• Information and Communications Technology
  • Software
  • Application Software


EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 10/16/2017
Next Certification Due Date: 12/9/2023
Data Collected: NON-HR

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 10/16/2017
Next Certification Due Date: 12/9/2023
Data Collected: NON-HR

Purpose of Data Collection

We process PII submitted by our customers for the purposes of providing the Service to our customers, which typically entails personalizing and facilitating communication with our customers’ sales and marketing leads. Conversica acts as an agent, also known as a data processor, for the PII we process for our customers through the Service. This means that Conversica’s customers determine the type of PII they provide to the Service for Conversica to process on their behalf. Conversica has no direct relationship with the individuals whose PII it receives from its customers and Conversica’s customers are responsible for providing notice to the individuals whose PII will be collected and provided to Conversica. Conversica processes full email and SMS messages, including the header and body of each message, along with any PII contained therein. As a result, it is not possible to list all types of PII that may be processed, however, the PII typically includes: • First names; • Last names; • Email addresses; • Phone numbers; and • Physical addresses. We share PII with our affiliates and our service providers, who process PII on behalf of Conversica, and who agree to use the PII only to perform the Services for us or as required by law. Our service providers include those providing the following services: • data analytics; • API integration software; • cloud-based web and application hosting; • contact data verification; • communications/SMS integration software; • database performance forecasting software; • data loss prevention software; • security software; and • translation software. Our service providers may be located within or outside of the United States and we will require that those third parties maintain at least the same level of data security that we maintain for such PII. Conversica remains liable if its service providers process PII on behalf of Conversica in a manner inconsistent with the Privacy Shield Principles if we are responsible for the event giving rise to the damage. We may also share PII with select business partners that our customers have contracted with and authorized us to disclose the PII in connection with customer’s use of the Service. Some of our service providers may be located outside of Switzerland, the European Union or the European Economic Area (“EEA”). In some cases, the European Commission may not have determined that the countries’ data protection laws provide a level of protection equivalent to European Union law. We will only transfer PII to third parties in these countries when there are appropriate safeguards in place. These may include the Standard Contractual Clauses as approved by the European Commission (“SCCs”). Conversica does not currently use the Privacy Shield as its data transfer mechanism from the EEA and Switzerland, and uses the SCCs as its primary data transfer mechanism for EEA and Swiss PII. The SCCs are formally integrated into our agreements with third parties from whom and on behalf of whom we receive such PII. In addition, Conversica regularly reviews and confirms its compliance with the most up-to-date guidance and obligations on valid data transfer under applicable privacy regulations. If we find it necessary to update the data transfer mechanism used, we will update this Privacy Notice accordingly.

Privacy Policy

Non-HR Data


Conversica Privacy Policy 2022

Effective Date: 4/6/2022

Cross-Border Data Transfers and Privacy Shield Notice Conversica complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. Conversica has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Conversica is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Individuals in the EEA, the UK, and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have committed to respect those rights. We process service data only on behalf of our Clients in accordance with their instructions. This means that if you wish to access your personal data we have processed on behalf of a Client and request that we correct, amend, or delete it if it is inaccurate or processed in violation of Privacy Shield, you should contact that Client with your request we will then help them to fulfill that request in accordance with their instructions. If we have processed your personal data as a data controller, you can request access to that data and request that we correct amend or delete it if it is inaccurate or processed in violation of Privacy Shield by emailing your request to We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your personal data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to Conversica’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. Conversica remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Conversica proves that it is not responsible for the event giving rise to the damage. In certain situations, Conversica may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the Privacy Shield Principles, Conversica commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Conversica at Conversica has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at Definitions For purposes of this Policy, the following definitions shall apply: “Personal information” means any information or set of information that identifies or could be used by or on behalf of Conversica to identify an individual. Personal information does not include information that is anonymized or publicly available information that has not been combined with non-public personal information. “Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, Conversica will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive. Notice Conversica is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Should an EU or Swiss individual be unable to resolve a complaint through the Council of Better Business Bureau’s complaint process, they may contact the FTC at the following address: Federal Trade Commission Attn: Consumer Response Center 600 Pennsylvania Avenue NW Washington, DC 20580.

Effective Date: 4/11/2022

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Conversica, Inc. at:

Lewis Barr
VP Legal and General Counsel
Conversica, Inc.
950 Tower Lane, #1200, Foster City, CA 94404
950 Tower Ln #1200
Foster City, California 94404

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Conversica, Inc. to your question or complaint, please contact the independent recourse mechanism listed below


Appropriate statutory body with jurisdiction to investigate any claims against Conversica, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission