Privacy Policy

This Privacy Policy describes how Scoro (the “Operator”, we”, or us”) processes the personal data of the representatives of its Clients, and any other data subjects (“you”) in relation to their use of the Scoro Platform and Services.

If you are located in Canada or the United States, please see the paragraph Canada and the United States below.  

Personal data should be understood as any information relating to an identified or identifiable natural person (data subject). Personal data should also be understood to be synonymous with definitions of personal information in applicable legal jurisdictions.

This Privacy Policy applies if you use, have used, or have expressed an intention to use the Scoro Platform and Services, including in the trial version or a product demo. This Privacy Policy also applies to our Marketing Leads (as defined below). In the described cases, we act as a data controller as regards your personal data and are responsible for the processing thereof.

This Privacy Policy does not apply, however, to the personal data of the Users, as well as the personal data processed in the Contents by our Clients on the Scoro Platform and in using the Scoro Services. In such a case, the Client acts as a data controller as regards such personal data and is responsible for the processing thereof. We process such personal data on behalf of the Client and act as a data processor (see Appendix 1 to our Terms of Use).

Main definitions

Client: A person operating in the economic and professional activity who has entered into the Contract with us.

Contract: An agreement for the use of the Platform and the Services concluded between Scoro and the Client.

Marketing Lead: You are a Marketing Lead if have requested or agreed to have or had a demo; accessed gated content, tools or other gated materials; taken part in or registered at events organized, featured, supported or sponsored by us; you have shared your business contacts physically or digitally with us yourself; you have demonstrated interest in our Platform and / or Services; if we have reached out to you by ourselves under our legitimate interest; we have separately notified you that we process your data as a Marketing Lead; or if you are a representative of a company that is a Marketing Lead.

Platform: Scoro Software-as-a-Service. See more details about the definitions of a Platform in our Terms of Use.

Scoro: Scoro Software OÜ, registry code 10806081, address Endla 15, Tallinn, Estonia, European Union

Services: The services (including Onboarding Service, Support Service, Unstandardized Configuration Service as defined in Terms of Use, and other services) provided by us to the Client under the Contract.

Terms of Use: The standard terms of use of the Platform and the Services.

Web Site: A collection of all domains (e.g. scoro.com, scoro.co.uk, and other websites with the domain name “scoro” registered under various top-level domains) and the web documents available via their subdomains (including pictures, videos, PHP and HTML files) that belong to us.

We do not process any special categories of personal data. As the Scoro Platform and Services are not available for persons under 18 years old as by our Terms of Use, we do not process any personal data of persons under 18 years old.

Personal data we process and where it is collected from

Identification data (name, date of birth, picture).

Sources of collection of data: we get the data from you when you as your company’s representative sign up for our Platform and Services. We may get the data also from public sources, including by automated means, or from a third party (e.g. when a third-party payment service provider confirms whether your payment was successful or not; when we receive your data from a third-party data intermediary) where relevant and necessary.

Contact data (work address, work phone number, work email address).

Sources of collection of data: we get the data from you when you as your company’s representative sign up for our Platform and Services. We may get the data also from public sources, including by automated means, or from a third party (e.g. when a third-party payment service provider confirms whether your payment was successful or not; when we receive your data from a third-party data intermediary) where relevant and necessary.

Employment data (name of the company you represent, your position within the company).

Sources of collection of data: we get the data from you when you as your company’s representative sign up for our Platform and Services. We may get the data also from public sources, including by automated means, or from a third party (e.g. when a third-party payment service provider confirms whether your payment was successful or not; when we receive your data from a third-party data intermediary) where relevant and necessary.

Communications data (emails, messages sent to us).

Sources of collection of data: we get the data from you when you as your company’s representative reach out to us.

Data related to the use of the Scoro Platform and the Services (this includes the data which is generated as a result of visiting and using our Web Site and the Platform (depending on the particular cookie, the data may include, e.g. online identifiers, such as cookie identifiers, IP addresses, device identifiers). Please see our cookie policy for more information.

Sources of collection of data: we get the data when you visit and use our Web Site and the Platform.

The lawful bases for processing (purpose of the personal data collection) 

Performance of contract

We process the personal data on this legal ground if it is necessary for the fulfillment of the contract or for taking measures prior to concluding such a contract based on your request.

Purposes of processing Categories of personal data
We process your personal data for the purpose of concluding and performing the Contract. This includes providing the Services (including Support Service, Client success Service, etc.) and contacting you otherwise as regards the Platform and the Services.  Identification data, contact data, employment data, communications data, data related to the use of the Scoro Platform and the Services.

Legitimate interests

In some cases, we rely on our legitimate interests when processing your personal data. You have the right to ask for clarifications regarding the processing based on the legitimate interests by sending the request to us as detailed below. You also have the right to send the objection, if you find that processing of your data for the purposes provided below prejudice your rights.

Purposes of processing Categories of personal data
Marketing of our Platform and Services to the Marketing Leads.

Considering that Scoro is a B2B Platform and we process data that is related to your economic activities and/or employment, we believe that your right to privacy does not override our legitimate interests. Should you wish that we would not process your personal data on that ground and for the aforementioned purposes, contact us at details below or opt-out by clicking on the opt-out link provided to you when we have reached out to you and provided the relevant link.

 

If you’re a Marketing Lead, we may process the following personal data: name, work email address, work phone number, location, IP address, employment data, communications data, data related to the use of the Scoro Platform and the Services.
Safeguarding our rights (establishing, exercising, and defending legal claims). This also includes retention of Contracts after the termination or expiry. Identification data, contact data, employment data, communications data, data related to the use of the Scoro Platform and the Services.
General business administration, i.e. answering the requests, general customer service, information exchange with potential customers (including chat conversations). Identification data, contact data, employment data, communications data, data related to the use of the Scoro Platform and the Services.
Provision of core services of the Web Site and the Platform (the data is processed via technical cookies which are necessary to provide the services online). Data related to the use of the Scoro Platform and the Services.
If you publicly or via the Platform have given feedback concerning our Platform or Services, we may process this information and your personal data for quality assurance, customer success, bettering your experience and referral purposes, and share this within your organization. Identification data (name), contact data, employment data.
Recording of communication between you and us (including video calls, telephone calls, and your requests for support call-backs) to check for mistakes, train staff, for quality assurance, and to prevent, detect, investigate, prosecute fraud. Identification data (name), contact data, employment data, communications data, voice or video recording.
Development and improvement of services provided by us on the Web Site and the Platform. For this purpose, we process your Web Site and Platform visit data via analytical cookies.

We retain and evaluate information on your recent visits to the Web Site and the Platform for analytics purposes so that we can improve the functionality of the Web Site and the Platform and make it more user-friendly. 

For marketing purposes, we also collect and process the Web Site and the Platform visit data via cookies to provide you with personalized offers based on your browsing history.

Data related to the use of the Scoro Platform and the Services.
Intra-group data transfers. Since we have several group companies that are interconnected, we may share your personal data among these companies. Identification data, contact data, employment data, communications data, data related to the use of the Scoro Platform and the Services.
Know-your-customer (KYC) checks to identify and verify your identity as a representative of the Client upon entry into the Contract. Identification data and your identification document (passport, ID card), photo, video recording, contact data, employment data, communications data, personal data found in social media (e.g. LinkedIn, Facebook).

Consent

We may also process your personal data on the basis of your consent (e.g. for some marketing purposes). When processing is based on consent, you can withdraw consent by contacting us at the details below or opt-outing by clicking on the opt-out link provided to you when we have reached out to you and provided the relevant link. As for cookies, you always have the right to withdraw the consent by changing your preferences via our Website. Withdrawal of the consent does not affect the legality of the processing of your personal data prior to withdrawal.

Purposes of processing Categories of personal data
Direct marketing Identification data (name), contact data, employment data.
If you have not publicly given feedback concerning our Platform or Services, we may process this information and your personal data based on your prior consent for quality assurance, customer success, bettering your experience and referral purposes, and share this within your organization. Feedback concerning Platform or Services, identification data (name), employment data.

Legal obligation

We process personal data on this legal ground if the legal obligation for processing arises from the law.

Purposes of processing Categories of personal data
Bookkeeping (including storage of accounting source documents). Identification data, contact data, employment data.
Notification of and response to the information requests of public authorities and government institutions. Identification data, contact data, employment data, communications data, data related to the use of the Scoro Platform and the Services.

Recipients of personal data 

We share personal data for the purposes set out in this Privacy Policy and with the following categories of recipients:

  • Scoro Software group. We may share your personal data amongst the companies within the Scoro Software group of companies.
  • Your organization and contacts. We may share your personal data with your organization (the Client) and others with whom you have a relationship in order to fulfill or perform a contract or other legal obligation, including with our Client that arranges access to our Platform and Services for you and pays us in connection with your access. We may also share your personal data with your contacts if you are in the same organization or to facilitate the exchange of information between you and the contact(s).
  • Business partners. We may share your personal data with our business partners to jointly offer, provide, deliver, analyze, administer, improve, and personalize the Platform or Services or host events. We may also pass certain requests from you or your organization to these business providers.
  • Third-party service providers. We may share your personal data with our third-party service providers (e.g. software providers with whom your site has an Integration) to perform tasks on our behalf and to assist us in offering, providing, delivering, analyzing, administering, improving, and personalizing our Services. For example, service providers who assist us in performing, delivering or enhancing the Platform or Services related to our delivery and operation of our Platform and Services, who provide support on our behalf, who provide application or software development and quality assurance, who provide tracking and reporting functions, research on user demographics, interests, and behavior, and other products or services. These third-party service providers may also collect personal data about or from you in performing their services and/or functions on our Platform and Services. We may also pass certain requests from you or your organization to these third-party service providers.
  • Advertisers. We may share your personal data with advertisers, advertising exchanges, and marketing agencies that we engage for advertising services, to deliver advertising on our Platform and Services, and to assist us in advertising our brand and products and services. Those advertising services may also target advertisements on third-party websites based on cookies or other information indicating previous interaction with us and/or our Services.
  • In the event of merger, sale, or change of control of Scoro Software. We may transfer this Privacy Policy and your personal data to a third-party entity that acquires or is merged with us as part of a merger, acquisition, sale, or other change of control.

Other disclosures. We may disclose your personal data to third parties if we reasonably believe that disclosure of such data is helpful or reasonably necessary to comply with any applicable law or regulation, to comply with or respond to a legal process or law enforcement or governmental request, to enforce our terms and conditions or other rights (including investigations of potential violations of our rights), to detect, prevent, or address fraud or security issues, or to protect against harm to the rights, property, or safety of Scoro Software, our users, or the public.

Transferring personal data outside the EU

If you are located in the EU, then please note that we or our data processors may transfer (including store) your personal data outside the EU, e.g. the US. If you are located in Australia and Oceania or Asia-Pacific, then we may store your personal data also in Australia. If you are located in Canada or the United States, we may store your personal data in Canada, the United States, or in the EU.

However, we only transfer and store your personal data outside the EU where we have a lawful basis to do so, including to a recipient who is: (i) in a country which provides an adequate level of protection for personal data; or (ii) under appropriate safeguards which cover the EU requirements for the transfer of personal data outside the EU.

Should you require more detailed information as regards transferring your personal data outside the EU (e.g. the names of the recipients and the safeguards for any such transfer), please contact us on the contact details below.

Security

We take appropriate technical and organizational security measures in protecting your personal data, taking into account (i) the state of the art, (ii) costs of implementation, (iii) nature, scope context, and purposes of the processing, and (iv) risks posed to you. Such security measures include, but are not limited to, encrypted storage and access controls. See our Security Overview.

Data retention

We retain your personal data for as long as necessary for the purposes they were collected for, as long as necessary to safeguard our rights, or as long as required by the applicable law. Please note that if the same personal data is processed for several purposes, the personal data will be retained for the longest retention period applicable.

If you’re a Marketing Lead we retain your personal data for 1 year from after your trial period expired or from when you had the demo or from when the personal data was collected or when you last showed interest in subscribing to the Platform or Services, whichever is the latest, for our marketing purposes based on our legitimate interests (see above).

If you are or have been a paying Client, the representative thereof, we retain your personal data as follows:

  • in accordance with Estonian accounting and taxation laws, billing information is retained for a period of 7 years as of the end of the relevant financial year;
  • in accordance with the maximum limitation period for claims arising from a transaction if the obligated person intentionally violated the person’s obligations and for claims arising from the applicable law (Estonian law), we shall retain any personal data related to such claims for a maximum of 3 to up to 10 years from the date when the claim falls due.

Your rights

To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights include the following:

  • Right of access to your data: you have the right to know, whether personal data concerning you are being processed or not, what is the purpose of processing and what are the categories of personal data. Besides, to whom the data is disclosed (especially the recipients in third countries), for how long the data is retained, and what are your rights concerning rectification, erasure, and restriction of the processing.
  • Right of rectification: you have the right to demand rectification of the personal data concerning you if the data are inaccurate or incomplete.
  • Right of erasure: in some cases, you have the right to demand erasure of the personal data concerning you, for example in case you withdraw your consent and there are no other legal grounds for the processing of the data.
  • Right to restrict the processing: in some cases, you have the right to restrict the processing of the personal data concerning you for a certain time (e.g. if you have objected to the processing of personal data).
  • Right to object: you have the right to object to the processing of personal data, which is processed based on legitimate interest, including profiling. Upon objection, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.
  • Right to data portability: if the processing of your personal data is based on your consent or the contract with us and the data processing is carried out by automated means, then you have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to claim to transmit those data to another service provider if it is technically possible.

Should you believe that your rights have been violated, you have the right to lodge a complaint with the Data Protection Inspectorate (Andmekaitse Inspektsioon) or the court. To exercise your rights, please contact us at the contact details below. Please note that you can exercise some rights (e.g. review and update your personal data) already by logging into the Scoro Platform.

Canada and the United States

If you are located in Canada or the United States under the interpretations of laws of Canada or the United States, by clicking the “I have familiarized myself with the Privacy Policy” button or by using the Scoro Platform and Services, you are agreeing to be bound by this Privacy Policy and you hereby consent to the collection of your personal data as described in this Privacy Policy. California do not track disclosure

Do Not Track (“DNT”) is a web or device setting that allows you to request that receivers of personal data stop their tracking activities.  When you choose to turn on the DNT setting in your browser or Device or use alternative consumer choice mechanisms, your browser or Device sends a special signal to websites, analytics companies, advertising networks, plug-in providers, and other web services you encounter to stop tracking your activity.  Currently, there are no DNT technology standards and, as a result, we do not respond to DNT requests.

If you are a California resident, California Civil Code Section 1798.83 grants you the right to request Scoro’s disclosure of the categories of personal data we provided to third parties, and the names and addresses of these third parties, for direct marketing purposes during the preceding calendar year.  If you are a California resident and would like to make a request for the personal data described above, please contact us at privacy@scoro.com or:

Scoro Software OÜ

Registry code: 10806081

Address: Endla 15, Tallinn, Estonia, European Union

Please note that you may only make this request once per year.

Your California privacy rights

If you are a California resident, California Civil Code Section 1798.120 permits you to opt out of the sale of your personal data to third parties.  Currently, Scoro does not sell your personal data to third parties but we do share your personal data with third parties who collect your personal data on our behalf.  In such cases, although Scoro does provide a general opt-out right to all of our users, you can go to the third-party Privacy Policy’s here, to opt-out of such data practice.  Furthermore, as Scoro already complies with Canadian and EU privacy laws, the rights offered by law to California residents are already provided for in our Privacy Policy and no California resident-specific procedures are necessary.  If you have any other questions about our privacy practices, please email us at privacy@scoro.com.

Amending this privacy policy

Should our personal data processing practices change or should there be a need to amend the Privacy Policy under the applicable data protection regulations, other applicable legal acts, case-law, or guidelines issued by competent authorities, we are entitled to unilaterally amend this Privacy Policy at any time. In such a case, we will notify you by email reasonably prior to the amendments entering into force.

Contact

In case you have any questions regarding the processing of your personal data by us or you would like to exercise your rights as a data subject, please contact our data protection officer by email at privacy@scoro.com.

In case you would like to file a complaint with the Data Protection Inspectorate, the contact details are available at www.aki.ee.

Versions

This Privacy Policy is valid from 01.03.2022. In case this Privacy Policy has been confirmed by you on another date, this Privacy Policy shall be deemed to be communicated to you from the date of such confirmation.

The expired Privacy Policy from 28.05.2018 to 28.02.2022 is available here.