- What's your policy about Cookies?
- What personal information does HeadlessTesting gather?
- Which information do you share?
- What Data Subject Rights Do I Have?
- How Long Do We Retain Your Personal Data?
- Is my information safe on this website?
- Which information can I access?
- Are children allowed to use HeadlessTesting?
- How can I remove all my information from HeadlessTesting?
- Who is the Data Controller?
- What Are Our Legal Bases for Processing Personal Data?
- Conditions of use, notices, and revisions
What's your policy about Cookies?
What personal information does HeadlessTesting gather?
The information we learn from customers helps us personalize and continually improve your experience at HeadlessTesting.com.
During signup, you are asked for your first name and last name, together with an e-mail address.
When upgrading your plan, you may be asked for a telephone number and address by our billing provider.
Information from Other Sources: We might receive information about you from other sources and add it to our account information.
You are not required to provide any personal data to us, but if you do not provide any personal data to us, you may not be able to use certain features of our Services, such as those available to accountholders. You can use our Services without consenting to cookies that are not strictly necessary; the only consequence is that our Services will be less tailored to you. You can also use our Services without consenting to receiving marketing communications from us; the only consequence is that you may not receive marketing communications that you may be interested in.
Which information do you share?
We may share your information with the following recipients:
Subcontractors, sub-processors and service providers:
We share your firstname, lastname and email address to our payment providers Stripe and FastSpring and to our online chat widget Drift.
- A third party, in order to enforce or defend our rights, or to address financial or reputational risks.
- A third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity.
- Other recipients where we are authorised or required by law to do so.
- A purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase.
What Data Subject Rights Do I Have?
Under the conditions set out under the EU GDPR and any other national data protection laws in the EEA, you have the following rights:
- Right of access: You have the right to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to the personal data. The access information includes, among other things, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You have the right to obtain a copy of the personal data undergoing processing. Subject to applicable law, we may charge a reasonable fee for copies, based on administrative costs.
- Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: You have the right to ask us to erase your personal data to the extent it is not required for legally required purposes.
- Right to restriction of processing: You have the right to request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
- Right to data portability: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any cost. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to Submit Complaints: You have a right to lodge a complaint with a supervisory authority.
How Long Do We Retain Your Personal Data?
If you register for an account on our Services, we retain your personal data for as long as you have an account with us. If you provide your personal data in connection with a request for information or other services from us, we retain your personal data for as long as necessary to provide you with the requested information or services. We will delete, erase or anonymize your personal data within 31 days after your personal data is no longer necessary for us to provide you with any information or services you have requested, pursue any of the legitimate interests specified herein where the legitimate interest is not overridden by your fundamental rights or privacy interests, comply with any legal obligations to which we are subject, or defend any legal claim against us or support any legal claim made by us, including any potential appeal.
Is my information safe on this website?
HeadlessTesting uses SSL (HTTPs) on all parts of its service/website. SSL encrypts information between you and our website.
Payment data is handled by our payment provider (Stripe/FastSpring). We only have access to the last 4 digits of your credit card.
All sensitive data is encrypted in our database and in our log files.
Passwords and security tokens are stripped before they are logged into our system.
We will notify serious data breaches in respect of Account-Related Information or other Personal Information as required by law without undue delay, A Personal Information breach in this context means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise processed.
We restrict access to Account-Related Information and other Personal Information to employees, contractors, agents, and subcontractors that need to know such Personal Information in order to operate, develop or improve the Services that we provide. When we outsource any processes, we require the service provider to have reasonable and appropriate security measures in place.
Are children allowed to use HeadlessTesting?
We do not sell products for purchase by children. If you are under 18, you may use HeadlessTesting only with the involvement of a parent or guardian.
Which information can I access?
You can access and modify your personal information in our member area.
How can I remove all my information from HeadlessTesting?
Please log into our member area, click "Account" and click the "Remove account" button.
Who is the Data Controller?
If you are using our Services, the data controller is HeadlessTesting - Belgium, +1 (855) 410-0024 If you are communicating with the personnel of a HeadlessTesting entity in-person or via phone, email or mail, the data controller is the HeadlessTesting entity with whom you are communicating and any other HeadlessTesting entity with whom you or your organization does business. HeadlessTesting is a Data Processor on behalf of the applicable account holder with respect to Test Data uploaded to an account in our Services.
What Are Our Legal Bases for Processing Personal Data?
We process your personal data on several different legal bases, as follows:
- Contract Performance: Use of our Services is subject to our Conditions of Use and other applicable terms and conditions. We process the personal data of users of our Services as necessary to perform our contractual obligations in respect of such users or take steps at such users’ request prior to entering into a contract, pursuant to Article 6(1)(b) of the EU GDPR.
- Legitimate Interests: We process the personal data of users of our Services as necessary to pursue the following legitimate interests, pursuant to Article 6(1)(f) of the EU GDPR: To provide users with a good user experience, to maintain and secure our Services, to understand our users so that we can tailor our communications and services, including our marketing communications, to them, and to support and provide requested services and information to our users or customers. In these cases, we will ensure that your privacy and other fundamental interests do not override our legitimate interests.
- Legal Obligations: If we are subject to a lawful access request, engaged in a legal proceeding or suspect a user of illegal conduct, we may need to process your personal data as necessary to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process, pursuant to Article 6(1)(c) of the EU GDPR.
- Consent: If we are required to obtain your consent to send you marketing communications, place certain cookies on your device, or engage in other processing activities associated with the Services, we may perform such processing on the basis of your consent if you have provided it, pursuant to Article 6(1)(a) of the EU GDPR. In such cases, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. In such cases, providing your consent is voluntary, but we will not be able to provide you with a service for which we require your consent until we obtain such consent.
- Vital Interests: In extenuating circumstances, we may need to process your personal data to protect the vital interests of you or another natural person, pursuant to Article 6(1)(d) of the EU GDPR.
Conditions of use, notices, and revisions
If you choose to visit HeadlessTesting.com, your visit and any dispute over privacy is subject to this Notice and our Conditions of Use, including limitations on damages and resolution of disputes.
We may periodically alter this policy and our Terms of service. Please check these pages frequently to see the most recent changes.
Last updated: February 20, 2020
Attn: Data Protection Officer
Telephone number: +1 (855) 410-0024