Policies & Compliance
Published: 2022-01-20
1. Definitions & Interpretation
1.1
In these Terms of Service, words defined in the Order Form shall have the meaning given to them on that Order Form, and in addition, the following words have the following meanings:
1.2
Client Content: all content on the Client Website and otherwise provided to Findify to enable the Findify Services and any Professional Services;
Fee: the total sums due for the Findify Services and Professional Services described in Schedule 1;
Findify API: the Findify API allowing access to the Findify Content;
Findify Content: all content and information contained and/or accessible through the Findify API from time to time;
Findify Services: all Findify services stipulated in Schedule 1 except Professional Services;
IP Rights: any patent, trade mark, registered design or any application for registration of the same, or the right to apply for registration of the same, any copyright or related rights, database right, design rights, rights in trade, business or domain names, rights in trade dress, rights in inventions, rights in confidential information or know-how or any similar of equivalent rights in any part of the world;
Order Form: the form completed by the parties with details of the Services and Fee;
Professional Services: services performed by Findify team to assist implementation and customization of the Findify services including development of User Experience (UX), UX analysis, or integration support. The scope of any Professional Services is to be agreed upon separately, in writing, by both parties;
User: any user of the Client Website;
You: the Client identified on the Order Form.
2. Application of these Terms and Conditions
2.1
These Terms of Service apply to the Findify Services and any Professional Services to the exclusion of all other terms and conditions of business, including any that You may send to us, and all terms otherwise implied by law, custom or previous course of dealing to the maximum extent.
2.2
Findify’s failure to exercise or enforce any right or provision of these Terms of Service shall not constitute a waiver of such right or provision.
2.3
You acknowledge that Findify shall be entitled to use subcontractors to carry out its obligations under these Terms of Service, including to provide the necessary hardware, software, networking, storage, and other related technologies required to run the Findify Service. The identity of any subcontractor engaged shall be determined at Findify’s sole discretion.
2.4
Findify’s Privacy Policy makes clear what information we may collect, how it may be used, and the ways in which You can protect Your privacy when using the Findify Services. If You use Findify Services You accept that Findify uses such data in accordance with its Privacy Policy. We recommend You to read it carefully at http://findify.io/privacy-policy.
3. License
3.1
Subject to these Terms of Service, Findify grants to You a non-transferable, non-sub-licensable, non-exclusive and limited right to:
download, access, integrate and use the Findify Services on the Client Website; and
display the Findify Content within Client Website to Your Users.
3.2
You shall comply with all reasonable instructions relating to the Findify API and the Findify Content as stipulated in these Terms of Service and API Addendum, as found at https://www.findify.io/api_addendum.html
4. Client Website
4.1
You warrant and represent that the content on the Client Website will not:
breach the provisions of any law, statute or regulation;
infringe the IP Rights or other legal rights of any person;
be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence;
be illegal, defamatory, libelous, deceptive, fraudulent, obscene, or offensive
be deliberately or knowingly false, inaccurate or misleading;
disparage Findify or the Findify Services; and/or
give rise to any cause of action against Findify.
4.2
You further warrant and represent that You shall use industry standard virus detection software to try to block the uploading of content to Your Client Website that contains viruses or other malicious code.
4.3
Without prejudice to the provisions of Condition 4.1, in accessing the Findify Services, You shall not:
abuse, harass, threaten, defame or otherwise violate the legal right of others including racist or xenophobic content;
produce, suggest or encourage executing any activities prohibited by law;
modify, adapt or hack the Findify Service or modify another website so as to falsely imply that it is associated with the Findify Service or Findify;
carry out any verbal, physical, written or other abuse of any Findify Client or employee; and/or
transmit any content or any code of a destructive nature via the Findify API.
5. Fee
5.1
The Fee is due in accordance with the Fee Appendix. The Fee is non-refundable.
5.2
You must pay the Fee when due in full and clear funds.
5.3
If You fail to pay all or part of the Fee by the due date, any unpaid amount shall incur a late payment fee equal to the lower of:
1.5% per month; and
the maximum amount permissible by applicable law.
6. IP Rights
6.1
You agree that no IP Rights that subsist in the Findify API and/or the Findify Content shall transfer to You under these Terms of Service. We acknowledge that You retain the IP Rights in the Client Website and all content on the Client Website.
6.2
You shall promptly notify Findify of any claim, notification or allegation that You receive that Your use of the Findify API and/or the Findify Content infringes the IP Rights of any third party (an IP Claim). You shall:
not make any admission of liability, agreement, settlement or compromise in relation to an IP Claim without Findify’s prior written consent;
give to Findify and its professional advisers all reasonable assistance as may be required in relation to an IP Claim;
at Findify’s request, give Findify the exclusive control and right to defend an IP Claim and make settlements in relation to an IP Claim; and
mitigate Your losses in relation to a Claim, including where requested to do so by stopping using the Findify API and/or the Findify Content.
6.3
On receipt of a notice under Condition 6.2, Findify shall at its expense either:
procure for You the right to continue accessing and using the Findify API and/or the Findify Content;
modify or replace the infringing part of the Findify API and/or the Findify Content to avoid the infringement; or
terminate the Order Form.
6.4
The provisions of Condition 6.3 sets out the entire liability of Findify with respect to an IP Claim, and Findify shall have no additional liability hereunder or otherwise with respect to any alleged or proven IP Claim.
7. Confidential Information
7.1
Confidential Information shall mean all information whether written or oral and in whatever medium and relates to the business, products, financial and management affairs, customers, employees or authorised agents, plans, proposals, strategies or trade secrets disclosed by one party (the Disclosing Party) to the other party (the Receiving Party).
7.2
The Receiving Party shall not, and shall ensure that its employees shall not, use copy or disclose any of the Confidential Information of the Disclosing Party except to carry out its obligations and exercise its rights under the Conditions.
7.3
The Receiving Party shall only disclose the Disclosing Party’s Confidential Information to those of its employees to the extent that they need to know the same in order to carry out its obligations under the Conditions and where those employees are bound by written obligations of confidentiality and non-use and such obligations apply to the Confidential Information disclosed to them.
7.4
The provisions of Conditions 7.1, 7.2 and 7.3 shall not apply to any Confidential Information which:
is or becomes generally available to the public other than as a result of any act or omission of the Receiving Party;
is already in or comes into the possession of the Receiving Party from a person lawfully in possession of the information and owing no obligation of confidentiality to the Disclosing Party in respect of the information; or
is required to be disclosed by any court, government or administrative authority competent to require disclosure.
8. Warranties, Indemnity
8.1
Each of the parties represents, warrants and undertakes that:
it has the right, power and authority to enter into these Terms of Service and to perform fully all of its obligations under these Terms of Service; and
the performance of these Terms of Service shall not breach any other agreement entered into by it.
8.2
Subject to these Terms of Service, Findify warrants that it shall:
provide access to the Findify API with reasonable skill and care; and
use industry standard virus detection software in relation to the Findify API.
8.3
You warrant that You have not relied on any oral representation made by or on behalf of Findify, or on any descriptions, illustrations or specifications contained in any materials, including online materials, produced by Findify which are only intended to convey a general idea of the Findify API. You confirm that in Your opinion, the Findify API is fit for Your purposes.
8.4
You shall indemnify Findify its directors, representatives and agents from and against all direct and indirect costs, claims, losses, expenses, damages and liabilities however arising as a result of or in connection with and claim received by Findify for a breach by You of these Terms of Services.
9. Disclaimer, Limit of Liability
9.1
You acknowledge that the Findify content is provided for information only and should not be relied on as and may not be accurate and complete. Findify does not warrant that Findify content will affect your user’s behaviour, increase views on any particular pages of your website or increase sales of products.
9.2
Except for warranties given in these Terms of Service, the Findify API and Findify content is provided on an “as is” basis. To the maximum extent permitted by law, all implied warranties, terms and conditions relating to the Findify API and Findify content (whether implied by stature, law or otherwise), including any warranties, terms or conditions as to accuracy, completeness, satisfactory quality, performance, fitness for purpose, ability and non-infringement are excluded.
9.3
Findify will not be liable, in contract, tort (including negligence), for any:
Economic loss (including loss of revenue, profits, contracts, business or anticipated savings:
Loss of reputation or goodwill;
Loss of data or content; and/or
Special, indirect or consequential loss even if advised or the possibility of such losses
9.4
Except in respect of an IP claim, Findify’s aggregate liability to You shall be limited to the amount due for all Fees (as specified in Schedule 1) received by Findify during the 6 months before the date the claim arose. For the avoidance of doubt, this limitation of liability covers all the services (such as Professional Services and Findify Services) specified in Schedule 1.
9.5
Nothing in these Terms of Service shall limit or exclude a party’s liability for death or personal injury caused by negligence, fraud, fraudulent misrepresentation or any other loss that cannot lawfully be excluded or limited.
10. Marketing
10.1
You grant to Findify a non-transferable, non-sub-licensable, non-exclusive, fully paid, worldwide and limited license to use and display Your names, logos and trade marks, solely for identifying You as a client of Findify (including on the Findify website).
10.2
We may mutually agree (but are not obligated to do so), from time to time, to engage in joint marketing activities which promote our products or services, including by way of seminars, press announcements, trade shows, user groups and/or other events. Such mutual agreements shall not bind the parties, unless made in writing.
11. Term & Termination
11.1
The Order Form shall start on the Effective Date noted within the Order Form.
11.2
Access to the Findify API is on the basis of a rolling 30-day term. At the end of each 30-day term, access shall automatically renew for a further 30-day term. Accordingly, each of Findify and You must give to the other at least 30 days to terminate access to the Findify API unless otherwise agreed between the parties. No refund shall be due following such termination by You.
11.3
Either party may terminate an Order Form, at any time, immediately by giving the other written notice if the other:
materially breaches any term of these Terms of Service and it is not possible to remedy that breach;
materially breaches any term of these Terms Service and it is possible to remedy that breach, but the other fails to do so within 2 business days (Monday-Friday unless public holiday in Sweden) of being requested in writing to do so; or
becomes insolvent, makes composition with its creditors, has a receiver or administrator of its undertaking or the whole or a substantial part of its assets appointed, or an is order made, or an effective resolution is passed, for its administration, receivership, liquidation, winding-up or other similar process, or has any distress, execution or other process levied or enforced against the whole or a substantial part of its assets, or is subject to any proceedings which are equivalent or substantially similar to any of the foregoing under any applicable jurisdiction, or ceases to trade or threatens to do so.
11.4
Any notice to be provided under Condition 11.2 or 11.3 shall be sent to Yourfriends@findify.io.
11.5
Upon termination of an Order Form all rights granted by Findify to You shall immediately terminate and You shall cease to access the Findify API by removing the tracking code from the Client Website
11.6
The following Conditions shall remain in force notwithstanding termination: 1 (Definitions and Interpretations) 7 (Confidential Information), 8 (Warranties, Indemnity), 9 (Disclaimer, Limit of Liability), 11.4, 11.5 (Termination), 13 (General) and 14 (Governing Law & Jurisdiction).
12. Force Majeure
12.1
For the purposes of this Condition 12, an event of Force Majeure means any event beyond the reasonable control of either party, including change in laws or regulations, war, invasion, armed conflict, terrorism, strike, lock-out, labour dispute, failure of suppliers or subcontractors, riot, civil commotion, accident, act of God, fire, flood and storm.
12.2
If a party is prevented, hindered or delayed from or in performing any of its obligations under these Terms of Service by an event of Force Majeure, the affected party’s obligations under these Terms of Service are suspended without liability while the event of Force Majeure continues and to the extent that it is prevented, hindered or delayed.
12.3
If performance of any obligation under these Terms of Service is prevented, hindered, or delayed due to an event of Force Majeure either party shall be entitled to terminate these Terms of Service on written notice to the other party.
13. General
13.1
These Terms of Service (including all applicable Schedules) contain the entire agreement of the parties with respect to the access to the Findify Services and the performance of Professional Services and supersede all prior agreements and representations, standard conditions or other implied conditions, whether written or oral, with respect to the subject matter of these Terms of Service.
13.2
You shall not assign or delegate its rights or obligations under these Terms of Service, in whole or in part, to any third party by operation of law or otherwise, without the prior written consent of Findify. Any attempted assignment or delegation that does not comply with this Condition 13.2 shall be of no effect.
13.3
If any provision of these Terms of Service is found to be unenforceable, the remainder shall be enforced as fully as possible and the unenforceable provision shall be deemed modified to the limited extent required to permit its enforcement in a manner most closely approximating the intention of the parties.
13.4
Nothing in these Terms of Service shall create or imply an agency, partnership or joint venture between the parties. Neither party shall act or describe itself as the agent of the other party nor shall either party have or represent that it has any authority to make commitments on behalf of the other.
14. Governing Law & Jurisdiction
14.1
These Terms of Service are governed by and will be construed in accordance with the laws of Sweden.
14.2
The parties submit to the exclusive jurisdiction of the courts of Sweden in relation to any legal actions or proceedings arising out of or in connection with These Terms of Service, save that this submission will not preclude any party from applying to any other court having jurisdiction for urgent or interim relief in aid of proposed or pending proceedings in Sweden.
Published: 2022-01-20
This Appendix contains further and additional information regarding Findify API and Findify content and is a part of the Terms of Service. Therefore the definitions in the Terms of Service shall have the same meaning in this Appendix. In case of conflict between the Terms of Service and this Appendix the Terms of Service shall prevail.
1. License
1.1
Findify may, at its sole discretion, provide upgrades and new releases of the Findify API from time to time and shall use its endeavors to provide 48 hours’ notice of any changes to the Findify API.
1.2
Without prejudice to Condition 3.2 of the Terms of Service, if at any time your access to and/or use of the Findify API is excessive and as a result impacts on other clients’ ability to use the Findify API, we shall notify you accordingly and you shall promptly take appropriate steps to remedy such use.
1.3
You shall not, and shall not permit or assist any third party to:
translate, adapt, disassemble, reverse engineer, decompile or copy the whole or any part of the Findify API and/or the Findify Content, nor arrange or create derivative works based on the Findify API and/or the Findify Content except to the extent permitted by law not capable of exclusion by agreement;
make for any purpose including error correction, any modifications, adaptions, additions or enhancements to the Findify API and/or the Findify Content;
combine, match or merge the whole or any part of the Findify API with or incorporate the Findify API into any third party code;
distribute, sell, sub-license, lease, resell or purport to assign access to the Findify API and/or the Findify Content;
attempt to undermine the security of the Findify API;
access the Findify API and/or the Findify Content to build a competitive product or service or to build a product using similar ideas, features, functions or graphics;
make available online all or part of the Findify API and/or the Findify Content through the Internet, or any intranet;
remove or alter any copyright or other proprietary notice on any part of the FINDIFY API and/or the FINDIFY Content; and/or
take any action in an attempt to obtain cause malfunction, crash, tamper with or otherwise impair the Findify API and/or the Findify Content;
take any action that may cause any Findify API to be subject to any disclosure, publication or other requirements of any open source software licence;
engage in any activity with the Findify API that interferes with, disrupts, damages, or accesses in an unauthorized manner the servers, networks, or other properties or services of Findify.
1.4
Findify shall be entitled to record your access and use of the Findify API for the purposes of diagnosing and fixing problems, training and support, User activity and to ensure your compliance with these Terms of Service. Findify may transfer such records to third parties for the purposes of analysis and processing.
2. Findify API Integration & Availability
2.1
Findify will provide reasonable information, documentation and assistance to enable you to integrate the Findify API on the Client Website. You will be responsible for the integration of the tracking code on the Client Website and the integration of the feed for your products. All other assistance and support shall be provided only to the extent it is agreed otherwise.
2.2
Findify shall use reasonable endeavours to make the Findify API available at all times, but you acknowledge that there may be occasions when access to the Findify API may be interrupted, including for scheduled maintenance or upgrades, for emergency repairs, or due to failure of telecommunications links and/or equipment.
3. Client Website
3.1
You shall not be entitled to access the Findify API for any website other than the Client Website identified on the Order Form without Findify’s prior written consent.
Effective date: 20th May 2018
Updated: 20th Jan 2022
1. General
Findify AB, reg.no. 556977-1073 (”Findify”) respects and cares about your personal integrity. We want you to feel safe when we process your personal data. By way of this privacy policy (“Privacy Policy”), we want to inform you about how we ensure that your personal data is processed in the right way.
To be able to provide you as a subscriber with our services, we must process personal data about you. This Privacy Policy applies to you as a subscriber when you create an account through our website or through the installation of one of our extensions, and then use our services.
2. Data Controller
Findify is the data controller for the processing of your personal data and is responsible for ensuring that the processing is made in compliance with applicable law. You find our contact details at the last section of this Privacy Policy.
3. What is the information we collect?
We collect information, including personal information, in various ways when you use our site, products and services. “Personal information” means any information which, either alone or in combination with other information, identifies you as an individual, such as your name, post address and email address.
Information you give us
We collect personal information that you provide us voluntarily. For example:
When you create an account with Findify to access the Merchant dashboard, you provide us with your first name, your last name, your email address and a password.
When you enter information to use our service, you provide us with your postal address, country timezone, phone number, company name and credit card information.
If you tell us where you are (by allowing your mobile device to send us your location), we may store and use this information for internal analytics purposes.
Information collected by your use of our service
We automatically collect certain information:
When you utilize one of our extensions (Shopify, Bigcommerce, etc.), we will collect the currency of your shop and information about your location (city, country, timezone).
When subscribing to one of our plans, we will collect the transaction informations.
We will also collect information on how you use our services and how you browse our website findify.io.
Access and control of the personal information we collect
We recognize our customers’ right to control the type of personal information that is collected about them. Our customers can access, make rectification and delete their personal information at any time. Findify retains your personal information while you are a customer and will delete your personal information upon request.
For more information, feel free to email us at privacy@findify.io.
4. Legal basis for processing
We need to process your information in order to provide the services you have requested from us. When the processing is not strictly necessary, such as when we process your personal data in order to improve our services, we base our processing on us having a legitimate interested.
You have the right to object to processing of your personal data based upon a legitimate interest as legal basis. If you object to such processing, we will continue with the processing only if there is a compelling legitimate basis for the processing that outweighs your interest, fundamental rights or freedoms. Please see below if you want to read more about your rights.
5. How do we use the information we collect?
In general, we use the information we collect primarily to provide, maintain, protect, and improve our current products and to develop new ones. This may include:
- To ease the creation and the security of your account on our service.
- To administer your account if you have a subscription plan with our service, including billing and payment.
- To identify you as a customer in our services.
- To improve our services, products, site and how we operate our business.
- To understand and improve your experience using our services.
- To provide and deliver products that you may have requested.
- For our customer success team to answer your questions.
- To communicate with you about products updates, news or security alerts.
- To administer and carry out our obligations towards you as a subscriber, and safeguard our legal interests.
- To develop and improve our services.
- To uphold a high security for our services and prevent misuse and unauthorized usage of our services.
- To comply with our legal obligations.
6. Automated Decision Making
We do not use any automated decision-making which has significantly effects on you.
7. For how long do we keep your personal data?
We only keep your personal data for as long time as necessary to achieve the purposes for which they were collected in accordance with this Privacy Policy. When we do not longer need your personal data, we remove the data from our systems, databases and backups within a period of 12 months after the termination of your contract.
We may be required to keep your personal data for other reasons, such as to comply with legal obligations or to safeguard our legal interest, or for any other important public interest.
8. With whom do we share your personal data with?
Findify may share your personal data with third parties such as our cloud provider which we cooperate with to provide our services. These IT services providers may only process your personal data in accordance with our instructions. We may also in certain cases be required to share your personal data with public authorities or other third parties in connection with court proceedings, corporate acquisitions or similar reasons.
Although we do not sell your personal data to any third party, third parties may set third party cookies when you visit our website.
9. Where do we process your personal data?
Findify aims at only processing your personal data within the EU/EEA. In some cases, we may transfer your personal data to a country outside of the EU/EEA. If personal data is transferred to any such country, we will ensure that your personal data is protected and that the transfer is carried out in accordance with applicable law.
When carrying out any transfer to a country that lacks an adequacy decision by the European Commission, we will use the standard contractual clauses issued by the European Commission as legal basis for the transfer. You find these here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/rules-international-transfers-personal-data_en
When carrying out transfers to recipients in the United States that have joined the Privacy Shield program, we use the Privacy Shield as legal basis for the transfer, which you find here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2016.207.01.0001.01.ENG
10. Your rights
Our responsibility for your rights
Findify is in the capacity as data controller responsible for ensuring that your personal data is processed in accordance with applicable law and that your rights have an impact on the processing. You may at any time contact us to exercise your rights. You find our contact details at the last section of this Privacy Policy.
Findify is responsible for answering your request to exercise your rights within one month from our receipt of your request. If your request is complicated, or if we have received a large extent of requests, we are entitled to prolong our response period with two additional months. If we assess that we cannot perform the actions you have requested, we will within one month explain why and inform you about your right to lodge a complaint with the data protection authority.
All information and communication, and all actions we carry out, is at no cost for you. If the action you request is manifestly unfounded or excessive, we are entitled to charge you an administrative fee to provide you with the requested information or carry out the requested action, or refuse to meet your request.
Your right to access, rectification and erasure of personal data and restriction of processing
You have the right to request:
Access to your personal data
This means that you have the right to request an abstract from our data record regarding our use of your personal data. You also have the right to request a copy of the personal information being processed at no cost. However, we may charge you a reasonable administrative fee to provide you with additional copies of the personal data. If you make your access request by electronic means such as email, we will provide you with the information in a commonly used electronic format.
Rectification of your personal data
We will at your request, or at our own initiative, rectify, anonymise, erase or complement personal data that you or we discover is inaccurate, incomplete or misleading. You also have the right to complement the personal data with additional data if relevant information is missing.
Erasure of your personal data
You have the right to request that we erase your personal data if we do no longer have an acceptable reason for processing the data. Given this, erasure shall be made by us if:
– the personal data is no longer necessary for the purposes for which it was collected,
– you object to the processing of your personal data based on our legitimate interest and there is no overriding legitimate ground for the processing,
– the personal data has not been lawfully processed,
– we are required to erase the personal data due to a legal obligation, or
– you are a child and we have collected the personal data in relation to the offer of information society services. However, there might be requirements under applicable law, or other weighty reasons, that entail in that we cannot immediately erase your personal data. In such case, we will stop using your personal data for any other reasons than to comply with the applicable law, or the relevant weighty reason.
Right to restrict processing
This means that we temporarily restrict the processing of your personal data. You have the right to request restriction of the processing when:
– you have requested rectification of your personal data in accordance with the section above above during the time period we are verifying the accuracy of the data
– the processing is unlawful and you do not want the personal data to be erased,
– Findify, in its capacity as data controller, does no longer need the personal data for the purposes for which it was processed, but you require us to retain the information for the establishment, exercise or defence of legal claims, or
– you have objected to our legitimate interest for the processing in accordance with the section “Your right to object to the processing” below during the time period we determine whether the legitimate interest overrides your privacy rights.
At Findify, we will take all reasonable and possible actions to notify any recipients of your personal data as set out in the section “With whom do we share your personal data with” above regarding any rectification, erasure or restrictions carried out by us. At your request, we will also inform you of which third parties we have shared your personal data with.
Your right to object to the processing
You have the right to object to such processing of your personal data based upon our legitimate interest. If you object to such processing, we will only continue with the processing if we have a compelling legitimate reason for the processing that outweighs your interest, rights or freedoms, or unless continued processing is necessary for the establishment, exercise or defence of a legal claim.
Your right to portability
You have the right to portability. This means that you have the right to receive certain of your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. You only have this right when your personal data is processed by automated means and our legal basis for the processing is performance of a contract between you and Findify. This means e.g. that you have the right to receive and transfer all of the personal data that you have provided us with to create a user account at Findify.io.
Your right to lodge a complaint with the data protection authority
You have the right to lodge any complaints regarding our processing of your personal data with the data protection authority.
We protect your personal data
You shall always feel safe when providing us with your personal data. Therefore, Findify has implemented appropriate security measures to protect your personal data against unauthorised access, alteration and erasure. In the case of a security breach that may significantly affect you or your personal data, e.g. when there is a risk of fraud or identity theft, we will contact you and inform you of what you can do to reduce this risk.
Cookies
Findify uses cookies at our webpage and in our services to improve your user experience. We use cookies to e.g. simplify and adjust our web and application services. In our cookies policy, we provide you with more detailed information on how we use cookies and which choices you may make regarding our cookies.
Amendments to this privacy policy
Findify has the right to amend this Privacy Policy at any time. When we make any amendments that are not only linguistic or editorial, you will be provided with clear information of the amendments and which impact they will have on you before the amendments are effective.
Contact Information
Do not hesitate to contact us at Findify if you have any questions regarding this Privacy Policy, our processing of your personal data, or if you want to exercise your rights.
Findify AB, reg.no. 556977-1073
Email: privacy@findify.io
Webpage: www.findify.io
Accessibility
Findify supports majority of ADA and WCAG requirements that are relevant to search & discovery interfaces.
We review our out of the box implementations on a regular basis and are committed to ensuring we meet these guidelines.
If you need any assistance around this, please reach our integration team who are happy to help: Yourfriends@Findify.io
Updated: 2022-01-20
In 2016, The European Commission approved the new General Data Protection Regulation (https://gdpr-info.eu), which will replace the 1995 Data Protection Directive.
We can confirm that Findify complies with GDPR from May 25th, 2018.
GDPR is a significant update to customer privacy, and our team worked hard to align Findify’s products and contracts with the regulation requirements, so that customers could prepare themselves prior to May 25th 2018. Among other things, measures we took to achieve this include:
- Working with Sweden’s leading law firm when it comes to data protection to help us analyze, and align our processes.
- Continuously investing in our security infrastructure.
- Updating our contracts, both with vendors and customers to comply with GDPR.
- Updating our product and policies to comply with GDPR.
We will actively communicate with our customers with upcoming changes as they become available.
Complying with the regulation and allowing customers to control their data is important to us. We are happy to support our customers in the process of making sure they are compliant with GDPR. If you have any questions about how Findify can help you with GDPR compliance, please feel free to reach out.
Here are some useful resources:
Updated: 2022-01-20
Summary
Findify implements and maintains the following security measures. Findify may update or modify the security measures from time to time, taking into account that such updates or modifications are not degrading the overall security of its services.
Compliance and Certification
PCI DSS: Findify’s payment and card information is handled by Braintree, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 Service Provider, the most strict level of certification available in the payments industry.
Privacy Shield: Privacy Shield is a certification program that applies to US based companies. Because Findify is a EU-based company, we are not part of the Privacy Shield. However, our sub-processors such as AWS and others (see our Sub-processors section) are in fact part of the Privacy Shield.
Infrastructure
Physical Access Control: Findify is hosted on AWS (Amazon Web Services). AWS data centers feature a layered security model, including extensive safeguards such as:
- Alerts
- Security guards
- Parameter fencing
- Video surveillance
- Intrusion detection
Findify employees do not have physical access to AWS data centers, servers, network equipment, or storage.
According to the AWS Security white paper, AWS also complies with an impressive array of certifications.
Infrastructure control: Direct access to infrastructure, networks and data is minimized to the greatest extent possible. Only the designated authorized Findify operations team members have access to configure the infrastructure and the access is made via VPN. Specific private keys are required for individual servers, and keys are stored in a secure and encrypted location.
Third-party audit: AWS undergoes various third-party independent audits on a regular basis and can provide verification of compliance controls for its data centers, infrastructure, and operations. This includes, but is not limited, to SSAE 16-compliant SOC 2 certification and ISO 27001 certification.
Operating system: Findify is using a Linux based operating system for all its applications. We constantly upgrade our machines to the latest operating system and apply the latest security updates.
Business Continuity
High availability: The Findify architecture has been designed to eliminate the single points of failures. All the components that deliver the Findify service are replicated over several availability zones within AWS. This design also allows Findify to perform application and infrastructure updates with a minimal impact on the service availability.
Data backups: Findify keeps daily encrypted backups of the merchant configuration, the customer data and other critical data in AWS, using S3 storage. Backup files are stored redundantly across multiple availability zones. While never expected, in case of a production data loss (in case all the replicas go down), we will restore the data from these backups.
Network and Transmission
Internal network: Only the APIs are publicly accessible from Internet. Findify’s production environment, where all the customer data and customer facing applications sit, is located in a logically isolated Virtual Private Network (VPC). Production and non-production environments are segregated. All network access between hosts is restricted using security groups to only allow authorized services to interact between each other.
Encryption technology: By default, our Merchant JS communicates with findify.io using Transport Layer Security (TLS), which is regularly updated to use updated ciphersuites and TLS configurations. We support TLS 1.1 and 1.2.
Data Security and Privacy
Data storage and isolation: Findify stores data in a multi-tenant environment. All the data is replicated over several availability zones. Findify logically isolates each merchant’s data, and logically separates each end-consumer’s data from the data of other end consumers. Data for an authenticated merchant will not be displayed to another merchant (unless a merchant allows the data to be shared). A central authentication system is used across all services to increase uniform security of data.
Retention: Findify retains end-consumers data for a period of 2 years. We remove individual events after 2 years. All event data is eradicated from the service and from the servers without additional archiving in order to prevent the threat of intrusion.
Data Removal: End-consumers may request the erasure of their personal data stored by Findify, via the data controller. We’ve built the tools and processes necessary to help our customers fulfil these requests. In addition, all the data of an ecommerce store is removed upon that customer’s termination of service.
Data Access: End-consumers can request to have a summary of their data collected by Findify, via the data controller, provided their unique and visit identifiers. More explanation on how to get these values is provided in our FAQ.
Anonymization: Findify does not collect all types of data, as part of its analytics platform. The personal data such as an IP address is automatically anonymized by Findify before being stored in Findify databases.
Application Security
Monitoring: All the Findify applications and servers transmit metrics to our monitoring service. We regularly watch the monitoring dashboards (per service) to detect unusual patterns in the metrics. Alerts are created there so that the system alerts our monitoring team when a service goes over normal thresholds.
Security Development Lifecycle: Findify has a continuous delivery platform, which means all code changes are committed, tested, shipped, and iterated on in a rapid sequence. A continuous delivery methodology, complemented by pull request, continuous integration (CI) significantly decreases the likelihood of a security issue and improves the response time to and the effective eradication of bugs and vulnerabilities.
Account security: Findify secures its dashboard authentication secrets using the industry best practice methods to salt and repeatedly hash your credentials before it is stored.
Incident response: Findify has implemented an incident response plan. In case of an accident involving the customer data, we will promptly react to the security incident, inform you and update you accordingly.
Rest API authentication: Findify’s REST API uses personal auth tokens or an API key for authentication. Authentication tokens are passed using the auth header are used to authenticate a user account with the API.
Corporate Security
Personnel security: Findify personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.
Risk management: All Findify product changes must go through code review, CI, and build pipeline to reach production servers. Only designated employees on Findify’s operations team have secure shell (SSH) access to production servers.
Disclosure policy: Findify notifies customers of any data breaches as soon as possible via email, followed by multiple periodic updates throughout each day addressing progress and impact.
Security training: All new Findify employees attend a “Security 101” training during the onboarding process. In addition, all Findify employees must take the Security and Privacy training once a year, which covers the Information Security policies, best practices and privacy principles.
Our Data Processing Addendum of Findify can be found here.
It took effect on the 25th May 2018. The most recent update was performed on the 20th of January 2022.
What are cookies?
Cookies are small text files which are downloaded to your computer, tablet or mobile phone when you visit a website or application. The website or application may retrieve these cookies from your web browser (eg Internet Explorer, Mozilla Firefox, Safari or Google Chrome) each time you visit, so they can recognise you, remember your preferences and provide you with a more secure online experience.
Generally, cookies are very useful and are a common method used by almost every website you visit because they help to make your online experience as smooth as possible. For security reasons, many websites will not function at all without the use of cookies (or other similar technologies, such as “web beacons” or “tags”).
Cookies generally do not hold any information to identify an individual person, but are instead used to identify a browser on an individual machine.
If you prefer, you can restrict, block or delete cookies by changing your browser settings but that may mean that the website won’t work properly.
For more information about cookies and their impact on you and your browsing visit www.aboutcookies.org
Types of cookies
Necessary Cookies
These cookies are essential in helping you to make use of the features and services we offer on the Findify website. Without these cookies, the services you want to use cannot be provided. These cookies do not gather information about you that could be used to identify you, and they do not monitor or remember where you have been on the internet.
Performance Cookies
Performance cookies help us to understand how our customers use our site, so we can keep our products and services relevant, easy to use and up to date. For example, we can see which products and services are most popular, identify when and where errors occur, and test different versions of a page in order to provide an improved online experience. Sometimes, the services we use to collect this information may be operated by other companies on our behalf. They may use similar technologies to cookies, known as “web beacons” or “tags”. These are anonymous and, as they are only used for statistical purposes, they do not contain or collect any information that identifies you.
Marketing Cookies
We have relationships with carefully selected and monitored suppliers (third parties) who may also set cookies during your visit. The purpose of these cookies is “behavioural advertising” (also known as “behavioural targeting” or “remarketing”), which is a means of showing you relevant products and services based on what you appear to be interested in. Although these cookies can track your visits around the web they don’t know who you are. Without these cookies, online advertisements you encounter will be less relevant to you and your interests.
Our cookies
Necessary Cookies
Performance cookies
Marketing cookies
Website Cookies, no personal data
Most internet browsers allow you to erase cookies from your computer hard drive, block all cookies (or just third-party cookies) or warn you before a cookie is stored on your device.
Please note, if you choose to block all cookies, our site will not function as intended and you will not be able to use or access many of the services we provide. If you have blocked all cookies and wish to make full use of the features and services we offer, you will need to enable your cookies. You can do this in your browser (see below).
Rather than blocking all cookies, you can choose to only block third-party cookies which will still allow our website to function as intended.
How to manage cookies on your PC
To enable cookies on our website, follow the steps below.
Google Chrome
- Click “Tools” at the top of your browser and select “Settings”.
- Click “Show advanced settings”, scroll down to the section “Privacy” and click “Content Settings.”
- Select “Allow local data to be set”. To only accept first-party cookies, check the box next to “Block all third-party cookies without exception”
Microsoft Internet Explorer 6.0, 7.0, 8.0, 9.0
- Click “Tools” at the top of your browser and select “Internet Options”, then click the “Privacy” tab.
- Check that the level of your privacy is set to Medium or lower, which will allow the use of cookies in your browser.
- If set above medium level it will prevent the use of cookies.
Mozilla Firefox
- Click “Tools” at the top of your browser and select “Options”.
- Then select the “Privacy” icon.
- Click the “Cookies” and select “Allow pages to create a cookie.”
Safari
- Click the gear icon at the top of your browser and select “Settings”.
- Click the “Privacy” tab, then select the option “Disable the use of cookies by third parties and advertising cookies.”
- Click “Save”.
How to manage cookies on your Mac
To enable cookies on our website, follow the steps below.
Microsoft Internet Explorer 5.0 on OSX
- Click on “Explorer” at the top of your browser and select “Settings”.
- Scroll down to the “Cookies” section in the “Received Files”.
- Select “Do not ask.”
Safari on OSX
- Click “Safari” on the top of your browser and select “Settings”.
- Click the “Privacy” and then “Enable cookies.”
- Select “only the pages you have visited.”
Mozilla and Netscape on OSX
- Click “Mozilla” or “Netscape” at the top of your browser and select “Settings”.
- Scroll down to the “Cookies” under “Privacy & Security”.
- Select “Allow cookies only to the original site.”
Findify AB (“Findify”) uses certain subprocessors to assist it in providing to its customers the Services as described in the Master Services Agreement. A subprocessor is a third party data processor engaged by Findify who has or potentially will have access to or process Customer content (which may contain Personal Data). Findify engages different types of subprocessors to perform various functions as explained in the tables below.
Infrastructure
| Entity Name | Location |
|---|---|
| Amazon Web Services, Inc. | USA (North Virginia) |
Processing of Customer data
| Entity Name | Function | Location |
|---|---|---|
| Atlassian | Project Management Platform | Australia |
| Braintree | Payment Gateway | UK |
| Chargebee | Subscription & Recurring Billing | USA |
| Fortnox | Accounting Platform | Sweden |
| Google Inc. | Merchants communication | USA |
| Hubspot | Inbound Marketing and Sales | USA |
| Intercom | Customer Management Platform | USA |
| MaxCDN | Content Delivery Network | USA |
| Opsgenie | Service monitoring & Alerting | USA |
| Sentry | Error Monitoring & Diagnostic | USA |
| Slack, Inc. | Communication Platform | USA |
