Cookies consist of portions of code installed in the browser that assist the Owner in providing the Service according to the purposes described. Some of the purposes for which Cookies are installed may also require the User's consent.
Where the installation of Cookies is based on consent, such consent can be freely withdrawn at any time following the instructions provided in this document.
Some of the services listed below collect statistics in an anonymized and aggregated form and may not require the consent of the User or may be managed directly by the Owner - depending on how they are described - without the help of third parties.
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
MixPanel is an analytics service provided by Mixpanel Inc.
Personal Data collected: Cookies and Usage Data.
This type of service helps the Owner to manage the tags or scripts needed on Duffel in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Segment is a tag management service provided by Segment.io, Inc.
Personal Data collected: Cookies and Usage Data.
The FullStory Services utilize a powerful script that creates a new level of ease for website owners to understand the usability of their websites. Website owners who use FullStory Services can watch a DVR-like video playback of user sessions on their website, enabling meaningful insight into their users' experience, as an effective way to identify usability problems and other areas for improvement. FullStory exists to make the web better for end-users, and it is only available to websites that share that goal.
Getting a few definitions out of the way should help you better understand this policy.
When we say we, us, our or FullStory, we're referring to FullStory, Inc., a Delaware corporation.
FullStory Customer refers to any customer that has entered into an agreement with FullStory to use the FullStory Services on its Site.
Personal Information refers to any information which may identify an individual personally, such as first and last name, home address, billing address, or other physical address, email address, telephone number, etc.
User refers to a visitor to a website that uses the FullStory Services or a client of a FullStory Customer.
Visitor refers to anyone accessing the FullStory Site.
Information Collected from FullStory Visitors
If you are a Visitor, FullStory collects information on your use of our Site, such as pages visited, links clicked, non-sensitive text entered, and mouse movements, as well as information more commonly collected such as the referring URL, browser, operating system, marketing, cookie information, and Internet Service Provider (“Usage Data”). FullStory’s purpose in collecting Usage Data is to better understand how FullStory’s Visitors use the Site. As a Visitor, FullStory collects potentially personally identifying information like Internet Protocol (or “IP”) addresses (“Potential PII”). Also, you may choose to interact with the Site that results in your providing Personal Information to FullStory, such as giving us your name, email address, user name and password when signing up for a free trial of the Services or creating an account to license the Services or to post comments to the FullStory blog or social media sites, etc. You should be aware that any information you provide in the FullStory blog or social media areas may be read, collected, and used by others who access them.
Information Collected from FullStory Customers
FullStory may use your information and data as agreed to in the Agreement and to:
Process transactions between you and FullStory.
Send e-mails about our Site or respond to inquiries.
Provide support for the FullStory Services
Enhance or improve user experience, our Site, or FullStory Services.
Monitor data to ensure that it complies with your contractual obligations to us.
Perform any other function that we believe in good faith is necessary to protect the security or proper functioning of our Site or the FullStory Services.
With your prior consent, we may post your personal testimonials along with those of other satisfied customers on our Site in addition to other endorsements.
Information Collected from Visits to Websites that use FullStory Services
Use of Your Personal Information
We will never sell your data to third parties. However, in the course of business, we may hire third party individuals and organizations to help us make the FullStory Services better. These third parties include our web host provider, other SaaS providers, such as an email hosting service, payment processors or outside contractors we hire to perform marketing, maintenance or assist us in securing our website. We may also hire third parties to operate, maintain, repair, or otherwise improve or preserve our website or its underlying files or systems.
FullStory may disclose Personal Information and Potential PII only to those of its employees and third party organizations that (1) need to know such information in order to process it on FullStory’s behalf or to provide services as described above and (2) have agreed not to disclose it to any other parties without FullStory’s consent. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using the Site and/or the Service, you consent to the transfer of information to such individuals and organizations in order to accomplish these purposes.
Before using or sharing your information with non-agent third parties in ways not discussed here or previously authorized by you, we will provide you Notice and an opportunity to control the further use or disclosure of your personal information.
FullStory has potential liability in cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the Privacy Shield Principles. (See below).
If you are a registered user of the Service and have supplied your email address, FullStory may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with FullStory and our products. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. FullStory takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of Personal Information and Potential PII.
Release of Your Information for Legal Purposes
We may access or release Personal Information about you when required to do so in order to comply with any applicable, laws, regulations, subpoena or enforceable governmental or public authority request, including, to meet national security or law enforcement requirements. We may also access or release Personal Information when we have a good faith believe that such access or release is reasonably necessary to (i) enforce applicable terms of service, including investigation of potential violations, (ii) detect, prevent, or otherwise address fraud, security or technical issues, (iii) respond to user support requests, or (iv) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Right to Access, Edit, and Remove Your Information
You have a right to access personal information we hold about you. Whenever you use our Site or FullStory Services, we strive to make sure that the Personal Information is correct. If that information is wrong, we give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your Personal Information, we may ask you to verify your identity before making any changes. We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. Because we protect information from accidental or malicious destruction, even after information is deleted from the FullStory Services, it may not be immediately deleted from FullStory’s servers.
To request removal of your Personal Information from our Site, Services, blog or social media, contact us at email@example.com. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.
If a User interacts with one of our Customers and the User seeks to access, or correct, amend, or delete inaccurate data or no longer wants to be contacted by one of our Customers, the User should direct its inquiry to the Customer because the Customer is the data controller. If the Customer requests FullStory to remove the Personal Information, we will promptly respond to their request.
We take measures to enhance the security of our Site and the FullStory Service. These measures include using SSL Certificates and two-factor authentication. It is important for you to protect against unauthorized access to your password and to your computer. No security measures are perfect and we cannot promise that the information about you will remain secure in all circumstances.
FullStory stores and processes data on Google Cloud Platform servers located on the United States.
Do Not Track Signal
Our site is intended for a general audience and we do not knowingly collect personal information from anyone under the age of 13.
How FullStory Collects Information
For Visitors to our Site
For Visitors to the FullStory site, FullStory uses first party and third party cookies and other tracking technologies in order to:
Provide personalized pages for visitors.
Help us track email response rates, measure the success of our marketing campaigns, identify when our emails are viewed and track whether our emails are forwarded
Provide assistance in navigation;
Provide assistance during the visit;
Analyze your use of our products, services or applications;
Assist us with our promotional and marketing efforts.
For Customers of FullStory Services
We use FullStory on FullStory. In this regard, we use a separate instance of the FullStory Services to monitor the instance of FullStory Services that our customers use. This includes using first-party cookies to maintain a coherent scope for a customer user session across the customer-facing FullStory Services. In addition, the customer-facing FullStory Services may use third-party cookies to aid in implementing security controls and payment processing.
For Visitors to Websites that use FullStory Services
FullStory Services use first-party cookies to maintain a coherent scope for a user session across multiple pages on a single website. In addition, FullStory Services may use third-party cookies to aid in implementing security controls and payment processing. These cookies do not track the same user across unrelated domains and, as described above, attempts to infer identity across domains is strictly prohibited.
Local Storage is a standard facility provided by HTML5-compliant browsers used to retain data on your computer across visits to the same website. We use local storage as a temporary holding area for user events that were observed locally but, due to the timing of a page unload, were unable to be transmitted as part of the user session. Return visits to the same website read and transmit events previously stored in local storage to complete previously recorded sessions.
This information may in the aggregate identify a User, however we will not identify a User as they browse the web if the User turns off cookies, as explained below.
FullStory Services do not and will not ever attempt to identify the same person across disparate, unrelated domains. It is a violation of our Acceptable Use Policy for our customers to attempt to build multi-site user profiles for the intent of selling or exchanging lists of users or demographic information.
Opting Out of FullStory Services
If you wish to prevent all websites using the FullStory Services to be able to record an its activity, you can opt-out of the FullStory Services. Opting out will create a cookie that tells FullStory to turn off recording on any site which uses the FullStory Services. The presence of this cookie is required to continue opting out, so if you clear your browser cookies, you will have to opt-out again. (We regret that there isn't a better way to make your opt-out more permanent, but due to technical reasons, this really is the best we can do at present.)
One more thing about FullStory Services.
If you are considering opting-out, it's probably a good time to make sure you really understand that the purpose of the FullStory Services is to help well-intentioned companies make their website better for you. It is emphatically not one of those we-track-you-around-the-web kind of deals. We think that's creepy, too.
Most people who make websites are just like you: nice people who want to do a good job and make something awesome. And you wouldn't believe how much time and energy product teams spend trying to make their websites great for you. Without the FullStory Services, though, they simply do not have enough information to understand when they get it wrong. If they can see how you actually experience their website, like an ongoing usability study, they'll actually know what to improve! They don't need to record anything sensitive in order to do that, and we have a strict Acceptable Use Policy where you can see for yourself the high standards we expect of FullStory customers with respect to your privacy.
Blocking Cookies on the FullStory Services
If you choose, you can set your browser to reject cookies or you can manually delete individual or all of the cookies on your computer by following your browser’s help file directions. Note that turning off cookies may also disable functions of many websites you visit. If your browser is set to reject cookies or you manually delete cookies, FullStory will not be able to coalesce your anonymous user identity automatically into sessions across pages on the same website.
EU-US Privacy Shield Framework.
FullStory has further committed to refer unresolved privacy complaints under the Privacy Shield Principles, to the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/file-a-complaint for more information and to file a complaint.
Under certain limited conditions, if your complaint is not resolved through these channels, it may be possible for individuals to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.
FullStory is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
What If I Have Questions or Concerns?
If you have any questions or concerns regarding privacy when using FullStory, please send us a detailed message to firstname.lastname@example.org or via postal mail at:
120 Ottley Drive NE
Atlanta, GA 30324
We will make every effort to address your concerns.
In addition to what is specified in this document, the User can manage preferences for Cookies directly from within their own browser and prevent – for example – third parties from installing Cookies.
Through browser preferences, it is also possible to delete Cookies installed in the past, including the Cookies that may have saved the initial consent for the installation of Cookies by this website.
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer.
Notwithstanding the above, the Owner informs that Users may follow the instructions provided on the subsequently linked initiatives by the EDAA (EU), the Network Advertising Initiative (US) and the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or other similar services. Such initiatives allow Users to select their tracking preferences for most of the advertising tools. The Owner thus recommends that Users make use of these resources in addition to the information provided in this document.
Duffel Technology Ltd.
Olswang Llp 1 South Quay, Victoria Quays, Wharf Street,
Sheffield, South Yorkshire,
You can email email@example.com to contact our Data Protection Officer or exercise your data protection rights (including your right to object).
Owner contact email: firstname.lastname@example.org
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through Duffel (or third-party services employed in Duffel), which can include: the IP addresses or domain names of the computers utilized by the Users who use Duffel, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using Duffel who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of Duffel. The Data Controller, unless otherwise specified, is the Owner of Duffel.
The means by which the Personal Data of the User is collected and processed.
The service provided by Duffel as described in the relative terms (if available) and on this site/application.
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small sets of data stored in the User's device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).