Last updated: October 1st, 2020 - Currently Effective
) and customer service interactions, training sessions and user conferences. We refer to those products, services and websites collectively as the "Services
" in this policy.
), including the processing of any forms, files or other content submitted using our Services (collectively, "Customer Data"
The organization (e.g., your employer or another entity or person) that entered into the Agreement ("Customer"
) controls their instance of the Services ("Organization Account"
) and any associated Customer Data. If you have any questions about specific Organization Account settings and privacy practices, please contact the Organization Account Owner of which you are registered under.
Unless otherwise noted, our services are provided by Merge Mobile Inc. inside of the United States.
.If you do not agree with the terms, do not access or use the Services or any other aspect of Merge Mobile’s business.Information We Collect
When you use our Services, we collect information relating to you and your use of our products and services from a variety of sources as listed below:User Registration Information.
To use our Services you must have a FastField account. When you confirm/register your account, we collect your username, password, phone number and email address.
When you make a payment for our Services, we require you to provide your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment. For example, this information may include a credit card number and expiration date or a bank account number. If you provide a billing address, we will regard that as the location of the account holder.
Organization Account Settings.
Our services provide screens to control account preferences and personal profile information. For example, your account time zone and communication templates can all be configured through our online administration portal.
We store your form data and form configuration settings for you. If you chose to have data submissions directly posted to your private web services, your form data will not be stored on our servers. Unless stated under a separate agreement, Merge Mobile is not responsible for the content of the forms you create or the data your forms collect.
We collect usage data about you and your users whenever you interact with our Services. This may include webpages you visit, what you click on, when you performed those actions. Additionally, like most applications today, our servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses.
We collect data from the device and application you use to access our services, such as your IP address, browser, hardware information, settings and unique identifiers and application crash data.
We may infer your geographic location based on your IP address. Our Services may also collect location information from devices in accordance with the consent process provided by your device and applications you are using.
If you arrive at one of our websites (including mergemobile.com, fastfieldforms.com, mobileforms.com, fastfield.com) or from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Third Party Services and Integrations.
Through the use of our Services you have the option to connect or integrate with other third party services. For example, when configuring a Form’s workflow and Form Delivery options you may choose to send your form submissions to a third party system. You or your administrative users can enable and disable these integrations within your Organization’s Account. Once enabled the third party may also share certain information with our Services. We recommend that you review the privacy policies of these third party service providers to understand what may be disclosed through integrations with Services such as ours. We do not sell or share your form data in any way with third party advertisers or marketers.
- To make our site easier to use. If you use the "Remember me" feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to our websites.
-To provide you with personalized content. We may store user preferences, such as your default language, in cookies to personalize the content you see.
-Information from page tags. We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics.
How we use data we collect
Merge Mobile is a processor of Customer Data and Customer is the controller. The Customer may, for example, use the Services to grant and remove access to the Organization’s Account, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.Merge Mobile uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, we use Other Information for the following reasons:
Providing customer support requires us to access your information to assist you (such as with form setup, design and technical troubleshooting). Your data may be required to access to contact you to provide these services. Your form data may be required to access to provide troubleshooting and issue investigation.
To Prevent Potentially Illegal Activities or as Required by Law.
To respond to legal requests and prevent harm or we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
To Manage and Enhance Our Services.
We internally use your information for the following limited purposes including:
To monitor and improve our services and features.
We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services.
Screening for undesirable or abusive activity.
For example, we have automated systems that screen content for phishing activities, spam, and fraud.
To contact you about your service or account.
We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, and other email communication about your account). You can't opt out of these communications since they are required to provide our services to you.
To contact you for marketing purposes (unless you opt out).
We may contact you for promotional purposes. You may opt out of these communications at any time.
For billing and account management and administrative purposes.
Merge Mobile may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
To investigate and help identify, prevent and resolve security issues and abuse.
Upon deletion or cancellation of your account, we retain Customer Data for 90 days unless you specifically request to purge the data at the point of cancellation. Unless you request to remove all your data upon cancellation of your account, we retain your contact info to keep you informed of upcoming product announcements and communication.
Under no circumstances does Merge Mobile sell your data for any reason. If you are a California resident, you have the right to opt out of having your data sold under the California Consumer Pricay Act (CCPA). Merge Mobile does not sell your data, so there is no need to opt out of having your data sold. How we Share and Disclose Information
Customers determine their own policies and practices for the sharing and disclosure of Information, and Merge Mobile does not control how they or any other third parties choose to share or disclose Information. Customers control how their form data is distributed to external sources through account and form level settings. For more information on how to configure your form delivery options, please visit our Help Center.
The following list outlines how we share and disclose information:
• Customer’s Instructions.
Merge Mobile will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
• Displaying the Services.
When an Authorized User submits Other Information and Customer Data, it may be displayed to other Authorized Users in the same or connected Organization account. For example, an Authorized User’s email address may be displayed with their user profile. You can configure various access levels or roles for each individual user in your account. Roles can be used to specify the actions your users can perform and the scope of data they can view in your Organization’s account.
• Customer Access.
Account Owners, Administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Information and form data. This may include, for example, your employer using Service features to export form data, or accessing or modifying your profile details.
• Third Party Service Providers and Partners.
We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business.
We rely upon these types of 3rd party service providers to provide our Services to you:Cloud Hosting Provider
– to provide hosting facility and infrastructure to house our Services.Payment Processors
- to process your subscription fees.Email Service Providers - to send account related notifications and alerts to you.Web Traffic Analytics Providers
– to analyze web traffic patterns and Ad performance.
App Crash Analytics Providers
– To identify and troubleshoot application crashes.
App Logging Providers
– to analyze usage patterns for security purposes, troubleshooting and tuning of our services.
Help Desk Providers
– to provide Help Center and Support ticketing services.
If you wish to receive a list of third parties who handle personal data for Merge Mobile, please send a request to firstname.lastname@example.org
. If you object to a particular third party or sub-processor, who we cannot disassociate from your Services, your sole remedy will be to cancel your subscription relating to the Services that cannot be reasonably provided without the objected-to new sub-processor. Such termination will be without a right of refund for any fees prepaid by you for the period following termination.
• Third Party Services.
Customer may enable or permit Authorized Users to enable Third Party Services. When enabled, our Services may share Other Information and Customer Data with Third Party Services. Third Party Services are not owned or controlled by Merge Mobile and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
• Corporate Affiliates.
Merge Mobile may share Other Information with its corporate affiliates, parents and/or subsidiaries.•
During a Change to Merge Mobile’s Business.
If Merge Mobile engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Merge Mobile’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), you expressly consent to Merge Mobile transferring your information to the new owner or successor entity so that we can continue providing our services. If required, Merge Mobile will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with the notification procedures under applicable data protection laws.•
Aggregated or De-identified Data.
We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Merge Mobile’s customer the average amount of forms processed over a period of time.
• To Comply with Laws.
If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
• To Enforce Our Rights, Prevent Fraud, and for Safety.
To protect and defend the rights, property or safety of Merge Mobile or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
• With Consent.
Merge Mobile may share Other Information with third parties when we have consent to do so.
• Your account details to your billing contact.
To the extent prohibited by applicable law, we do not allow use of our Services and Websites by anyone younger than 16 years old.
Merge Mobile does not knowingly collect personal data from minors or allow them to register. If it comes to our attention that a Customer has collected personal data from a minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us at email@example.com.Identifying The Data Controller And Processor
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, the Customer is the controller of Customer Data and Merge Mobile is the processor of Customer Data and the controller of Other Information.Your Rights to Your Information
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this using the settings and tools provided in your Services account.
If you cannot use the settings and tools, contact us or the Controller / Owner of your Organization account for additional access and assistance.To the extent that Merge Mobile’s processing of your Personal Data is subject to the General Data Protection Regulation, Merge Mobile relies on its legitimate interests, described above, to process your data. Merge Mobile may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to Merge Mobile’s use of your Personal Data for this purpose at any time.
At any point you can perform the following actions:
Update your account details.
You can update your account preferences and information using our online administration portal found at https://manage.fastfieldforms.com
Download/backup your form data.
We provide you with the ability to export data in a variety of formats including Excel, CSV, and PDF.
Delete your form data.
Deleting form data can be accomplished via our online administration portal and will permanently delete form data immediately. To the extent permitted by law, we will permanently delete your data if you request to when cancelling your account.
Cancel your account.
To cancel your account, please do so through our online Administration portal at https://manage.fastfieldforms.com/Account
or contact us at firstname.lastname@example.org.
Upon cancellation, you will have the option to permanently delete your Account data. Deleting your account will cause all the form data in the account to be permanently deleted, as permitted by law, and will disable your access to any other services that require a FastField account. We will promptly fulfill requests to delete personal data unless the request is not technically feasible, or such data is required to be retained by law (in which case we will block access to such data, if required by law).Privacy Rights for California Residents
The following provides additional details about the personal information we collect about California residents and the rights afforded to them under the California Consumer Privacy Act(CCPA).
For more details about the personal information we have collected on you over the last 12 months, including the categories of sources, please see the Information We Collect section above. We collect this information for the purposes described in the How We Use The Data We Collect section above. We share this information with the categories of third parties described in the How We Share and Disclose Information section above.
According to the terms of CCPA, we do not sell the personal data we collect. Please note that we do use third-party cookies for our advertising purposes as described in the Cookies section above under Information We Collect. Subject to certain limitations, the CCPA provides California residents the right:
- to request to know more details about the categories or specific pieces of personal information we collect
- to request how we use and disclose the personal information we collect
- to request to delete their personal information
- to opt out of the sale of personal data collected on them
- to not be discriminated against for exercising these rights
California residents may initiate a request pursuant to their rights under the CCPA by contacting us at email@example.com. In order to protect the security of our users, the request must include your account registration information so we can properly verify your identity (Account name, First and Last name, email address, and phone number you used to register with us). We will verify your request using the information associated with your account, including email address and phone if necessary. California residents can also designate an authorized agent to exercise these rights on their behalf.
Privacy Shield - Framework Commitment
Privacy Shield - Data Processing for Customer
We provide the Services to allow organizations to collect, store and distribute their custom form data. In providing these Services, we process data our customers submit to our Services or instruct us to process on their behalves in connection with the Services ("Customer Data"
To fulfill these purposes, we may access data to provide the Services, to prevent or resolve technical or system issues, to respond to customer support requests, to follow the instructions of our customer who submitted the data, or in response to contractual requirements with our customers.Privacy Shield - Data Shared with Third Parties
In providing our Services to you, we rely upon a limited number of third party providers. These third party providers perform operations such as data storage, application hosting, application logging, payment processing and customer support software tools and services. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if the following conditions exist:The agent processes the personal data in a manner inconsistent with the Privacy ShieldWe are responsible for the event giving rise to the damage.Privacy Shield - Lawful Disclosure Requirements
We are required disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.Privacy Shield - Compliance Complaints
In compliance with the Privacy Shield Principles, Merge Mobile commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Merge Mobile at:
firstname.lastname@example.org Merge Mobile, Inc 1311 Calle Batido Suite 240, San Clemente, CA 92673
Merge Mobile has further committed to refer unresolved Privacy Shield compliance complaints to EU Data Protection Authorities (DPAs), the Swiss Federal Data Protection and Information Commissioner (FDPIC).
If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact the EU DPAs and/or the Swiss FDPIC.Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Merge Mobile, Inc. has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU.
You can contact EDPO regarding matters pertaining to the GDPR by:
- Sending an email to email@example.com
- Using EDPO’s online request form at https://www.edpo.brussels/contact
- Writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, BelgiumPrivacy Shield U.S. Federal Trade Commission Enforcement
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).Privacy Shield - Arbitration
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first:
1. Contact us and afford us the opportunity to resolve the issue.
2. Seek assistance from EU Data Protection Authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC).
3. Contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees.
Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.Standard Contractual Clauses
On July 16, 2020, the European Union Court of Justice (CJEU) invalidated the EU-US Privacy Shield as a valid means of verifying data protection outside of the EU. This does not absolve FastField of any Privacy Shield obligations, and the Privacy Shield commitment shall continue to be maintained. However, in addition to the Privacy Shield Framework, FastField also offers a Data Processing Agreement that includes the European Standard Contractual Clauses, which are still regarded as valid by the CJEU. If your organization is required to operate under Standard Contractual Clauses, please request a Data Processing Agreement by contacting us at firstname.lastname@example.org
We are committed to handling your personal information and data with integrity and care. Merge Mobile works hard to protect Information you provide from loss, misuse, and unauthorized access or disclosure. We leverage the top cloud-hosting providers in the world to security store and process your data. We also transmit your data encrypted over the Internet using Secure Socket Layers, an industry standard for data encryption.
However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the Internet. Given the nature of communications and information processing technology, Merge Mobile cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.Consent
Unless otherwise stated and agreed upon, our servers are based in the United States, so your personal data will be primarily processed by us in the United States.
You consent and agree that we may transfer your data to data processors located in countries, including the United States, which do not have data protection laws that provide the same level of protection that exists in countries in the European Economic Area.