Effective September 27, 2023.
1. Who we are
Vtiger makes cloud CRM software that helps businesses to build stronger and more profitable customer relationships.
2. What information we collect about you
We collect the following information directly from you, or through the Service.
As you navigate our websites, Vtiger may collect information through the use of commonly-used information-gathering tools such as cookies and Web beacons. With it, we collect:
- Browser information (type and language)
- IP address
- Open / Click-through tracking URL: In some of our email communications, we use a “click-through tracking URL” that, when clicked, sends you to a different web address, which logs your click, before redirecting you to your expected destination.
- The actions you take on our websites (such as the web pages viewed and the links clicked, and time spent).
- Referrer information
- Event registrations
When you use our website to request information about us or our Services, register for a Vtiger CRM cloud account, register to attend an event, register for our blogs, register for the marketplace, or join in our community discussions, and apply to join our partner program, we may collect the following personal information. We may gather some of this information from third party sources, as described in the section below titled “Information from Other Sources."
- First Name & Last Name
- Email Address
- Phone number
- Job Title
- IP Address: When you use the Vtiger CRM Cloud application, we automatically collect Internet Protocol (“IP”) address, the date and time of your login and logout sessions. This data is stored in your CRM account under user Login History.
When you purchase our Services or add-ons published by third parties, Vtiger will require you to provide us with the following:
- Business Name
- Billing details such as Credit Card Number & Paypal
- Mailing Address
- Quantity of users
If we communicate with you to offer support through any medium (Phone, Chat, Email, & Messaging apps such as Whatsapp) we will collect and store the following information.
- Chat Transcripts
- Phone call logs
- Phone call recordings
You can log in to our Service using sign-in services such as Google, Facebook Connect, LinkedIn, Office 365, etc. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address.
Information from other sources
We may obtain information, including Personal Data, from third parties and sources other than the Service. These include publicly available sources of information like LinkedIn, Facebook, and Twitter. They also include our partners, mutual connections, advertisers, credit rating agencies, and Integrated Services. This information may be collected to facilitate our understanding of who you are and your needs, as well as to help us improve our products and services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
3. Special Limits on Our Use of Your Google User Data:
4. How we use the information that we collect
We will never disclose, share or sell your data without your consent unless required to do so by law. We use your information for the following purposes:
To provide you with information about our products and services
We use the information – other than Client Data - to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support to users of the Service. We process Client Data solely in accordance with the directions provided by the applicable Client or User.
To improve the usefulness of our messaging to you
We use your click-through tracking data for various purposes, including to help us determine interest in particular topics and measure the effectiveness of our customer communications. You may grant or decline consent for this tracking from your Preferences page, accessible from the “Unsubscribe” or “Manage Preferences” link in the footer of any newsletter that we send to you.
To plan our events
We also use event registration information to plan and host corporate events, host online forums and social networks in which event Attendees may participate, and to populate online profiles for Attendees on our websites.
To respond to your requests
We use your contact information and other information shared with us via email and over other channels like chat and phone to respond to your requests.
To process your payments
Applibase DBA Vtiger is a billing partner that bills you on behalf of Vtiger. The same Billing Partner name exhibited in all USD invoices. We use credit card and PayPal information solely to process payment for the Services and events. We pass your billing information on to Stripe, Instamojo, and PayPal, our billing partners, who store your information securely for future billing as authorized by you.
To improve our website
We use website navigational information, IP address, browser type, browser language, referring URL, files accessed, errors generated, time zone, operating system and other visitor details collected in our log files to analyze trends, administer our website, track visitors’ movements and to improve our website. We link this automatically-collected data to other information we collect about you.
To improve our products and services
Your usage details such as time, frequency, duration, pattern of use, features used and the amount of storage used might be recorded by us and used to improve the Vtiger CRM Cloud service. We also use your information with your consent, including:
- To administer promotions you have entered.
- Fulfill any other purpose disclosed to you and with your consent.
- We post user testimonials on our website. These testimonials may include names, and other Personal Information and we acquire permission from our users prior to posting these on our website. We obtain the consent of each customer prior to posting any information on such a list or posting testimonials.
- Collection and Use of Non-Personal Information. When you register for Vtiger CRM Cloud, or download and install our software, we may collect non-personal information data that does not permit direct association with any specific individual, such as your country and operating system. This information is used to help us improve our products and services.
We may use a Visitor’s or User’s email address or other information – other than Client Data – to contact that Visitor or User (i) for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to the Client Data or Personal Data posted on the Service or (ii) with updates on promotions and events, relating to products and services offered by us and by third parties we work with. You may unsubscribe from email notifications by clicking on the unsubscribe link that provided in all email notifications or by sending an email to [email protected]. You cannot opt out of receiving transactional emails related to your account or use of the Services. You have the ability to opt-out of receiving any promotional communications as described below under “Your Rights and Choices.”
5. How we share the information that we collect
Except as described in this Policy, we will not intentionally disclose the Personal Data or Client Data that we collect or store on the Service to third parties without the consent of the applicable Visitor, User or Client. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
Any information that you voluntarily choose to include in a Public Area of the Service, such as a public profile page, will be available to any Visitor or User who has access to that content.
We work with third party service providers who provide a website, application development, hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Data or Client Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
Non-Personally Identifiable Information
We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our Clients’, Users’ and Visitors’ interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service.
Marketplace application developers
When you install or purchase, any application developed using Vtiger's APIs that is posted on Vtiger’s online marketplace, your name and email address will be shared with the developer of the application, so they may engage with you directly as the provider of that application or service. Vtiger does not control the use of your personal information by the developers, which will be based on their own privacy policies.
Law Enforcement, Legal Process, and Compliance
Please be aware that laws in various jurisdictions in which we operate may obligate us to disclose user information and the contents of your user account to the local law enforcement authorities under a legal process or an enforceable government request. In addition, we may also disclose Personal Information and contents of your user account to law enforcement authorities if such disclosure is determined to be necessary to protect Vtiger’s rights, or for protecting the safety of our users, employees, or the general public.
Change of Ownership
Legal bases for processing (for EEA & UK visitors only):
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services.
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests.
- You give us consent to do so for a specific purpose. Or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because a third party (e.g. your employer) or we have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
- European Union (EU)
- United Kingdom (UK)
Prighter allows you to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative or exercise your privacy rights, please visit the following website: https://prighter.com/q/14874621.
Data Protection Officer
California Privacy (for California Consumers only)
The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights concerning their Personal Information. You have the right to request that businesses subject to the CCPA disclose certain information to you about their collection and use of your Personal Information over the past 12 months. Besides, you have the right to ask such businesses to delete Personal Information collected from you, subject to certain exceptions. If the business sells Personal Information, you have a right to opt-out of that sale. Ultimately, a business cannot discriminate against you for exercising your rights under CCPA.
Consistent with the California law, if you choose to exercise your applicable CCPA rights, we will not charge you different prices or provide you with various quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. However, note that many features of our website, our products, or our services will not function without your Personal Information.
We assure you we take your personal information seriously and do not sell it for monetary gain. However, we may share or disclose personal data in ways defined as a 'sale' by the California Consumer Privacy Act (as amended by the California Privacy Rights Act). Such sharing occurs in specific situations, such as partnering with third-party vendors for essential tasks like payment processing, website analytics, product feedback, email services, or event sponsorship for Vtiger-hosted events or webinars. Additionally, personal information may be shared during a business transfer as mandated by law or in response to valid requests from public authorities.
Protection of Personal Information Act (POPIA) Privacy Rights
This Privacy Notice describes how the Vtiger collects, uses, discloses, retains, and protects your personal information according to the Protection of Personal Information Act (POPIA) and other relevant laws.
As part of managing the business and creating value for its various stakeholders, Vtiger is required, in certain instances, to process personal information. Accordingly, Vtiger is required to protect the personal information as set out in the Protection of Personal Information Act 4 of 2013, including its Regulations (POPI Act).
This notice constitutes Vtiger's policy statement to declare its commitment to comply with the POPI Act. Accordingly, it provides insights into how Vtiger processes data subjects' personal information as set out in the POPI Act. 1.5. Vtiger shall ensure that personal information is processed within the parameters of the legal basis.
Legal bases for collecting and using information
If you are an individual from South Africa, we can only use your personal data if we have a proper reason for doing so. According to the law, we can only use your data for one or more of these reasons:
- To fulfil a contract we have with you, or
- If we have a legal duty to use your data for a particular reason, or
- When you consent to it (we may be legally required to collect your information as one of a legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that already took place.)
Exercising your rights available under POPIA
The Information Regulator contact details:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O. Box 31533, Braamfontein, Johannesburg, 2017
- Complaints email: [email protected]
- General enquiries email: [email protected]
Data processing addendum
We are anticipated to sign an operator agreement to enable you to be compliant with the data protection obligations under the POPIA. You can request the agreement by emailing [email protected]. Once we receive your request, we'll forward a copy of the operator agreement to you for your signature.
6. How we handle Your Customer Data
You may electronically submit data or information to the Services for hosting and processing purposes (“Customer Data”). Vtiger will not review, share, distribute, or reference any such Customer Data except as provided in Vtiger's Terms of Service, or as may be required by law. In accordance with Vtiger’s Terms of Service, Vtiger may access Customer Data only for the purpose of providing Services or preventing or addressing service or technical problems or as may be required by law.
7. How we store and secure the information we collect
Vtiger maintains strict administrative, technical, and physical procedures to protect information stored in our servers. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to building and files. We implement a variety of security measures to maintain the safety of your personal information and data you store in your account. Access to your name and email address is restricted to the employees of Vtiger. Data stored in your account is only accessed by the Vtiger team when performing the migration, or support services. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. If you use our services or websites, responsibility for securing storage and access to the information you submit rests with you and not Vtiger. We strongly recommend that server or data center users configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage points used. At Vtiger, your data privacy and security are of prime importance to us. To that end, we are ISO 27001:2013 certified. If you have any concerns regarding the security of your data, please write to us at [email protected] with any questions.
We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:
- the contents of closed accounts are deleted within 3 months of the date of closure
- backups are kept for 3 months
- billing information is retained for a period of 5 years
- information on legal transactions between Client and Vtiger is retained for a period of 5 years.
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
8. How we transfer your personal information internationally
International Transfer within Vtiger Entities
Data that we collect about you during your sign-up, and during your use of Vtiger, are stored on servers under our control in multiple regions around the world. To facilitate our operations, we may transfer and access such information from around the world, including from other countries in which we have operations. Irrespective of which country you reside in or supply information from, by using our services you authorize us to use your information in any country where we operate. We agree to abide by the standard contractual clauses for the transfer of personal data as approved by the European Commission (Art. 46 GDPR).
International transfers to third parties
9. Your Rights and Choices
Vtiger acknowledges that you have the right to access your personal information. Depending on the country in which you reside, you may have the following data protection rights:
- To access; correct; update; port; delete; restrict; or object to our processing of your Personal Information.
- You can manage your individual account and profile settings within the dashboard provided through the Vtiger platform, or you may contact us directly by emailing us at [email protected]. You can also manage information about your Contacts within the dashboard provided through the Vtiger platform to assist you with responding to requests to access, correct, update, port or delete information that you receive from your Contacts.
- If personal information pertaining to you as an individual has been submitted to us by a Vtiger customer, and you wish to exercise any rights you may have to access, correct, amend, or delete such data; please inquire with our customer directly. Because Vtiger personnel have limited ability to access data our Customers submit to our Services, if you wish to make your request directly to Vtiger, please provide the name of the Vtiger customer who submitted your data to our Services. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.
- Vtiger takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date.
- The right to complain to a data protection authority, about the collection and use of Personal Information, please contact your local data protection authority.
- Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing the consent will not affect the lawfulness of any processing we conducted before your withdrawal, nor will it affect the processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
We respond to all requests we receive from individuals wishing to exercise their data protection rights under applicable data protection laws. We may ask you to verify your identity to help us respond efficiently to your request. Please note we will retain and use your data, including server/backup copies, to comply with our legal obligations, resolve disputes, and enforce our agreements. We may decline to process change or deletion requests that require disproportionate technical effort or jeopardize the privacy of others.
10. Other Important Privacy Information
Blogs, Social Media, and Public Forums
Third Party Analytics
Third Party Products and Services Links from our website
Clear Gifs and Log Files
We and our third party partners use technologies such as web beacons in analyzing trends, administering the website, tracking users’ movements around the site, and gathering demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis. As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We link this automatically-collected data to other information we collect about you.
Do Not Track
Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not use technology that recognizes DNT signals from your web browser.
11. Mobile application
When you use our mobile apps, we may collect certain information in addition to the information described elsewhere in this Policy.
- Enabling access to your mobile data. When you use our applications designed for mobiles, you may have the option to allow access to your camera, photo library, videos, voice recordings, contact information, call status, and files stored on your mobile device. Our applications require such access to provide you with the services. For example, you can use our mobile application to upload Images/Videos/Audio/Documents to our servers as attachments to a comment/email, create a document, or set a profile picture.
- Allowing access to your device Location. When you elect to provide access to use, Vtiger features related to GPS and location tracking; the location-based information is collected for purposes including, but not limited to, locating nearby contacts. For example, Your Current Location is collected if you use the event check-in feature to ensure you are within the geofence radius of the event. This information will be exclusively shared with our mapping providers and used only for mapping user locations. The data stored on your mobile device and the location information to which the mobile applications have access will be used in the context of the mobile application and transferred to and associated with your account in the corresponding services (in which case the data will be stored on our servers) or products (in which case the data will remain with you unless you share it with us).
- Enabling Push Notification. The mobile application may ask if you wish to receive push notifications about activity or reminders in your account. A unique device ID is stored to enable the delivery of push notifications if you opt-in to the feature on the app. If you have opted in to these notifications and no longer want to receive them, you may turn them off under the settings of Vtiger applications for mobiles.
- Device Data. Our mobile applications may access the geographic Location of a User’s Device and OS identification, login credentials, language, and time zone. Additionally, our Mobile Applications may also collect information regarding Users’ interaction with Mobile Applications, which Vtiger may use to provide and improve the Mobile Application services.
- Disabling access. You can disable the mobile applications' access to this information anytime by going to your mobile device settings.
12. Our Policy Toward Children
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products, and services are all directed to people who are at least 13 years old or older. If you become aware that your child has provided Vtiger with personal information without your consent, please contact us at [email protected].
14. Terms and Conditions
Please refer to our latest terms of service to learn about the disclaimers and limitations of liability governing the use of Vtiger.
15. Contact Us
If you have questions regarding this Privacy Statement or Vtiger's data handling practices, please feel free to contact us directly:
By email at [email protected].
By mail at: Vtiger Systems India Private Limited, No. 18, 20th Main, 2nd Block, Rajaji Nagar, Bangalore - 560010, Karnataka, India (Attention: “Legal”).
If you have any questions about this agreement or your information stored with us, please contact us at [email protected].
“Client” means a customer of Vtiger
“Client Data“ means personal data, reports, addresses, and other files, folders or documents in electronic form that a User of the Service stores within the Service.
"Google User Data" means Your data synced from Google such as Contacts, Emails, Calendar, Documents, and Attachments.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Public Area” means the area of the Site that can be accessed both by Users and Visitors, without needing to log in.
“Restricted Area” means the area of the Site that can be accessed only by Users, and where access requires logging in.
“User” means an employee, agent, or representative of a Client, who primarily uses the restricted areas of the Site for the purpose of accessing the Service in such capacity.
“Visitor” means an individual other than a User, who uses the public area but has no access to the restricted areas of the Site or Service.