Updated: May 22, 2018
This Privacy Notice (“Privacy Notice“) describes the privacy practices of Klaviyo Inc. and its subsidiaries and affiliates (collectively, “Klaviyo” or “us” or “we“).
Klaviyo provides marketing technology services to other businesses – our clients. To take advantage of our services, our clients share with us information about their individual consumers, including contact details and shopping histories. We analyze that information and develop and send communications to the consumers only at the direction of the client who provided the information, and only on that client’s behalf. We may also collect personal data for our own business purposes in connection with our business, such as business contact details of potential customers or job applicants’ resumes. We do not collect employee or HR related data in the EU or Switzerland, or transfer such information either into or out of the EU or Switzerland.
This Privacy Notice applies to:
- The klaviyo.com website and any other websites or online services controlled by us and which display this Privacy Notice, and
- Marketing technology services that we provide to our clients.
Click on the links below to jump to sections of the Privacy Notice:
- Information We Collect
- Information We Collect for Klaviyo’s Own Business Purposes
- Information We Collect from or on Behalf of Our Clients
- Cookies and Other Information Collected by Automated Means
- Automated Data Collection for Klaviyo’s Own Business Purposes
- Automated Data Collection on Behalf of Our Clients
- Our Use of Personal Information
- Our Use of Personal Information for Klaviyo’s Own Business Purposes
- Our Use of Personal Information on Behalf of our Clients
- Information We Share
- Privacy Preferences, Rights, And Choices
- International Data Transfers
- EU-US Privacy Shield & Swiss-US Privacy Shield Certifications
- How We Protect Information
- Links To Websites And Third Party Content
- Changes To Our Privacy Notice
- Data Retention
- California Privacy Rights
- How To Contact Us
INFORMATION WE COLLECT
We may collect information about individuals who interact with Klaviyo when using our website or services (such as employees of our clients), job applicants, and other individuals.
We may collect information:
- Directly from individuals
- From third party vendors, data brokers, or business partners
- From recruiters
Types of information we collect
The types of information we collect include:
- Personal and business contact information (such as name, business name, address, telephone number, email address, and mailing address)
- Payment information (such as credit card or other financial account numbers)
- We do not collect employee or HR related data in the EU or Switzerland, or transfer such information either into or out of the EU or Switzerland.
Information We Collect from or on Behalf of Our Clients
We may collect information about individual consumers from our clients or – at clients’ request– from their service providers. Our clients determine the scope of the information transferred to us, and the information we receive may vary by client. Typically, we may collect clients’ consumers’ contact details and demographic data, shopping histories, and details about consumers’ interactions with marketing communications.
We, our service providers, and our business partners, may collect certain information about the use of our websites by automated means, such as cookies, web beacons and other technologies. Likewise, as part of our services, we may offer our clients the ability to install these types of technologies on their websites or in the emails they send to their customers; and if a client does so, we collect information on its behalf. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server. We and our service providers and business partners may collect information about your online activities over time and across third-party websites when you use our websites and mobile applications.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please see the “Privacy Preferences, Rights and Choices” section below for information about how you may opt out of, or limit the use of, your browsing behavior for online behavioral advertising purposes.
The information we collect by automated means varies based on whether we are collecting information for our own business purposes or whether we are collecting information from or on behalf of our customers to provide our services.
Automated Data Collection for Klaviyo’s Own Business Purposes
The information collected by automated means for our own business purposes includes:
- Details about the devices that are used to access our websites (such as the IP address, and type of operating system and web browser)
- Dates and times of visits to, and use of, our websites
- Information about how our websites are used (such as the content that is viewed on our websites and how users navigate between our webpages, and the date and time of access)
- Details about how individuals interact with our emails (such as whether the email is opened and which links are clicked in the email)
- URLs that refer visitors to our websites
- Search terms used to reach our websites
Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.
Automated Data Collection on Behalf of Our Clients
The information collected by automated means on behalf of our clients may include:
- Details about the devices that are used to access our clients’ websites (such as the IP address, and type of operating system and web browser)
- Dates and times of visits to, and use of, our clients’ websites
- Information about how our clients’ websites are used (such as the content that is viewed on our clients’ websites and how users navigate between webpages, and the date and time of access)
- Details about how individuals interact with our clients’ emails (such as whether the email is opened and which links are clicked in the email)
- URLs that refer visitors to our clients’ websites
- Search terms used to reach our clients’ websites
- Web browsers may offer users of our clients’ websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.
OUR USE OF PERSONAL INFORMATION
We may use personal information to:
- Provide our services to our clients
- Communicate about the products and services we offer, and respond to requests, inquiries, comments, and suggestions
- Analyze and enhance our communications and strategies (including by identifying when emails sent to you have been received and read)
- Operate, evaluate and improve our business, our websites, and other products and services we offer (including to develop new products and services)
- Invoice and collect payment for our services
- Establish and maintain an individual’s profile in our service
- Tailor the content we display in our communications, in our services and in mobile apps
- Administer surveys and other market research
- Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests)
- Protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide
- Process employment applications
- Monitor recruiting statistics, to inform our recruitment activities
We may aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.
Our Use of Personal Information on Behalf of our Clients
We use personal information we collect from or on behalf of our clients to provide services to our clients at their direction. We do not use this information for Klaviyo’s own purposes. We use personal information only as directed or authorized by our client. Typically, we are directed or authorized to use personal information collected on behalf of the client to:
- Help customize marketing strategy for our clients
- Personalize marketing content for our clients’ customers
- Target customers for our clients’ marketing campaigns
- Analyze and enhance our clients’ communications and strategies (including by identifying when emails sent to you have been received and read)
- Analyze results from marketing campaigns for our clients
We may share personal information for the purposes set out in this Privacy Notice with:
- Service providers that perform services on our behalf, such as technology providers (including providers of payment processing, technology support, web hosting, and email communications)
- Survey and market research providers
- Advertising and marketing partners
- Analytics organizations
Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will – where required by applicable law – make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Notice. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal information.
In addition, we may share your information to comply with legal and regulatory requirements, and protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities.
If you submit your information in connection with job opportunities at Klaviyo, we will use and disclose the information to process your application (including to contact you and/or your references and former employers if appropriate), to monitor recruitment statistics, and to comply with government reporting requirements. We also retain statistical information about applicants to help inform our recruitment activities. We will process this information based on our legitimate interest of evaluating job candidates or, when you provide us with sensitive information, based on your consent.
Individuals have certain rights and choices regarding Klaviyo’s processing of their personal information. Please note, however, that if the exercise of these rights limits our ability to process personal information, we may be precluded from providing our products or services to individuals who exercise these rights, or from otherwise engaging with such individuals going forward.
Individuals whose personal information Klaviyo processes on behalf of a client should contact that client to exercise the rights and choices described in this section.
We reserve the right to verify the identity of the individual in connection with any requests regarding personal information to help ensure that we provide the information to individuals to whom the information pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information.
For information about the rights and choices users have with respect to cookies and online tracking, please see the “Cookies and Other Information Collected by Automated Means” section of this Privacy Notice.
General Objections to the Processing of Personal Information
To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal information. We will apply your preferences going forward. In some circumstances, withdrawing your consent to Klaviyo’s use or disclosure of your personal information will mean that Klaviyo will not be able to provide products or services to you or to otherwise engage with you.
Access to Personal Information
You may request access to correct, amend, or delete the personal information that we maintain about you. If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business, in a commonly used format. You may request to correct any errors in your personal information. We may reject your request to access or correct your information, as permitted by applicable law. If we reject your request, we will notify you of the reasons for the rejection. If you wish to exercise this right please contact us here at email@example.com
We will also provide an EU or Swiss individuals with opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.
To limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
Portability of Personal Information
You may request that we transfer your personal information to another data controller. We may reject your request, as permitted by applicable law. If we reject your request, we will notify you of the reasons for the rejection.
Deletion of Personal Information
You may request that we delete your personal information. We may reject your request, as permitted by applicable law. If we reject your request, we will notify you of the reasons for the rejection.
You may unsubscribe from receiving marketing or other commercial emails from Klaviyo by following the instructions included in the email. However, even if you opt out of receiving such communications, we retain the right to send you non-marketing communications (such as information about changes to our website terms).
Online Behavioral Advertising
Some of the business partners that collect information about users’ activities on our websites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. For example, users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly-titled link). Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
We may transfer personal information to countries other than the country in which the data was originally collected for the purposes described in this Privacy Notice. For example, if you are located outside of the United States, we typically transfer your personal information to the United States, where Klaviyo is headquartered. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the information.
Klaviyo participates in the EU-US Privacy Shield framework and Swiss-U.S. Privacy Shield framework.
In particular, if Klaviyo transfers to its service providers any personal information that Klaviyo received in reliance on its Privacy Shield certification, Klaviyo is responsible for the third parties’ processing of that personal information, unless Klaviyo proves that it is not responsible for the event giving rise to the damage. Please be aware that Klaviyo may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Klaviyo is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Klaviyo has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
As further explained in the Privacy Shield Principles more fully described here, you may be entitled to invoke binding arbitration pertaining to certain residual complaints that have not been resolved by any other means.
We maintain reasonable administrative, technical, and physical safeguards designed to protect the personal information we maintain against accidental, unlawful, or unauthorized access, disclosure, alteration, use, loss, or destruction. However, we cannot guarantee that the safeguards we maintain will ensure the security of the personal information.
We may provide links to websites and other third-party content that is not owned or operated by Klaviyo. The websites and third-party content to which we link may have separate privacy notices or policies. Klaviyo is not responsible for the privacy practices of any entity that it does not own or control.
Klaviyo reserves the right to change this Privacy Notice at any time. When we update this Privacy Notice, we will notify you of changes that are deemed material under applicable legal requirements by updating the date of this Privacy Notice and providing other notification as required by applicable law. We may also notify you of changes to the Privacy Notice in other ways, such as via email or other contact information you have provided.
We will retain personal information only for as long as necessary to fulfill the purpose(s) for which the information was collected, depending on the purpose(s) for which the information was collected, the nature of the information, any contractual relationship that may govern the retention of the data, and our legal or regulatory obligations. We will then destroy the personal information or anonymize the information, in accordance with applicable law.
California law permits visitors who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at email@example.com.
You may contact us with questions, comments, or complaints about this Privacy Notice or our privacy practices, or if you wish to access, delete or correct you information, by emailing firstname.lastname@example.org.
If you are a resident within the European Economic Area, you also have the right to file a complaint with the supervisory authority of your member state.