Last modified: July 18, 2022
At Outreach, we are committed to maintaining the confidentiality and security of any personal information about our users. Your privacy is always at the top of our priorities. This Privacy Statement explains who we are and spells out how we collect, use, and disclose personal information from or about you and how to exercise your privacy rights. If you have any questions or concerns about our use of your personal information, please contact us using the details provided at the bottom of this Privacy Statement.
We recommend that you read this Privacy Statement in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Statement, then you can click on the relevant link (to the left) to jump to that section.
Outreach is headquartered in Seattle, United States and has offices in Europe. You can find more about us and the Outreach Service here.
If you are a resident in the European Economic Area (“EEA”), UK or Switzerland, the controller of your personal information is Outreach Corporation.
What Does this Privacy Statement Cover?
This Privacy Statement applies to our collection, use and disclosure of personal information that we collect from you or that you provide when you engage with Outreach, our website "www.outreach.io" (the “Website”) or the customer engagement platform service at accounts.outreach.io ("Outreach Service") (together the “Services”). Outreach Users can access the Outreach Service via our website www.outreach.io, accounts.outreach.io, applications on Devices, APIs, and third-parties.
This Privacy Statement only applies where we are processing personal information for our own purposes. It does not cover the personal information Outreach collects, uses and discloses on behalf of its Clients (“Client Data”) in connection with the Outreach Service and we invite you to contact the relevant company or organization if you have any questions about their privacy practices.
The Information We Collect
The personal information we collect broadly falls within the following categories:
Information you provide voluntarily
Certain parts of our Website or Outreach Service ask you to provide certain information voluntarily. This typically includes:
Identification information, such as your name, company and job title.
Contact information, such as your phone number, email address, and home and/or business postal addresses.
Log-in credentials, such as your username and password to access the Outreach Services.
Demographic Data. In some cases, such as when you register or participate in surveys, we request that you provide age, gender, and similar demographic details.
Payment Information, such as your bank account number; credit card number and associated identifiers and billing address but only when you pay for the Outreach Services.
Support data, such as feedback or information about a technical issue you have reported.
Marketing information such as your marketing preferences.
Communication data, such as any information you include in any enquiry or communications you send us.
Any information you choose to provide to us when completing any ‘free text’ boxes in our forms or blogs.
Information we collect automatically
Like most companies that offer online services, we may automatically collect certain information from your computer or device, about your use of the Outreach Service or our Website. We use this information to provide our Services, ensure the security of our Services, help improve our Services and promote our Services to you. This typically includes:
- Location data: We may derive your general location based on your IP address.
- Activity data: We may also collect information about how you use and interact with our Services, such as the content you view or download and the actions you take and the time and duration of your activities.
Information we obtain from third-party sources
From time to time, we may receive personal information about you from third party sources but only when these third parties have confirmed to us that they either have your consent or are otherwise legally permitted or required to disclose this information to us. This typically includes:
- Data Supplementation. We may receive additional demographic information (including your company, job title or business contact details) about you from other sources, including publicly available databases or third parties such as lead generation providers or business intelligence platforms from whom we have purchased data. We combine this data with information we already have about you. This helps us to maintain and improve the accuracy and relevance of our records, identify new opportunities, and send you information about products and services that may be of interest to you in accordance with your marketing preferences.
- Sign-in information: If you log in to our Services using a third party sign-in service (such as LinkedIn), we will collect information from that sign-in service that you give us permission to receive. This may include information such as your name, social media profile and location. We only collect this information to provide the Services to you. Please refer to the privacy settings of the third party sign-in service you use to manage the information that is shared.
Please note that as explained above, we also receive personal information about you, in the form of Client Data from our Client. We use such personal information to provide the Outreach Service to our Clients and only as instructed by the Clients. Under these circumstances, we process your information as a processor on our Clients' behalf and it is our Clients, as the controllers of the information, that determine what information we process about you and how we use it. If you have any privacy-related questions or concerns about one of our Client's privacy practices, or the choices a Client has made to share your information with us, you should contact that company or organization directly. We are not responsible for the privacy or security practices of our Clients, which may differ from those described in this Privacy Statement.
How We Use Personal Information
We use personal information about you for the purposes detailed below. In some regions, such as the European Economic Area, the United Kingdom and Switzerland, we need a lawful basis to collect, use and disclose your personal information. Our lawful basis will depend on the information concerned and the context in which it is processed and this is also detailed here.
- Sending promotional and marketing information to you in accordance with your marketing preferences: If you are the administrator of a Client account, we may send you marketing communications about Outreach and other services provided by us. We will do this in accordance with your marketing preferences and on the basis of our legitimate interests in building our customer base and promoting our services offered by us, or, where required, with your consent.
- Sending technical notices, updates, security alerts, and other support and administrative messages to our Outreach Users: If you are an Outreach User, We may use your personal information to send you administrative messages in reliance on our legitimate interests in administering the Outreach Service, including for security and operational issues that affect multiple Clients or Outreach Users.
- Providing technical and customer support to Outreach Users: If you are an Outreach User, We use personal information to troubleshoot and diagnose problems, and provide other customer care and support services, including to help us provide, improve, and secure the quality of our products, services, and training, and to investigate security incidents in reliance on our legitimate interests.
- Responding to questions, requests and feedback from those that interact with us: If you fill out a web form or request support, if you contact us by other means, including via a phone call, we use your personal information in reliance on our legitimate interests in fulfilling your requests and communicating with you.
- Managing events: We use personal information to plan and host events or webinars for which you have registered or that you attend, including sending related communications to you, in reliance on our legitimate interests in administering and promoting the event, or where required, with your consent.
- Detecting, preventing and responding to potential fraud, violations of our terms and conditions or other misuse of our Services: We process personal information by tracking use of our Services for the purposes of maintaining their security, including verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies, in reliance on our legitimate interest in promoting the safety and security of the Services, systems and applications and in protecting our rights and the rights of others.
- Complying with legal obligations: We process your personal information when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws, to the extent this requires the processing or disclosure of personal information to protect our rights, or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.
In general, we will use the personal information we collect only for the purposes described in this Privacy Statement or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you if and where this is permitted by applicable data protection laws.
Disclosure of Your Personal Information
We may disclose your personal information to the following categories of recipients:
Vendors, service providers and partners.We may use certain trusted third-party vendors, service providers and partners who provide data processing services to us (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features). These third parties will only process your information for the purposes described in this Privacy Statement or that are notified to you when we collect your information.
Compliance with Laws and Law Enforcement Requests; Protection of Outreach's Rights
We may disclose to any competent law enforcement body, regulatory, government agency, court or other third party data stored in your Outreach account and information about you that we process only when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation, or compulsory legal request, such as to comply with a subpoena; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Outreach or its users; or (d) to protect Outreach's rights. If we provide any data stored in your Outreach account to a law enforcement agency, we will remove Outreach's encryption from the information before providing it to law enforcement. However, Outreach will not be able to decrypt anything that you encrypted prior to uploading it to Outreach.
Your information may be transferred to potential or actual buyers (and their agents and advisers) in connection with a merger, acquisition, or sale of all or a portion of our assets, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Statement.
Consent. We may share your information with others where you have given your consent to the disclosure.
International Data Transfers
Outreach is a US company and our service providers are located in the US and other countries.This means that your personal information may be transferred to, and processed in, countries other than the country in which you are located. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
However, we take appropriate safeguards to ensure that your information remains protected in accordance with this Privacy Statement and applicable data protection laws. If you are located in the European Economic Area, United Kingdom or Switzerland these safeguards include transferring your information to a country that the relevant authorities have determined provide an adequate level of protection for personal information, or by implementing standard contractual clauses with our customers, third party service providers and partners.
Data Protection Rights
You can access and control the personal information that we process about you as follows:
Account information. If you are a Client Representative and are registered with us, you may review, update, correct, or delete certain personal information provided in your registration or account profile by changing your account settings.
Account closure. If you no longer desire to use our Outreach Service, you may delete your account by making the change in your account settings, although (in some cases) we may retain copies of your information if required by law, to protect our rights, or if it is not technically reasonably feasible to remove it.
Direct marketing. You can opt-out from marketing communications that we send. including our newsletter, at any time. You can do this by clicking on the "unsubscribe" or "opt-out" link in the marketing communications we send, by accessing the email preferences in your account settings page, or by contacting us at firstname.lastname@example.org or by using the details provided below.
Privacy rights. Depending on your location and applicable data protection laws, you may also have certain rights with regard to the personal information we control about you.
We respond to all requests we receive from individuals wishing to exercise their privacy rights in accordance with applicable data protection laws. If you would like to exercise any of the rights which are available to you under applicable data protection laws, please contact us at email@example.com or by using the details provided below. Please note that we may need to verify your identity before we can respond to your request.
- Please note that Outreach has no direct relationship with the individuals to whom the Client Data relate. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate information contained in the Client Data, should direct his query to the Outreach's Client (the data controller).
Additional Information for Europe
Under European laws (including the GDPR) you may have the following rights:
- the right to access, rectify, and delete your personal information
- the right to port your personal information to another controller
- the right to restrict certain processing of your personal information and object to our processing of your personal information
- where we are processing your personal information based on your consent, you have the right to withdraw your consent at any time
- the right to complain to a data protection authority about our collection and use of your personal information.
Additional Information for California
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), the following information also applies to you and supplements the information contained in this Privacy Statement.
Information We Collect and Sources of Information
Our Privacy Statement already describes the information we collect and the sources of information – see the above sections "The Information We Collect” and “How We Use Personal Information". This section organizes that information around the personal information categories set out in the CCPA.
In the past 12 months, we have collected the following information for the following purposes:
- Identifiers (such as your name, username, email address and cookies). We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Services.
- Business records (such as payment information). We obtain this information directly from you or otherwise automatically in the course of your interactions with our Services.
- Demographic information / Classification characteristics under California or federal law (such as age or date of birth). We obtain this information if you provide it to us.
- Commercial information (such as services purchased). We obtain this information directly from you or otherwise automatically in the course of your interactions with our Services.
- Internet or other electronic network activity information (such as search history and browser information). We obtain this information automatically in the course of your interactions with our Services.
- Geolocation data (such as your country location based on your IP address). We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Services.
- Audio, video and other electronic data (such as chat and any interaction that you may have with us, for example for customer service purposes). We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Services.
- Professional or employment-related information (such as your job title). We obtain this information when you provide it to us.
- Profiles and inferences (such as inferences drawn from any of the information identified above to create a profile). We obtain this information automatically in the course of your interactions with our Website.
How We Share your Personal Information:
We do not share your personal information except as approved by you or as otherwise described in this Privacy Statement. In the preceding 12 months, we have disclosed the following categories of personal information described above for the business purposes described in this Privacy Statement:
- Identifiers such as those set forth above;
- Internet or other electronic network activity information;
- Demographic information / Classification characteristics;
- Commercial information;
- Geo-location data;
- Audio, video and other electronic data;
- Professional or employment-related information; and
- Profiles and inferences.
Under the CCPA, a "sale" is defined very broadly and includes a wide array of data sharing. As the term is defined by the CCPA, we “sold” the following categories of personal information in the last 12 months: identifiers/contact information, Internet or other electronic network activity information, and inferences drawn from the above. We “sold” such information to advertising networks and data analytics providers. The business purposes of “selling” personal information is for third-party companies to perform services on our behalf, such as marketing, advertising, and audience measurement. We do not have any actual knowledge that we "sell" personal information of consumers under 16 years of age.
Most modern web browsers give you the option to send a Do Not Track signal to the sites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a site should respond to this signal, and we do not take any action in response to this signal.
If you are a California resident our default cookie settings may constitute a sale of personal information. You can change your cookie settings using our cookie consent management tool here.
California Privacy Rights
If you are a California resident, you may have the following consumer privacy rights:
- Right to Know - You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information in the past 12 months. Note that we have provided much of this information in this privacy statement. You may make such a “request to know” by contacting through the Outreach Data Subject Rights Request Portal.
- Right to Request Deletion - You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request, please complete the form in the Outreach Data Subject Rights Request Portal.
- Right to Opt-Out - You have a right to opt-out from future “sales” of personal information. Note that the CCPA defines “sell” and “personal information” very broadly, and some of our data sharing described in this privacy statement may be considered a “sale” under those definitions as explained above. For more information, including how to opt-out, please see the “Cookies and Other Tracking Technologies” section of this statement. If you would like to request Do Not Sell/Share of your information, please complete the form located here.
- Right to be Notified of Financial Incentives: You have the right to be notified of any financial incentive offers and their material terms, the right to opt-out of such incentives at any time, and may not be included in such incentives without your prior informed opt-in consent. We do not offer any such incentives at this time.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law.
For more information regarding data rights requests, refer to the Contacting Us section below.
Outreach will retain personal data we process about Outreach Users for as long as we have a legitimate business purpose to do so. If you wish to cancel your account or request that we no longer use your information to provide you Services, you may delete your account. Please note that Outreach may retain your personal data for longer where there is a legal, tax or accounting obligation, contractual, or legitimate interest, including resolving disputes and enforcing our agreements and rights. When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your information has been stored in backup archives), then we will securely store your information and isolate it from any further processing until deletion is possible.
Please note that Outreach will retain Client Data that we process on behalf of our Clients for as long as needed to provide services to our Clients and in accordance with our agreements with our Clients.
If the personal information we process about you is subject to EU data protection law, we rely on one or more of the following EU lawful legal bases:
- Data subject has given consent to the processing of his or her personal data for one or more specific purposes
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Processing is necessary for compliance with a legal obligation to which the controller is subject
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Personal information is or may be used for the following purposes:
- To provide and improve our Service.
- To administer your use of the Service
- To recommend follow-up reminders, assign tasks, or personalize the service,
- To provide or offer software updates and product announcements.
- To ensure our legal compliance obligations.
If you no longer wish to receive communications from us that are not required for the Service, please follow the "unsubscribe" instructions provided in any of those communications or update your account settings information.
Outreach stresses its privacy and security standards. Although no one can guarantee absolute security, we regularly re-evaluate our privacy and security policies in order to adapt to new challenges. We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it.
Changes to our Privacy Statement
We may update this Privacy Statement from time to time. If we make a material change to this Privacy Statement, we will provide you with notice (for example, by email, a sign-in notification, or some other means) and obtain your consent if and where this is required by applicable data protection law prior to the change becoming effective. You can see when this Privacy Statement was last updated by checking the "last updated" date at the top of this Privacy Statement.
If you have any questions about our use of personal data, please contact us at firstname.lastname@example.org, or at Outreach Corporation, 333 Elliott Ave W, Seattle, WA 98119. Or by calling at 1 (888) 938-7356.
You can also contact:
Our EU Representative: Rivacy at: Rivacy GmbH, Hammerbrookstraße 90, 20097 Hamburg, Germany
Our UK office: Outreach Corporation UK Limited, 70 Wilson St, London, EC2A 2DB, United Kingdom
Although the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks have been ruled invalid for transfer of data from the EU and Switzerland to the U.S., while government discussions regarding possible replacement mechanisms proceed, we will continue to protect European data according to the standards of the Privacy Shield and applicable European law and will implement other methods for transferring data to the extent those are available (as explained under the “International Data Transfers” above). To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield program site.
Outreach is responsible for the processing of personal data it receives, under the Privacy Shield Frameworks, and subsequently transfers to a third party acting as an agent on its behalf. Outreach complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA, UK or Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Outreach is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Outreach may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.