Last Updated: October 25, 2018
It also tells you about your privacy rights and how the law protects you.
What Information Do We Collect?Types of Data Collected
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). At Toodledo, we collect a variety of information about our customers and visitors to the Toodledo websites and mobile applications in order to provide a better customer experience. This personal data falls into these categories:
|Category of Data||What It Includes|
|Identity Data||Your first name, last name, your login/password.|
|Contact Data||Your billing address and email address.|
|Financial Data||The last 4 digits of your credit card and the expiration year only and your PayPal account information.|
|Transaction Data||Details about payments from you and other details of services you have purchased from us and any data that you upload to the website or mobile services.|
|Profile Data||Your name and password, purchases or orders made by you, preferences, feedback responses, as well as any profile data which we have added (for example, using analytics).|
|Technical Data||Your first name, last name, your login/password.|
|Identity Data||IP address, your login data, operating system and browser type and version, location and other technology on the devices you use to access the website or mobile application.|
|Usage Data||Information about how you use our website and mobile applications and services.|
|Tracking Data||Information we or others collect about you from cookies and similar tracking technologies.|
|Marketing and Communications Data||Your preferences in receiving direct marketing from us and our third parties and your communication preferences.|
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website or mobile application feature. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
- Turning off cookies in the preferences settings in your browser
- Downloading the Google Analytics opt-out browser add on available at: https://tools.google.com/dlpage/gaoptout/
- Opting out of user interest and demographic categories in the Settings for Google Ads feature to manage or opt out of Google interest based ads; or
- Managing cookies used for online advertising across multiple companies at the US-based Network Advertising Initiative at http://www.networkadvertising.org/choices/.
Toodledo tracks your browsing habits across other third-party websites and we do not respond to browser do not track signals.
We do not request and do not want to collect any sensitive data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences. If you voluntarily upload such information to the website or mobile application, you are expressly consenting to Toodledo’s collection of such information.
Toodledo recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. Neither our website, mobile application nor our services are intended for children under the age of 16. Toodledo does not target its services or this website or mobile application to children under 16. Toodledo does not knowingly collect personal data from children under the age of 16.
How We Use Your Information
We use your information in a number of different ways. The tables below provide more detail, showing what we do with your information and why, but generally, we use your information for the following reasons:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we carry out fraud screening as part of the check-out process.
- Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
|Purpose/Activity||Type of Data Non-Exhaustive||Lawful Basis for Processing|
|To register you as a new customer||Identity; Contact||Performance of a contract with you|
|To process and deliver you our services including: Manage payments, fees and charges Collect and recover money owed to us||Identity; Contact; Financial; Transaction; Marketing and Communications||Performance of a contract with you Necessary for our legitimate interests (including to recover debts due to us)|
|To deliver direct marketing to you||Identity; Contact; Profile; Usage; Marketing and Communications; Tracking; Technical||For most direct marketing communications, we rely on consent or consent implied from your past purchase from us of similar products, however there are situations in which it is in our legitimate interests to use your personal data in this way (Please see Advertising, Marketing and Your Communications Preferences below)|
|To administer and protect our business and this website or mobile application (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identity; Contact; Technical; Tracking||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) Necessary to comply with a legal obligation|
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||Identity; Contact; Profile; Usage Marketing and Communications; Technical; Tracking||Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, mobile application, services, marketing, customer relationships and experiences||Technical; Tracking; Usage||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website and mobile application updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about other products of ours that may be of interest to you||Identity; Contact Technical; Usage; Profile||Necessary for our legitimate interests (to develop our products/services and grow our business)|
|To prevent and detect fraud and unlawful acts||Identity; Contact; Financial; Transaction; Technical; Tracking||Necessary for our legitimate interests (to protect our business and our customers by way of undertaking fraud monitoring and suspicious transaction monitoring) Necessary to comply with a legal or contractual obligation to share personal data for the purposes of law enforcement|
|In order to resolve legal claims or disputes involving you or us||All relevant data categories, depending on the nature of the allegation or claim||Necessary to bring or defend a claim|
How Is Your Data Collected?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact, Transaction Data and Financial Data by filling in forms, uploading content and data or by corresponding with us by email. This includes personal data you provide when you:
- sign up to receive information
- make inquiries or request information be sent to you
- create an account on our website or mobile application
- order or purchase our services
- ask for marketing to be sent to you
- contact us; or
- upload content such as tasks, lists and notes.
Automated technologies or interactions. As you interact with us via our website or mobile application, we may automatically collect Technical Data about your operating system, browsing actions and patterns. We may also collect Tracking Data when you use our website or mobile application, or when you click on one of our advertisements (including those shown on third party websites).
Third parties or publicly available sources. We may receive personal data about you from various types of third parties, including:
- Technical Data and/or Tracking Data from analytics providers, advertising networks and search information providers.
Sharing Your Information
- Companies that help us to provide our services, such as hosting service providers and payment service providers;
- Professional service providers, such as auditors bankers, lawyers, accountants and insurers, marketing agencies, advertising partners and website hosts, who help us run our business; and
- Governments, regulators, law enforcement and fraud prevention agencies, so we can assist law enforcement and comply with law enforcement; and
- Companies approved by you, such as social media sites (if you choose to link your accounts to our website or mobile application).
For example, we share personal data with the following specific third parties:
We also share data with third parties connected to advertising, retargeting and analytics. Please see Cookies below, including the cookie list, for more information about who those third parties are.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you elect to send a list or task from the website or mobile application to another user, we will transmit your name and email along with the list or task you requested to that user.
We may also share your personal data if the law otherwise allows it.
Toodledo uses third-party payment processors Stripe and PayPal to process payments. All online payments are conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information is encrypted before being communicated to them. Subject to the below exceptions, your credit card details are communicated directly from your browser to these payment processors - Toodledo does not see your full Permanent Account Number (PAN).
Advertising, Marketing and Your Communication Preferences
We may use your Identity, Contact, Technical, Tracking, Usage and Profile Data to form a picture of what we think may be of interest to you. This is how we decide which products, services and offers may be relevant for you and tell you about them. This is what we call direct marketing. We carry out direct marketing by email. You have the right at any time to opt out of marketing emails. The easiest way to opt out is to use the unsubscribe link that you will find at the bottom of each communication.
If you see Toodledo’s advertisements on websites and in social media, these may not be directed specifically at you, we might just have bid for the space. But we may specifically direct certain email promotions to you.
We also work with partners to try and promote the reach of our advertisements and use analytics and retargeting for this reason. We use Tracking Data to deliver relevant online advertising, including via websites and social media. For more information on Tracking Data, and in particular cookies, which also help us deliver website and social advertising that we believe is most relevant to you and to potential new customers of Toodledo, please see Cookies below.
You can see from Advertising, Marketing and Your Communication Preferences above that cookies are a tool that we – and everyone one else who operates online – use for advertising. However, advertising is just one of the many reasons why cookies are used, and as you can see below, there are different types of cookies.Strictly Functional Cookies
First and foremost, cookies help our websites work better. They help us work behind the scenes to make your customer experience a lot easier. You’d miss a lot of these things if they were gone – like easily logging in and moving from page to page.Performance Cookies
Other cookies collect information about how visitors use our websites, and measure how well the websites work – like whether a visitor gets an error message from our web pages. These cookies don't collect information that identifies a visitor. All of the information that these types of cookies collect is aggregated and used to improve how our websites works.Advertising Cookies
And of course, there are cookies that collect information about your browsing habits in order to make any advertising that is delivered to you more relevant to you and your interests. They are usually placed by advertising networks with our permission. They remember that you have visited a website and this information is then shared with other organizations such as advertisers. Quite often, targeting or advertising cookies will be linked to site functionality provided by the other organization. This is also why when you’ve been on one of our websites, you might see some tools that you previously looked at on our websites. This includes retargeting.
Cookies can also tell us if you have seen a specific advertisement, and how long it has been since you have seen it. This is helpful, because it means we can control the effectiveness of our advertisements and control the number of times people might be shown our advertisements. Cookies also help us understand if you’ve opened a marketing email - we don’t want to send you things that you don’t read.
Almost all the cookies that relate to advertising are part of third party online advertising networks. If you’d like to read about how you can control which advertisements you see online, see opt-out programs established by the Digital Advertising Alliance (United States), the Digital Advertising Alliance of Canada and the European Interactive Digital Advertising Alliance. We do not control cookies which are set by advertising networks.
For more information about the cookies we use, including who they belong to, their ID and why they are used, click here. We’ve also included links to the third-party websites where you can go to find out more.
Third Party Links
Data Security & Retention
We have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption and password protection. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it in the first place, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you cease using our website and mobile application for one (1) year, we will generally delete your data at that one (1) year anniversary from when you ceased use.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We generally keep certain information about our customers (such as, Contact, Identity, Financial and Transaction Data) related to our customers' purchases for seven years after a transaction for tax purposes.
In some circumstances you can ask us to delete your data; see Your Legal Rights below for further information.
Your Legal Rights
If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal data:
- The right of access – that’s a right to make what’s known as a ‘data subject access request’ for a copy of the personal data we hold about you;
- The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
- The right to erasure (also known as the ‘right to be forgotten’) – that’s where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
- The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
- The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making.
These rights are subject to certain rules around when you can exercise them. If you wish to exercise any of the rights set out above, please contact us (see How to Contact Toodledo About Privacy).
Generally, you will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us first.
How to Contact Toodledo About Privacy
Title or Role: Privacy Manager
Phone Number: +1 (786) 625-5350