Who we are
Our website address is: https://glowtify.com.
Effective Date: May 2, 2022
Glowtify is a software publisher that develops proprietary solutions whose licenses are marketed to its customers in the form of Software as a Service (hereinafter “SaaS”), which refers to the way in which the functionalities of a software solution are made available remotely, using Internet technologies and accessible via the Internet network. Glowtify has developed Glowtify marketing app, a software enabling the Client to manage its e-commerce data by offering a solution to provide optimizations guidance on the different marketing channels, calculate and help monitor Key Performance Indicators (hereinafter the “Software”).
Glowtify Technology Inc. puts great efforts in making sure that the personal data processed by us is safe and used properly, and that our data practices are properly communicated to our customers, users and prospects.
Definitions of the terms
For the purposes of this Agreement, the following terms shall have the following meaning:
- “Personal Data” means any information relating to an identified or identifiable natural person; an “identifiable natural person” is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more elements unique to him/her. In order to determine whether a person is identifiable, all means of identification available or accessible to the Data Controller or any other person must be considered.
- “Data Subject” refers to a natural person whose Personal Data is processed.
- “Data Controller” means the CLIENT, who determines the purposes and means of the Personal Data Processing.
- “Data Processor” refers to the PROVIDER who processes Personal Data under the authority, on instructions and on behalf of the Data Controller.
- “Processing” means any operation or set of operations involving Personal Data by the Data Processor on behalf of the Data Controller, regardless of the process used, and in particular the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, as well as limitation, deletion or destruction.
- “Personal Data Breach” means a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, Personal Data transmitted, stored or otherwise processed.
Obligations of the Data Controller
The Data Controller acknowledges and guarantees:
- that the Processing is carried out in accordance with the provisions of the GDPR and the Data Protection Act, in particular, that the Data Subject has been informed of the purpose of the Processing, his rights, the recipients of the Personal Data and the policy on the protection of privacy and personal data;
- only in the event that the Data Controller processes “sensitive” data as defined in Article 9 of the GDPR (i.e. the Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person), the Data Controller has collected them and requires the Data Processor to carry out their Processing, in full compliance with the provisions of the said Article 9;
- that it will respond as soon as possible to any Data Protection Authority requests for information, if any;
- that it will respond, as soon as possible, to requests from any Data Subject by the Processing, to communicate information on its Personal Data and that it will give appropriate instructions to the Data Processor, in due course.
- The Data Controller also undertakes to:
- document in writing any instructions concerning the Processing of Personal Data by the Data Processor;
- ensure, in advance and throughout the duration of the Processing, that the Data Processor complies with the obligations provided for in the European Data Protection Regulation;
- supervise the Processing, including carrying out audits and inspections of the Data Processor.
Obligations of the Data Processor
The Data Processor undertakes to:
- process the data only for the purposes indicated by the Data Controller;
- if the Data Processor considers that an investigation constitutes a violation of the European Data Protection Regulation or any other provision of Union law or of the law of the Member States relating to data protection, it shall immediately inform the Data Controller. In addition, if the Data Processor is required to transfer data to a third country or international organization, under the law of the Union or the law of the Member State to which it is subject, it must inform the Data Controller of this legal obligation before the Processing, unless the law concerned prohibits such information for important reasons of public interest;
- guarantee the confidentiality of the personal data processed under this Agreement;
- ensure that the persons authorized to process personal data under this Agreement:
- undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality;
- receive the necessary training in the protection of personal data;
- consider, with regard to its tools, products, applications or services, the principles of privacy by design and data protection by default;
- inform its employees of their responsibility regarding the protection of Personal Data, in particular as regards the confidentiality of such data;
- in the event of a possible legal, administrative or judicial prohibition that could prevent it from carrying out the Processing, the Data Processor shall inform the Data Controller and may then terminate the Agreement, without the Data Controller being able to hold the Data Processor liable or claim damages from him;
- cooperate with the CNIL in the event of a request for information from the latter and that it will comply with any recommendation of the CNIL relating to the Processing.
The Data Processor may use another subcontractor (hereinafter, the “Subprocessor”) to carry out specific Processing activities. In this case, he/she shall inform the Data Controller in advance and in writing of any planned change concerning the addition or replacement of other Subprocessors. This information must clearly indicate the subcontracted Processing Activities, the identity and contact details of the Subprocessor and the dates of the subcontract. The Data Controller has a minimum period of one (1) month from the date of receipt of this information to present his objections. This subcontracting may only be carried out if the Data Controller has not raised any objection within the agreed period.
The Subprocessor is required to comply with the obligations of this Agreement on behalf of and in accordance with the instructions of the Data Controller. It is the initial Data Processor’s responsibility to ensure that the Subprocessor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing operation complies with the requirements of the European Data Protection Regulation. If the subsequent processor does not fulfill its data protection obligations, the initial Data Processor remains fully liable to the Data Controller for the performance by the subsequent processor of its obligations.Right of data subjects to be informed
It is the responsibility of the Data Controller to provide the information to the Data Subjects on the Processing operations at the time of data collection.
Exercise of data subject’s rights
The Data Controller grants requests to exercise the rights of the Data Subjects (right of access, rectification, deletion and opposition, right to limit the Processing, right to data portability, right not to be the subject of an automated individual decision, including profiling) and will give appropriate instructions to the Data Processor in due course. As far as possible, the Data Processor shall assist the Data Controller in fulfilling his obligation to comply with requests to exercise the rights of the Data Subjects.
Notification of Personal Data Breaches
The Data Processor shall notify the Data Controller of any breach of personal data as soon as possible and, at the latest, 72 hours after becoming aware of it. This notification shall be accompanied by all relevant documentation in order to enable the Data Controller, if necessary, to notify this Violation to the competent supervisory authority.The Data Processor must take all necessary steps to identify the causes of such Personal Data Violation and take all measures that it deems necessary and reasonable to remedy the origin of such Violation when such remedy is under the control of the Data Processor.
The Data Processor must at all times have technical and organizational measures in place to prevent unauthorized access to the Personal Data and the use of the Personal Data for purposes other than those agreed for their transmission to the Data Processor. The Data Processor represents and warrants that the security measures taken are in no event less than those required by applicable law or those that a person performing the same activity as the Data Processor would reasonably have taken for the protection of Personal Data against unauthorized access or use.
In cases where the Data Processor has obtained the prior consent of the Data Controller for the transmission of Personal Data to a third party, the Data Processor must again take appropriate security measures to ensure the secure transmission of the Personal Data. The Data Processor must protect and maintain the Personal Data as confidential information. The confidentiality requirements required by each of the commercial documents and/or confidentiality agreements signed between the Data Controller and the Data Processor must apply to the Personal Data.
Specifically, we use Glowtify User Data and Glowtify Website, CRM & Prospect Data for the following purposes:
- To facilitate, operate, and provide our Services;
- To authenticate the identity of Users and to allow them to access and use our Services;
- To train and provide service-related insights to relevant members of our staff;
- To provide our customers and Users with assistance and support;
- To gain a better understanding on how individuals use and interact with our Sites and Services, and how we could improve their and others’ user experience, and continue improving our products, offerings and the overall performance of our Services;
- To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. Such activities allow us to highlight the benefits of using our Services, and thereby increase your engagement and overall satisfaction with our Services. This includes contextual, behavioral and interests-based advertising based on your activity, preferences or other data available to us or to our business partners;
- To contact our customers, Users and prospects with general or personalized service-related messages, as well as promotional messages that may be of specific interest to them;
- To facilitate, sponsor and offer certain events, contests and promotions;
- To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity;
- To create aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our business partners may use to provide and improve our respective services, or for any other purpose; and
- To comply with applicable laws and regulations.
We do not sell your personal information for the intents and purposes.
We retain Customer Data strictly on our customer’s behalf, in accordance with their reasonable instructions and as further stipulated in our Data Processing Agreement and other commercial agreements with such customer.
We retain Glowtify User Data and Glowtify Website, CRM & Prospect Data for as long as it is reasonably necessary in order to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy.
Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your personal data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you. If you have any questions about our data retention policy, please contact us by e-mail at email@example.com
Customers and other Users: Customer Data is typically shared and is available to the Users belonging to such customer’s account. Glowtify User Data is shared with the administrator of the customer’s account to which such User belongs (including data and communications concerning such user’s account). In such cases, sharing such data means that the administrator(s) or other users of the same account may access it on behalf of the customer, and will be able to monitor, process and analyze the personal data contained therein. This includes instances where you may contact us for help in resolving an issue specific to a team of which you are a member (and which is managed by the same customer).
Protecting Rights and Safety: We may share personal data with others if we believe in good faith that this will help protect the rights, property or personal safety of Glowtify, any of our users or customers, or any members of the general public.
Cookies and Tracking Technologies
Cookies are packets of information sent to your web browser and then sent back by the browser each time it accesses the server that sent the cookie. Some cookies are removed when you close your browser session. These are the “Session Cookies”. Some last for longer periods and are called “Persistent Cookies”. We use both types.
We use Persistent Cookies to remember your log-in details and make it easier for you to log-in the next time you access the Platform. We may use this type of cookies and Session Cookies for additional purposes, to facilitate the use of the Services’ features and tools.
Whilst we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, you can manage your cookies preferences, including whether or not to accept them and how to remove them, through your browser settings. Please bear in mind that disabling cookies may complicate or even prevent you from using the Services. You may also use the “Cookie settings” feature available in our Services depending on your location and activity on our Services, as applicable.
Please note that if you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers), you may also clear the opt-out cookies installed once you opt-out, so an additional opt-out will be necessary to prevent additional tracking.
We engage in service and promotional communications, through e-mail, phone, SMS and notifications.
Service Communications: We may contact you with information regarding our Services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. Our customers, and other Users on the same customer account, may also send you notifications, messages and other updates regarding their or your use of the Services.
Promotional Communications: We may also notify you about new features, additional offerings, events, special opportunities or any other information of a promotional nature we think you will find valuable, as our customer, User or prospect. We may provide such notices through any of the contact means available to us (e.g. phone, mobile or e-mail), through the Services, or through our marketing campaigns on any other sites or platforms.
You can typically control your communications and notifications settings from your Yotpo User profile settings, or otherwise in accordance with the instructions included in the communications sent to you. Please note that you will not be able to opt-out of receiving certain service communications which are integral to your use (like password resets or billing notices).If you do not wish to receive promotional communications, you may notify us at any time by sending an e-mail to: firstname.lastname@example.org, changing your communications preferences in your User profile settings, or by following the “unsubscribe”, “stop”, “opt-out” or “change e-mail preferences” instructions contained in the promotional communications you receive.
We and our hosting services implement systems, applications and procedures to secure your personal data, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that our Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
Certain data protection laws and regulations, such as the EU GDPR, UK GDPR or the CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.
Glowtify is the “data processor” of Customer Data, which we process on behalf of our customer (who is the “data controller” of such data; and our Service Providers who process such Customer Data on our behalf are the “sub-processors” of such data.
Glowtify is both a “data controller” and “data processor” of Glowtify User Data. Such data is processed by Glowtify for its own purposes, as an independent ‘controller’; whilst those certain portions of it which are included in Customer Data will be processed by us on our customer’s behalf, as a ‘processor’.
Accordingly, Glowtify processes Customer Data strictly in accordance with such customer’s reasonable instructions and as further stipulated in our Data Processing Addendum and other commercial agreements with such customer. The customer, as controller of such data, will be responsible for meeting any legal requirements applicable to data controllers (such as establishing a legal basis for processing and responding to Data Subject Rights requests concerning the data they control).
For the avoidance of doubt, each customer is solely responsible for establishing a legal basis for proceeding and providing adequate notice to their account users and customers whose data may be contained in Customer Data – including sufficient reference to the processing of their personal data via the Services, and any other information necessary to comply with all applicable privacy and data protection laws; and to obtain all approvals and consents from such individuals as required under such laws.
Data Processing Agreement
In the context of their contractual relations, the Parties undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable as from 25 May 2018 (hereinafter referred to as the “GDPR”), as well as Law No 78-17 of 6 January 1978 on data processing, files and freedoms (hereinafter referred to as the amended “Data Protection Act” (DPA)). The purpose of this Annex is to define the conditions under which the processor undertakes to carry out on behalf of the controller the processing operations of personal data defined below.
By using the Services, Client accepts this DPA and you represent and warrant that you have full authority to bind the Client to this DPA. If you cannot, or do not agree to, comply with and be bound by this DPA, or do not have authority to bind the Client or any other entity, please do not provide Personal Data to us.
SaaS License Agreement
This document constitutes a Software License Agreement (hereinafter referred to as the “Agreement”) granted by Glowtify, whose registered office is located at 1010 William Street, Unit 703, Montreal, Quebec, H3C 0K8, registered under the unique identification number 1177616290 in Quebec Registery, represented by Marc Allard, as President, duly authorized for that purpose (hereinafter referred to as ” Glowtify” or the “PROVIDER”) to any natural or legal person wishing to use the Software (hereinafter referred to as the “CLIENT” or “You”), collectively referred to as “the Parties” or individually as “Party”.
The CLIENT is informed that the use of the Software is conditional upon acceptance of this Software License Agreement which contains all necessary and useful information to enable him/her to commit in full knowledge of the facts. Accordingly, the mere use of the Software constitutes acceptance by the CLIENT of the entirety of the terms and conditions of this Agreement.
ARTICLE 1 – DEFINITIONS
“Authorized Use”: refers to the authorized use of the License by the CLIENT as defined in section 6 of the Agreement.
“Connectors” (or “Data Connectors”): refers to connector, like application programming interface, that enable to source data, such as online advertising platform, emailing software, web analytics service, which CLIENT might use in order to compute its marketing data. For example, Shopify, Google Analytics, Prestashop, Facebook Ads, etc.
“Data”: refers to all information created, acquired, aggregated, or archived by or for the CLIENT, including personal data processed via the Software, as well as the results of processing carried out on the basis of such data via the said Software. The Data also refers to the data communicated by the CLIENT relating to its activities, know-how, etc. These data are confidential and are the exclusive property of the CLIENT for the data concerning him.
“License”: refers to the license as described in section 5 of the Agreement.
“Object Code”: refers to the series of machine-readable instructions (executable program) that are intended to be directly executed by a computer after appropriate processing and linking but without the compilation or assembly steps.
“Software” means the Software described in the Preamble of this Agreement, including all new versions, updates and modifications that may be developed after the date of signing the Agreement. By new versions and updates, we mean any improvements or evolutions of the existing functionalities of the Software, any corrections made to the Software. Software is accessible through a dashboard.
“Source Code”: includes for the Software (i) a complete presentation of operations and instructions, expressed in an advanced language that is understandable to a computer professional, (ii) the procedures and methods used to achieve this result and (iii) all the technical documentation attached to the Software.
“Stores”: refer to a Shopify store as defined by a unique store url (Note: 1 brand can have multiples stores for multiple countries served)
“Subscription Process”: refers to the online process enable the CLIENT to subscribe to the SaaS.
“Visit”: refers to monthly sessions calculated by Google Analytics and showcased in Glowtify by “Visits” KPI under Key Indicators section.
Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
How long we retain your data
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.