Last Updated: April 4, 2023
This Privacy Policy describes how we collect, store, share and use the personal information that our customers store on our CRM platform, that we collect on our websites, and that we otherwise use in the operation of our business.
This policy is organized in four sections:
We may revise this policy to reflect changes in the law, our CRM platform and business operations. We will notify you of these changes through a message on our website or CRM platform, or by some other reasonable means. The date that this policy was last updated can be found at the beginning of this policy.
If you have any questions about this policy or our data privacy practices, please contact us at privacy@draw-k.com.
This Privacy Policy describes how we process personal data in the operation of our business. In this policy, “Draw-K”, “we”, “us” and “our” refers to Draw-K CRM, Inc. and its affiliates. We categorize this personal data as either Customer PII or CRM Data.
As discussed in our Terms of Service, our customers retain ownership of their CRM Data, and provide us with a limited license to that data so that we can allow them to make use of our CRM platform and related services. We process CRM Data on behalf of our customers and only in accordance with their instructions. In GDPR terms, we are the “processor” of this information.
This policy includes links to materials outside this policy, like Help Center pages, which provide more detail about the topics discussed here. These linked-to materials are for reference only, may be changed at any time, and are not a part of this policy.
Our CRM platform and other websites may contain links to other websites not operated or controlled by Draw-K, which we refer to as “third-party sites.” Examples of third-party sites include social media features, such as links to our Facebook, Twitter, Instagram, and LinkedIn pages, found on draw-k.com. This policy does not apply to third-party sites. Your interactions with these third-party sites are governed by the privacy statements of the owners of those websites. You should review those privacy statements to better understand their privacy practices.
An important example of a third-party site is found on our Email Sequences page. Draw-K’s email sequencing functionality is provided by Outfunnel, a service partner of Draw-K. By accessing this functionality through our CRM platform, you are agreeing to share the CRM Data in your account with Outfunnel. Before you access the Email Sequences page, you must agree to Outfunnel’s terms of service and privacy policy, and it is Outfunnel’s privacy policy — and not this policy — that governs how the email addresses and other relevant CRM Data is collected, used, disclosed and retained by Outfunnel.
Here is how we collect Customer PII and the types of personal data we collect:
We process the CRM Data that is stored in our customers’ (and our own) Draw-K accounts. Our customers control the types of personal data that they store in Draw-K, and we process CRM Data as directed by them. Typically, CRM Data consists of the following:
Your use of our CRM platform and provision of CRM Data is governed by our Terms of Service. It is your responsibility to ensure that you own or have adequate permissions to store and process personal information on our CRM platform.
Prohibited Data
Our Terms of Service prohibit storing certain types of sensitive or regulated information on our CRM platform or otherwise providing us with this information, including, for example, in support requests or other communications. This information includes credit card, bank account, driver’s license or social security information, information that would be considered “protected health information” under HIPAA, and special categories of data under GDPR, including information about someone’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health, sex life or sexual orientation. It is our customers’ responsibility to ensure that they and their users comply with these restrictions.
Children’s Data
Use of our CRM platform is only available to persons who are old enough to enter into a legal contract, and access to our platform is not directed to children under 16 years of age. If our policy changes, we will obtain consent from a parent or guardian before we knowingly collect data from anyone under the age of 16 years.
Enrichment Data
When one of our customers creates a record in our CRM platform, we may populate certain fields with “enrichment data” to validate or supplement the information entered in that record, and may include a person’s name, location, address and employer details. This data is obtained from public and third-party sources. We do not use CRM Data to populate enrichment data.
For more information about how our customers use and share their CRM Data, you should refer to their privacy policies. As noted above, if you provide us with personal data on behalf of someone else, you must have their consent or some other legal basis to do so.
Yes, our CRM platform has email tracking functionality that can be used to notify senders when an email is opened. Certain governmental regulators, including those with jurisdiction over EU member states, have expressed the opinion that the use of email tracking functionality requires that recipients have consented to the use of this technology.
Draw-K may use its CRM platform’s email tracking technology when it sends emails to current and prospective customers. By submitting your contact information to Draw-K, for example, when you sign up for a trial account, you are deemed to have agreed to this Privacy Policy and consented to our use of email tracking technology in our communications with you.
We encourage customers who wish to make use of our CRM platform’s email tracking technology to discuss their marketing plans and policies with legal counsel to ensure that they are following all applicable legal requirements. For more information about email tracking technology, see Email Track, Draw-K Help Center.
One of our CRM platform’s most powerful features is its ability to work seamlessly with Gmail and other Google Workspace applications. This section describes how Draw-K and Google applications share information. For more information about Draw-K’s Gmail integration, see Working with the Gmail Integration, Draw-K Help Center.
Google Gmail
If you sign up for Draw-K with a Gmail address, our CRM platform will automatically sync with your Gmail account. This means that the platform will access your Gmail contacts, emails, calendar, distribution lists, subject lines and URLs of tracked links from your email, if you use the email tracking functionality. In addition, you can use our CRM platform to read, modify, create, and send emails from your Gmail account. Our CRM platform will store replies, outgoing mail, email headers, subject line, distribution lists, aliases, time sent, and email bodies. By default, synced emails are visible to account owners and admins, and you may make them visible to other members of your team. For more information about email visibility settings, see Set Email Visibility Permissions, Draw-K Help Center.
Google Calendar
Our CRM platform also automatically syncs with the Google Calendar application, accessing your calendar events and tasks in your Google Calendar. It also allows you to create and edit events and tasks and send invitations from your Google Calendar account.
Google Drive
You have the option to connect your Google Drive account to your Draw-K account. If you choose to do so, you will be able to see your files, upload and download your files, and store file contents and titles on our CRM platform. Our CRM platform uses these permissions to associate files with records stored on our platform and allow users to share them with clients and other users.
For special requirements that apply to information that we obtain from your Gmail account, see below under the heading, “What additional requirements apply to information collected through our Gmail integration and Google APIs?”
The security of your personal data is important to us. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received. For more information about our data security practices, please visit our Security at Draw-K page.
Under our Terms of Service, we commit to maintain certain administrative, physical and technical controls, and we will not materially reduce the overall effectiveness of these safeguards without our customers’ consent. These controls are detailed at Safeguards, Draw-K Help Center.
If you have any questions about the security of your personal data, you can contact us at privacy-questions@draw-k.com.
Our CRM platform enables you to read, create and modify messages in your Gmail account. In order to provide you with this service, we obtain, process and store a copy of the Google user data contained in or associated with messages in your Gmail account, such as the email addresses of persons to whom you send or from whom you receive messages in your Gmail account, electronic copies of the files attached to those messages, and the contents of those messages.
We refer to the Google user data described in the immediately preceding paragraph as “Google User Data.” Google User Data is subject to the additional limitations on its use, transfer and accessibility set forth below:
Note that we may obtain personal data that is included in your Google User Data from sources other than the messages in your Gmail account. For example, we may obtain your email address when you register for the Service. Personal data that we obtain from sources other than messages in your Gmail account is not considered Google User Data for the purposes of this Privacy Policy and is not subject to the additional requirements described above.
Our use and transfer to any other application of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
We process CRM Data in accordance with the instructions of our customers in order to provide them with the services offered through our CRM platform. We also process CRM Data as required by applicable law, including to respond to valid requests by law enforcement authorities, to monitor compliance with our Terms of Service and other policies, and to resolve support requests and maintain our CRM platform.
In some cases, we may use CRM Data in an anonymized manner for machine learning that supports certain product features and functionality within our CRM Platform and for product development purposes. See below under “How do we monitor the use of our CRM platform?”
We use Customer PII and other personal data used in the operation of our business for our legitimate interests or when we have a lawful basis to do so. We use Customer PII only as identified in this Privacy Policy or our Terms of Service. Below is a summary of the principal uses we make of Customer PII:
CRM Services
We use Customer PII, including contact information and information about computer systems, to provide the services offered through our CRM platform. For example, we use your name and email address to create and maintain your account and register you on our CRM platform. We also use contact and payment information to process your subscription fees.
Customer Communications
We use your contact information and other Customer PII to communicate and build relationships with our customers. For example, we may contact customers to process, fulfill and follow up on transactions and requests for products, services, support, training and information. We also contact customers to provide them with information about their subscription, such as sending reminders when their subscription (trial or paid) is about to expire.
Product Support
We use Customer PII, including contact information and technical information about computer systems, to provide product support, including troubleshooting and technical support and agreed upon diagnostic, monitoring and management services.
Sales and Marketing
We use Customer PII, including contact information and cookie information, to send sales and marketing communications to customers and potential customers. These communications may include information about new product features, sales promotions, updates to our blogs or new webinars and other information about us and our partners. We also collect information about engagement with our websites and CRM platform to engage in market research, personalize content and advertising and help identify and communicate offers of products, programs and services that may be of interest to you. In some cases, we may send “refer-a-friend” emails on your behalf, subject to your consent.
If you wish to unsubscribe to our marketing communications, you should follow the unsubscribe instructions included in our email communications, or you may contact us at privacy-questions@draw-k.com. We may send you push notifications to your mobile device in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
Improve and Operate Our CRM Platform
We collect and use Customer PII, including contact information, product usage data, and log data to measure, analyze and improve our products and services, the effectiveness of our CRM platform and other services, as well as our advertising and marketing. For more information, see below under “How do we monitor the use of our CRM platform?”
Other Uses
We may use Customer PII for other purposes reasonably related to the operation of our business. For example, we use product usage information to enforce our Terms of Service, prevent fraud and other prohibited or illegal activities. Other reasons include to consider an application for employment and to comply with our legal obligations.
We collect, record and analyze data and other information about how our customers use our CRM platform to do things like optimize product design. This data may include tracking and recording visits to individual webpages, including in the CRM platform, and interactions with specific components of those webpages. We may share or publish this service data with third parties in an aggregated and anonymized manner, but we will not include any CRM Data or publicly identify customers or end-users.
We use a variety of third-party tools to measure, monitor and record your usage of our services, including Google Analytics and other event-tracking software. When you visit sites that use Google Analytics, we and Google may link information about your activity from that site with activity from other sites that use Google Analytics services.
We may share or disclose personal data as follows:
Except as described above or elsewhere in this Privacy Policy, we do not sell, transfer or otherwise disclose, sell, trade, or otherwise transfer your Personal Data to outside parties.
We share personal data with service providers and suppliers that are acting and using your information on our behalf to provide services to our customers and help us with our business activities. In the language of the GDPR, these service providers and suppliers are our “sub-processors.”
Sub-processors help us process payments, provide customer support, host our CRM platform, analyze data, provide marketing assistance and integrate with third-party services. We also use sub-processors to help us provide components of our CRM platform. For example, certain of our sub-processors provide us with the data warehousing and visualization capabilities that power our Reporting tools, and we may share CRM Data with those sub-processors for the purpose of providing this reporting functionality. We may also share Customer PII, including email addresses and other personally identifying information, with service partners that communicate with, monitor or provision our customers on an individual basis to serve as a unique customer identifier.
Sub-processors are authorized to use your personal data only as necessary to provide these services to us. Transfers of personal data to subsequent third parties are covered by the services agreements between us and our sub-processors.
For more information about our sub-processors, please visit Sub-Processors, Draw-K Help Center.
Draw-K uses third-party cloud computing services to host its CRM platform and store and process CRM Data. The servers used to provide these hosting services are located in the United States. Draw-K is unable to accommodate requests to store data in other locations. For more information about the third parties that provide hosting services, please visit Sub-Processors, Draw-K Help Center.
CRM Data may be stored or processed on servers located outside your jurisdiction of residence, whose data protection laws may differ from the jurisdiction in which you live. As a result, this information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to laws in those jurisdictions.
For information about the steps we take to comply with legal requirements related to our transfer of personal data of EU residents to the United States, see below under “Do we participate in Privacy Shield?”
On July 16, 2020, the Court of Justice of the European Union, or the CJEU, issued a judgment in the Schrems II case (case C-311/18), which invalidated the EU-U.S. Privacy Shield framework as a valid basis for transferring data from the EU to the United States. The CJEU further concluded that the Standard Contractual Clause, or the SCCs, issued by the European Commission for the transfer of personal data to data processors established outside of the EU continue to serve as a valid transfer basis. Draw-K’s Terms of Service automatically applies the protections of SCCs to all Draw-K’s EU-based customers. Customers wishing for a signed copy of the SCCs can obtain one by contacting privacy@draw-k.com. Draw-K continues to monitor the impact of the Schrems II decision and related legal developments, and intends to update its practices and customer terms as appropriate. In the meantime, Draw-K continues to comply with its obligations under Privacy Shield, as discussed below.
Draw-K participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Draw-K is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom and Switzerland, respectively, in reliance on the Privacy Shield Frameworks, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
In the context of an onward transfer, Draw-K has responsibility for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Draw-K remains liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Draw-K is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Draw-K may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge).
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
After an account expires, Draw-K will store CRM Data in accordance with its Terms of Service and this Privacy Policy. In general, we keep a copy of this data for at least 30 days post-termination. After that, CRM Data is purged in accordance with Draw-K’s data deletion policies, generally within 180 days after a customer’s subscription expires.
You may request to review, correct, delete or otherwise modify any of your personal data. These choices apply to all personal data collected by Draw-K, and not only to cookie and marketing data as described in Draw-K’s Cookie Policy. If you have registered for an account for our CRM platform, you may generally update your user settings and profile by logging into our platform with your username and password and editing your settings or profile. You can also update the contact details of your leads, contacts, and prospects stored in the CRM platform at any time. Otherwise, to access, correct, delete your personal information, please visit the webpage Submit a Request, Draw-K Help Center. After we verify your request, we will respond to you in accordance with our legal obligations and this policy. If your request relates to your personal data stored on our CRM platform, this generally means we will direct your request to the licensed account administrator for review.
If you wish to unsubscribe to our marketing communications, you should follow the unsubscribe instructions included in our email communications, or you may contact us at privacy-questions@draw-k.com.
We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level.
Special data management rights belonging to California residents are described below under “California Rights and Choices.”
The following supplemental privacy policy (Supplemental Policy) describes how we process information about residents of California.
For individuals who are California residents, the California Consumer Privacy Act requires certain disclosures about the categories of personal information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it. While we have set out the categories below as required by the California Consumer Privacy Act, you can review the other sections of our Privacy Policy set out above, and other information that describes our data collection and use, which provide additional information about our collection and use of personal data.
Depending on how you interact with us, we may collect the categories of information as summarized in the table below. This Supplemental Policy also does not apply to personal information we collect from employees or job applicants in their capacity as employees or job applicants. It also does not apply to personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services.
All of the categories of personal information we collect about you (as detailed below) come from the following categories of sources:
|
Categories of Personal Information We Collect |
Categories of Third Parties with Which We Share that Information |
|
Identifiers (such as name, address, email address, employer information) |
Third parties (such as our service providers and integration partners) or your organization (through its purchase of an account with us) Our affiliate companies Aggregators (such as analytics services) |
|
Commercial Information (such as transaction data) |
Third parties (such as our service providers) Our affiliate companies Aggregators (such as analytics services) |
|
Financial Data (such as billing information) |
Third parties (such as our service providers and integration partners) Our affiliate companies |
|
Internet or Other Network or Device Activity (such as browsing history or app usage) |
Third parties (such as our service providers and integration partners) Our affiliate companies Aggregators (such as analytics services) |
|
Location Information (for example, inferred from your IP address) |
Third parties (such as our service providers and integration partners) Our affiliate companies Aggregators (such as analytics services) |
|
Professional or Employment-Related Data (such as the name of your employer) |
Third parties (such as our service providers and integration partners) Our affiliate companies Aggregators (such as analytics services) |
|
Legally Protected Classifications (such as gender and marital status) |
Third parties (such as our service providers and integration partners) Our affiliate companies |
|
Other Information that Identifies or Can Be Reasonably Associated with You |
Third parties (such as our service providers and integration partners) Our affiliate companies Aggregators (such as analytics services) |
All of the categories of personal information we collect about you (as detailed above) are used for the following purposes:
Subject to certain restrictions, if you are a California resident, you have the right to request that we disclose the personal information we collect about you, to delete any personal information that we collected from or maintain about you, and to opt-out of the sale of personal information about you. As a California resident, you also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, including our means of verifying your identity. If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, please visit the webpage Submit a Request, Draw-K Help Center. While completing this form is the best way to reach us, you may also email us at privacy-questions@draw-k.com or by calling us toll-free at (304) 532-2319.
Right to request access to your personal information
If you are a California resident, you have the right to request that we disclose the categories of personal information that we collect, use, or sell about you. You may also request the specific pieces of personal information that we have collected about you. However, we may withhold some information where the risk to you, your personal information, or our business is too great to disclose the information.
Right to request deletion of your personal information
If you are a California resident, you may also request that we delete any personal information that we have collected from/about you. However, we may retain personal information as authorized under applicable law, such as personal information required as necessary to provide our services, protect our business and systems from fraudulent activity, to debug and identify errors that impair existing functionality, as necessary for us, or others, to exercise their free speech or other rights, comply with law enforcement requests pursuant to lawful process, for scientific or historical research, for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. We need certain types of information so that we can provide our services. If you ask us to delete it, you may no longer be able to access or use our services.
How to exercise your access and deletion rights
California residents may exercise their California privacy rights by visiting our Customer Support center and submit the form located there. While completing this form is the best way to reach us, you may also email us at privacy-questions@draw-k.com or by calling us toll-free at (304) 532-2319.
For security purposes, we may request additional information from you to verify your identity when you request to exercise your California privacy rights.
California residents may opt out of the “sale” of their personal information. We do not “sell” your personal information as we understand that term to be defined by the California Consumer Privacy Act and its implementing regulations.
California residents have the right to not be discriminated against for exercising their rights as described in this Supplemental Policy. We will not discriminate against you for exercising your CCPA rights.
Draw-K LLC
16 UPPER MOBILE DR, COTTAGEVILLE, WV 25239
Tel. No.: (304) 532-2319
privacy-questions@draw-k.com