Privacy Policy

Last Updated: October 25, 2018

Welcome to Toodledo, Inc.’s (“Toodledo”) Privacy Policy. We understand the importance of respecting your privacy, and we’re committed to protecting the personal information of our customers and site visitors.

We’ve kept this Privacy Policy as simple as possible, in order to let you the how, why and what of our data collection practices when you visit our website or use our mobile application.

It also tells you about your privacy rights and how the law protects you.

What Information Do We Collect?

Types of Data Collected

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). At Toodledo, we collect a variety of information about our customers and visitors to the Toodledo websites and mobile applications in order to provide a better customer experience. This personal data falls into these categories:

Category of Data What It Includes
Identity Data Your first name, last name, your login/password.
Contact Data Your billing address and email address.
Financial Data The last 4 digits of your credit card and the expiration year only and your PayPal account information.
Transaction Data Details about payments from you and other details of services you have purchased from us and any data that you upload to the website or mobile services.
Profile Data Your name and password, purchases or orders made by you, preferences, feedback responses, as well as any profile data which we have added (for example, using analytics).
Technical Data Your first name, last name, your login/password.
Identity Data IP address, your login data, operating system and browser type and version, location and other technology on the devices you use to access the website or mobile application.
Usage Data Information about how you use our website and mobile applications and services.
Tracking Data Information we or others collect about you from cookies and similar tracking technologies.
Marketing and Communications Data Your preferences in receiving direct marketing from us and our third parties and your communication preferences.

Aggregated Data

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website or mobile application feature. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

To provide better content and service, Toodledo’s websites and mobile applications use the Cyfe analytics service and the Google Analytics web analytics service. You can learn more about Cyfe's use of cookies by visiting https://www.cyfe.com/privacy. Google Analytics’ use of cookies by visiting the Google Privacy and Terms page at http://www.google.com/policies/. You may opt out of being tracked by Google Analytics by:

  • Turning off cookies in the preferences settings in your browser
  • Downloading the Google Analytics opt-out browser add on available at: https://tools.google.com/dlpage/gaoptout/
  • Opting out of user interest and demographic categories in the Settings for Google Ads feature to manage or opt out of Google interest based ads; or
  • Managing cookies used for online advertising across multiple companies at the US-based Network Advertising Initiative at http://www.networkadvertising.org/choices/.

If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

Toodledo tracks your browsing habits across other third-party websites and we do not respond to browser do not track signals.

Sensitive Information

We do not request and do not want to collect any sensitive data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences. If you voluntarily upload such information to the website or mobile application, you are expressly consenting to Toodledo’s collection of such information.

Children’s Privacy

Toodledo recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. Neither our website, mobile application nor our services are intended for children under the age of 16. Toodledo does not target its services or this website or mobile application to children under 16. Toodledo does not knowingly collect personal data from children under the age of 16.

How We Use Your Information

We use your information in a number of different ways. The tables below provide more detail, showing what we do with your information and why, but generally, we use your information for the following reasons:

  • In order to perform the contract we are about to enter into or have entered into with you. For example, when you use or purchase our services pursuant to our Terms of Use, that’s a contract. This may include disclosure to the third parties who help us perform our end of the bargain, such as payment processors.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we carry out fraud screening as part of the check-out process.
  • Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
Purpose/Activity Type of Data Non-Exhaustive Lawful Basis for Processing
To register you as a new customer Identity; Contact Performance of a contract with you
To process and deliver you our services including: Manage payments, fees and charges Collect and recover money owed to us Identity; Contact; Financial; Transaction; Marketing and Communications Performance of a contract with you Necessary for our legitimate interests (including to recover debts due to us)
To manage our relationship with you which will include: Notifying you about changes to our terms or Privacy Policy Providing you with customer support Notifying you of service issues and features Identity; Contact; Profile; Marketing and Communications Required in order to perform of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products).
To deliver direct marketing to you Identity; Contact; Profile; Usage; Marketing and Communications; Tracking; Technical For most direct marketing communications, we rely on consent or consent implied from your past purchase from us of similar products, however there are situations in which it is in our legitimate interests to use your personal data in this way (Please see Advertising, Marketing and Your Communications Preferences below)
To administer and protect our business and this website or mobile application (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity; Contact; Technical; Tracking Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you Identity; Contact; Profile; Usage Marketing and Communications; Technical; Tracking Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, mobile application, services, marketing, customer relationships and experiences Technical; Tracking; Usage Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website and mobile application updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about other products of ours that may be of interest to you Identity; Contact Technical; Usage; Profile Necessary for our legitimate interests (to develop our products/services and grow our business)
To prevent and detect fraud and unlawful acts Identity; Contact; Financial; Transaction; Technical; Tracking Necessary for our legitimate interests (to protect our business and our customers by way of undertaking fraud monitoring and suspicious transaction monitoring) Necessary to comply with a legal or contractual obligation to share personal data for the purposes of law enforcement
In order to resolve legal claims or disputes involving you or us All relevant data categories, depending on the nature of the allegation or claim Necessary to bring or defend a claim

How Is Your Data Collected?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact, Transaction Data and Financial Data by filling in forms, uploading content and data or by corresponding with us by email. This includes personal data you provide when you:

  • sign up to receive information
  • make inquiries or request information be sent to you
  • create an account on our website or mobile application
  • order or purchase our services
  • ask for marketing to be sent to you
  • contact us; or
  • upload content such as tasks, lists and notes.

Automated technologies or interactions. As you interact with us via our website or mobile application, we may automatically collect Technical Data about your operating system, browsing actions and patterns. We may also collect Tracking Data when you use our website or mobile application, or when you click on one of our advertisements (including those shown on third party websites).

Third parties or publicly available sources. We may receive personal data about you from various types of third parties, including:

  • Technical Data and/or Tracking Data from analytics providers, advertising networks and search information providers.

Sharing Your Information

  • Companies that help us to provide our services, such as hosting service providers and payment service providers;
  • Professional service providers, such as auditors bankers, lawyers, accountants and insurers, marketing agencies, advertising partners and website hosts, who help us run our business; and
  • Governments, regulators, law enforcement and fraud prevention agencies, so we can assist law enforcement and comply with law enforcement; and
  • Companies approved by you, such as social media sites (if you choose to link your accounts to our website or mobile application).

For example, we share personal data with the following specific third parties:

  • Rackspace for hosting. Please visit their Privacy Policy to see how they use your personal data.
  • CampaignMonitor for assisting us with our marketing campaigns. Please visit their Privacy Policy to see how they use your personal data.
  • Stripe and PayPal for processing payments. Please visit their Privacy Policy to see how they use your personal data.

We also share data with third parties connected to advertising, retargeting and analytics. Please see Cookies below, including the cookie list, for more information about who those third parties are.

We may share data with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

If you elect to send a list or task from the website or mobile application to another user, we will transmit your name and email along with the list or task you requested to that user.

We may also share your personal data if the law otherwise allows it.

Payment Information

Toodledo uses third-party payment processors Stripe and PayPal to process payments. All online payments are conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information is encrypted before being communicated to them. Subject to the below exceptions, your credit card details are communicated directly from your browser to these payment processors - Toodledo does not see your full Permanent Account Number (PAN).

Advertising, Marketing and Your Communication Preferences

We may use your Identity, Contact, Technical, Tracking, Usage and Profile Data to form a picture of what we think may be of interest to you. This is how we decide which products, services and offers may be relevant for you and tell you about them. This is what we call direct marketing. We carry out direct marketing by email. You have the right at any time to opt out of marketing emails. The easiest way to opt out is to use the unsubscribe link that you will find at the bottom of each communication.

If you see Toodledo’s advertisements on websites and in social media, these may not be directed specifically at you, we might just have bid for the space. But we may specifically direct certain email promotions to you.

We also work with partners to try and promote the reach of our advertisements and use analytics and retargeting for this reason. We use Tracking Data to deliver relevant online advertising, including via websites and social media. For more information on Tracking Data, and in particular cookies, which also help us deliver website and social advertising that we believe is most relevant to you and to potential new customers of Toodledo, please see Cookies below.

Cookies

You can see from Advertising, Marketing and Your Communication Preferences above that cookies are a tool that we – and everyone one else who operates online – use for advertising. However, advertising is just one of the many reasons why cookies are used, and as you can see below, there are different types of cookies.

Strictly Functional Cookies

First and foremost, cookies help our websites work better. They help us work behind the scenes to make your customer experience a lot easier. You’d miss a lot of these things if they were gone – like easily logging in and moving from page to page.

Performance Cookies

Other cookies collect information about how visitors use our websites, and measure how well the websites work – like whether a visitor gets an error message from our web pages. These cookies don't collect information that identifies a visitor. All of the information that these types of cookies collect is aggregated and used to improve how our websites works.

Advertising Cookies

And of course, there are cookies that collect information about your browsing habits in order to make any advertising that is delivered to you more relevant to you and your interests. They are usually placed by advertising networks with our permission. They remember that you have visited a website and this information is then shared with other organizations such as advertisers. Quite often, targeting or advertising cookies will be linked to site functionality provided by the other organization. This is also why when you’ve been on one of our websites, you might see some tools that you previously looked at on our websites. This includes retargeting.

Cookies can also tell us if you have seen a specific advertisement, and how long it has been since you have seen it. This is helpful, because it means we can control the effectiveness of our advertisements and control the number of times people might be shown our advertisements. Cookies also help us understand if you’ve opened a marketing email - we don’t want to send you things that you don’t read.

Almost all the cookies that relate to advertising are part of third party online advertising networks. If you’d like to read about how you can control which advertisements you see online, see opt-out programs established by the Digital Advertising Alliance (United States), the Digital Advertising Alliance of Canada and the European Interactive Digital Advertising Alliance. We do not control cookies which are set by advertising networks.

You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For more information about the cookies we use, including who they belong to, their ID and why they are used, click here. We’ve also included links to the third-party websites where you can go to find out more.

Third Party Links

The website and mobile application may provide links to other websites or resources, including apps developed by third parties using the Toodledo API that may integrate with our website and mobile application, over which Toodledo does not have control (“External Websites”). Such links do not constitute an endorsement by Toodledo of those External Websites, and Toodledo is providing these links to you only as a convenience. We are not responsible for the content of those External Websites, and your use of External Websites is subject to their respective terms of use and privacy policies.

Data Security & Retention

We have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption and password protection. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it in the first place, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you cease using our website and mobile application for one (1) year, we will generally delete your data at that one (1) year anniversary from when you ceased use.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We generally keep certain information about our customers (such as, Contact, Identity, Financial and Transaction Data) related to our customers' purchases for seven years after a transaction for tax purposes.

In some circumstances you can ask us to delete your data; see Your Legal Rights below for further information.

International Transfers

The information you enter on the website or mobile application or otherwise provide to Toodledo may be transferred and processed outside of the European Economic Area to the United States of America, which does not offer an equivalent level of protection to that of the European Union. The European Union's General Data Protection Regulation (“GDPR”) allows for transfer of personal data from the European Union to a third country in certain situations. By agreeing to the Terms of Use and this Privacy Policy, you agree to the transfer of all such information to the United States of America and to the processing of that information by Toodledo on servers located in the United States of America as described in this Privacy Policy. We may adopt other means, such as entering into different certification programs such as the Privacy Shield under applicable law, in order to ensure adequate safeguards under the GDPR.

Your Legal Rights

If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal data:

  • The right to be informed – that’s an obligation on us to inform you how we use your personal data (and that’s what we’re doing in this Privacy Policy);
  • The right of access – that’s a right to make what’s known as a ‘data subject access request’ for a copy of the personal data we hold about you;
  • The right to rectification – that’s a right to make us correct personal data about you that may be incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
  • The right to erasure (also known as the ‘right to be forgotten’) – that’s where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
  • The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
  • The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
  • The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
  • Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making.

These rights are subject to certain rules around when you can exercise them. If you wish to exercise any of the rights set out above, please contact us (see How to Contact Toodledo About Privacy).

Generally, you will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details in How to Contact Toodledo About Privacy below.

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us first.

How to Contact Toodledo About Privacy

If you have any questions about this Privacy Policy, or would like to exercise any of your rights, even if you are not located in the European Economic Area, please contact us at:

Title or Role: Privacy Manager

E-Mail: [email protected]

Phone Number: +1 (786) 625-5350

Changes to this Privacy Policy

Toodledo may need to update this Privacy Policy from time to time. If so, Toodledo will post its updated Privacy Policy on our websites along with a change notice on the websites. If we make significant changes, we may also send registered users of our services a notice that this Privacy Policy has been changed. Toodledo encourages you to review this Privacy Policy regularly for any changes. Your continued use of this website, mobile application and/or services and/or your continued provision of personal data to us after the posting of such notice will be subject to the terms of the then-current Privacy Policy.