Welcome, and thank you for your interest in CloveCRM (“CloveCRM”, “we,” or “us”), our web site at https://www.clovecrm.com (the “Site”), and all related web sites, downloadable software, mobile applications (including tablet applications), and other services provided by us and on which a link to this Privacy Notice is displayed, and all other communications with individuals though from written or oral means, such as email or phone (collectively, together with the Site, our “Service”). This Privacy Notice (“Policy”) describes the information that we gather on or through the Service, how we use and disclose such information, and the steps we take to protect such information.

If you are a California resident, please review the section of this Privacy Policy for California residents. This Policy is incorporated into, and is subject to, the CloveCRM Terms of Service. Capitalized terms used but not defined in this Policy have the meaning given to them in the CloveCRM Terms of Service. The addresses of our offices, where CloveCRM, Inc. and our affiliates are located, can be found at https://www.clovecrm.com/

• Definitions
• Roles & Responsibilities.
• Information We Collect and description of how we use it.
• Information We Collect from you through the Service and description of how we use it.
• Disclose Information to third parties

1. Definitions “Client” means a customer of CloveCRM. “Client Data“ means personal data, reports, addresses, and other files, folders or documents in electronic form that a User of the Service stores within the Service. “Personal Data” means any information relating to an identified or identifiable natural person. “Public Area” means the area of the Site that can be accessed both by Users and Visitors, without needing to log in. “Restricted Area” means the area of the Site that can be accessed only by Users, and where access requires logging in. “User” means an employee, agent, or representative of a Client, who primarily uses the restricted areas of the Site for the purpose of accessing the Service in such capacity. “Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.

2. Roles & Responsibilities CloveCRM is the controller of your Personal Data, as described in this Privacy Notice, unless otherwise stated. Please note that this Privacy Notice does not apply to the extent that we process Personal Data in the role of a processor (or a comparable role such as a “service provider” in certain jurisdictions) on behalf of our Clients, including where we offer to our Clients various cloud products and services, through which our Clients (and/or their affiliates) connect their own websites and applications to our hosted platform, sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Data via our cloud products and services. In such cases, CloveCRM does not own, control or direct the use of any of the Client Data stored or processed by a Client or User via the Service. Only the Client or Users are entitled to access, retrieve and direct the use of such Client Data. The Client or the User is the data controller under the Regulation for any Client Data containing Personal Data. For detailed privacy information applicable to situations where a CloveCRM Client (and/or a Client affiliate) who uses CloveCRM’s cloud products and services is the controller, please reach out to the respective Client directly. We are not responsible for the privacy or data security practices of our Clients, which may differ from those set forth in this Privacy Notice. If not stated otherwise either in this Privacy Notice or in a separate disclosure, we process such Personal Data in the role of a processor or service provider on behalf of a Client (and/or its affiliates), who is the responsible controller of the applicable Personal Data. If your Personal Data has been submitted to us by or on behalf of a CloveCRM Client and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable Client directly. CloveCRM is largely unaware of what Client Data is actually being stored or made available by a Client or User to the Service and does not directly access such Client Data except as authorized by the Client, or as necessary to provide Services to the Client and its Users. Except as provided in this Privacy Notice, CloveCRM does not independently cause Client Data containing Personal Data stored in connection with the Services to be transferred or otherwise made available to third parties, except to third party Subprocessors who may process such data on behalf of CloveCRM in connection with CloveCRM’s provision of Services to Clients. CloveCRM is not responsible for the content of the Personal Data contained in the Client Data or other information stored on its servers (or its subprocessors’ servers) at the discretion of the Client or User nor is CloveCRM responsible for the manner in which the Client or User collects, handles disclosure, distributes or otherwise processes such information. If you are a CloveCRM Client and need a signed Data Processing Addendum in addition to the Terms of Service and Privacy Notice, you can find the document signed on behalf of CloveCRM here.

3. The Information We Collect We collect different types of information from or through the Service.

3.1 Information you provide directly to CloveCRM Account signup: When you sign up for an account to access one or more of our services, we ask for information like your name, contact number, email address, company name and country to complete the account signup process. You may also provide us with more information such as your photo, time zone and language, but we don’t require that information to sign up for an account. Event registrations and other form submissions: We record information that you submit when you (i) register for any event, including webinars or seminars, (ii) subscribe to our newsletter or any other mailing list, (iii) submit a form in order to download any product, whitepaper, or other materials, (iv) participate in contests or respond to surveys, or (v) submit a form to request customer support, or to contact CloveCRM for any other purpose. Payment processing: When you buy something from us, we ask you to provide your name, contact information, and credit card information or other payment account information. When you submit your card information, we store the name and address of the cardholder, the expiry date and the last four digits of the credit card number. We do not store the actual credit card number. For quick processing of future payments, if you have given us your approval, we may store your credit card information or other payment information in an encrypted format in the secured servers of our Payment Gateway Service Providers Testimonials: When you authorize us to post testimonials about our products and services on websites, we may include your name and other personal information in the testimonial. You will be given an opportunity to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, you can contact us at support@macincode.com. Interactions with CloveCRM: We may record, analyze and use your interactions with us, including email, telephone, and chat conversations with our sales and customer support professionals, for improving our interactions with you and other customers.

3.2 Information Collected by Clients A Client or User may store or upload Client Data into the Service. CloveCRM has no direct relationship with the individuals whose Personal Data it hosts as part of Client Data. Each Client is responsible for providing notice to its customers and third persons concerning the purpose for which Client collects their Personal Data and how this Personal Data is processed in or through the Service as part of Client Data.

3.3 Automatically Collected Information Information from browsers, devices and servers: When you visit our websites, we collect information that web browsers, mobile devices and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL, date and time of access, operating system, mobile device manufacturer and mobile network information. We include these in our log files to understand more about visitors to our websites. Information from cookies and tracking technologies: We use temporary and permanent cookies to identify users of our services and to enhance user experience. We embed unique identifiers in our downloadable products to track usage of the products. We also use cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness and for targeted visitor and user engagement by tracking your activities on our websites. You can learn more about the cookies used on our websites here. Information from application logs and mobile analytics: We collect information about your use of our products, services and mobile applications from application logs and in-house usage analytics tools, and use it to understand how your use and needs can improve our products. This information includes clicks, scrolls, features accessed, access time and frequency, errors generated, performance data, storage utilized, user settings and configurations, and devices used to access and their locations.

4. How We Use the Information We Collect We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:

4.1 Operations We use the information – other than Client Data - to operate, maintain, enhance and provide all features of the Service. To set up and maintain your account, and to do all other things required for providing our services, such as enabling collaboration, providing website and email hosting, and backing up and restoring your data; To provide customer support, and to analyze and improve our interactions with customers; To detect and prevent fraudulent transactions and other illegal activities, to report spam, and to protect the rights and interests of CloveCRM, CloveCRM's users, third parties and the public. We process Client Data solely in accordance with the directions provided by the applicable Client or User.

4.2 Improvements We use the information: To understand how users use our products and services, to monitor and prevent problems, and to improve our products and services; To analyze trends, administer our websites, and track visitor navigations on our websites to understand what visitors are looking for and to better help them; Should this purpose require CloveCRM to process Client Data, then the data will only be used in anonymized or aggregated form.

4.3 Communications In addition to the purposes mentioned above, we may use your information for the following purposes: To communicate with you (such as through email) about products and materials that you have downloaded and services that you have signed up for, changes to this Privacy Notice, changes to the Terms of Service, or important notices; To keep you posted on new products and services, upcoming events, offers, promotions and other information that we think will be of interest to you; To ask you to participate in surveys, or to solicit feedback on our products and services;

4.4 Analytics To update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you; To monitor and improve marketing campaigns and make suggestions relevant to the user.

4.5 Legal Bases for Processing Personal Data (for United Kingdom and European Economic Area and other relevant jurisdictions) If you are an individual in the United Kingdom, the European Economic Area (EEA), or of another relevant jurisdiction, we collect and process information about you only where we have a legal basis or bases for doing so under applicable laws. The legal bases depend on the products and services that your organization has purchased from CloveCRM, how such products and services are used, and how you choose to interact and communicate with CloveCRM’s websites, systems, and whether you attend CloveCRM events. This means we collect and use your Personal Data only where: We need it to operate and provide you with our products and services, provide customer support and personalized features, and to protect the safety and security of our products and services; It satisfies a legitimate interest of CloveCRM’s (which is not overridden by your data protection interests and rights), such as for research and development, to provide information to you about our products and services that we believe you and your organization may find useful, and to protect our legal rights and interests; You give us consent to do so for a specific purpose; or We need to comply with a legal obligation. Where we rely on legitimate interests to process your Personal Data, you can object to that processing as described below under “Your Choices.” In response to your objection, we will stop processing your information for the relevant purposes unless we have compelling grounds in the circumstances or the processing is necessary in the context of legal claims. CloveCRM may also process other information that constitutes your Personal Data for direct marketing purposes and you have a right to object to CloveCRM’s use of your Personal Data for this purpose at any time.

4.6 Additional Limits on Use of Your Google User Data Notwithstanding anything else in this Privacy Notice, if you provide CloveCRM access to your Google data (e.g., when you enable the email sync feature with your Google account), CloveCRM’s use of that data will be subject to these additional restrictions: CloveCRM will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets. CloveCRM will not use this Gmail data for serving advertisements. CloveCRM will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for CloveCRM’s internal operations and even then only when the data have been aggregated and anonymized. CloveCRM’s use of information received and CloveCRM’s transfer of information to any other app from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

5. To Whom We Disclose Information Except as described in this Notice, we will not intentionally disclose the Personal Data or Client Data that we collect or store on the Service to third parties without the consent of the applicable Visitor, User or Client. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

5.1 Unrestricted Information Any information that you voluntarily choose to include in a Public Area of the Service, such as a public profile page, will be available to any Visitor or User who has access to that content.

5.2 Other Users in Your Company Account Certain information about your use of the CloveCRM Services is available to the administrator(s) of your CloveCRM Account and, depending on the settings chosen by the Users of the Account, also to other Users for the purposes of providing the CloveCRM Services.

5.3 CloveCRM Communities, Marketplace and Other User Generated Content We make available various community forums and self-help support materials, as well as blogs and other means for you to post information on our websites. This information you post is publicly-available information that you choose to disclose and it may be read, collected, and processed by others that visit these websites. Except for username (which may be your real name) and the details that you choose to include in your profile, the categories of data disclosed in these circumstances will depend on what information you choose to provide. Your posts and certain profile information may remain even after you terminate your CloveCRM account. We urge you to consider the sensitivity of any information you may disclose in this way. We will correct or delete any information you have posted on the websites if you so request, as described in Section 10 "Your Choices" below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.

5.4 Non Personally Identifiable Information We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our Clients’, Users’ and Visitors’ interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service, all of the foregoing being subject to additional limits on use of your data as stated in this Privacy Notice.

5.5 Law Enforcement, Legal Process and Compliance We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.

5.6 Change of Ownership Information about Users and Visitors, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the User or Visitor Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Notice. Client Data may be physically or electronically transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, for the sole purpose of continuing the operation of the Service, and only if the recipient of the Client Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Notice.

6. Data Security At CloveCRM, we take data security very seriously. We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorized access, use, modification, disclosure or destruction of the information you entrust to us. These measures have been audited and certified to industry standards. However, no security system is perfect, and due to the inherent nature of the Internet, we cannot guarantee that data, including Personal Data, is absolutely safe from intrusion or other unauthorized access by others. You are responsible for protecting your password(s) and other authentication factors, as well as maintaining the security of your devices. To learn more about current practices, auditors’ certifications and policies regarding security and confidentiality of the Services, please visit our Privacy and Security page. If you believe your Personal Data has been compromised, please contact us as set forth in the “How to Contact Us” section. If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.

7. Minors and Children’s Privacy Protecting the privacy of young children is especially important. Our Service is not directed nor intended to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at support@macincode.com and request that we delete that child’s Personal Data from our systems.

8. Data Retention We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible. For CloveCRM CRM Service: the contents of closed accounts are deleted within 6 months of the date of closure; the content of closed Free Trial Accounts are deleted within 30 days of the date of closure; server archival backups are kept for 3 months.

9. Your Rights with respect to Information We Hold About You As a Controller & Choices

10.1 Your rights with respect to information we hold about you as a controller Right to access – you have the right to know which data we hold about you (if any). Right to data rectification – you have the right to require corrections to your Personal Data in case they are inaccurate or incomplete. Right to data deletion – you have the right under certain conditions to request the deletion of your Personal Data including in situations where the processing of your Personal Data is no longer necessary for the purposes for which it was collected, or if the processing of your Personal Data was based on your consent and you wish to withdraw your consent, and there are no other grounds for processing your Personal Data. Right to restriction of processing – You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. Right to data portability – You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means. Right to object – You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing. Right to complain – You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country. We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. If you wish to access or amend any other Personal Data we hold about you, or to request that we delete or transfer any information about you that we have obtained from an Integrated Service, you may contact us as set forth in the “How to Contact Us” section. At your request, we will have any reference to you deleted or blocked in our database. Additionally, You may update, correct, or delete your Account information and preferences at any time by accessing your Account settings page on the Service. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Service. Optional information: You can choose not to provide optional profile information such as your photo. You can also delete or change your optional profile information. You can always choose not to fill in non-mandatory fields when you submit any form linked to our websites. At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact CloveCRM’s Data Protection Officer at support@macincode.com.

10.2 Navigation Information You may opt out from the collection of navigation information about your visit to the Site by Google Analytics by using the Google Analytics Opt-out feature. You can disable browser cookies before visiting our websites. However, if you do so, you may not be able to use certain features of the websites properly.

10.3 Opting out from Commercial Communications You may opt out of receiving newsletters and other non-essential messages by using the ‘unsubscribe' function included in all such messages or by sending an email to the address provided in the “How to Contact Us” section. Please note that you will continue to receive essential notices and emails such as account notification emails (password change, renewal reminders, etc.), security incident alerts, security and privacy update notifications, and essential transactional and payment related emails. Users are able to view and modify settings relating to the nature and frequency of promotional communications that they receive from us by accessing the “Account functionality” tab on the Service.

10.4 Information processed on CloveCRM Client’s behalf CloveCRM has no direct relationship with the Client’s customers or third party whose Personal Data it may process on behalf of a Client. An individual who seeks access, or who seeks to correct, amend, delete inaccurate data or withdraw consent for further contact should direct his or her query to the Client or User they deal with directly. CloveCRM Clients can delete, amend or block access to any Personal Data inside CloveCRM application, or by contacting CloveCRM Support.

11.1 Categories of Personal Data Collected In the preceding 12 months, we have collected the following categories of Personal Data about California consumers. We may collect this Personal Data directly from you, from third parties, and from your interactions with us. For additional details about the Personal Data that we collect and the sources from which we collect this Personal Data, please review Section 3 above. The Personal Data categories are: Identifiers, such as name, email address, address, and phone number; Commercial information, such as records of products or services purchased and other transactional data; Internet or other network or device activity details, such as technical data about your use of our website, products and services; Inferences drawn from any of the above information. We may retain this Personal Data for as long as is needed for the purpose(s) for which it was collected and no longer than is relevant and reasonably necessary. Our retention periods vary based on business, legal and regulatory needs.

11.2 Business and Commercial Purposes for Collection; Disclosures for a Business Purpose We may collect all of the above categories of Personal Data to run our business and carry out our day-to-day activities, as described above in Section 4. We have disclosed each of these categories of Personal Data with our service providers for various business purposes, as described above in Section 5, in the preceding 12 months.

11.3 Categories of Personal Data Sold or Shared for Cross-Context Behavioral Advertising In the preceding 12 months, we have disclosed the above categories of Personal Data to third-party advertising partners, such as in connection with our use of tracking technologies for cross-context behavioral advertising or by providing lists of email addresses for potential customers, so that we can reach you across the web with advertisements for our products and services. This may be considered “sharing” or a “sale” under the CCPA. You can read more about our sharing and sales activities above in Section 3 and Section 5. CloveCRM does not have actual knowledge that it sells or shares the Personal Data of consumers under 16 years of age.

11.4 Your Rights The CCPA gives you certain rights regarding the Personal Data we collect about you: Right to Know About Personal Data Collected, Disclosed, or Sold. You have the right to request to know what Personal Data we collect, use, disclose, share and sell about you. Right to Request Deletion of Personal Data. You have the right to request the deletion of your Personal Data collected or maintained by us as a business. Right to Opt-Out of the Sale or Sharing of Personal Data. You have the right to opt-out of the sale of your Personal Data by us as a business. CloveCRM shares Personal Data as described above, which may be considered a “sale” of Personal Data under the CCPA. You may opt out by clicking here on in the “Cookie notice” link at the bottom of our website (www.clovecrm.com) and selecting your preferences on that page. You may also opt out by broadcasting an opt-out preference signal like the Global Privacy Control (GPC), but please note that this signal will be linked to your browser only. If you wish to learn more about the GPC and how to use a browser or browser extension incorporating the GPC signal, you can visit the GPC website here. Right to Limit the Use and Disclosure of Sensitive Personal Data. In some instances, we may use or disclose your Sensitive Personal Data for the legitimate business purposes as outlined under the CCPA, and for any other purposes as set forth in Section 4, above. Right to Correct Inaccurate Personal Data. You have the right to request the correction of your Personal Data if it is inaccurate and you may submit a request as further described below. Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA. 11.5. How to Exercise your California Rights You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information. Financial Incentives. We do not provide any financial incentives tied to the collection, sale, or deletion of your Personal Data. If you would like to make a request and exercise your rights described above, please contact us via support@macincode.com

12. Changes and Updates to this Notice Please revisit this page periodically to stay aware of any changes to this Notice, which we may update from time to time. If we modify the Notice, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Service after the revised Notice has become effective indicates that you have read, understood and agreed to the current version of the Notice.

13. How to Contact Us Please contact us with any questions or comments about this Notice, your Personal Data, our use and disclosure practices, or your consent choices by email at support@clovecrm.com. If you have any concerns or complaints about this Notice or your Personal Data, you may contact CloveCRM’s Data Protection Officer by email at support@clovecrm.com.