EU Privacy Notice

Last revised on

February 27, 2023

For Everyone

For Customers

For Partners

This Privacy Notice (“Notice”) describes how Gorgias Inc. (“Gorgias”, “we” or “us”) handles information we receive or collect about individual representatives of subscribers to our services (collectively, “You” or “Your”) when interacting with us, subscribing to our services, and using our websites and other digital services that link to this Notice (the “Services”). 

This Notice only applies to information we receive from the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“U.K.”). If You are from another jurisdiction, please refer to our Privacy Notice for more information on how we handle Your personal information or data. For purposes of this Notice and the processing of Personal Data from these jurisdictions, Gorgias Inc. is the “Controller” (as defined by such jurisdictions’ applicable data protection laws). 

This Notice is designed to describe our processing of personal data submitted to or obtained by Gorgias when our clients purchase and utilize the Services. This Notice only applies when Gorgias is the “Controller” of the personal data (such as when we receive contract information from our business clients (“Clients”) that subscribe to our Services and used for billing purposes). Thus, this Notice does not apply to personal data we process as a “data processor” on behalf of our Clients when they or their customers use our Services. If You have questions regarding how our Clients process Your personal data, please contact them directly. We are not responsible for the data protection practices of our Clients. If You are a Client, and have questions regarding how Gorgias processes personal data from You when we act as a data processor please refer to Gorgias Master Subscription Agreement and related data protection terms and policies, and not this Notice. 

By subscribing or using our Services, or by otherwise providing us with Your personal data for our business use, You are accepting the practices and policies described in this Notice. If You do not agree with this Notice, do not provide any personal data to us, or register or use the relevant Services where this notice is posted or linked. 

1. Whose personal data do we collect?

As used in this Notice, the terms “personal data” “data subject” and “processing” are as defined in the EU General Data Protection Regulation (GDPR).  “You” means the individual who provided personal data to us in connection with a Client’s subscription to our Services or obtained by us in connection with Your use of the Services, and includes personal business contact information of individual Client representatives.

2. What type of personal data do we collect and share, and what is our legal basis for doing so?

This section describes the categories of personal data we collect and to whom we disclose personal data. It also contains the legal basis we rely on to collect and share this information. Please see Section 4 of this Notice for a more specific description of why we collect Your personal data to support our legal basis.

While You may not be required to provide us with Your personal data to access our general public-facing website Services or review some of our content on the Service, there may be areas on our Service that require us to collect personal data from You, or about You or Your devices used to access the Services. If You do not provide the requested personal data or prevent us from collecting certain information from Your device, we may not be able to provide access or use of our Services, or such Services may not operate as intended.

3. How do we collect Your personal data?

We collect Your personal data in a variety of ways.  

Information Provided Directly from You. This includes instances when You visit our Services, subscribe or interact with our Services and Services by filling out a registration form or contacting us, when You participate in our marketing and outreach activities including surveys, contests, promotions, sweepstakes, conferences, webinars or when You otherwise use our Services.

Information Collected from Third Parties. We receive information about You from other third parties, such as service providers that help us to build and maintain our Services and that integrate their Services with ours, content providers, entities with whom we partner to sell or promote products and services, telephone and fax companies, authentication service providers, data brokers, and social media networks (including widgets related to such networks). Your interactions with third-party integrated or framed third-party services (including social media networks) are governed by the privacy statements of the companies that provide them, not this Notice.

Information Collected Passively. Our Services use tracking technologies to collect information about Your experience when accessing and using our Services.  For more information on how we use tracking technologies and the type of information we collect using these technologies, see our Cookies Notice in Section 5. When you access or use our Services, you consent to the use of these tracking technologies and the data they collect as described in Section 5.

Information Collected from Your Employer. We collect and process personal data concerning representatives (e.g., employees or contractors) of our Clients (or their representatives) and business partners (suppliers, investors and other business partners). We may also receive Your name, address, phone number, and company name from a friend as part of our Referral Program.

Type of Personal Data Collected Legal Basis
Personal Contact Information. Personal information to create an account, register with us as a subscriber to our Services, to receive our newsletter, for us to manage Your account, provide support, or for You to participate in webinars, events, programs, marketing, and promotional activities. This includes Your legal name, alias, postal address, email address, online identifiers (such as user name and password), account or user name, land and mobile phone numbers, social media identifiers (e.g., Twitter handle, Instagram name, etc.), or other similar identifiers that can be used to contact, communicate with, or identify You. legimate interest and consent
Payment Information. If You make a purchase, our payment processor will collect billing information and billing contact in the process of providing You with a subscription. We collect this information from You. Legitimate interests and Legal obligations
Geolocation Information. Based on the settings of the device and browser, we collect location data such as IP address. If you fill in webforms, we collect Your city and state. Legitimate nterests
Usage Information. We use web tracking technologies (e.g., cookies, web beacons, pixel tags and clear GIFs) to operate the Services efficiently and to collect data related to usage of the Services. Such collected data may include the IP address of the Services You visited before and after You visited the Services, the type of browser You are using, what pages in the Services You visit and what links You clicked on, and whether You opened email communications we send to You. Some of this information may be collected using a third-party’s tracking technologies. To learn more about how we use tracking technologies, the related data we collect and Your choices, please see our Cookie Notice in Section 5. Legitimate interests and Consent
Personal Data Shared Legal Basis
Service Providers and Contractors. We share Your personal data with service providers working on our behalf, such as hosting service providers, IT providers, operating systems and platforms, internet service providers, data analytics companies, marketing providers, suppliers, professional advisors (legal and consultancy), payment processors, and those that support our business operations such as identity verification, email distribution, market research, and promotions management. We provide these companies with only the information they need to perform their services and work for us or on our behalf. legimate interest and Legal obligations
Legal and Law Enforcement. We disclose any information without further notice to You to any law enforcement or regulatory authority to the extent required by law or if, in Gorgias reasonable discretion, disclosure is reasonable to: investigate, prevent, or take action regarding illegal activities, suspected fraud, and situations involving potential threats to the physical or online safety of any data subject; enforce or apply our other agreements and to protect our rights and our property or safety of our users or third parties; or to establish, exercise and defend against legal claims (including by sharing data with opposing or other related parties to the proceedings and their professional advisors). Legitimate interests, Legal obligations and Public interest
Corporate Transactions. We disclose Your personal data to financial advisers, legal service providers, investors, and potential buyers of our business or assets related to any merger, acquisition, sale, financing, or similar transaction. Legitimate interests and Legal obligations
Marketing. We disclose Your contact information (name, email, Service URL, etc.) to partners/sponsors/advertisers in connection with our marketing, promotional, advertisements, and other commercial communications. Legitimate interests and Consent
To the Public. If You provide testimonials or provide feedback that You published or intended to publish on the Services or as a Client testimonial, we disclose Your post and Your name on our Services and marketing materials. Any information You post on our Services might be read, collected, and used by others who access this information. You consent to this processing when you provide such testimonials or feedback. Consent
To Third Parties with Your Consent.We disclose Your personal data to other third parties with Your consent where required by law. However, we may also de-identity, anonymize, or otherwise aggregate the information in a manner that is no longer identifiable of an individual before sharing with third parties for any legally permitted purpose. Legitimate interests and Consent

4. Why do we collect Your personal data?

We collect and use the information we receive or collect from You or about You for the following purposes:

  • to provide, enhance, and offer our Services and integrated digital services and products we make available on our Services;
  • to communicate with You at Your request or as required in connection with Your purchase, access or use of the Services;
  • to enable interactions and use of our Services;
  • to manage, authenticate, and promote the security of Your account and the use of our Services;
  • to create, maintain, customize, administer, and secure Your account; 
  • to enter, manage, and fulfill our contract with You or Your company; 
  • to process and complete Your contact and support requests and send You related information, including purchase confirmations and invoices; 
  • to provide You with customer service and support; 
  • to inform You of and promote additional features, products, and services offered by us or third parties that may be of interest to You, unless You have opted-out from receiving such communications or You have not consented to such communications, as required under applicable law; 
  • to diagnose, repair and track service and quality issues; 
  • to facilitate an order, download, expiration or termination; 
  • to send You transactional messages, provide security alerts and updates, and communicate with You about our practices; 
  • to manage and promote Your invitation and participation in conferences, webinars, and event registrations we promote, sponsor or hold; 
  • to manage and promote Your participation in our surveys, contests, promotions, and sweepstakes, if any; 
  • to personalize our Services for You; 
  • to deliver content information relevant to Your interests; 
  • to install and configure changes and updates to programs and technologies related to interactions with us and our Services; 
  • to respond to Your requests, complaints, and inquiries;
  • to fulfill a referral request if You participate in our Referral Program or to contact You as a potential Client using personal data received from a participant of our Referral Program;
  • to evaluate or audit the usage and performance of programs and technologies related to Your interactions with us; 
  • to record phone calls and/or video meetings for quality assurance, training and analysis purposes;
  • for credit and payment collection, accounting and other similar business functions;
  • for legal, safety, or security reasons, such as:
  • to comply with legal requirements, establish, exercise or defend against legal claims, whether in court proceedings or in an administrative or out-of-court procedures; 
  • protect the safety, security, and integrity of our Services and rights of those who interact with us or others; 
  • review compliance with applicable terms of use, investigate fraudulent transactions, unauthorized access to our Services, content and conduct policy violations, and illegal activities (in compliance with legal obligations under applicable laws); and 
  • otherwise detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; and
  • in connection with corporate transactions, sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events, such as to comply with requests from a prospective or an actual purchaser interested in our companies and other assets, or in relation to a prospective or actual purchase of companies or assets by us.

5. How do we use tracking technologies?

Tracking Technologies We Use:  We collect information over time through the Services by using several common types of tracking technologies (including cookies, log files, pixels, tags, web bugs, web beacons, clear GIFs, Local Storage Objects (LSOs) or other similar technologies) to collect information about the ways You interact with and use the Services and our Services, to support and enhance features and functionality, to monitor performance, to personalize content and experiences, for marketing and analytics, and for other lawful purposes. We may also permit third parties that collect information in this way on Our behalf and for their own business purposes.  Tracking technologies are small files that download when You access certain Services.  For more information visit: http://www.allaboutcookies.org/.

To assist us with analyzing our Services traffic through tracking technologies, we use analytics services such as Google Analytics.  For more information on Google Analytics’ processing of Your personal data, please see “How Google uses information from Services or apps that use our services.”  You can opt out of Google Analytics by installing Google’s opt-out browser add-on.

We may use cookies that are session-based or persistent.  Session cookies expire when You close Your browser or turn off Your device.  Persistent cookies remain on Your device after You close Your browser or turn off Your device.  

The following chart describes the type of tracking technologies we use:

Type of Cookies Description
Session Cookies A session cookie is for temporary use. It helps track real-time changes in a user's activity while on a website and disappears after the web session is over.
Necessary Cookies Required cookies are essential for the operation of the Service. They include, for example, cookies that allow You to access and use secure areas of the Services.
Performance These cookies collect information about how You use the Services, including which pages You go to most often and if You receive error messages from certain pages. These cookies do not collect information that individually identifies You. All information these cookies collect is aggregated and anonymous. It is only used to improve how the Services’ function and perform.
Functionality Functionality cookies allow us to remember information You have entered or choices You make (such as Your username, language, or Your region) and provide enhanced, more personal features on the Services. These cookies also enable You to optimize Your use of the Services after logging in. These cookies can also be used to remember changes You have made to text size, fonts and other parts of web pages that You can customize.
Targeting or Advertising From time-to-time, we may engage third parties to track and analyze usage and volume statistical information from individuals who visit the Services and Service. We sometimes use cookies delivered by third parties to track the performance of our advertisements. For example, these cookies remember which browsers have visited the Services. The information provided to third parties does not include personal data, but this information may be re-associated with personal data after it is received.

Your Choices: Most internet browsers accept cookies by default. You can accept, or block cookies by activating the setting on Your browser that allows You to reject all or some cookies, or by changing Your cookie preferences via the Services. The help and support area on Your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow You to control or reject cookies or to alert You to when a cookie is placed on Your computer, tablet or mobile device. On a mobile device, You may also be able to adjust Your settings to permit or limit ad tracking. Although You are not required to accept cookies, if You block or reject them, You may not have access to all of the features available through the Services. To find out more on how to manage and delete cookies, visit aboutcookies.org.  For more details on Your choices regarding use of Your web browsing activity for interest-based advertising You may visit the following Services:

6. How can You opt out of receiving marketing emails from Us?

If You would like to be removed from our marketing mailing list or database, please contact us at support@gorgias.com or follow the unsubscribe directions located in the footer of our electronic marketing messages.  

7. Do we collect information relating to children?

Our Services are meant for business Clients, and we will not knowingly collect personal data from any data subject under the age of 18. If You are a parent or legal guardian and think Your child has given us information You can email us at support@gorgias.com. You can also write to us at the address listed in Section 14, “Contacting Gorgias”, of this Privacy Notice. Please mark Your inquiries “Children Privacy Inquiry.”

8. How do we protect Your personal data?

We will use reasonable administrative, technical, and operational measures to protect the security and integrity of Your personal data in accordance with this Notice and applicable law. Unfortunately, the internet is not inherently secure, and we cannot guarantee that any safeguards or security measures will be sufficient to prevent a security issue with information transmitted over the internet.  Any transmission is at Your own risk and Your personal data may be disclosed to third parties in unforeseeable situations or situations that are not preventable even when commercially reasonable protections are employed, such as in the case that Gorgias is subject to a hacking or other attack.   

You must take reasonable precautions to prevent unauthorized access to Your account and personal data used to access our Services, such as by selecting and protecting passwords and/or other sign-on mechanisms appropriately, limiting access to Your device used to sign-in into Your account or other authenticated pages on our Services, and by turning off or logging-off from Your device if You have auto-login enabled. We also recommend that You take steps to protect against unauthorized access to any devices, networks and applications connected to, or integrated with, the Services.

9. How long do we store Your personal data?

The time periods for which we retain Your personal data depend on the purposes for which we use it. We will keep Your personal data for as long as You are a registered account holder or user of our Services, or for as long as we have another business purpose to do so (e.g., for business, tax, or legal purposes).  We otherwise will not retain Your personal data for longer than is required or permitted by law, or longer than our records retention policy, or longer than reasonably necessary for internal reporting and reconciliation purposes, or to provide You with feedback or information You might request. 

Following termination or deactivation of Your user account or contact with Gorgias, we may retain all information posted to public areas of the Service. Following termination or deactivation of Your account or contract, if any, we may retain Your personal data and other data, but will maintain it as confidential according to this Notice, and as required by applicable law or the contract with Gorgias. Except as provided under an agreement between the Client and Us, we have the right to delete all of Your personal data and other data after termination of Your account or agreement with Us without notice.

We may retain information that is de-identified, aggregated, or anonymized for as long as we deem appropriate.

Even if You delete Your account (e.g., Referral Program Portal), the deletion by our service providers may not be immediate and the deleted information may persist in backup copies for a reasonable period of time.  When we have no ongoing business need to process Your personal data, we may also anonymize or aggregate it or, if this is not possible (for example, because the information has been stored in backup archives), then we will store the information and isolate it from any further use until deletion is possible.

10. How do we treat third-party links?

The Services contain links to other websites or other digital services not owned or controlled by us. We are not responsible for the practices or the content of those third-party websites or other online services. Your use of such third-party Services and digital services is at Your own risk.  We encourage You to review such third-party privacy notices and practices before You share Your personal data with such third parties or on a third-party’s website as we are not responsible for how such third parties will handle information You share. 

This Notice applies solely to information collected by us or by third parties solely on our behalf.

11. Amendments to this Notice.

We may modify or amend this Notice from time to time. If we make any material changes, as determined by Us, we will notify You of these changes by modification of this Notice, which will be available for review by You on the Services. If any of such changes are unacceptable to You, You should cease interacting with us. Your continued use of our Services following the posting of such changes constitutes Your acceptance of those changes.

12. Do we transfer information to other countries?

To facilitate our global operations, We transfer information to other countries. When making any transfers of personal data from the EEA, Switzerland and the U.K. we will comply with applicable legal and regulatory obligations to ensure an adequate level of protection for the personal data. Certain third countries have been officially recognized by the EEA, Swiss, and U.K. authorities as providing an adequate level of protection and no further safeguards are necessary when transferring to these countries. When transferring

Your personal data to countries which do not have the same data protection laws as the EEA, Switzerland and the U.K., we will, where required by applicable law, use specific contracts approved in the U.K., EEA and Switzerland which give personal data the same protection it has in these jurisdictions (e.g., Standard Contractual Clauses (EU) 2021/914 and/or the U.K. Addendum to such clause). This is true whether or not the transfer is within our group, or to a third party. With respect to inter-company transfers between Gorgias’ affiliates in EEA to our affiliates in the United States, Gorgias also relies on standard contractual clauses.

13. Your Data Protection Rights.

Your rights: You may exercise certain rights regarding Your personal data.

  • Right to Access: You have the right to request information about our processing of Your personal data (as detailed in Section 2 of this Notice) and to receive a copy of your personal data We process.
  • Right to Rectification: You have the right to request the rectification of inaccurate personal data and to have incomplete information completed.
  • Right to Erasure: You have the right to request that we erase personal data that we have collected from You in certain cases.
  • Right to Restrict Processing: You may request that we restrict the processing of Your personal data in certain cases.
  • Right to Data Portability: You may request to receive personal data your provided in a structured, commonly-used, and machine-readable format, and You may have the right to request that we transmit it to other data controllers without hindrance if Our processing is based on Your consent or a contract, and the processing is carried out by automated means.
  • Right to Object: You have the right to object to the processing of Your personal data in certain cases.
  • Right to Lodge a Complaint: You have the right to complain to a supervisory authority in the Member State of Your residence or the place of the alleged infringement. You can find a list of contact details for all EEA supervisory authorities. The U.K. data protection regulator is the Information Commissioner’s Office and contact details can be found at https://ico.org.uk.
  • Right to Refuse or Withdraw Consent: Where we ask for Your consent to process Your personal data, You are free to refuse to give it. If You have given Your consent, You may withdraw it at any time without any adverse consequences, except where such withdrawal may prevent Us from satisfying our obligation to You (e.g., processing payments). The lawfulness of any processing of Your personal data that occurred prior to the withdrawal of Your consent will not be affected.
  • Right to Not be Subject to Automated Decision-making: We do not process your personal data in connection with automated decision-making referred to in Article 22(1) and (4) of GDPR. If this changes, we will inform you of the change and how any such decision was made, its significance, and the possible consequences. In such a case, You have the right to human intervention, to express Your point of view, and to contest the automated decision.

Making a Request: You can exercise Your rights by using the profile editing tools on the Services or by sending an email request to legal@gorgias.com. We will not discriminate against You for exercising these rights. We will respond to any reasonable request by a user to review or amend his or her account information. We reserve the right to verify Your identity in order to process such request as permitted under applicable law. 

If You are contacting us to exercise Your rights with respect to Your personal data as detailed in this Notice, we ask You to please adhere to the following guidelines:

  • Tell Us Which Right You Are Exercising. Specify which right You want to exercise and the personal data to which Your request relates (if not to You). If You are acting on behalf of another data subject, please clearly indicate this fact and Your authority to act on such data subject’s behalf.
  • Help Us Verify Your Identity. Provide us with enough information to verify Your identity. For example, provide us (at a minimum) with Your full name, address, and phone number. Please note that if we cannot initially verify Your identity, we may request additional information to complete the verification process. Any personal data You disclose to us for purposes of verifying Your identity will solely be used for the purpose of verification.  
  • Direct Our Response Delivery. Inform us of the delivery mechanism with which You prefer to receive our response. You may specify, for example, email, mail, or through Your account (if You have one with us).

We may refuse to act on requests to exercise data protection rights in certain cases (e.g., where providing access infringe on another data subject’s rights, where we need to collect personal data by law or to enter into or carry out a contract with You).

14. Contacting Gorgias

If You have questions or complaints regarding this Notice or our compliance with data protection laws, please email: legal@gorgias.com or write to us at: 

Attn: Legal Department

180 Sansome St, Suite 1800,

San Francisco, CA 94014