Last updated: April 15th, 2018 - Currently Effective
The organization (e.g., your employer or another entity or person) that entered into the Agreement ("Customer") controls their instance of the Services ("Organization Account") and any associated Customer Data. If you have any questions about specific Organization Account settings and privacy practices, please contact the Organization Account Owner of which you are registered under.
Unless otherwise noted, our services are provided by RepoRoute, LLC. inside of the United States.
If you do not agree with the terms, do not access or use the Services or any other aspect of RepoRoute’s business.
When you use our Services, we collect information relating to you and your use of our products and services from a variety of sources as listed below:
Registration User Information. To use our Services you must have a RepoRoute account. When you confirm/register your account, we collect your username, password, phone number and email address.
Billing Information. When you make a payment for our Services, we require you to provide your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment. For example, this information may include a credit card number and expiration date or a bank account number. If you provide a billing address, we will regard that as the location of the account holder.
Organization Account Settings. Our services provide screens to control account preferences and personal profile information. For example, your account time zone and communication templates can all be configured through our online administration portal.
Form Data. We store your form data and form configuration settings for you. If you chose to have data submissions directly posted to your private web services, your form data will not be stored on our servers. Unless stated under a separate agreement, RepoRoute is not responsible for the content of the forms you create or the data your forms collect.
Usage Data. We collect usage data about you and your users whenever you interact with our Services. This may include webpages you visit, what you click on, when you performed those actions. Additionally, like most applications today, our servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses.
Device Data. We collect data from the device and application you use to access our services, such as your IP address, browser, hardware information, settings and unique identifiers and application crash data.
Location Data. We may infer your geographic location based on your IP address. Our Services may also collect location information from devices in accordance with the consent process provided by your device and applications you are using.
Referral Data. If you arrive at one of our websites (including RepoRoute.com) or from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Third Party Services and Integrations. Through the use of our Services you have the option to connect or integrate with other third party services. For example, when configuring a Form’s workflow and Form Delivery options you may choose to send your form submissions to a third party system. You or your administrative users can enable and disable these integrations within your Organization’s Account. Once enabled the third party may also share certain information with our Services. We recommend that you review the privacy policies of these third party service providers to understand what may be disclosed through integrations with Services such as ours. We do not sell or share your form data in any way with third party advertisers or marketers.
To make our site easier to use. If you use the "Remember me" feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to our websites.
To provide you with personalized content. We may store user preferences, such as your default language, in cookies to personalize the content you see.
Information from page tags. We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics.
RepoRoute uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, we use Other Information for the following reasons:
Customer Support. Providing customer support requires us to access your information to assist you (such as with form setup, design and technical troubleshooting). Your data may be required to access to contact you to provide these services. Your form data may be required to access to provide troubleshooting and issue investigation.
To Prevent Potentially Illegal Activities or as Required by Law. To respond to legal requests and prevent harm or we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
To Manage and Enhance Our Services. We internally use your information for the following limited purposes including:
To monitor and improve our services and features. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services.
Screening for undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
To contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, and other email communication about your account). You can't opt out of these communications since they are required to provide our services to you.
To contact you for marketing purposes (unless you opt out). We may contact you for promotional purposes. You may opt out of these communications at any time.
For billing and account management and administrative purposes. RepoRoute may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
To investigate and help identify, prevent and resolve security issues and abuse.
Customers determine their own policies and practices for the sharing and disclosure of Information, and RepoRoute does not control how they or any other third parties choose to share or disclose Information. Customers control how their form data is distributed to external sources through account and form level settings. For more information on how to configure your form delivery options, please visit our Help Center. The following list outlines how we share and disclose information:
• Customer’s Instructions. RepoRoute will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
• Displaying the Services. When an Authorized User submits Other Information and Customer Data, it may be displayed to other Authorized Users in the same or connected Organization account. For example, an Authorized User’s email address may be displayed with their user profile. You can configure various access levels or roles for each individual user in your account. Roles can be used to specify the actions your users can perform and the scope of data they can view in your Organization’s account.
• Customer Access. Account Owners, Administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Information and form data. This may include, for example, your employer using Service features to export form data, or accessing or modifying your profile details.
• Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business.
We rely upon these types of 3rd party service providers to provide our Services to you:
If you wish to receive a list of third parties who handle personal data for RepoRoute, please send a request to firstname.lastname@example.org. If you object to a particular third party or sub-processor, who we cannot disassociate from your Services, your sole remedy will be to cancel your subscription relating to the Services that cannot be reasonably provided without the objected-to new sub-processor. Such termination will be without a right of refund for any fees prepaid by you for the period following termination.
• Third Party Services. Customer may enable or permit Authorized Users to enable Third Party Services. When enabled, our Services may share Other Information and Customer Data with Third Party Services. Third Party Services are not owned or controlled by RepoRoute and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
• Corporate Affiliates. RepoRoute may share Other Information with its corporate affiliates, parents and/or subsidiaries.
• During a Change to RepoRoute’s Business. If RepoRoute engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of RepoRoute’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), you expressly consent to RepoRoute transferring your information to the new owner or successor entity so that we can continue providing our services. If required, RepoRoute will notify the applicable data protection agency in each jurisdiction of such a transfer in accordance with the notification procedures under applicable data protection laws.
• Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective RepoRoute’s customer the average amount of forms processed over a period of time.
• To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
• To Enforce Our Rights, Prevent Fraud, and for Safety. To protect and defend the rights, property or safety of RepoRoute or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
• With Consent. RepoRoute may share Other Information with third parties when we have consent to do so.
To the extent prohibited by applicable law, we do not allow use of our Services and Websites by anyone younger than 16 years old. RepoRoute does not knowingly collect personal data from minors or allow them to register. If it comes to our attention that a Customer has collected personal data from a minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us at email@example.com.
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, the Customer is the controller of Customer Data and RepoRoute is the processor of Customer Data and the controller of Other Information.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this using the settings and tools provided in your Services account. If you cannot use the settings and tools, contact us or the Controller / Owner of your Organization account for additional access and assistance.
To the extent that RepoRoute’s processing of your Personal Data is subject to the General Data Protection Regulation, RepoRoute relies on its legitimate interests, described above, to process your data. RepoRoute may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to RepoRoute’s use of your Personal Data for this purpose at any time.
At any point you can perform the following actions:
Update your account details. You can update your account preferences and information using our online administration portal found at https://reporoute.com/admin/users.
Download/backup your form data. We provide you with the ability to export data in a variety of formats including Excel, CSV, and PDF.
Delete your form data. Deleting form data can be accomplished via our online administration portal and will permanently delete form data immediately. To the extent permitted by law, we will permanently delete your data if you request to when cancelling your account.
Cancel your account. To cancel your account, please contact us as firstname.lastname@example.org.
Upon cancellation, you will have the option to permanently delete your Account data. Deleting your account will cause all the form data in the account to be permanently deleted, as permitted by law, and will disable your access to any other services that require a RepoRoute account. We will promptly fulfill requests to delete personal data unless the request is not technically feasible, or such data is required to be retained by law (in which case we will block access to such data, if required by law).
We provide the Services to allow organizations to collect, store and distribute their custom form data. In providing these Services, we process data our customers submit to our Services or instruct us to process on their behalves in connection with the Services ("Customer Data").
To fulfill these purposes, we may access data to provide the Services, to prevent or resolve technical or system issues, to respond to customer support requests, to follow the instructions of our customer who submitted the data, or in response to contractual requirements with our customers.
In providing our Services to you, we rely upon a limited number of third party providers. These third party providers perform operations such as data storage, application hosting, application logging, payment processing and customer support software tools and services. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if the following conditions exist:
We are required disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, RepoRoute commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact RepoRoute at:
RepoRoute has further committed to refer unresolved Privacy Shield compliance complaints to EU Data Protection Authorities (DPAs), the Swiss Federal Data Protection and Information Commissioner (FDPIC). If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact the EU DPAs and/or the Swiss FDPIC.
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: 1. Contact us and afford us the opportunity to resolve the issue. 2. Seek assistance from EU Data Protection Authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC). 3. Contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees.
Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
We are committed to handling your personal information and data with integrity and care. RepoRoute works hard to protect Information you provide from loss, misuse, and unauthorized access or disclosure. We leverage the top cloud-hosting providers in the world to security store and process your data. We also transmit your data encrypted over the Internet using Secure Socket Layers, an industry standard for data encryption.
However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the Internet. Given the nature of communications and information processing technology, RepoRoute cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.
Unless otherwise stated and agreed upon, our servers are based in the United States, so your personal data will be primarily processed by us in the United States.
You consent and agree that we may transfer your data to data processors located in countries, including the United States, which do not have data protection laws that provide the same level of protection that exists in countries in the European Economic Area. Your consent is voluntary, and you may revoke your consent by opting out at any time. Please note that if you opt-out, we may no longer be able to provide you our services.