The responsible party within the meaning of the applicable data protection laws is:
Coachfox GmbH
located at Strehlgasse 18/7, 1190 Vienna, Austria
registered with the Vienna Business Register (number FN464148x)
for the use of MeetFox (https://www.meetfox.com) (“MeetFox”)
Last updated as of March 11, 2022
1. General
The protection of your personal data is very important to us. Therefore, we process your data exclusively on the basis of the legal regulations (DSGVO, TKG 2003, GDPR) for the protection, lawful handling, and secrecy of personal data. Coachfox GmbH (“Coachfox) is a fully-owned subsidiary of MeetFox Inc., registered at 838 Walker Road, Suite 21-2, Dover, DE 19904, USA. As MeetFox Inc. is a pure holding company with no operations, no customer data is shared with or processed by MeetFox Inc. MeetFox Inc. is held by Sendinblue SAS, registered at 7 Rue de Madrid, 75008 Paris, France. In the following policy, you will find out what information is collected and processed when using the services of MeetFox (“MeetFox”), including the use of the MeetFox website (https://www.meetfox.com) ("Website") and App (https://app.meetfox.com/) ("App") that are collected, processed or used.
2. Definitions
Coachfox will process and use the data provided by any individual (natural or legal person) who uses MeetFox (“User”) in accordance with Austrian and European data protection regulations. When a User chooses to offer a service and/or bookings via MeetFox and registers on the App they are also considered providers (“Provider”). An individual (natural or legal person) who visits our website without registering to the App is defined as a visitor (“Visitor”). Any User (natural or legal person) who books a paid or unpaid appointment with a Provider is further referred to as a customer (“Customer”). Customers do not need to register through our App in order to use the MeetFox functionalities.
3. Scope of data processing
3.1 Coachfox operates a web-based software solution called MeetFox ("MeetFox"), which offers all Users a digital customer interaction opportunity. This includes appointment management and booking, execution of video calls as well as payment processing and invoicing.
3.2. For the use of our services, only these data protection provisions, supplemented by our Terms & Conditions, in the most recent version, are relevant.
3.3. All data stored by us or any order processor will be best protected against unauthorized access, loss, destruction, deletion, alteration, or dissemination of your data by unauthorized persons using current security standards. Coachfox applies extensive technical and organizational security precautions with a standard that at least complies with the legal requirements in terms of the GDPR. Coachfox and its employees are always obliged to observe data secrecy in compliance with the GDPR.
3.4. All personal data collected by us are processed within the European Union and are, therefore, subject to appropriate data protection provisions. Transmission of data to companies outside the European Union will not take place without your explicit consent. The servers on which the personal data of our Users are stored are located in Frankfurt am Main (Germany). Our API systems are operated under the domain "app.meetfox.com".
3.5. In addition to our Website and App, the MeetFox software solution is also available via integration on Users’ websites and on external platforms.
4. Automatic data collection of all Users (log files)
When you access any MeetFox services, server log files are sent from your server to MeetFox's web server. The following data is automatically collected as part of the server log files:
• IP address
• The content of MeetFox you have requested
• The previously visited website that referred to the MeetFox application
• Browser type and browser version
• Screen resolution
• Transmitted amount of data
• Message about successful call
• Operating system used
• End device used
• Language settings
• Date and time of the server request
This data cannot be assigned to a specific person and a merger of this data with other data sources will not be made. MeetFox has no influence on the automatic transmission of this data. However, you can configure this automatic data transfer directly in your device or browser and restrict it if necessary.
5. Use of cookies
Our website uses so-called cookies. These are small text files that are temporarily stored on your device using the browser. They do no harm. We use cookies to make our Website and App more user-friendly and to allow us to recognize you in a subsequent visit. Some cookies remain stored on your device until you delete them. If you do not wish cookies to be stored, you can set up your browser to inform you about the setting of cookies so that you can actively allow or exclude the use of cookies in individual cases. Disabling cookies may affect the use of our Website and App. Our concern with regards to the GDPR (legitimate interest) is the improvement of our Website and our App. Since the privacy of our Users is important to us, the user data is pseudonymized. The pseudonymous user data is kept for a period of up to 6 months.
6. Use of Facebook Pixel
On our Website (but not our App) Facebook pixels are implemented in order to present advertisements ("Facebook Ads") to prior Visitors of our Website as part of the Facebook Newsfeed. These Facebook pixels create a direct connection to the Facebook servers when visiting our Website. Data on your visit of our Website is transmitted to the Facebook server. Facebook assigns this information to your personal Facebook user account. For more information on the collection and use of data by Facebook, as well as your rights in this regard and ways to protect your privacy, please refer to the privacy policy of Facebook at https://www.facebook.com/about/privacy/.
Alternatively, you can opt out of Facebook's remarketing feature by following this link: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen#_=_. This requires a one-time registration on your personal Facebook profile.
7. Use of Google AdWords
We use the advertising tool "Google-Adwords" to promote our Website. As part of this, we use the Google Analytics Conversion Tracking (1600 Amphitheater Parkway, Mountain View, CA 94043 USA) analytics service on our Website. When you reach our Website through a Google ad, a cookie is placed on your device. These so-called "conversion cookies" are only valid for 30 days. If you visit certain pages of our Website within this validity period, we (us and Google) are able to recognize that you, as a User, clicked on one of our ads displayed on Google and were redirected to our site.
Conversion cookies are only placed on our landing pages and not on our app. Further, conversion cookies are used to generate visit statistics for our Website, which informs us about the total number of Users who have clicked on our ad. In addition, we learn which pages of our Website were accessed by the respective Visitor or User afterward. However, we do not receive any information that may reveal your personal identity.
You can prevent the transmission of data via "conversion cookies" in your browser settings and disable the automatic setting of cookies in general or just block the cookies from the domain "googleadservices.com". For more information about Google Adwords services and Google's privacy policy, please visit https://policies.google.com/privacy?gl=en.
8. Use of DigitalOcean
We share User and Customer information with DigitalOcean (101 Avenue of the Americas 10th Floor New York, NY 10013, United States), our cloud infrastructure provider that hosts and maintains services that are necessary to the functionality of our App including backup, storage, analytics, and other services. DigitalOcean has the ability to access or process your personal data for the purpose of providing these services for us. In order to fully adhere to the GDPR regulations, all data is hosted on servers located in Frankfurt am Main, Germany. DigitalOcean adheres to GDPR regulations and all DigitalOcean services comply with its provisions. For more information on DigitalOcean’s privacy policy please go to https://www.digitalocean.com/legal/privacy-policy/ and for more information on DigitalOcean’s general GDPR compliance please go to https://www.digitalocean.com/legal/gdpr/.
9. Communication
When you contact us through the contact form on our Website (www.meetfox.com) or via email, your details will be collected for the sole purpose of responding to your request for support and in the case where we need to follow up with the questions you have asked us. When contacting us via our live customer chat on our Website or App, we use Intercom - please refer to “19. Marketing and support services” for further information.
10. Newsletter
You have the opportunity to subscribe to our newsletter via our Website or by being automatically enrolled to receive promotional material and service announcements after registering as a new User on our App. If you would like to receive the newsletter, we need your email address and your declaration that you agree to receive the newsletter. As soon as you have subscribed to the newsletter, we will send you a confirmation email with a link to confirm the registration. Webflow (398 11th St, 2nd Floor, San Francisco, CA 94103, United States) is the service provider we use to create and manage the content on our Website. If you use the newsletter sign-up form on our Website, your email address will be shared with Webflow. Your data will be stored for the duration in which you are subscribed to our newsletter. Further data is not collected. This data is used only for sending out regular newsletters and will not be disclosed to third parties. You can revoke your consent for us to storing your personal data including your first name, last name, and the email address used to subscribe to our newsletter at any time. Revocation can be made via an unsubscribe link in the newsletter or by sending a message to the following email address: newsletter@meetfox.com. We will immediately delete your data in connection with the newsletter dispatch.
11. eWebinar
Via our Website and App, you also have the opportunity to attend a live or pre-recorded webinar session that we facilitate using eWebinar (Suite 2800, 666 Burrard St, Vancouver, BC, V6C 2Z7, Canada) to help you learn more about how to use MeetFox including information related to third-party services for which we provide a software integration. Attending an eWebinar session is entirely optional and is not required for the general use of MeetFox services. We collect the names and emails of all webinar attendees and use any additional opt-in information gathered from polls and callback requests generated within eWebinar to supplement our marketing and support services. Visitors and/or Users that sign up for a webinar can write to us to delete their eWebinar data and related User (if applicable) at office@meetfox.com or contact us via our live chat service.
12. Provider data
In order for you to properly use MeetFox as a Provider of services, you must register and provide specific personal information. If MeetFox is solely used as an appointment management solution, the following data is collected from the Provider:
• First and last name
• Email address
• Password
• Telephone number
• Name and description (optional) of each service offered
• Duration of services offered
• Website (optional)
• Profile picture (optional)
• Address of service provision (optional, only in face-to-face meetings)
• Title (optional)
• Occupation (optional)
If MeetFox's invoicing and payment features are used, the following additional personal data from the Provider is collected, which is required for the purpose of adequate accounting and payment processing and which comply with the required KYC regulations:
• Company name
• Price of each service
• Selected tax regime and applicable tax rate
• Applicable cancellation policy
• Billing address
• Bank account connection
• Tax number (UID or local equivalent)
• Date of birth
• Nationality
The above-mentioned data is required to provide services through MeetFox. The User agrees that much of the above-mentioned data, in particular first and last name, email address, telephone number, website, title, profile picture, service duration and prices of each service offered, service name and description, location, occupation, and cancellation conditions are displayed publicly in the respective Provider profile. When an invoice is created by MeetFox on behalf of the Provider, all invoice-relevant data are also shared with the respective Customer, in particular the billing address, the applicable tax rate, and any applicable tax number. Certain data, in particular: nationality, date of birth, and address are collected on the basis of the statutory KYC regulations and passed on to our payment service provider together with all other payment-relevant data.
In addition to the data required for general use, you may voluntarily decide to actively establish one of the following integrations on the MeetFox platform, which will require the provision of additional personal data.
1) Transmission of meeting data (name of meeting type, meeting location, Customer name, date, and time) to Google Calendar 1600 Amphitheatre Parkway Mountain View, CA 94043, United States) or Outlook Calendar (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States) or Exchange Calendar (Microsoft Corporation) if synchronization has been actively established by a User.
2) Transmission of meeting data (name of meeting type, meeting location, Customer name, date and time, duration) to a third-party integration such as Zapier (Zapier, Inc. 548 Market St. #62411. San Francisco, CA 94104-5401, United States), or another third-party service provider connected to Zapier. Further sharing of data by any connected third party integration will be subject to their own separate data processing agreement which Users must agree to prior to connecting and using any third party service.
3) Transmission of meeting data (name of meeting type, meeting location, Customer name, date and time, price, duration) and credit card data to the processing payment service provider Stripe (510 Townsend Street San Francisco, CA 94103 United States) for the purpose of processing any payments (payments to Providers, monthly or yearly fees paid by Users, refunds to Customers).
All above integrations and data transmissions can be revoked at any time directly by the Provider in the Provider’s App dashboard.
13. Customer data
When using MeetFox to book appointments with Providers, MeetFox collects and uses the following personal information of the Customer during the appointment booking process:
• First and Last Name
• Email address
• Selected Provider
• Selected length of the meeting type
• Selected type of meeting (video, audio, or personal)
• Telephone number (optional)
MeetFox collects the above-mentioned data, as they are required for the booking of dates for the provision of services by Providers to Customers and for the proper handling of appointment invites. In case of an appointment booking, MeetFox transmits the Customer's data to the respective Provider. MeetFox uses the data collected from Customers for the display of useful statistics in the MeetFox dashboard of the Provider. When booking appointments with a Provider, our payment service provider Stripe also collects the credit card information of Customers in order to carry out the payment processing, which is forwarded directly to the payment service provider Stripe (see 14. Payment Processing).
14. Financial Transactions
Our parent company, Sendinblue SAS is handling the financial transactions of our customers.
In order to offer payment functionalities, the services of licensed payment providers, which have been carefully selected and authorized in writing within the scope of a legally permissible order processing, are used. This is currently the payment service provider Stripe to securely handle payments in accordance with the terms of use and to securely store credit card and other payment information. As Sendinblue SAS is handling the payments, this requires passing on the following user data (name, surname, company name, plan,UID and e-mail-address) to Sendinblue SAS and in order to meet the regulatory requirements of the User identification (KYC requirement) as well as to setup a payment account as a Provider to facilitate payment transactions. Further information about Stripe can be found in their Services Agreement (https://stripe.com/gb/legal). Should we choose to use a different payment service provider or add additional payment processing options we will duly notify Users of this change via our Website and App.
15. Video Calls
For browser-based video calls handled via MeetFox, we use Twilio (Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, United States) to provide the technology that facilitates our in-built video conferencing functionality. Twilio is ISO/IEC 27001 certified and GDPR compliant. Each time you connect to the video chat server, a unique session ID is created that allows both parties to connect. In this process, no personal information is shared with Twilio.
16. Mailings, SMS, and Notifications
We use the SMS gateway provided by Twilio to provide optional SMS notifications for MeetFox Users and their Customers. We also use Sendgrid (1801 California St Ste 500 Denver, CO, 80202-2618, United States) to facilitate transactional emails and automated notifications via email. MeetFox will send transactional emails and notifications to Users from the moment of registration at MeetFox, which serves to facilitate the successful and easier handling of important MeetFox functions. Emails sent via Sendgrid include, but are not necessarily limited to, registration confirmations, notifications of appointment requests or received messages, appointment confirmations, appointment reminders, and invoice deliveries.
17. Calendar Synchronization
As a Provider, you have the option to sync the MeetFox booking calendar with your preferred calendar. If you use this option, you allow Google Calendar, or Outlook Calendar, or Exchange Calendar, to share your calendar information with us, including the date, time, and duration of an appointment. This is for the purpose of adequately presenting your calendar on your profile and checking to determine availability when appointments are booked. Furthermore, the acceptance of MeetFox push entries must be activated to allow a successful calendar synchronization.
18. Data Analytics
As part of our goal to continuously improve the User experience of the services we provide, we have opted to use external analytics services to help us understand our User and Visitor preferences. These tools have access to your personal data for the duration in which you use our services. By agreeing to the Terms and Conditions you also agree to allow us to share your data with external analytics services in accordance with their respective data processing policies. Below is a list of the external analytics services tools whose services we currently utilize:
We use Google Analytics to analyze the behavior of Website Visitors and measure the effectiveness of marketing campaigns by us and our affiliates. We use Segment (a subsidiary of Twilio) and Fullstory (Fullstory, 818 Marietta Street Suite A Atlanta, GA 30318 United States) to track and categorize User behavior patterns and we supplement our User insights with Amplitude (Amplitude Inc., 201 3rd Street, Suite 200. San Francisco, CA 94103, United States) to extract, analyze, and tabulate anonymized in-app activity of our Providers and their Customers. We also use ProfitWell (ProfitWell,109 Kingston St floor 4, Boston, MA 02111, United States) and ChartMogul (ChartMogul, CMTDE GmbH & Co. KG c/o WeWork Kemperplatz 1 10785, Berlin, Germany) to analyze User subscriptions to improve User retention and reduce User churn.
19. Marketing and support services
Some of the data collected from Users and Visitors is shared with software tools that we use to conduct our marketing activities. We use Intercom (55 2nd Street, 4th Floor, San Francisco, CA, 94105, United States) to facilitate our live chat service and maintain profiles and chat logs of our Users and Visitors for the purpose of providing faster and more efficient Customer support. User profiles may include information associated with the social media accounts and websites of each User. Website Visitors that initiate a live chat session via Intercom will have their data retained for a period of six months. Users will have their data retained in Intercom for as long as their MeetFox account is active. We also use Customer.io (921 SW Washington St #820, Portland, United States) to maintain email lists and to deliver marketing campaigns and service announcements. We occasionally track email communications related to the functioning of our sales, service, or support teams via Hubspot (Harbour Pl, Suite 175. Portsmouth, NH 03801. United States), and may share User data with both Customer.io and Hubspot to facilitate more targeted marketing campaigns and User service announcements. Users can at any time request a cancellation of their MeetFox account, upon which any related data and tracked communications in Intercom, Customer.io, Hubspot, and eWebinar will be deleted within five working days.
20. Third-party integrations
We believe in an open technology ecosystem. We, therefore, encourage our Users to connect to their preferred third-party tools, including external services connected via Zapier for which we may or may not have a direct integration. When sharing data collected from MeetFox with a connected third-party integration, Users must specifically accept both the Zapier privacy policy and the data processing policy of the connected external service. More information on the privacy policy of Zapier can be found here: https://zapier.com/privacy.
21. Affiliates
Our affiliate program runs on Rewardful (4555 Turner Square NW, Edmonton, T6R 3E4, Canada), a software service that helps us sign up and manage affiliates. The MeetFox affiliate program is a separate opt-in service. Affiliates will have their name, email address, and User referral data shared with Rewardful and must comply with their separate data processing policy. Users that sign up for MeetFox through a referral provided by an affiliate will have their name, email address, date of sign-up, and subscription payment data shared with Rewardful and the Affiliate. More information on the privacy policy of Rewardful can be found here: https://www.rewardful.com/privacy.
22. Children’s information
The services we provide through our Website and App are made for the direct use of legal adults. We do not knowingly collect personal information from children or persons that are not considered legal adults. If we become aware that a child has provided personal information to us, we will promptly delete that information. You can alert us to instances of children using MeetFox and our services by contacting us at office@meetfox.com.
23. Order data processing
MeetFox also provides companies with the App as a white label solution. If MeetFox collects personal data in this context, this is done only on behalf of the company that is using our white label solution and based on a separate data processing agreement that is put in place. In this case, the contracting entity, as the data protection officer, is responsible for compliance with data protection rules.
24. Disclosure of User data
Personal User data will only be forwarded to third parties not disclosed within this Data Policy with your express consent or for compelling legal reasons. All employees of MeetFox have signed a written statement prohibiting the disclosure of User data to unauthorized third parties. Users agree to the disclosure of their data, as long as they are needed to facilitate the desired MeetFox services. The transmitted data has been reduced to the required minimum. Only in the case of a statutory or by court order required obligation, will data be passed on to information-entitled state institutions and authorities.
25. Duration of data storage
We store your data for the duration of your MeetFox account. However, you can cancel or block your MeetFox account at any time. We will then delete your data unless we are legally obliged to further storage or retention. If the data is still required to settle outstanding transactions, the deletion will take place at the earliest after the settlement of these transactions. If your Provider data includes payment processing for your Customers, MeetFox will continue to store copies of your data to comply with our legal obligations such as record-keeping requirements for tax and financial auditing purposes.
26. Your rights and complaint options
You are entitled in principle to free information, correction, deletion, limitation of processing, data portability, revocation, and opposition. You can claim all of these rights by contacting us at privacy@meetfox.com. MeetFox is also available for other questions about data protection and the processing of your data under office@meetfox.com. All specified User data can also be updated independently in your own profile. This also applies to your account email address, which is used for identification purposes and therefore can be changed upon request by email to office@meetfox.com or by using our App to initiate a change of the email address. If you believe that the processing of your data violates data protection law or if your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority.
27. Adjustments to the privacy policy
MeetFox reserves the right to change and supplement this privacy policy at any time. Any adjustments will be posted on our Website and App and will apply from the date of publication. Therefore, you should periodically retrieve these privacy notices to keep up to date with the latest developments. By continuing to use MeetFox and related services, you agree to the most recent version of this data policy with the applicable changes and/or additions.
Meetfox Data Processing Agreement (DPA)
This Data Processing Agreement and its Annex (collectively, the “DPA”) is part of the Terms and Conditions between Coachfox GmbH (hereinafter referred to as "MeetFox") and the Customer (the “Terms”) and sets forth the terms and conditions relating to Processing of Personal Data by Meetfox. The Parties agree to comply with the terms and conditions in this DPA in connection with such Processing of Personal Data contained in Customer Data. For the purpose of this agreement, the Parties agree that Meetfox acts as Processor and Customer acts as Controller as those terms are defined under Data Protection Laws. In some cases where Customer acts as Processor for an end-user, Meetfox shall act as subprocessor. This DPA shall not replace any comparable or additional rights relating to Processing of Personal Data contained in the Terms. All capitalized terms not defined herein have the same meaning set forth in the Terms. All capitalized terms not defined in this DPA shall have the meaning set forth in the Terms.
1. Definitions
“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
“CCPA” means the California Consumer Privacy Act, Cal. Civ. Code§ 1798.100 et seq., and its implementing regulations, as amended from time to time.
“Control” means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled” shall be construed accordingly.
“Controller” means the entity which determines the means and purposes of the Processing of Personal Data.
“Customer Data” means any Personal Data that Meetfox processes on behalf of Customer as a Processor in the course of providing Services, as more particularly described in this DPA.
“Data Protection Laws” means all laws and regulations applicable to the Processing of Personal Data under the Terms, including without limitation CCPA and other laws and regulations of the United States and its states, the GDPR and other EU Data Protection Laws and Regulations, each as amended from time to time.
“Data Subject” means the identified or identifiable person to whom Personal Data relates.
“EEA” means, for the purposes of this DPA, the European Economic Area, United Kingdom and Switzerland.
“EU Data Protection Law” means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector, and other applicable laws and regulations of the European Union, the European Economic Area and their member states, Switzerland, and the United Kingdom, as well as applicable national implementations thereof (as may be amended, superseded or replaced).
“Group” means any and all Affiliates that are part of an entity’s corporate group.
“Personal Data” means any information contained in Customer Data that is protected under applicable Data Protection Laws and Regulations, such as information describing or relating to: (i) an identified or identifiable natural person or household or (ii) an identified or identifiable legal entity (where such information is protected as personal data or personally identifiable information under applicable Data Protection Laws and Regulations).
“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.
“Processor” means the Party which Processes Personal Data on behalf of the Controller, including as applicable any “Service Provider” as that term is defined by the CCPA and comparable U.S. privacy laws.
“Services” means all features and services provided by Meetfox via its online Platform.
“Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Data.
“Sub-processor” means any Processor engaged by Meetfox or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Terms or this DPA. Sub-processors may include third parties or members of the Processors Group.
2. Relationship with the Terms
2.1. If there is any conflict between this DPA and any other provision of the Terms, this DPA shall prevail to the extent of that conflict.
2.2. Any claims brought under or in connection with this DPA shall be subject to the terms of the Terms, including but not limited to the exclusions and limitations set forth in the Terms.
2.3. No one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.
2.4. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Terms, unless required otherwise by applicable Data Protection Laws.
2.5. This DPA applies where and only to the extent that Data Protection Laws are applicable to the processing of Customer Data.
3. Details of Data Processing
3.1. Role of Parties: The parties acknowledge and agree that (i) with regard to the Processing of Customer Data, Customer is the Controller and Meetfox is the Processor and (ii) Meetfox will engage Sub-Processors pursuant to the requirements set forth in Section 7 “Sub-Processors” below. Meetfox may process Customer Data as a Controller in accordance with Meetfox’ privacy policy that Customer hereby acknowledges (https://meetfox.com/en/data-policy/) in order to manage the Customer’s account, provide billing, produce statistics, or defend its rights in court or in settlement.
3.2. Duration: Meetfox shall Process Customer Data throughout the duration of the term of the Terms or any renewal thereof. Upon termination of the Services by either party, Meetfox shall cease processing Customer Data. Meetfox may use Customer Data for the purpose of creating statistics and improving its products and services in an anonymized or aggregated manner or to comply with legal obligations applicable to Meetfox in its role as a hosting provider.
3.3. Nature of Processing: The nature of Meetfox’ Processing of Customer Data as Customer’s Processor is described in and governed by the Terms. The provision of the standard Services includes, without limitation, maintaining and improving the security of Meetfox’ platform, maintaining and improving the deliverability conditions of electronic communications, and developing the Meetfox product and user experience.
3.4. Purpose of Processing: The purpose of Meetfox’ Processing of Customer Data as Customer’s Processor is the provision of Meetfox’ standard Services to the Customer and the performance of Meetfox’ obligations to Customer and under applicable laws. In particular, Meetfox shall process Customer Data for the following purposes:
3.5. Categories of Data Subjects: Customer Contacts
3.6. Subject matter: The subject-matter of data Processed under this DPA is Customer Data as described in the Terms and this DPA.
3.7. Instructions: Meetfox shall Process, retain, use, store, or disclose Customer Data only according to written, documented instructions issued by Customer to Meetfox to perform a specific or general action with regard to Customer Data for the purpose of providing the services to Customer pursuant to the Terms (Customer’s “Instructions”). The parties agree that the Terms (including this DPA), together with Customer’s use of the Meetfox services in accordance with the Terms, constitute Customer’s complete and final Instructions to Meetfox in relation to the Processing of Customer Data. Meetfox shall inform Customer without delay if, in Meetfox’ opinion, an Instruction violates applicable Data Protection Laws or Meetfox is unable to follow an Instruction and, where necessary, cease all Processing until Customer issues new Instructions with which Meetfox is able to comply.
4. Customer Obligations
4.1. Customer Processing: Customer shall, in Customer’s use of the Services, Process Personal Data in accordance with the requirements of all applicable Data Protection Laws and Regulations. Customer represents and warrants that Customer has established a lawful basis to Process Personal Data, Customer’s use of the Meetfox services will not violate the rights of any Data Subject, and Customer has the right to transfer, or provide access to, the Personal Data to Meetfox for Processing in accordance with the terms of the Terms (including this DPA).
4.2. Customer Responsibilities: Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data. If Customer is established in a jurisdiction governed by Data Protection Law(s), or if its Distribution List contains Personal Data of citizens of one or more jurisdictions governed by Data Protection Law(s), Customer agrees that (i) it shall comply with its obligations as a Controller under applicable Data Protection Law in respect of its processing of Customer Data and any processing instructions it issues to Meetfox; and (ii) it has provided notice and obtained (or shall obtain) all consents from Data Subjects and rights necessary under Data Protection Laws for Meetfox to process Customer Data and provide the Services pursuant to the Terms and this DPA.
4.3. Data Retention: The Parties agree that Customer (including its Users), and not Meetfox, are responsible for managing the retention periods of Personal Data that they upload onto Meetfox’ Platform, and that it is incumbent on Customer to delete such Personal data as and when the applicable retention period expires. Meetfox is responsible only for deleting or anonymizing data at the end of its contractual relationship with Customer.
4.4. No Sensitive Personal Data: Customer undertakes not to include in the Distribution Lists uploaded onto the Platform any Personal Data known as “sensitive” within the meaning of Article 9 of the GDPR or as defined in Cal. Civ. Code § 1798.140(ae) of the CCPA or comparable U.S. Data Protection Laws.
4.5. Notice to Meetfox: Customer shall inform Meetfox without undue delay if Customer is not able to comply with Customer’s obligations under this DPA or any applicable Data Protection Laws. For the avoidance of doubt, Meetfox is not responsible for compliance with any Data Protection Laws applicable to Customer or Customer’s industry that are not generally applicable to Meetfox.
5. Meetfox’ Obligations
5.1. Meetfox Processing: Customer hereby appoints Meetfox to process Customer Data on Customer’s behalf for the purposes described in the Terms (including this DPA) and its privacy policy (https://meetfox.com/en/data-policy/). Meetfox shall Process Customer Data in accordance with Customer’s Instructions, as further specified in the Terms and this DPA. All Customer Data Processed under the Terms (including this DPA) will be stored, organized, and made available to Customer as the Controller. Meetfox shall appoint a Data Protection Officer: dpo@meetfox.com.
5.2. Register: Meetfox shall maintain a register with a list of the processing operations carried out on behalf of the Controller as required by applicable Data Protection Laws. Such register shall include all the information listed in Article 30 (2) of the GDPR.
5.3. Data Destruction or Export: Customer may, at any time during the performance of the Terms, (i) access or delete Customer Data processed by Meetfox directly via the Platform or (ii) retrieve the data that the Customer has uploaded on the Platform or reports relating to the data by clicking on the “export button” in Customer’s Meetfox account. Upon termination of the Terms, Meetfox shall, upon Customer’s request, destroy all Customer Data within three (3) months of termination. Upon request by Customer, Meetfox shall provide Customer with written confirmation of such destruction. Notwithstanding the foregoing, Meetfox reserves the right to retain Customer Data for longer periods where a longer retention period is required by applicable law.
5.4. Security: Meetfox undertakes to take all commercially reasonable and legally necessary precautions, in respect of the nature of Personal Data and the risks presented by the processing, to preserve the security of Personal Data and in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties. Meetfox shall implement and maintain appropriate technical and organizational security and confidentiality measures available on demand.
5.5. Confidentiality: Meetfox shall treat Customer Data as Confidential Information. Meetfox undertakes to ensure that only its employees authorized to process Personal Data for the purpose of performing the contract have access to it within the strict limits of what is necessary for the performance of their duties, and these employees undertake to respect the confidentiality of Personal Data.
5.6. Required Disclosure: If Meetfox is required by applicable law to disclose Customer Data for a purpose unrelated to the Terms, Meetfox will first inform Customer of the legal requirement and give Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice. Notwithstanding the foregoing, Meetfox shall have the right to collect and use Personal Data contained in Customer Data to investigate a use of the Meetfox services that is unlawful or violates the Terms, provide, and develop such services, respond to legal actions, or for administrative purposes such as accounting and compliance.
5.7. Data Breach: Meetfox shall notify Customer without undue delay at Customer’s email address on file or via Customer’s account on the Platform after becoming aware of a Data Breach occurring on Meetfox’ Platform or information systems, or information systems of a Meetfox Sub-Processor upon Meetfox becoming aware. Meetfox shall provide such notification in compliance with applicable Data Protection Laws and such notification shall include, at a minimum, the details listed in Article 33 (3) of the GDPR.
Meetfox shall make reasonable efforts to identify the cause of such Data Breach and take such steps as Meetfox deems necessary and reasonable to remediate the cause of such a Data Breach to the extent the remediation is within its reasonable control. At Customer’s reasonable request, and to the extent Meetfox is required to do so under applicable Data Protection Laws, Meetfox will promptly provide Customer with commercially reasonable assistance as necessary to enable Customer to meet Customer’s obligations under applicable Data Protection Laws to notify authorities and/or affected Data Subjects. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.
6. Assistance and Audit
6.1. Assistance: To the extent Customer is unable to independently access the relevant Customer Data via the Platform, upon written request by Customer and at Customer’s expense, Meetfox shall reasonably assist and cooperate with Customer to respond to a Data Subject request to exercise rights as required by applicable Data Protection Laws or a request from applicable data protection authorities relating to the processing of Personal Data under the Terms. If any such request is made directly to Meetfox, Meetfox shall not respond to such request directly without Customer’s prior authorization unless legally compelled to do so. If Meetfox is legally compelled to directly respond to such a request, Meetfox shall promptly notify Customer and provide Customer with a copy of the request unless legally prohibited from doing so. Meetfox may directly execute a data subject’s request if (i) the request is an automatic unsubscription or if (ii) the request refers to an unsolicited communication, a prohibited use of the Services or a potential breach of this Agreement by the Customer or one of Meetfox’ customers. In cases (i) and/or (ii), Meetfox will execute the request of the data subject without the prior approval of the Customer. In case (ii), Meetfox may suspend the possibility of sending any electronic communication to the domain of the person concerned.
6.2. Audit: Meetfox endeavors to provide Customer with all the information and documents necessary for Customer to demonstrate its compliance with the obligations set out in this DPA. Meetfox undertakes to accede to all reasonable requests made by Customer to verify that Meetfox complied with the contractual obligations imposed by this DPA. If Customer requires further documentation related to this DPA, upon Customer’s written request and at reasonable intervals and Customer’s sole expense, and subject to the confidentiality obligations set forth in the Terms, Meetfox shall make available to Customer documentation regarding Meetfox compliance with the obligations set forth in this DPA in the form of a copy of Meetfox’ then most recent third-party audits or certifications or comparable documentation as determined by Meetfox or, upon request by Customer, documentation of a Sub-Processor’s compliance with this DPA (collectively, “Audit Documentation”). Customer acknowledges that: (i) documentation of a Sub-Processor’s compliance shall be considered confidential and (ii) certain Sub-Processors may require Customer to execute a non-disclosure Terms with them to view Sub-Processor documentation.
6.3: Audit Limitations: The audits described in Section 6.2: (i) may not occur more than one (1) time per contract year; (ii) will be limited to Customer Data processing activities performed by Meetfox on behalf of the Customer; (iii) may not involve any on site investigation, except as mutually agreed in writing by the Meetfox and Customer; and (iv) available Audit Documentation shall be limited to the extent necessary for Meetfox to comply with the legal rights of Meetfox employees.
7. Sub-Processors
7.1. Authorized Sub-Processors: Customer is informed and expressly authorizes Meetfox to engage the Sub-Processors on the Sub-Processor List in Annex as of the Effective Date to Process Customer Data pursuant to the Terms (including this DPA). Meetfox has entered into a written Terms with each Sub-Processor containing data protection obligations not less protective than those in this DPA with respect to the protection of Customer Data to the extent applicable to the nature of the services provided by such Sub-Processor.
7.2. Sub-processor Obligations: Meetfox shall: (i) enter into a written Terms with each Sub-Processor imposing data protection terms that require the Sub-Processor to protect the Customer Data to the standard required by Data Protection Laws; and (ii) remain responsible for Sub-Processor compliance with the obligations of this DPA and for any acts or omissions of the Sub-Processor that cause Meetfox to breach any of its obligations under this DPA.
7.3. Changes to Sub-Processor: Meetfox shall provide notification to Customer by email or through Customer’s account on the Platform of any new Sub-Processors before authorizing such new Sub-processor(s) to Process Customer Data. Customer will have the possibility, in the event of an objection that is justified by a violation of EU Data Protection Law, to terminate the Terms during thirty (30) days following the email or notification.
8. U.S. Data Subjects
8.1. Definitions: This Section 8 applies to the extent that Meetfox processes Personal Data on Customer’s behalf that is subject to the protections of the CCPA or comparable U.S. state consumer privacy law (“Personal Information”). For the purposes of this section: (i) “Business”, “Service Provider”, “Sell”, and “Share” shall have the meanings given to them in the CCPA or other applicable U.S. state Data Protection Law and (ii) “Controller” is replaced with “Business”, “Processor” is replaced with “Service Provider”, and “Personal Data” is replaced with “Personal Information” throughout this DPA to the extent necessary for alignment with applicable Data Protection Laws.
8.2. Responsibilities: The Parties agree that Meetfox will process Personal Information contained in Customer Data as Customer’s Service Provider in accordance with the CCPA or other applicable U.S. Data Protection Laws strictly for the business purpose of performing the Services under the Terms. Meetfox shall not (i) Sell Personal Information contained in Customer Data; (ii) Share Personal Information contained in Customer Data with third parties for cross-contextual behavioral advertising purposes; (iii) retain, use, or disclose Personal Information contained in Customer Data for a commercial purpose other than for such business purpose or as otherwise permitted by applicable U.S. Data Protection Laws; or (iv) retain, use, or disclose Personal Information contained in Customer Data outside of the direct business relationship between Customer and Meetfox. Customer agrees that Customer is solely liable for Customer’s compliance with applicable Data Protection Laws in Customer’s use of Meetfox services.
8.3. Certification: Meetfox certifies that it understands and will comply with the restrictions of Section 8.2.
8.4. No Sale of Personal Information: The parties agree that Customer does not sell Personal Information to Meetfox because, as a Service Provider, Meetfox may only use Personal Information contained in Customer Data for the purposes of providing the Services to Customer.
9. International Transfers
The Services may at times require the Processing of Customer Data outside the EEA where Meetfox, its Affiliates or its Sub-processors maintain operations. Meetfox shall at all times provide an adequate level of protection of the Customer Data processed, in accordance with the requirements of applicable Data Protection Laws, including Standard Contractual Clauses and supplementary measures. Meetfox reserves the right to rely on the EU-US Data Privacy Framework for transfers to the US, as long as this framework remains valid.
ANNEX: List of Sub-Processors
The following Sub-processors are necessary for Meetfox to provide the Services.
You can reach us under the following contact details:
Coachfox GmbH
Strehlgasse 18/7, 1190 Vienna, Austria
Commercial register number: 464148x
Commercial Court Vienna
Telephone: +43 664 22 606 17 or +1 917 266 8491
E-Mail: office@meetfox.com
Privacy Policy: https://meetfox.com/en/data-policy/
UID number: ATU72275637