maintenance and management services, marketing and promotions, cyber security services, billing and payment processing services, web analytics, text messaging and monitoring services, session recording and remote access services, performance measurement, data optimization, content providers, and others (“Service Providers”). We only provide our Service Providers with the information necessary for them to perform these services on our behalf and each Service Provider must agree to use reasonable security procedures and practices and are prohibited from using Personal Information other than as specified by us.
- Change in Corporate Control: in the event vcita or any of its affiliates undergo any change in control, including by way of merger, acquisition or purchase of substantially all of its assets or shares, Personal Information related to you will be shared with the parties involved in such transaction.
- Legal Requirements: we will disclose Personal Information related to you and any other information about you to government or law enforcement officials or private parties if we will be required to do so by law or if we believe in good faith that it is necessary or appropriate in order to (i) comply with a legal obligation; (ii) protect and defend our rights or properties; (iii) act in urgent circumstances to protect the personal safety of Users of the Services or the public; or (iv) protect against legal liability.
Where do we hold/transfer Personal Information
Our subsidiary, vcita Systems Ltd. which provides us with certain services is located in Israel which is considered by the European Commission to be offering an adequate level of protection for the Personal Information of EU Member State residents.
Additionally to the USA and Israel, we may process information in other locations. Such countries may be different from the country in which Personal Information related to you originated and where data protection laws are not equivalent to, or offer the same protection as, those in your country. By using our Services, you agree to any such transfers.
Our affiliates and Service Providers who store and process Personal Information on our behalf are contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which applies in their jurisdiction.
Transfer of EU Personal Information: If you are located in the EU, when we transfer Personal Information related to you to the United States or anywhere outside Europe, we will make sure that (i) there is a level of protection deemed adequate by the European Commission; or (ii) that the relevant Standard Contractual Clauses approved by the European Commission or other suitable safeguards are in place to manage such data transfers and protect the privacy and security of information related to you; all in accordance our Data Processing Addendum.
vcita will collect, store and process certain Personal Information of Clients (“Client Personal Information”), solely on our Customer’s behalf and at their direction and further serves as “Processor” rather than a “Controller” (as such terms are used by the European Union General Data Protection Regulation (“GDPR”)) with respect to such Client Personal Information.
Customers are considered as “Controllers” of such Client Personal Information and are responsible for complying with all laws and regulations that will apply to the collection and control of such Client Personal Information, including all privacy and data protection laws of all relevant jurisdictions.
vcita cannot provide legal advice to Customers or Clients, however we do recommend you as a Customer to publish and maintain clear and comprehensive privacy policies on your website or Client Portal in accordance with any applicable laws and regulations, and that all Clients carefully read those policies and make sure that they understand and, to the extent required by applicable law, consent to them.
The processing and transfer of Client Personal Information subject to GDPR will be in accordance our Data Processing Addendum.
If you are a Client of any of our Customers please note:
Third party links
We take great care in implementing and maintaining the security of our Services and our Users’ Personal Information. vcita employs industry-standard procedures and policies to ensure the security of its Users’ Personal Information and to prevent unauthorized access, disclosure or alteration of any such information. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers and information access authorization controls as will be found here. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways to further enhance the security of our Services and protection of our Users’ privacy.
However, we cannot guarantee absolute protection and security and that unauthorized access will never occur. We encourage you to set strong passwords to your account and avoid providing us or anyone with any sensitive Personal Information of which you believe its disclosure could cause you substantial or irreparable harm.
Job applicants’ information
Privacy Notice for U.S. Residents
Categories of Personal Information
In the preceding twelve (12) months we have collected the following categories of Personal Information:
- Identifiers and Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as your name, e-mail address and IP address;
- Commercial information, such as payment details.
- Internet or other similar network activity;
- Geolocation data;
- Sensory Data, such as visual data;
- Commercial information, including products or Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- If you use our Services then we will also collect and process any Personal Information embedded in the content that you upload to the Services; and
- Inferences drawn from all the above-mentioned Personal Information.
Please note that the above list includes the categories of Personal Information that we are aware of. We may have been collecting other categories of Personal Information which you have uploaded to our Services as further described above under the section titled “What Information We Collect”.
Categories of Sensitive Personal Information
While we may collect Sensitive Personal Information as part of providing you the Services, we do not collect or process sensitive Personal Information for the purpose of inferring characteristics about you and we do not sell sensitive Personal Information or share sensitive Personal Information for cross-context behavioral advertising.
For the purpose of U.S. Privacy Laws, Sensitive Personal Information means:
- A consumer’s social security, driver’s license, state identification card, or passport number.
- A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- A consumer’s precise geolocation.
- A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
- The contents of a consumer’s mail, email, and text messages unless we are the business that is the intended recipient of the communication.
- A consumer’s genetic data.
- The processing of biometric information for the purpose of uniquely identifying a consumer.
- Personal Information collected and analyzed concerning a consumer’s health.
- Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.
Our business Purpose for Collection Personal Information Related to You
We collect Personal Information related to you for various business purposes, such as providing you with the Services and making the Services better, all as described above under the section titled “How We Use Personal Information Related to You”.
The Categories of Sources from Which Personal Information related to you is Collected
We obtain the Personal Information directly from you, from your Services activities, from third parties such as event organizers, data providers and publicly available resources, as further detailed under the sections titled “What Information We Collect” and “How We Collect Information”.
The categories of Personal Information collected by these third parties in the preceding 12 months include identifiers, online activities and inferences drawn from such activities.
The Categories of Personal Information Disclosed to Third Parties
In the preceding 12 months, we have disclosed the categories of Personal Information listed above in this section with various third parties, such as our service provides and affiliates, as further detailed above under the section titled “Who We Share Personal Information With And How”.
Selling and Sharing Personal Information
We do not sell or share Personal Information as these terms are defined under U.S. Privacy Laws. However, we engage third parties to provide us with services such as analytics, marketing automation and user experience and allow them to collect Personal Information on our website and Services.
We do not knowingly sell or share the Personal Information of consumers under 16 years of age.
The categories of Personal Information collected by these third parties in the preceding 12 months include identifiers, online activities and inferences drawn from such activities.
These third parties do not pay us for collecting such information, but the right granted to them to collect Personal Information may be considered as disclosure for the purpose of selling or sharing for cross-context behavioral advertising. At any time, you can opt-out of the collection of Personal Information by our service providers.
Your Rights Under U.S. Privacy Laws
In addition to the rights under other sections under this policy, if you are a resident of the U.S. you are also entitled to the following specific rights under U.S. Privacy Laws regarding Personal Information related to you:
1. Access to Specific Information and Data Portability Rights
You have the right to request that we disclose to you certain information about our collection and use of Personal Information related to you over the past 12 months. After verifying your request, we will disclose to you:
- The categories of Personal Information we collected about you;
- The categories of sources for the Personal Information we collected about you;
- Our business or commercial purpose for collecting that Personal Information;
- The categories of third parties with whom we share that Personal Information;
- The specific pieces of Personal Information we collected about you;
- If we disclosed Personal Information related to you for a business purpose, we will provide you with a list which will identify the Personal Information categories that each category of recipient obtained.
2. Correction Rights
You have the right to correct inaccurate Personal Information we maintain about you.
3. Deletion Rights
You have the right to request that we delete any of Personal Information related to you. Upon confirmation of your request, we will delete Personal Information related to you from our records, unless an exception applies.
4. Limit the Use of Sensitive Personal Information
As further provided above, we do not collect Sensitive Personal Information, we do not infer characteristics from Sensitive Personal Information and therefore we do not expect you to request us to limit the use of such information.
5. Exercising Your Rights
You can also exercise one of your rights detailed above by submitting your request to vcita.com/contact.
You can restrict the ‘sale’ or ‘share’ of Personal Information by opting out of receiving cookies from the relevant third parties.
Opt-out cookies installed on your browser to signal your opt-out request may only apply to the specific device and browser that you have used to request the opt-out. If you use another device or browser, or if you delete cookies through your browser settings, we may automatically prompt the cookies consent notice when you revisit our Services, Websites or other online assets.
If you would like to maintain your opt-out status with other devices or browsers that you use, please use your browser setting to block cookies, or otherwise reject the cookies when you are prompted with the cookie consent notice.
Only you or a person authorized to act on your behalf, will make a request related to Personal Information related to you. You will also make a verifiable consumer request on behalf of your minor child.
A request for access can be made by you only twice within a 12-months period. We cannot respond to your request or provide you with the requested Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use the Personal Information provided in your request to verify your identity or authority to make the request.
We will do our best to respond to your request within 45 days of its receipt. If we require more time (up to additional 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response by email. Any disclosures that we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons for our inability to comply with your request, if applicable.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before processing further your request.
We will not require that you create an account in order to exercise your rights under this policy and we will not increase the cost, or decrease the availability, of our Services based solely on the fact that you have chosen to exercise one of your rights detailed above.
After receiving our reply, you may appeal against our decision by contacting us. We will review your appeal and provide you with our answer and our explanation of the reasons for our decision(s) within 60 days of receiving it. We will also provide you with a link (to the extent available) where you may submit a complaint with the relevant competent supervising authority.
We do not discriminate against any User for exercising their rights under U.S. Privacy Laws, including but not limited to, by:
Some web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is an HTTP header field indicating your preference for tracking your activities on our services or through cross-site user tracking. Our Websites do not respond to DNT signals.
Communication from vcita
vcita will contact you with information regarding our Services or your use thereof. For example, we will notify you (through any of the means available to us) of changes or updates to our Services, including changes to our Terms of Service, transactions performed, payment issues, service maintenance, etc. It is important that you are always able to receive such messages and for this reason, you will not be able to opt-out of receiving such service messages.
Promotional and Surveys Messages
In addition to communications that are an inherent part of our Services, occasionally we will also use your contact information to contact and notify you about new related services and special opportunities or promotions we think you will find valuable and will also contact you in connection with surveys we conduct with respect to our Services, either on our own behalf or on behalf of our partners. We will contact you through e-mail, push notifications, through notices on the Services themselves or through any other contact methods available to us, including with the help of our service providers.
If you do not wish to receive such promotional messages or calls, you will notify vcita at any time or follow the “unsubscribe” or “stop” instructions contained in the promotional communications you receive.
At any time you can opt out of vcita’s mailing lists, by sending us a removal request to vcita.com/contact. It can take up to ten (10) business days for your opt-out request to take effect.
If you find that the information on your personal account is not accurate, complete or updated, then you can make all necessary changes to correct it. Otherwise, you can contact us at vcita.com/contact.
If you wish to delete Personal Information related to you stored on vcita’s database, you can send a request to delete information to vcita.com/contact. vcita will inform you whether it can accept your request. vcita will strive to accept requests to delete personally identifiable information. vcita can refuse your request, for example, if it believes that removal of certain information can harm other users. Before fulfilling your request, we will ask you for additional information in order to confirm your identity and for security purposes.
You will bear full responsibility for any damage, costs, fines and expenses resulting from the deletion of data pursuant to your request to exercise the right to be forgotten and hold vcita harmless thereof.
EU Residents: A summary and further details about your rights under EU data protection laws, is available on the EU Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
Notwithstanding anything to the contrary in this policy, vcita can keep any aggregated or anonymized information for statistical, marketing and other purposes, indefinitely and it is vcita’s policy to keep Customer Personal Information on file unless specifically requested to be deleted.
We maintain a data retention policy which we apply to Personal Information in our care.
vcita has appointed a Data Protection Team for monitoring and advising on its ongoing privacy compliance and to serve as a point of contact on privacy matters for data subjects and supervisory authorities. To contact vcita’s Data Protection Team please email us at [email protected].
EU Residents: Our EU-GDPR representative according to Art. 27 of the GDPR is Rickert Rechtsanwaltsgesellschaft mbH, at Colmantstraße 15, 53225 Bonn, Germany and may be reached at [email protected].
UK Residents: Our UK-GDPR representative according to Art. 27 of the GDPR is Rickert Services Ltd UK, at PO Box 1487, Peterborough, PE1 9XX, United Kingdom and may be reached at [email protected].
You maintain the right to file a complaint with your national data protection authority if you have a concern about our privacy practices, including the way we handle Personal Information related to you.
By contacting us, you represent that you are free to do so and that you will not knowingly provide information that infringes upon the rights of third parties, including any intellectual property rights. You further acknowledge that, notwithstanding anything herein to the contrary, any and all rights, including without limitation any intellectual property rights in such information provided, shall belong exclusively to vcita, and we may use or refrain from using such information at our sole discretion.