Privacy Policy
Introduction and Definition
PartnerStack Inc. operating as PartnerStack (“PartnerStack”, “we”, ”us”) is committed to protecting your data. We review this policy regularly to help ensure continued compliance with applicable regulatory and legislative regimes governing personal information and data collection. This Data Security and Privacy Policy (the “Policy”) describes how we collect, store, use and distribute information and data that you submit to us through the use of our Services, including without limitation, the PII (as defined below) of your end users.
This Policy does not impose any limits on the collection, use or disclosure of aggregate information that cannot be associated with a specific individual, or information that is otherwise determined to be Non-PII (as defined below).
• “Advertiser Data” or “Client Data” refers to the information collected from Advertisers or Clients. This may include, but is not limited to, first name, last name, email address, IP address, and transactional information to support its Partner program(s) requirements.
• “End Users” refers to the customers that are referred to Client or Advertiser by Partners in their Partner Programs.
• “Partner(s)” refers to the Partners in the Client or Advertiser Partner Programs. Partners include, but are not limited to, resellers, affiliates, advocates, and ambassadors of the Client or Advertiser/Company.
• “Partner Data” refers to the information collected from Partners through the Client or Advertiser’s website. This may include, but is not limited to, first name, last name, email address, the location of posted referral links, and transactional information to facilitate Partner program(s) requirements.
• “Partner Programs” refers to any (but not limited to) reseller, affiliate, advocates, and ambassador programs, campaigns intended to create sales.
• Personally Identifiable Information (“PII”) collected by PartnerStack refers to information that may personally identify an individual. This includes, but is not limited to, first name, last name, e-mail, IP address, postal address, date of birth, phone number and may include subscriptions to the Client or Advertiser services. We may collect such information about Clients or Advertisers, Partners, and Customers.
• Non-Personally Identifiable Information (“Non-PII”) collected by PartnerStack refers to information of an anonymous nature and aggregate information. Aggregate information may include, but is not limited to, usage statistics and demographic statistics with regards to Clients or Advertisers, Partners, and Customers.
• “Services” refers to PartnerStack’s collection, processing and storage of data which is used to facilitate Partner Programs for Clients or Advertisers. The collection of data is performed through the Client’s or Advertiser’s website.
Consent Disclosure
By using our Services, entities consent to the use of Partner Data as described in this Policy.
• Except as set forth in this Policy, Client or Advertiser Data, Partner Data, and Customer Data will not be used for any other purpose without the consent of the Client or Advertiser, Partner or Customer, as applicable. We do not collect Client or Advertiser Data, Partner Data, or Customer Data for the purpose of sales or marketing in a way that specifically identifies individuals, and will implement reasonable efforts to help ensure this is met.
Purposes of Collection Data
• We aim to collect only such information as is required to enable us to manage Client or Advertiser and Partner accounts, to provide the Services, service improvement, fraud prevention, and for other legitimate business purposes.
• We will maintain and implement necessary safeguards for all data including Client or Advertiser Data, Partner Data, and Customer Data provided to us through the use of the Services.
• We will use the PII of Client or Advertiser, Partner, and Customer for the purposes specified above in this section (subject to the exclusions and disclosures we have listed under the section entitled Important Exceptions)
• Two types of information may be collected and processed through our Services:
i. PII: This information is collected by PartnerStack and Client or Advertiser directly or through third-parties that may integrate with PartnerStack and Client or Advertisers. The basis for collecting this information is for the provision of our Services.
ii. Non-PII: This information is collected by PartnerStack and Clients or Advertisers directly or through third-parties that may integrate with Clients or Advertisers. The basis for collecting this information is for the provision and enhancement of our Services.
• PartnerStack does not knowingly collect any information from or about children under the age of 16. If we become aware that we have received any such information, we will take steps to delete this information as soon as possible.
Use and Purposes for Processing of Data
• We use collected data in order to provide and enhance our Services, as well as for fraud prevention.
• Client or Advertiser Data, Partner Data, and Customer Data may be shared with third-parties only to the extent which is necessary to provide our Services. Data transfers will be secured and managed based on the sensitivity of the data.
• We collect aggregated statistics about the Clients or Advertisers’ and Partners' use of our Services, and this information will be kept confidential. However, Non-PII will be retained by us and may be made available to other members or third-parties as per our discretion to improve our services.
• If we plan to use PII in the future for any other purposes not identified in this Policy, we will only do so after informing you, and obtaining consent on the updates to this Policy.
• This Policy does not apply to the security or privacy practices of such third parties.
Cookie Disclosure
• We collect both "persistent" cookies and "session" cookies (“Cookies”). A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie will expire when the web browser is closed.
• Our service providers may use Cookies and those Cookies may be stored on Client or Advertiser, Partner, or Customer computers when our website is visited by those individuals.
• We use Cookies in order to provide and improve upon our Services, and for the following additional reasons: authentication, status, personalisation, security, analysis, and consent.
• Cookies may be refused by the website visitor.
Below you will find specific details about the different types of first-party and approved third-party cookies used on our website, along with the reasons why we use these cookies.
Security Safeguards
• The security of Client or Advertiser Data, Partner Data, and Customer Data is important to us. We use commercially reasonable efforts to store and maintain data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Client or Advertiser Data, Partner Data and Customer Data, including the encryption of data and secure storage.
• We use Google Cloud Platform (GCP) automated services, as well as various other third-party security services to automate security assessment and improve the security and compliance of our applications.
• We share Client or Advertiser Data, Partner Data, and Customer Data only with our trusted subprocessors, such as service providers and database hosts. We use the Google Cloud Platform (GCP) service and accordingly Client or Advertiser Data, Partner Data and Customer Data may be available to governments or its agencies anywhere in the world, under a lawful order, irrespective of the safeguards we have put in place for the protection of such data.
• We have implemented procedures designed to limit the dissemination of Client or Advertiser Data, Partner Data, and Customer Data to only such designated staff as are reasonably necessary to carry out the stated purposes described in this Policy.
• We may employ third parties to help us improve the Services. These third parties may have limited access to databases of user information solely for the purpose of helping us to improve the Services and they will be subject to contractual restrictions prohibiting them from using the user information about our members for any other purpose.
• Disclosures & Transfers: We have put in place contractual and other organizational safeguards with our agents to ensure an adequate level of protection of Client or Advertiser Data, Partner Data, and Customer Data. In addition to those measures, we will not disclose or transfer Client or Advertiser Data, Partner Data, or Customer Data to third parties except as specified in this Policy (see further Important Exceptions).
For more details on how we protect your data, please see our security practices.
For more details on our sub-processors, please see our list of sub-processors.
Data Subject Requests
• We have implemented measures in order to meet data and security obligations with respect to data subject rights, including but not limited to:
i. Right to know
ii. Right to accuracy
iii. Right to be forgotten
iv. Right to access
v. Withdrawal of Consent
Important Exceptions
• We may disclose Partner Data where such disclosure is required by and in accordance with the lawful order by a court of competent jurisdiction, tribunal or other government agency.
• We may also disclose Partner Data in connection with a corporate reorganization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed is treated as confidential and continues to be used only for the purposes permitted by this Policy by the entity acquiring such data.
Data Retention and Removal
• Our data retention policies are designed to help ensure that we can provide our Services and remain compliant with applicable laws.
• Personal data that we process for any purpose will not be kept for longer than is necessary in order to comply with such applicable laws.
• All PII retained pursuant to our data retention policies will remain subject to the terms of this Policy.
• We will keep Customer Data for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you.
• We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, Non-PII, account recovery, or if required by law.
• All retained Customer Data will remain subject to the terms of this Policy.
• If you request that certain data be removed from our databases, it may not be possible to completely delete all your data due to technological and legal constraints. However, we will ensure any such PII is rendered useless so as not to be attributable to any individual.
Amendment of this Policy
• We reserve the right to amend this Policy at any time.
• Any non-material amendments, such as clarifications, to this Policy will become effective on the date the amendment is posted and any material amendments will become effective 30 days from the date of notification.
• Unless stated otherwise, our current Policy applies to all Data that we collect and process in the course of providing our Services. The date on which the latest update was made is indicated at the bottom of this document. We recommend that you print a copy of this Policy for your reference. Your continued use of the Services signifies your acceptance of any amendments.
International Data Transfers and Standard Contractual Clauses (SCCs)
PartnerStack may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if PartnerStack transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law: Standard Contractual Clauses issued by the European Commission.
PartnerStack uses sub-processors to process and store Client or Advertiser Data, Customer Data and Partner Data; currently, all such sub-processors are located in the United States of America.
GDPR (General Data Protection Regulation) Compliance Statement
The GDPR’s updated requirements are significant and our team has adapted PartnerStack’s product offerings, operations and contractual commitments to help Clients or Advertisers comply with the GDPR.
We also monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and update our product features and contractual commitments accordingly. We’ll provide you with regular updates so that you’re always current.
Fulfilling our privacy and data security commitments is important to us. So we are glad to comply and help you comply with the GDPR. If you have any questions about your rights under the GDPR as a user, we hope you’ll reach out to us at privacy@partnerstack.com
CCPA (California Consumer Privacy Act) & CPRA (California Privacy Rights Act) Compliance Statement
PartnerStack complies with the California Consumer Privacy Act (CCPA), the further amendments under Proposition 24, the California Privacy Rights Act (CPRA) and supports our customers’ compliance with both the CCPA and the CPRA. As a provider of enterprise collaboration tools, PartnerStack is primarily a service provider under the CCPA and CPRA.
PartnerStack offers our customers a data processing addendum (DPA) that supplements the customer terms of service or any master subscription agreement. This DPA incorporates the obligations and requirements set out by the CCPA. Please reach out to our Privacy Team (privacy@partnerstack.com) to obtain a copy of our DPA. If you have questions specific to the DPA, please contact our team via privacy@partnerstack.com. However, please note that the terms of our DPA are non-negotiable.
As a service provider, PartnerStack also assists its customers in their compliance with the CCPA and CPRA. PartnerStack will assist with any deletion requests customers may receive by deleting member profile information upon verified request of a primary owner. PartnerStack will also pass along member requests for information related to Customer Data, as well as any requests it receives for member profile deletion, to the customer. For more information about how PartnerStack assists with rights requests, contact privacy@partnerstack.com.
Request to opt out of sale of personal information
PartnerStack does not sell personal information as defined in the CCPA and CPRA, and will not sell personal information without providing a future right to opt out of such a sale or mechanisms around a “Do not Sell or Share My Personal Information” link and a “Limit the Use of Sensitive Personal Information” link where you may exercise your right to opt out of any such sale or sharing of personal information and limit the use of your sensitive personal information without creating an account. You can choose to opt out of offers, promotions or other emails by managing your email preferences.
Contact & Data Protection Officer
If you have any questions, disputes, or compliance related questions relevant to data protection or this Policy, or if you would like to contact the Data Protection Officer please contact privacy@partnerstack.com.
EU (European Union) Representative
VeraSafe Ireland Limited
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork, T23AT2P, Ireland
UK (United Kingdom) Representative
VeraSafe United Kingdom Limited
37 Albert Embankment, London
SE1 7TL United Kingdom
Privacy Practices
Data Transfers
PartnerStack’s platform and its related services are hosted in the United States and all information will be transferred into the United States for storage and processing.
U.S. Surveillance Laws Impact
PartnerStack, like most US-based SaaS companies is technically subject to FISA 702 and by extension Executive Order 12333 (“EO12333”) as it is deemed to be a remote computing service provider, however the organization does not process personal data that is likely to be of interest to US intelligence agencies.
Data Protection Addendum (DPA)
PartnerStack has established a data processing addendum in which it will go into agreement with its customers and contains the latest standard contractual clauses (SCC). To obtain a DPA, please reach out to your account manager to initiate the process.
Data Retention
PartnerStack will retain all personal identifiable information (PII) as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligation up to a maximum of 10 years, after which we will perform secure destruction procedures.
Data Subject Requests
All data subject requests including data deletion, rectification, and updates can be made to privacy@partnerstack.com.
Data Protection Officer
The data protection officer can be contacted at privacy@partnerstack.com.