Privacy Policy
Last Updated: April 24, 2026
This Privacy Policy is issued by ShareCRM. In this Privacy Policy, “ShareCRM”, “we”, “us” or “our” refers to the applicable ShareCRM entity or entities listed in the “ShareCRM Group Entities Details” section below, depending on the product or service you use and your location.
ShareCRM’s Privacy Commitment
ShareCRM is committed to handling personal information in a responsible and transparent manner. We aim to collect and use personal information in a way that is appropriate, relevant, and limited to what is reasonably necessary for legitimate business purposes or specific transactions.
This Privacy Policy explains what information we collect, how we use it, and the choices available to you. While this policy is necessarily detailed to address different scenarios and legal requirements, we strive to present the information in a clear and accessible manner.
Scope of this Privacy Policy
This Privacy Policy applies to the ShareCRM Platform where this Privacy Policy is made available to users. This includes ShareCRM websites and, where applicable, ShareCRM mobile applications for Android and iOS, as well as related online platforms through which ShareCRM provides account access, business communications, and product information, unless a separate privacy policy applies.
For the purposes of this Privacy Policy, “ShareCRM Platform” refers to the ShareCRM websites, including the international website located at https://www.sharecrm.com, and any ShareCRM-operated mobile applications for Android and iOS and related online platforms through which ShareCRM provides account access, business communications, and product information.
This Privacy Policy is divided into three parts:
Part I – Personal Data that ShareCRM Collects and Controls (Controller Data)
This part explains how ShareCRM collects, uses, and manages personal data where ShareCRM acts as a data controller, including information related to website visitors, prospective customers, business contacts, and users who interact with ShareCRM through our websites, products, services, marketing activities, or communications in a business-to-business context.
Part II – Personal Data that ShareCRM Processes on Your Behalf (Processor Data)
This part explains how ShareCRM processes personal data on behalf of its customers when providing our products and services, including data submitted, stored, or transmitted by users or end users through the use of ShareCRM’s services, as well as personal data shared with us in connection with customer support requests.
Part III – General Information
This part covers topics applicable to both Parts I and II, including ShareCRM’s data security practices, international data transfers, data retention, user rights, and how we will notify you of any changes to this Privacy Policy.
Part IV– Country-Specific Provisions
This part describes additional rights, obligations, and disclosures that apply only to users located in certain countries or regions, as required by applicable data protection and privacy laws. Where local laws impose different or additional requirements, those provisions supplement or prevail over the general terms of this Privacy Policy for users in the relevant jurisdictions.
Part I – Person Data that ShareCRM Collects and Controls (Controller Data)
What Personal Data ShareCRM Collects
ShareCRM collects personal data only where it is necessary for legitimate business purposes. ShareCRM may collect personal data if (a) you voluntarily provide such information to us, (b) such information is automatically collected when you interact with our websites or services, or (c) such information is obtained from third parties in accordance with applicable law. The specific categories of personal data collected depend on the context of your interactions with ShareCRM, as described below.
Information That You Provide to Us
1. Account Login
When you log in to the ShareCRM Platform, we collect the information necessary to authenticate you and grant access to your enterprise account. Depending on the login method you choose, this may include your mobile phone number, email address, account password or other authentication credentials, enterprise account identifier, account credentials provided through a QR code scan using the ShareCRM mobile application, or authentication information provided through third-party login services such as DingTalk or Cloud-hub.
Where you choose to log in using a third-party service, ShareCRM receives limited authentication information from the relevant third-party provider solely for the purpose of verifying your identity and enabling account access. ShareCRM does not access or store your third-party account passwords. All such information is used exclusively for account access and authentication purposes.
2. Contact Us Inquiries
When you submit a request through the “Contact Us” functionality on the ShareCRM Platform, we may collect personal data such as your email address, name, mobile phone number, job title, company name, company website, company size, and country or region. We use this information to contact you, understand your business needs, and assign appropriate sales or business representatives to respond to your inquiry.
3. Demo Requests
When you request a product demonstration through the “Book a Demo” functionality on the ShareCRM Platform, we may collect personal data such as your email address, name, mobile phone number, job title, company name, company website, company size, and country or region. This information is used to contact you regarding your request, assess your business requirements, and provide access to a suitable product trial or demonstration experience.
4. Event Registrations and Other Form Submissions
We collect information that you submit when you: (a) register for events hosted or sponsored by ShareCRM, including webinars or seminars; (b) subscribe to newsletters or other mailing lists; (c) submit forms to download product information, whitepapers, or other materials; (d) participate in surveys, promotions, or other marketing initiatives; (e) submit requests for customer support; or (f) request a free trial, pricing information, quotations, or otherwise contact ShareCRM for business-related purposes.
5. Testimonials
When you provide consent for ShareCRM to publish testimonials regarding our products or services, we may include your name, job title, company name, and other information you choose to provide. You will be given an opportunity to review and approve any testimonial prior to publication. If you wish to update or remove a testimonial, you may contact us at privacy@sharecrm.com.
6. Communications and Interactions with ShareCRM
We may record, monitor, analyze, and use communications and interactions with you, including email correspondence, telephone calls, and chat communications with our sales, marketing, or customer support personnel, for purposes such as providing services, improving customer experience, training, quality assurance, and compliance with applicable laws.
Information that We Collect Automatically
1. Information from Browsers, Devices, and Servers
When you access or use the ShareCRM Platform, we may automatically collect certain technical information that is made available by web browsers, devices, and servers. This information may include internet protocol (IP) address, browser type and version, language preferences, time zone, referring URLs, date and time of access, operating system, and device-related information. We use such information to maintain the security of the ShareCRM Platform, diagnose technical issues, and understand how users access and use our Platform.
2. Information from Cookies and Similar Technologies
We use cookies and similar technologies that are necessary to operate and provide the ShareCRM Platform, enhance functionality, and improve user experience. These technologies may be used to remember user preferences, enable essential features, and support security and authentication.
ShareCRM primarily uses first-party cookies and does not use third-party cookies or similar technologies for non-essential or intrusive tracking purposes on the ShareCRM Platform. Where required by applicable law, users may manage cookie preferences through available settings or mechanisms provided on the Platform.
3. Information from Application Logs and Usage Analytics
We may collect information about your use of the ShareCRM Platform through application logs and internal usage analytics tools. This information may include interaction data such as pages or features accessed, access times and frequency, error logs, performance metrics, and configuration or preference settings. Such information is processed by ShareCRM as a data controller for purposes of operating, securing, maintaining, and improving the ShareCRM Platform and its functionalities.
Where ShareCRM provides mobile applications for Android or iOS, personal data collected by the mobile applications for platform operation, security, and analytics purposes is generally consistent with the practices described above, and may include limited device-related information, application usage data, or log information necessary for the operation of the mobile applications.
Personal data processed through mobile application features on behalf of enterprise customers, including data generated or submitted by users in the course of using specific functionalities, is processed by ShareCRM as a data processor and is described in the section titled “Information from Mobile Applications” and other relevant sections of this Privacy Policy. Such data is processed solely in accordance with the instructions of the relevant enterprise customer and applicable law.
Any additional collection or processing of personal data specific to mobile application functionalities will be disclosed at or before the point of collection and in accordance with applicable law.
4. Personalization and Recommendation Features
Where enabled, ShareCRM may use certain information to personalize and recommend content, features, or services that may be relevant to users within the ShareCRM Platform. Such information may include device identifiers, application and usage information, service interaction logs, and limited organizational profile information (such as department or role), as applicable.
Personalization and recommendation features are designed to enhance user experience and are implemented in accordance with applicable law. Where required, such processing is based on user or enterprise consent or other lawful bases permitted under applicable data protection laws.
Because end-user accounts and related data are managed by enterprise customers, the availability and configuration of personalization features may be controlled by the relevant enterprise administrator. Where applicable, users may manage or disable personalization settings through available platform controls or by contacting their enterprise administrator.
Information That We Collect from Third Parties
1. Login via Federated Authentication Service Providers
Where you choose to log in to the ShareCRM Platform using supported federated authentication or single sign-on (SSO) services, such as DingTalk or Cloud-hub, the relevant third-party provider will authenticate your identity and may share limited authentication-related information with ShareCRM. This information may include basic account identifiers such as your name, email address, or enterprise account information, as permitted by the third-party provider and subject to your settings with that service.
2. Information Provided by Business Partners
In certain business-to-business contexts, ShareCRM may receive limited business contact information about you from independent business partners, such as resellers or implementation partners, where you or your organization have expressed interest in ShareCRM products or services. These partners may share such information with ShareCRM in accordance with their own privacy practices and applicable law. The information received may include your name, business email address, company name, job title, and related business contact details, and is used only for business communications and service-related purposes.
3. Information from Events, Reviews, and Marketing Partners
Where ShareCRM sponsors or participates in business-related events, webinars, or similar activities, the event organizer may share limited business contact information with ShareCRM, such as your name, business email address, company name, and job title, where you have registered for or attended such events and where such sharing is permitted by applicable law.
ShareCRM may also receive limited information from review platforms or other third-party service providers for business-to-business marketing or customer engagement purposes, for example where you choose to submit feedback, reviews, or inquiries regarding ShareCRM products or services. Such information is used only for legitimate business purposes and in accordance with applicable law.
4. Information from Publicly Available Business Sources
To the extent permitted by applicable law, ShareCRM may collect limited business-related information from publicly available sources, such as corporate websites, professional directories, or public business profiles, where necessary to respond to business inquiries, maintain accurate business contact records, or engage in business communications.
ShareCRM does not actively collect personal data from social media platforms for profiling purposes. Where you choose to publicly interact with ShareCRM through social media or similar platforms, any information collected by ShareCRM will be limited to information you have made publicly available and will be used in accordance with this Privacy Policy and applicable law.
Purposes for Using Information
In addition to the purposes described elsewhere in this Privacy Policy, ShareCRM may use personal data for the following legitimate business purposes:
● To communicate with you regarding products or services you have requested, downloaded, or signed up for, as well as to provide important administrative communications, such as updates to this Privacy Policy, changes to the Terms of Service, or other service-related notices;
● Where permitted by applicable law, to provide information about new products and services, product updates, upcoming events, offers, promotions, or other business-related information that may be relevant to your organization;
● Where applicable, to invite you to participate in surveys or to request feedback regarding ShareCRM’s products or services, for purposes of product improvement and service evaluation;
● To set up, administer, and maintain user accounts and enterprise accounts, and to perform activities necessary to provide the ShareCRM Platform, such as enabling collaboration features, hosting services, and data backup and recovery;
● To understand how users access and use the ShareCRM Platform, to monitor performance, detect and prevent technical issues, and to improve the functionality, security, and reliability of our products and services;
● To provide customer support, respond to inquiries, and analyze and improve our interactions with customers and business users;
● To protect the security and integrity of the ShareCRM Platform, including detecting, preventing, and addressing fraud, abuse, unauthorized access, spam, and other illegal or harmful activities, and to protect the rights and interests of ShareCRM, its users, third parties, and the public;
● To analyze usage trends and administer the ShareCRM Platform in order to better understand user needs and improve overall user experience;
● Where applicable, to evaluate, monitor, and improve ShareCRM’s marketing activities and business communications, including assessing the effectiveness of outreach efforts, in a manner consistent with this Privacy Policy and applicable law.
Legal Basis for Processing (EEA and United Kingdom)
If you are located in the European Economic Area (EEA) or the United Kingdom, ShareCRM processes personal data only where we have a valid legal basis under applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the UK GDPR. Depending on the context and purpose of processing, our legal bases may include:
● Performance of a contract: where processing is necessary to provide the ShareCRM Platform, administer user accounts, authenticate access, or perform obligations under a contract with you or your organization;
● Legitimate interests: where processing is necessary for ShareCRM’s legitimate business interests or those of a third party, such as operating and improving the ShareCRM Platform, ensuring security, preventing fraud, responding to business inquiries, and communicating with customers, provided that such interests are not overridden by your fundamental rights and freedoms;
● Consent: where we rely on your consent for specific processing activities, such as where required by applicable law for certain communications or optional features;
● Legal obligation: where processing is necessary to comply with applicable legal or regulatory requirements.
In limited circumstances, ShareCRM may also process personal data where necessary to protect vital interests or for reasons of substantial public interest, in accordance with applicable law.
Withdrawal of Consent
Where ShareCRM relies on your consent as the legal basis for processing, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.
Legitimate Interests Notice
Where ShareCRM relies on legitimate interests as the legal basis for processing and such interests are not specifically described above, ShareCRM will identify and explain those legitimate interests at or before the time personal data is collected, as required by applicable law.
Your Choices Regarding the Use of Your Information
1. Opting Out of Non-Essential Communications
You may opt out of receiving non-essential marketing or promotional communications from ShareCRM at any time by following the unsubscribe instructions included in such communications or by contacting us at privacy@sharecrm.com. Please note that even if you opt out of non-essential communications, ShareCRM may continue to send you essential administrative or service-related communications, such as account notifications, security alerts, privacy updates, or other communications necessary to provide and maintain the ShareCRM Platform.
2. Preferences for Telephone Communications
Where permitted by applicable law, you may request that your contact information be added to ShareCRM’s internal do-not-contact list for marketing-related telephone communications by contacting us at privacy@sharecrm.com. You may also inform us during a telephone call that you do not wish to receive further marketing communications by phone. Such requests will be honored in accordance with applicable law.
3. Managing Cookies and Similar Technologies
You may manage or disable cookies through your browser settings or other available mechanisms. Please note that disabling certain cookies may affect the functionality or availability of some features of the ShareCRM Platform.
4. Providing Optional Information
You may choose not to provide optional personal data, such as profile photographs or other non-mandatory information. Where applicable, you may also update or delete optional information through your account settings or by contacting ShareCRM. Choosing not to provide optional information will not affect your ability to use essential features of the ShareCRM Platform.
Who We Share Personal Data With
ShareCRM does not sell personal data. We share personal data only as described in this Privacy Policy and only with recipients that are subject to appropriate confidentiality, data protection, and security obligations.
1. Employees and Independent Contractors
Authorized employees and independent contractors of ShareCRM may access personal data described in Part I on a need-to-know basis and solely for the purposes set out in this Privacy Policy. All such personnel are required to comply with applicable confidentiality and data protection obligations when processing personal data.
2. Third-Party Service Providers
ShareCRM may share personal data with third-party service providers that perform services on our behalf, such as marketing and advertising partners, event organizers, web analytics providers, hosting and infrastructure providers, authentication service providers, and other similar vendors. These service providers are authorized to process personal data only as necessary to provide services to ShareCRM, in accordance with ShareCRM’s instructions, this Privacy Policy, and applicable law, and are subject to appropriate confidentiality and security obligations.
3. Business Partners and Resellers
In a business-to-business context, ShareCRM may share limited business contact information with authorized business partners or reselling partners in your region, where necessary to respond to inquiries, provide requested information, or support the delivery of ShareCRM products or services. Such sharing is limited to the relevant business purposes described in this Privacy Policy.
4. Third-Party Applications and Integrations
Where you choose to use third-party applications, integrations, or services that interoperate with the ShareCRM Platform, personal data may be shared with the relevant third-party provider as necessary to enable such integration. The processing of personal data by such third parties is governed by their own privacy policies, and ShareCRM does not control how those third parties process personal data.
5. Legal, Compliance, and Business Transfers
ShareCRM may disclose personal data where required to comply with applicable law, legal process, or lawful requests from public authorities, or where necessary to protect the rights, property, or safety of ShareCRM, its users, or others. Personal data may also be disclosed in connection with a corporate transaction, such as a merger, acquisition, restructuring, or sale of assets, subject to appropriate safeguards.
Your Rights with Respect to Personal Data We Hold as a Data Controller
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights with respect to personal data that ShareCRM processes as a data controller, subject to applicable data protection laws. ShareCRM is committed to respecting individual rights and will honor such rights in accordance with applicable law.
1. Right of Access
You have the right to request access to the personal data that ShareCRM holds about you and, where applicable, to obtain a copy of such data. This includes information about the categories of personal data processed, the purposes of processing, the sources of the data, the period for which the data is retained, and the categories of recipients with whom the data is shared.
2. Right to Rectification
You have the right to request that ShareCRM correct or update inaccurate or incomplete personal data. Depending on the purposes for which the data is processed, you may also request that supplementary information be added to ensure the data is accurate and complete.
3. Right to Erasure
You have the right to request the deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, or where processing is based on consent and you have withdrawn that consent, subject to applicable legal obligations.
4. Right to Restriction of Processing
You have the right to request that ShareCRM restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or where you have objected to processing and ShareCRM is verifying whether it has overriding legitimate grounds to continue processing.
5. Right to Data Portability
Where applicable, you have the right to receive the personal data you have provided to ShareCRM in a structured, commonly used, and machine-readable format, and to request that such data be transmitted to another controller, where processing is based on consent or a contract and carried out by automated means.
6. Right to Object
You have the right to object to the processing of your personal data in certain circumstances, including where personal data is processed for direct marketing purposes or based on legitimate interests, subject to applicable law.
7. Right to Lodge a Complaint
You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that ShareCRM’s processing of your personal data infringes applicable data protection laws.
If you are located outside the EEA or the United Kingdom, the availability of this right may depend on the data protection laws applicable in your jurisdiction.
Retention of Personal Data
ShareCRM retains personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. In certain circumstances, personal data may be retained for longer periods where necessary to comply with legal, regulatory, tax, or accounting obligations, to establish, exercise, or defend legal claims, to enforce our agreements, to prevent fraud or abuse, or to maintain records of user preferences or suppression requests where required by law.
When personal data is no longer needed for the purposes for which it was collected and processed, ShareCRM will delete or anonymize such data from its active systems in accordance with applicable law. Where immediate deletion is not technically feasible, personal data will be securely stored, access-restricted, and isolated from further processing until deletion or anonymization is possible.
Part II –Personal Data that ShareCRM Processes on Your Behalf (Processor Data)
Information Entrusted to ShareCRM and Purposes of Processing
1. Information Provided in Connection with the Services
In the course of providing the ShareCRM Platform and related services, you or your organization (“you”) may entrust ShareCRM with personal data that you control. This may include personal data relating to your customers, employees, or other individuals, where you act as a data controller, or personal data that you process on behalf of another party for a specific business purpose, where you act as a data processor.
Such personal data (“Service Data”) is processed by ShareCRM solely on your documented instructions and only for the purposes of providing the ShareCRM Platform, performing related services, or responding to technical support or service requests. Service Data may be stored on ShareCRM’s systems when you use the services or may be transferred to ShareCRM on a temporary basis in connection with support, troubleshooting, or other service-related activities.
2. Information from Mobile Applications
When you use ShareCRM mobile applications, we may collect or access certain device information and personal data in connection with specific application features you choose to use. Such collection and use of information is based on your consent and is limited to what is necessary to enable and operate the relevant features and functionalities. Your authorization of these permissions is subject to your device’s settings, and you may modify or revoke such permissions at any time through your device controls. Refusal to grant certain permissions may limit the availability of specific features, but will not affect your ability to use other core functionalities of the Services.
(1) Camera-Related Features
● May process images or video content captured through your device’s camera when you scan QR codes, take photos or videos in real time, or otherwise use features that require image or video capture.
● If you use face-based features such as face recognition for attendance or verification, facial images and related facial feature data may be processed and stored solely for the purpose of providing that specific feature.
(2) Microphone-Related Features
● May process audio recordings captured through your device’s microphone when you record or send voice messages or use voice-related features.
● Where you enable speech-to-text functionality, audio content may be temporarily processed and converted into text.
(3) Photo Library and File Storage Access
● May access and process photos, videos, or files stored on your device when you select and send such content through the Services.
● Once such content is transmitted to ShareCRM servers at your request, it may be stored and retained for as long as necessary to provide the relevant Services and fulfill the purposes for which the content was submitted, including enabling access, sharing, or management through your account, until you delete such content or your account is otherwise terminated in accordance with applicable policies.
● If a transmission is cancelled or fails prior to completion, the relevant content will be promptly deleted.
(4) Device Sensor Data
● May process limited device sensor data, such as data from the accelerometer, gyroscope, proximity sensor, or similar sensors, to support device orientation detection, improve media playback experiences, determine whether a device is held in portrait or landscape orientation, or assist with certain interactive features.
(5) Location-Based Features
● Where you enable location-based features, may process limited location data, such as GPS coordinates or other location signals derived from your device, solely to provide the relevant location-based functionalities (for example, location sharing or check-in features).
(6) Contacts and Address Book Features
● Where you choose to add contacts by scanning QR codes, importing from your device’s address book, or exchanging digital business cards, the mobile application may request access to your device’s contacts for the purpose of reading or writing contact information.
● You may manage the visibility of your mobile phone number or contact details within your enterprise or to external contacts through available privacy and settings controls.
● Where enterprise connectivity or inter-company contact features are enabled by your organization, you may choose whether to disclose certain contact information, such as your phone number, to external contacts.
3. Information Processed Through the ShareCRM Platform
(1) Content Publishing and Interaction Features
● Where you publish, upload, or interact with content through features such as feeds, comments, logs, shared files, or sales records, the Services may process the content you submit, as well as associated profile information such as your avatar, display name, job title, department, or other information visible within your organization.
● Depending on the feature used, the Services may enable content creation or sharing through web or mobile interfaces.
● Where calling features are used through preconfigured actions, call-related metadata such as the call recipient, time, and duration may be recorded and associated with relevant business records.
● You acknowledge that content you publish may include personal data of yourself or others or confidential business information of third parties, and you are responsible for ensuring that all necessary consents and authorizations have been obtained.
(2) Calendar and Scheduling Features
● Where you use calendar or scheduling features, the Services may process event information you create or receive, such as event titles, dates, times, participants, and reminders.
● Where you choose to synchronize your ShareCRM calendar with your device’s native calendar, access to the device calendar is subject to your device permission settings.
● The Services may send system notifications or reminders related to upcoming events to support scheduling functionalities.
(3) Email Integration Features
● Where you choose to enable email integration features, you may be required to provide authentication credentials for a work email account in order to synchronize or back up emails received in that account.
● Emails processed through this feature may be stored for the period necessary to provide the functionality and are deleted in accordance with applicable retention policies.
● You acknowledge that email integration features are intended for enterprise and work-related communications and should not be used for personal email accounts.
Ownership and Control of Service Data
ShareCRM recognizes that you retain ownership and control of Service Data. Subject to the terms of applicable agreements, ShareCRM provides you with the ability to access, manage, share, export, or request deletion of Service Data through the ShareCRM Platform, including through supported integrations and available account or service features.
How ShareCRM Uses Service Data
ShareCRM processes Service Data solely in accordance with your documented instructions and for the purpose of providing, maintaining, and supporting the ShareCRM Platform and related services. Service Data is processed only as necessary to perform the services requested by you, including enabling platform functionalities, supporting integrations, and providing technical support or troubleshooting assistance.
Push Notifications
Where you have enabled notifications on ShareCRM desktop or mobile applications, ShareCRM may send service-related notifications through third-party push notification service providers, such as Apple Push Notification Service, Google Cloud Messaging, or Windows Push Notification Services. You may manage or disable push notifications at any time through the relevant application settings or your device settings.
Processing and Disclosure of Service Data
1. Sub-processors
In order to provide the ShareCRM Platform and related services, the relevant ShareCRM contracting entity may engage third-party sub-processors to process Service Data on ShareCRM’s behalf. Such sub-processors process Service Data only in accordance with ShareCRM’s documented instructions, applicable data protection laws, and contractual obligations that include appropriate confidentiality and security measures.
To the extent required under applicable data protection laws and regulations, ShareCRM makes available information regarding its sub-processors, including, where applicable, their identities, geographic locations, and the nature of the processing activities performed. Information regarding ShareCRM’s current sub-processors is provided through ShareCRM’s publicly accessible ShareCRM Sub-processor List (or such other URL as ShareCRM may designate from time to time).
ShareCRM will ensure that such sub-processor information remains reasonably accessible for informational purposes and is updated as appropriate to reflect material changes, in accordance with applicable law.
2. Personnel
Authorized employees and independent contractors of the ShareCRM group may process Service Data solely as necessary to provide, maintain, support, and secure the ShareCRM Platform, including responding to technical support requests or performing troubleshooting activities. Access to Service Data is limited to authorized individuals on a need-to-know basis and is subject to access controls, logging, and monitoring.
3. Customer-Directed Sharing and Collaboration
The ShareCRM Platform may allow you to share Service Data with other users or third parties at your direction, such as by enabling collaboration features or authorizing access for designated users. ShareCRM does not independently disclose Service Data to such recipients and acts only in accordance with your configuration and instructions.
4. Third-Party Integrations Enabled by You
Where you choose to enable integrations with third-party products or services, Service Data may be disclosed to such third parties solely at your direction and to the extent necessary to enable the integration. The processing of Service Data by third parties is governed by their own privacy policies, and ShareCRM does not control or assume responsibility for such third-party processing activities.
5. Legal and Regulatory Disclosures
ShareCRM may disclose Service Data where required to comply with applicable law, legal process, or lawful requests from public authorities, or to protect the rights, property, or safety of ShareCRM, its customers, or others, as described in Part III of this Privacy Policy.
Retention of information
ShareCRM retains personal data and service-related data associated with your account for as long as your account remains active or as otherwise necessary to provide the ShareCRM Services.
Where an account is suspended, deactivated, or terminated in accordance with the applicable user agreement, service terms, trial policies, or contractual arrangements, ShareCRM may retain the data associated with such account for a limited period to support account recovery, transition, dispute resolution, or compliance with applicable legal obligations.
Trial accounts. In the case of free trial accounts, where the Services are suspended or terminated in accordance with the applicable user agreement or trial rules (including, where applicable, due to prolonged inactivity), data associated with the account may be automatically deleted after a reasonable retention period following service suspension.
Paid accounts. In the case of paid accounts, service suspension or termination, if any, is handled in accordance with the relevant commercial agreement, including applicable sales contracts or renewal terms. Where service is suspended or terminated, ShareCRM may retain account data for a reasonable period thereafter before deletion, unless a longer retention period is required or permitted by applicable law.
Unless otherwise required by applicable law, regulatory obligations, or contractual arrangements, ShareCRM will take reasonable steps to delete or anonymize data from its active systems and backups following the expiration of the applicable retention period, as part of its routine system maintenance and data management processes.
Data subject requests
If you are located in the European Economic Area (EEA) and believe that ShareCRM processes your personal data on behalf of one of its customers, ShareCRM acts as a data processor with respect to such data. To exercise your rights to access, rectify, erase, restrict or object to processing, or to request data portability, you should contact the relevant customer, who is the data controller.
ShareCRM will provide reasonable assistance to its customers, as required by applicable law, to support their response to such data subject requests within an appropriate timeframe.
Part III – General Information
Children’s Personal Data
The ShareCRM Platform and related services are not directed to individuals under the age required by applicable law. ShareCRM does not knowingly collect personal data from children under the age required by applicable law for its own purposes. If ShareCRM becomes aware that it has collected personal data from a child under the age required by applicable law without appropriate authorization, ShareCRM will take reasonable steps to delete such information.
If you believe that a child under the age required by applicable law has provided personal data to ShareCRM, please contact us at privacy@sharecrm.com with relevant details, and we will investigate and take appropriate action in accordance with applicable law.
Please note that when you use the ShareCRM Platform as a customer, you may collect or process personal data relating to individuals who are children. In such cases, you acknowledge and agree that you are responsible, as the data controller, for ensuring compliance with applicable laws and regulations governing the protection of children’s personal data, including obtaining any required parental or guardian consent.
How We Protect the Security of Your Information
ShareCRM takes the security of personal data and Service Data seriously and implements appropriate administrative, technical, and organizational measures designed to protect information against unauthorized access, use, alteration, disclosure, or destruction, taking into account the nature of the data and the risks involved.
1. Security Measures as a Data Controller
When ShareCRM acts as a data controller, we implement security measures appropriate to the risks associated with the processing of personal data, including:
● Encryption and Data Protection: Data transmitted over public networks is protected using industry-standard transport layer security protocols (such as TLS 1.2 or TLS 1.3). Sensitive personal data is encrypted at rest using strong encryption algorithms (such as AES-256), where appropriate. Data masking, pseudonymization, or anonymization techniques may be applied to limit the use of plaintext personal data in non-business or non-production scenarios.
● Identity and Access Management: Access to personal data is restricted based on the principle of least privilege and implemented through role-based access controls (RBAC). Multi-factor authentication (MFA) is required for administrative and operational access to management systems, where appropriate, to reduce the risk of unauthorized access.
● Support for Data Subject Rights: ShareCRM maintains technical and organizational processes to support requests for access, correction, deletion, or other rights, where required by applicable law.
2. Security Measures as a Data Processor
When ShareCRM processes Service Data on behalf of customers, we implement additional safeguards designed to protect such data in accordance with customer instructions and applicable data protection laws, including:
● Tenant Isolation: ShareCRM employs logical and, where applicable, physical tenant isolation mechanisms, such as tenant identifiers and segregated database instances, to ensure that Service Data belonging to different customers remains logically separated and inaccessible to unauthorized parties.
● Logging and Auditing: Processing activities involving Service Data are subject to logging and audit controls. Audit logs are protected against unauthorized modification and retained for an appropriate period, including at least six (6) months or as otherwise agreed with customers, to support security monitoring and compliance requirements.
● Vulnerability and Security Management: ShareCRM implements security monitoring tools, such as intrusion detection systems (IDS) and web application firewalls (WAF), to help detect and mitigate malicious activity. Systems processing Service Data are subject to periodic vulnerability assessments and security testing designed to identify and remediate potential security risks.
3. Certifications and Compliance
ShareCRM maintains an information security management program aligned with recognized industry standards and has obtained certifications and attestations such as ISO/IEC 27001, ISO/IEC 27701, SOC 2 Type II, and national network security level protection (Level III), demonstrating its commitment to information security and privacy management.
If you have questions or concerns regarding the security of your information, please contact us at privacy@sharecrm.com.
Data Protection Officer and Privacy Contact
ShareCRM has appointed a Data Protection Officer or designated privacy contact, as required under applicable data protection laws, to oversee its personal data processing practices and compliance with this Privacy Policy.
If you have any questions, concerns, or requests regarding ShareCRM’s privacy practices or the processing of your personal data, you may contact our Data Protection Officer or privacy team by email at privacy@sharecrm.com. We will review and respond to your inquiry in accordance with applicable law.
Locations and International Transfers
ShareCRM may process, store, and transmit personal data and Service Data within the ShareCRM group and through third-party cloud service providers and infrastructure partners engaged to support the operation, deployment, authentication, licensing, and maintenance of the ShareCRM Platform.
As part of providing the ShareCRM Platform, such processing activities may involve data synchronization, system-to-system transmission, or centralized processing between cloud environments located in different countries or regions, including within mainland China and, where applicable, in other jurisdictions in which ShareCRM operates or deploys its services. Certain cross-environment synchronization, configuration, or operation activities may involve technical, operational, or configuration data that does not contain personal data.
Where personal data is involved in cross-border transfers, ShareCRM implements appropriate safeguards in accordance with applicable data protection laws, taking into account the nature of the data, the purpose of the transfer, and the applicable legal requirements of the relevant jurisdictions. Where required, such safeguards may include contractual arrangements, technical security measures, and organizational controls designed to protect personal data during transmission and processing.
Where required by applicable law in a specific jurisdiction, additional information regarding cross-border transfers of personal data, including details of overseas recipients, transfer purposes, and applicable safeguards or commitments, will be provided in the relevant jurisdiction-specific appendix to this Privacy Policy.
Data Processing Addendum
Where ShareCRM processes personal data on your behalf as a data processor, the applicable Data Processing Addendum ("DPA") (including its Appendices) is publicly available and incorporated by reference into this Privacy Policy and any executed agreements between you and ShareCRM, and shall automatically take effect upon your access to or use of the Services, without the need for separate request or execution.
The DPA governs the parties’ respective rights and obligations regarding such data processing, consistent with applicable data protection laws and regulations. ShareCRM may update the DPA from time to time, with material updates published via the same URL and notified to you as required by law. Your continued use of the Services following updates constitutes acceptance of the revised DPA.
For non-electronic copies or inquiries about the DPA, contact ShareCRM at privacy@sharecrm.com.
Automation and Artificial Intelligence
ShareCRM uses automation technologies, including rule-based logic, pattern recognition, and artificial intelligence or machine learning techniques, to provide functionality, efficiency, and predictive capabilities within the ShareCRM Platform.
ShareCRM does not use Service Data in a manner inconsistent with customer expectations of privacy and confidentiality. Any use of Service Data in connection with automation or artificial intelligence is limited to: (i) the use of anonymized or de-identified data to improve the accuracy and reliability of system features; and (ii) the use of an individual customer’s data to enable or improve models or functionalities configured specifically for that customer. ShareCRM’s automation and artificial intelligence capabilities may also be supported by internal operational data, internal documentation, communications, and publicly available or licensed external data sources.
Do Not Track Signals
Some internet browsers transmit “Do Not Track” (DNT) signals to websites. At present, there is no universally accepted standard for responding to such signals. Accordingly, the ShareCRM Platform does not currently respond to DNT browser signals.
External Links
The ShareCRM Platform may contain links to third-party websites or services that are not governed by this Privacy Policy. If you choose to access such third-party sites or submit personal data to them, your information will be governed by their respective privacy policies. ShareCRM encourages you to review the privacy practices of any third-party websites or services before providing personal data.
Social Media Features
The ShareCRM Platform may include social media features or widgets that allow content sharing. These features may collect technical information such as your IP address or the pages you visit on the ShareCRM Platform and may use cookies or similar technologies to function properly. Your interactions with such features are governed by the privacy policies of the providers of those features.
Legal and Regulatory Disclosures
ShareCRM may preserve or disclose personal data or Service Data where required to comply with applicable laws, regulations, legal processes, or lawful requests from governmental or regulatory authorities, including requests related to national security or law enforcement, in accordance with applicable law.
Protection of Rights and Interests
ShareCRM may disclose personal data or Service Data where necessary to detect, prevent, or address fraud, security incidents, spam, suspected illegal activity, or violations of our agreements or policies, or to protect the rights, property, or safety of ShareCRM, its customers, users, or others, as permitted by applicable law.
Business Transfers
ShareCRM does not currently intend to sell its business. However, in the event of a merger, acquisition, reorganization, or sale of all or part of ShareCRM’s assets, personal data and Service Data may be transferred as part of such transaction, subject to appropriate safeguards. ShareCRM will take reasonable steps to ensure that any successor entity is legally bound to honor the commitments set out in this Privacy Policy and will provide notice of any material changes in ownership or use of personal data, where required by applicable law.
Compliance with this Privacy Policy
ShareCRM implements reasonable measures, including periodic reviews, to help ensure that personal data is processed in accordance with this Privacy Policy. If you have any questions or concerns regarding ShareCRM’s privacy practices or compliance with this Privacy Policy, please contact us at privacy@sharecrm.com.
ShareCRM will review and respond to such inquiries in a timely manner and, where appropriate and required by applicable law, may cooperate with relevant regulatory or supervisory authorities to address the matter.
Notification of Changes
ShareCRM may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Where appropriate, we will provide notice of material changes to this Privacy Policy through reasonable means, such as a service announcement, posting on the ShareCRM Platform, or email notification, in accordance with applicable law.
If changes to this Privacy Policy materially affect your rights or obligations, ShareCRM will provide advance notice where required by applicable law. The effective date of any updated Privacy Policy will be indicated at the top of the policy.
Your continued use of the ShareCRM Platform after the effective date of an updated Privacy Policy constitutes your acknowledgment of the updated Privacy Policy, to the extent permitted by applicable law. If you do not agree with the changes, you may discontinue your use of the ShareCRM Platform in accordance with the applicable terms of service.
We encourage you to review this Privacy Policy periodically to stay informed about how ShareCRM processes personal data.
| Name of the entity | Address | Data Center (Default) |
|---|---|---|
| Forshare Co., Ltd | 2445 Augustine Drive, Suites 150&201, Santa Clara, CA, 95054 | AWS U.S. |
| Forshare Pte. Ltd | 346C KING GEORGE'S AVENUE, KING GEORGE'S BUILDING, SINGAPORE 208577 | AWS Singapore |
| Facishare Co., Limited | Room701, 7/F, Tai Yau Building, 181 Johnston Rd, Wan Chai, Hong Kong | AWS Hong Kong SAR |
Note: AWS Frankfurt data center is available for clients with European operations.
Part IV– Country-Specific Provisions
This Part IV sets out additional information and disclosures that apply to individuals located in certain countries or regions, in accordance with applicable local data protection and privacy laws. These country- or region-specific provisions supplement the general terms of this Privacy Policy and apply only to the extent required by applicable law.
In the event of any conflict between the provisions of this Part IV and the other sections of this Privacy Policy, the applicable country- or region-specific provisions shall prevail for individuals located in the relevant jurisdiction.
1. European Economic Area (EEA) and United Kingdom
If you are located in the European Economic Area (EEA) or the United Kingdom, the processing of your personal data is governed by the EU General Data Protection Regulation (GDPR) or the UK GDPR, as applicable.
This Privacy Policy describes the legal bases for processing, your data protection rights, the circumstances under which ShareCRM acts as a data controller or a data processor, and how international transfers of personal data are handled. Where ShareCRM processes personal data on behalf of its customers, the relevant customer acts as the data controller and ShareCRM acts as a data processor.
You also have the right to lodge a complaint with a competent data protection supervisory authority in the EEA or the UK, including the authority in your place of habitual residence, place of work, or the location of an alleged infringement.
To the extent that personal data originating in the EEA or the United Kingdom is transferred to countries outside the EEA or the UK that are not subject to an adequacy decision, ShareCRM implements appropriate safeguards in accordance with applicable data protection laws. Such safeguards may include the use of standard contractual clauses adopted by the European Commission or other lawful transfer mechanisms, together with supplementary technical and organizational measures where required.
2. Germany
If you are located in Germany, the processing of your personal data is subject to the EU General Data Protection Regulation (GDPR) and applicable German data protection laws, including the Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”).
In Germany, certain provisions of the BDSG supplement the GDPR, in particular with respect to the processing of personal data in an employment or business contact context, the handling of special categories of personal data, and specific procedural requirements. Where applicable, ShareCRM processes personal data in accordance with these supplementary national provisions.
You have the right to lodge a complaint with a competent German data protection supervisory authority (Datenschutzaufsichtsbehörde), including the authority responsible for your place of residence, place of work, or the location of an alleged infringement.
3. France
If you are located in France, the processing of your personal data is subject to the EU General Data Protection Regulation (GDPR) and applicable French data protection laws, including Law No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties (as amended) (the “French Data Protection Act”).
French law supplements the GDPR in certain areas, including requirements relating to employee data, specific processing conditions, and enforcement procedures. Where applicable, ShareCRM processes personal data in accordance with these national provisions.
Under French law, you may have the right to define instructions regarding the retention, deletion, and communication of your personal data after your death. Such instructions may be general or specific and may be modified or revoked at any time, in accordance with applicable law.
Where applicable and subject to legal requirements, ShareCRM will take such instructions into account. Requests relating to the exercise of these rights may be submitted by contacting ShareCRM at privacy@sharecrm.com.
You have the right to lodge a complaint with the French data protection supervisory authority, the Commission Nationale de l’Informatique et des Libertés (CNIL).
4. Italy
If you are located in Italy, the processing of your personal data is subject to the EU General Data Protection Regulation (GDPR) and applicable Italian data protection laws, including Legislative Decree No. 196 of 30 June 2003, as amended (the Italian Data Protection Code).
Italian law supplements the GDPR in certain areas, including procedural requirements, specific conditions for processing, and enforcement mechanisms. Where applicable, ShareCRM processes personal data in accordance with these national provisions.
You have the right to lodge a complaint with the Italian data protection supervisory authority, the Garante per la Protezione dei Dati Personali.
5. United States
If you are a resident of the United States, certain U.S. state privacy laws may apply to the processing of personal data relating to business contacts or authorized users, including, where applicable, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”) and other similar state laws.
The U.S. Privacy Laws may provide eligible individuals with certain rights regarding their personal data, which may include the right to request access to, correction of, or deletion of personal data, and the right to opt out of certain processing activities, where applicable. These rights are subject to limitations and exceptions under applicable law.
ShareCRM does not sell personal data, and does not share personal data for purposes of cross-context behavioral advertising, as those terms are defined under applicable U.S. Privacy Laws. ShareCRM does not have actual knowledge that it sells or shares the personal data of individuals under the age of 16.
Categories of Personal Data
Depending on your interaction with the ShareCRM Platform, ShareCRM may collect personal data falling within categories such as identifiers (for example, name, contact details, account credentials, IP address), internet or network activity information (such as log data and usage information), limited geolocation data derived from IP address, and commercial or transactional information related to subscription or payment processing. Such personal data is collected directly from you or your device, or as otherwise described in this Privacy Policy.
Purposes of Processing
ShareCRM collects and uses personal data for purposes described in this Privacy Policy, including to operate and administer the ShareCRM Platform, communicate with users, provide customer support, improve services, ensure security and prevent fraud, and comply with legal obligations. ShareCRM does not use sensitive personal data for purposes other than those permitted under applicable U.S. Privacy Laws or with your consent.
Disclosure of Personal Data
ShareCRM may disclose personal data to affiliates within the ShareCRM group, service providers that process personal data on our behalf under contractual confidentiality and data protection obligations, regulatory or law enforcement authorities where required by law, and third parties involved in a corporate transaction, such as a merger or acquisition, subject to appropriate safeguards.
How to Exercise Your Rights
If you are a U.S. resident and wish to exercise rights available under applicable U.S. Privacy Laws, you may submit a request by contacting ShareCRM at privacy@sharecrm.com. We may take reasonable steps to verify your identity before processing your request and will respond within the timeframes required by applicable law. Where permitted, you may also designate an authorized agent to submit a request on your behalf.
6. Japan
If you are located in Japan, the processing of your personal data is subject to the Act on the Protection of Personal Information of Japan (“APPI”).
Cross-Border Transfers
Where personal data is transferred outside of Japan, such transfers are conducted in accordance with the requirements of the APPI. Where required, ShareCRM will obtain your consent or implement other appropriate measures permitted under applicable law for cross-border transfers of personal data. Information regarding the personal data protection regimes of foreign jurisdictions may be made available by the Japanese Personal Information Protection Commission.
In connection with cross-border processing, ShareCRM requires its affiliates and service providers to implement privacy and security standards that are comparable to those described in this Privacy Policy and uses contractual and other appropriate measures to protect the confidentiality and security of personal data.
Your Rights
Subject to the APPI, you may have the right to request notification of the purposes of use of your personal data, request disclosure, correction, addition, deletion, suspension of use, or suspension of provision of your personal data. Requests to exercise these rights may be submitted by contacting ShareCRM at privacy@sharecrm.com.
7. Republic of Korea
If you are located in the Republic of Korea, the processing of your personal information is subject to the Personal Information Protection Act of Korea (“PIPA”).
Cross-Border Transfers
Personal Data collected through the ShareCRM Platform may be stored and processed on cloud servers located outside of South Korea, including in Hong Kong, Singapore, the European Union (e.g., Germany), or the United States (e.g., California), depending on the service configuration selected by the customer. For service operation and technical resilience, the relevant ShareCRM contracting entity or its cloud service providers may, where applicable, process or store Personal Data across multiple cloud regions outside of South Korea, subject to applicable data protection laws and safeguards.Such cloud infrastructure is operated by third-party cloud service providers, including Amazon Web Services (AWS), for the purposes described in this Privacy Policy.
In addition, for purposes such as user login authentication, authorization, verification of enterprise feature entitlements, and other scenarios requiring the overseas use of domestic third-party services, certain Personal Data may be transmitted through information networks to ShareCRM’s affiliated entity located in the People’s Republic of China (ShareCRM China Cloud). Such transfers are limited to what is necessary to support the relevant functionalities of the ShareCRM Platform.
In accordance with Article 28-8 of the Personal Information Protection Act (PIPA), and subject to your separate consent where required, we may transfer Personal Data to the recipients located outside of South Korea as described below.
| Name and Contact Details of the Recipient | Country or Region of Transfer | Date and Method of Transfer | Types of Personal Information Transferred | Purpose of Processing by the Recipient | Retention Period by the Recipient |
|---|---|---|---|---|---|
| Forshare Pte. Ltd(Contact Information: privacy@sharecrm.com) | Singapore; and, depending on the service configuration selected by the customer, other countries or regions where ShareCRM’s cloud service infrastructure is deployed, including Hong Kong, the European Union (e.g. Germany), or the United States (e.g. California). | Transmission of personal information through information networks for storage and processing on servers located outside of South Korea, as necessary for service operation and based on customer-selected service configurations. | Personal information collected by the ShareCRM Platform and personal information generated by users in the course of using the Services. | To provide data storage and other necessary technical and operational support for the provision and operation of the ShareCRM Platform and related services. | Until the relevant ShareCRM account is suspended or terminated, and thereafter for a limited period as required for account recovery or legal compliance. |
| Forshare Co., Ltd(Contact Information: privacy@sharecrm.com) | United States; and, depending on the service configuration selected by the customer, other countries or regions where ShareCRM’s cloud service infrastructure is deployed, including Hong Kong, Singapore, or the European Union (e.g., Germany). | As set out above. | As set out above. | As set out above. | As set out above. |
| Facishare Co., Limited(Contact Information: privacy@sharecrm.com) | Hong Kong; and, depending on the service configuration selected by the customer, other countries or regions where ShareCRM’s cloud service infrastructure is deployed, including Singapore, the European Union (e.g., Germany), or the United States (e.g. California). | As set out above. | As set out above. | As set out above. | As set out above. |
| Beijing Facishare Technology Co.,Ltd.(Contact Information: privacy@sharecrm.com) | People’s Republic of China | Event-driven transmission upon relevant service scenarios (e.g. login authentication), via data synchronization and API-based network transfer. | Personal information involved in authentication and authorization scenarios, including user account identifiers, login information, enterprise affiliation or role information, and other limited personal information necessary to verify access rights and support domestic third-party service calls. | To perform login authentication, authorization, verification of enterprise feature entitlements, and to support the operation of the ShareCRM Platform where domestic third-party services are required. | For the duration of the authentication session, and thereafter for a limited period as necessary for security auditing and compliance purposes. |
Data Subject Rights
Subject to applicable law, you may have the right to request access to, correction of, erasure of, or suspension of the processing of your personal information. Requests to exercise these rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding to such requests and will respond within the timeframes required by applicable law.
Data Destruction
Personal data that is no longer necessary for the purposes for which it was collected or that has reached the end of the applicable retention period will be securely destroyed in an irreversible manner, in accordance with applicable law and internal data retention policies.
8. Singapore
If you are located in Singapore, the processing of your personal data is subject to the Personal Data Protection Act 2012 of Singapore (“PDPA”).
Cross-Border Transfers
Your personal data may be transferred to, stored in, or processed in locations outside of Singapore for the purposes described in this Privacy Policy. Where personal data is transferred outside of Singapore, ShareCRM will take reasonable steps to ensure that the recipient provides a standard of protection that is comparable to that required under the PDPA.
Your Rights
Subject to the PDPA, you may have the right to request access to and correction of your personal data that is in ShareCRM’s possession or control. Where permitted under applicable law, you may also withdraw consent previously provided for certain processing activities. Please note that, where consent is required and is withdrawn, ShareCRM may be unable to continue providing certain services.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may require reasonable verification of your identity before responding to such requests and will respond within the timeframes required by applicable law.
Retention and Legal Obligations
ShareCRM may retain, use, or disclose personal data as required to comply with applicable laws or regulations, enforceable governmental requests or court orders, or to establish, exercise, or defend legal claims.
9. Thailand
If you are located in Thailand, the processing of your personal data is subject to the Personal Data Protection Act B.E. 2562 (2019) of Thailand (“Thai PDPA”) and other applicable data protection laws and regulations.
Your Rights
Subject to applicable law, you may have the right to request access to, correction of, deletion of, restriction of processing of, or data portability of your personal data, as provided under the Thai PDPA. Where permitted by law, you may also request the discontinuation of the use or disclosure of your personal data.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding to such requests and will respond within the timeframes required by applicable law.
Consent and Withdrawal
Where the processing of personal data is based on your consent, you may withdraw such consent at any time, subject to applicable law. Please note that withdrawal of consent may affect ShareCRM’s ability to provide certain features or services, where such processing is necessary for those purposes.
Notification of Changes
ShareCRM may notify you of material changes to this Privacy Policy through appropriate means, such as service announcements or email notifications, in accordance with applicable law.
10. Malaysia
If you are located in Malaysia, the processing of your personal data is subject to the Personal Data Protection Act 2010 of Malaysia (“Malaysia PDPA”).
Provision of Personal Data
Certain personal data may be required in order to provide the ShareCRM Platform and related services. Where the provision of personal data is necessary for specific features or services, failure to provide such data may limit ShareCRM’s ability to deliver those features or services.
Parental and Guardian Consent
The ShareCRM Platform is not intended for use by individuals under the age of 18. Where personal data of a minor is provided in connection with the use of the ShareCRM Platform, such data should be provided by, or with the consent of, a parent or legal guardian. By providing personal data relating to a minor, the parent or legal guardian represents that they have the authority to do so and consent to the processing of such personal data in accordance with this Privacy Policy.
Rights of Data Subjects
Subject to the Malaysia PDPA, you have the right to request access to your personal data held by ShareCRM and to request correction of such personal data where it is inaccurate, incomplete, misleading, or not up to date. ShareCRM may charge a reasonable fee for responding to an access request, as permitted under applicable law, and may take reasonable steps to verify your identity before responding to such requests.
Contact
If you have any questions, concerns, or complaints regarding the processing of your personal data in Malaysia, you may contact ShareCRM at privacy@sharecrm.com. ShareCRM will address such inquiries in accordance with applicable data protection laws.
11. Indonesia
If you are located in Indonesia, the processing of your personal data is subject to Law No. 27 of 2022 on Personal Data Protection of Indonesia (the “Indonesia PDP Law”) and its implementing regulations.
Personal Data of Minors
Where personal data relates to a minor, such personal data should be provided by, or with the consent of, a parent or legal guardian, in accordance with applicable law. By providing personal data relating to a minor, the parent or legal guardian represents that they have the authority to do so and consent to the processing of such personal data under this Privacy Policy.
Personal Data of Deceased Individuals
Under applicable Indonesian law, personal data relating to a deceased individual may continue to be protected. Rights relating to such personal data may be exercised by lawful heirs or other authorized parties, in accordance with applicable law.
Data Breach Notification
In the event of a personal data breach, ShareCRM will take appropriate remedial measures and provide notifications in accordance with applicable law. Such notifications may include written notification to the relevant regulatory authority and affected data subjects within the timeframes required by law. Where a breach is deemed to have a serious impact on public services or the public interest, additional notification or disclosure may be made as required by applicable law.
The content of any required notification will be provided in accordance with applicable legal requirements and may include a description of the affected personal data, the circumstances of the breach, and the measures taken to mitigate its effects and prevent recurrence. ShareCRM will continue to monitor regulatory developments and comply with applicable notification obligations as further guidance or implementing regulations are issued by the relevant Indonesian authorities.
Cross-Border Transfers
Where personal data is transferred outside the territory of the Republic of Indonesia, ShareCRM ensures that such transfers are conducted in accordance with applicable law, including by implementing appropriate safeguards or other lawful transfer mechanisms permitted under the Indonesia Personal Data Protection Law.
Under the Indonesia Personal Data Protection Law, cross-border transfers of personal data may be carried out where one of the following conditions is satisfied: (i) the recipient country or jurisdiction ensures a level of personal data protection that is equal to or higher than that provided under the Indonesia Personal Data Protection Law; (ii) where such adequacy is not available, appropriate and binding personal data protection safeguards are implemented; or (iii) where neither adequacy nor appropriate safeguards are available, the prior consent of the data subject has been obtained, as permitted by applicable law.
Additional requirements relating to cross-border transfers may be introduced through implementing regulations issued by the relevant Indonesian authority. ShareCRM will monitor regulatory developments and take reasonable steps to ensure that cross-border transfers of personal data remain compliant with applicable law.
Your Rights
Subject to applicable law, you may have rights to access, correct, update, delete, restrict the processing of, or withdraw consent for the processing of your personal data. Requests to exercise these rights may be submitted by contacting ShareCRM at privacy@sharecrm.com.
12. Vietnam
If you are located in Vietnam, the processing of your personal data is subject to Decree No. 13/2023/ND-CP on the Protection of Personal Data of Vietnam (the “Vietnam PDP Decree”) and other applicable laws and regulations.
Personal Data of Minors
The ShareCRM Platform is not intended for use by individuals under the age of 18. Where personal data relates to a minor, such data should be provided by, or processed with the consent of, a parent or legal guardian, in accordance with applicable law.
Your Rights
Subject to applicable law, you may have the right to be informed about the processing of your personal data, to access and obtain a copy of your personal data, to request correction, deletion, or restriction of processing, to object to certain processing activities, and to withdraw consent where the processing is based on consent, as provided under the Vietnam PDP Decree.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
Cross-Border Transfers
Under Vietnamese law, a cross-border transfer of personal data includes the transfer or processing of personal data of Vietnamese individuals outside the territory of Vietnam, including where such data is processed through information systems or servers located outside Vietnam.
Where personal data is transferred outside of Vietnam, ShareCRM ensures that such transfers are conducted in accordance with applicable law, which may include implementing appropriate safeguards, obtaining consent where required, and fulfilling applicable assessment, notification, or reporting obligations.
Certain Vietnamese laws may impose data localization or local presence requirements on specific categories of service providers under defined circumstances. Where such requirements apply to ShareCRM’s services, ShareCRM will take reasonable steps to comply with applicable legal obligations.
Regulatory Developments and Changes to Processing
Where required by applicable law, ShareCRM will provide notice of material changes to its personal data processing practices and, where necessary, obtain consent for such changes. ShareCRM will continue to monitor regulatory developments in Vietnam and take appropriate measures to ensure ongoing compliance with applicable data protection laws.
13. Philippines
If you are located in the Philippines, the processing of your personal data is subject to the Philippine Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and other applicable laws and regulations.
Personal Data of Minors
The ShareCRM Platform is not intended for use by individuals under the age of 18. Where personal data relates to a minor, such data should be provided by, or with the consent of, a parent or legal guardian, in accordance with applicable law.
Your Rights
Subject to applicable law, you may have the right to be informed whether personal data relating to you is being processed, including information about the nature, purpose, and scope of such processing. You may also have the right to object to the processing of your personal data, including processing for direct marketing, automated processing, or profiling, except where such processing is permitted or required by law.
You may further have the right to access your personal data, to request correction of inaccurate or incomplete data, and, in certain circumstances, to request the suspension, blocking, deletion, or destruction of your personal data, as provided under applicable law.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
Consent and Withdrawal
Where the processing of personal data is based on consent, such consent must be freely given, specific, informed, and evidenced by clear affirmative action. You may withdraw your consent at any time, subject to applicable law. Please note that withdrawal of consent may affect ShareCRM’s ability to provide certain services where such processing is necessary for their provision.
Cross-Border Transfers
Where personal data is transferred or stored outside the Philippines, ShareCRM will ensure that such transfers are conducted in accordance with applicable law, including by implementing appropriate safeguards to protect personal data and ensure an adequate level of protection consistent with the requirements of Philippine data protection laws.
Changes to Processing
Where required by applicable law, ShareCRM will provide notice of material changes to its personal data processing practices and, where necessary, obtain consent for such changes.
14. India
If you are located in India, the processing of your personal data is subject to the Digital Personal Data Protection Act, 2023 (“India DPDP Act”) and other applicable laws and regulations.
Sensitive or Special Categories of Personal Data
Indian law may require enhanced safeguards for certain categories of personal data, including information such as passwords, financial information (for example, bank account or payment instrument details), biometric data, health or medical information, and other categories of data that may be subject to additional protection under applicable laws or sector-specific regulations. Information that is publicly available or lawfully disclosed pursuant to applicable Indian law may not be subject to such protections.
Where such data is processed, ShareCRM will take appropriate measures in accordance with applicable law to protect the confidentiality and security of such information.
Sharing of Personal Data
Where ShareCRM engages third parties to process personal data on its behalf, including any data that may require additional safeguards under applicable law, ShareCRM will take reasonable steps to ensure that such third parties process the data only in accordance with ShareCRM’s instructions and applicable legal requirements, and do not further disclose such data except as permitted by law.
Children’s Personal Data
The ShareCRM Platform is not intended for use by individuals under the age of 18. Where personal data relates to a child, such data should be provided by, or with the consent of, a parent or legal guardian, in accordance with applicable law.
Consent and Withdrawal
Where the processing of personal data is based on consent, such consent may be withdrawn in accordance with applicable law. Please note that where consent is required for certain processing activities, withdrawal of consent may affect ShareCRM’s ability to provide specific features or services.
Requests to exercise data protection rights or withdraw consent may be submitted by contacting ShareCRM at privacy@sharecrm.com.
15. Türkiye (Turkey)
If you are located in Türkiye, the processing of your personal data is subject to the Turkish Law on the Protection of Personal Data No. 6698 (“KVKK”) and its secondary legislation.
Data Controller Representative
Where required under applicable Turkish data protection laws, ShareCRM may appoint a local data controller representative or designate a contact point in Türkiye for the purposes of compliance with the Turkish Law on the Protection of Personal Data No. 6698 (“KVKK”).
Turkish data subjects may contact ShareCRM regarding the processing of their personal data by writing to privacy@sharecrm.com. Please include the word “Türkiye” in the subject line of your communication.
Children’s Personal Data
The ShareCRM Platform is not intended for use by children. ShareCRM does not knowingly allow individuals under the age of 18 to register for or use the services. Where personal data of a child is processed, such processing will be carried out with the consent of a parent or legal guardian, in accordance with applicable law.
Legal Basis for Processing
For the purposes of Türkiye, personal data may be processed based on the legal grounds set out in Article 5 of the KVKK, including where processing is necessary for the establishment or performance of a contract to which the data subject is a party, or where processing is necessary for the legitimate interests of ShareCRM, provided that such processing does not violate the fundamental rights and freedoms of the data subject, as permitted under applicable law.
Cross-Border Transfers
Personal data may be transferred and stored within Türkiye or abroad in accordance with the KVKK. Where required by applicable law, such transfers may be carried out based on the data subject’s explicit consent or other lawful transfer mechanisms permitted under the KVKK and relevant decisions of the Turkish Personal Data Protection Authority.
Your Rights
Subject to applicable law, you have the rights set out in Article 11 of the KVKK, which may include the right to learn whether your personal data is being processed, to request information regarding such processing, to learn the purpose of processing and whether personal data is used in accordance with that purpose, to know the third parties to whom personal data has been transferred, to request correction of incomplete or inaccurate personal data, to request deletion or destruction of personal data under the conditions provided by law, and to object to certain automated processing activities.
16. United Arab Emirates (UAE)
If you are located in the United Arab Emirates, the processing of your personal data is subject to the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”) and other applicable laws and regulations.
Children’s Personal Data
The ShareCRM Platform is not intended for use by children. ShareCRM does not knowingly collect or process personal data relating to individuals who are under the age of majority as determined under applicable UAE law. Where personal data relates to a minor, such personal data should be provided by, or processed with the consent of, a parent or legal guardian in accordance with applicable law.
Your Rights
Subject to applicable law, you may have rights in relation to your personal data as provided under the UAE PDPL, including the right to request access to your personal data, to request correction or deletion of inaccurate personal data, to request restriction of processing, to object to certain processing activities, and other data subject rights under applicable law.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
Cross-Border Transfers
Under the UAE PDPL, personal data may be transferred outside the UAE only where permitted by applicable law. Transfers are generally permitted if the destination country or jurisdiction offers an adequate level of protection for personal data, as determined by applicable authority, or if other lawful transfer mechanisms are in place. In the absence of an adequate protection determination, transfers may be permitted under specific conditions such as the use of appropriate safeguards, documented contractual clauses, the explicit consent of the data subject, or where necessary to perform a contract or comply with legal obligations, in each case in accordance with applicable law.
Security and Incident Reporting
Where required by applicable law, ShareCRM may report security incidents involving personal data to relevant authorities in the UAE, including where required by applicable cybersecurity or data protection regulations, and may make voluntary notifications to national or sectoral cybersecurity response entities in accordance with applicable law.
17. Saudi Arabia
If you are located in the Kingdom of Saudi Arabia, the processing of your personal data is subject to the Saudi Personal Data Protection Law issued by Royal Decree No. M/19 of 2021, as amended, and its Implementing Regulations (the “Saudi PDPL”), as administered by the Saudi Data and Artificial Intelligence Authority (SDAIA), and other applicable laws and regulations.
Children’s Personal Data
The ShareCRM Platform is not intended for use by children. ShareCRM does not knowingly process personal data relating to individuals under the age of majority as determined under applicable Saudi law. Where personal data relates to a minor, such data will be processed only with the consent of a parent or legal guardian, in accordance with applicable law.
Your Rights
Subject to applicable law, you may have rights in relation to your personal data under the Saudi PDPL, which may include the right to be informed about the processing of your personal data, to request access to and correction of your personal data, and, in certain circumstances, to request deletion or restriction of processing. You may also have the right to withdraw consent where processing is based on consent, as permitted under applicable law.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
Cross-Border Transfers
Under the Saudi PDPL, personal data may be transferred outside the Kingdom of Saudi Arabia only where permitted by applicable law. Such transfers may be allowed where appropriate safeguards are in place, where the transfer is necessary for specific lawful purposes, or where the data subject’s consent has been obtained, subject to applicable requirements and approvals under Saudi law.
Data Breach Notification
In the event of a personal data breach, ShareCRM will take appropriate remedial measures and provide notifications to relevant authorities and affected individuals, where required, in accordance with applicable law and regulatory requirements.
18. Egypt
If you are located in the Arab Republic of Egypt, the processing of your personal data is subject to the Egyptian Personal Data Protection Law No. 151 of 2020 (“Egypt PDPL”) and its implementing regulations, as amended from time to time.
Children’s Personal Data
The ShareCRM Platform is not intended for use by individuals under the age of 18. Where personal data relates to a minor, such data will be processed only with the consent of a parent or legal guardian, in accordance with applicable law.
Legal Basis and Consent
Under the Egypt PDPL, the processing of personal data generally requires a lawful basis, which may include the data subject’s consent or other grounds permitted by law. Where processing is based on consent, such consent must be informed, explicit, and capable of being withdrawn in accordance with applicable law. Withdrawal of consent may affect ShareCRM’s ability to provide certain features or services where such processing is necessary.
Cross-Border Transfers
Personal data may be transferred or stored outside of Egypt only where permitted under applicable law. Where personal data is transferred outside of Egypt, ShareCRM will take reasonable steps to ensure that such transfers are conducted in accordance with the Egypt PDPL, which may include implementing appropriate safeguards, obtaining consent where required, and complying with any applicable regulatory requirements.
Your Rights
Subject to applicable law, you may have rights under the Egypt PDPL in relation to your personal data, which may include the right to access your personal data, to request correction or deletion of inaccurate personal data, to withdraw consent where processing is based on consent, and other rights provided under applicable law.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
19. Brazil
If you are located in Brazil, the processing of your personal data is subject to the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – Law No. 13,709/2018) (“LGPD”) and other applicable laws and regulations.
Consent and Revocation
Where the processing of personal data is based on your consent, you may revoke such consent at any time, subject to applicable legal or contractual limitations. Please note that revocation of consent may affect ShareCRM’s ability to provide certain features or services where such processing is necessary. Requests to withdraw consent may be submitted by contacting ShareCRM at privacy@sharecrm.com.
Children’s and Adolescents’ Personal Data
The ShareCRM Platform is not intended for use by children or adolescents. ShareCRM does not knowingly collect or process personal data relating to individuals under the age of 18 without the consent of a parent or legal guardian, as required under applicable law. Where such personal data is processed, it will be handled in accordance with the LGPD and with appropriate safeguards.
If you believe that ShareCRM has processed personal data relating to a child or adolescent without the required parental or guardian consent, please contact ShareCRM at privacy@sharecrm.com, and we will take appropriate steps to investigate and address the matter in accordance with applicable law.
Your Rights
Subject to applicable law, you may have rights under the LGPD in relation to your personal data, which may include the right to confirm the existence of processing, to access your personal data, to request correction or deletion of inaccurate or unnecessary data, to request anonymization or restriction of processing, and to withdraw consent where processing is based on consent.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
20. Mexico
If you are located in the United Mexican States, the processing of your personal data is subject to the Federal Law on the Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) and its implementing regulations (collectively, the “Mexico Data Protection Law”), as amended from time to time.
Consent and Legal Basis
Under the Mexico Data Protection Law, the processing of personal data generally requires the data subject’s consent, unless an exception applies under applicable law. Consent may be express or implied, depending on the nature of the personal data and the processing activities involved. Where processing is based on consent, you may revoke such consent in accordance with applicable law. Please note that revocation of consent may affect ShareCRM’s ability to provide certain features or services where such processing is necessary.
Sensitive Personal Data
Certain categories of personal data, such as data relating to health, biometric information, financial information, or other data designated as sensitive under applicable law, are subject to enhanced protection requirements. Where ShareCRM processes sensitive personal data, such processing will be carried out with appropriate safeguards and, where required, with the data subject’s express consent, in accordance with applicable law.
Children’s Personal Data
The ShareCRM Platform is not intended for use by children. Where personal data relates to a minor, such data will be processed only with the consent of a parent or legal guardian, in accordance with applicable law.
Your Rights (ARCO Rights)
Subject to applicable law, you have certain rights in relation to your personal data under the Mexico Data Protection Law, commonly referred to as “ARCO Rights”, which include the right to Access your personal data, to request Rectification of inaccurate or incomplete data, to request Cancellation (deletion) of your personal data in certain circumstances, and to Object to the processing of your personal data for specific purposes.
Requests to exercise your ARCO Rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
Cross-Border Transfers
Personal data may be transferred to third parties or outside of Mexico only where permitted under applicable law. Where personal data is transferred, ShareCRM will take reasonable steps to ensure that such transfers are conducted in accordance with the Mexico Data Protection Law, including by implementing appropriate safeguards and ensuring that recipients assume corresponding data protection obligations, as required by law.
21. Australia
If you are located in Australia, the processing of your personal information is subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”), as amended from time to time.
Collection and Use of Personal Information
ShareCRM collects, uses, and discloses personal information only for purposes permitted under the Privacy Act and the APPs, including for providing and administering the ShareCRM Platform, communicating with users, improving services, and complying with legal obligations.
Sensitive Information
Certain categories of personal information, such as health information, biometric information, or other information classified as “sensitive information” under the Privacy Act, are subject to higher standards of protection. Where ShareCRM processes sensitive information, such processing will be carried out in accordance with applicable law and, where required, with the individual’s consent.
Children’s Personal Information
The ShareCRM Platform is not intended for use by children. Where personal information relates to a minor, such information will be processed only with the consent of a parent or legal guardian, where required under applicable law.
Cross-Border Disclosure
Under the Privacy Act, ShareCRM may disclose personal information to recipients located outside Australia only where permitted by applicable law. Where such cross-border disclosure occurs, ShareCRM will take reasonable steps to ensure that the overseas recipient handles personal information in a manner consistent with the Australian Privacy Principles, unless an exception applies under applicable law.
Notifiable Data Breaches
ShareCRM maintains procedures to assess and respond to suspected data breaches. Where a data breach involving personal information is likely to result in serious harm to affected individuals, ShareCRM will notify affected individuals and the Office of the Australian Information Commissioner, as required under the Notifiable Data Breaches scheme.
Your Rights
Subject to applicable law, you may have the right to request access to the personal information ShareCRM holds about you and to request correction of inaccurate, out-of-date, or incomplete information. Requests to exercise these rights may be submitted by contacting ShareCRM at privacy@sharecrm.com.
ShareCRM will respond to such requests within the timeframes required by applicable law.
22. Russia (Russian Federation)
If you are located in the Russian Federation, the processing of your personal data is subject to Federal Law No. 152-FZ “On Personal Data” and other applicable laws and regulations.
Data Localization
Russian law may require that the recording, systematization, accumulation, storage, and retrieval of personal data of individuals located in the Russian Federation be carried out using databases located within the territory of the Russian Federation, subject to applicable exceptions. Where such data localization requirements apply to ShareCRM’s services, ShareCRM will take reasonable steps to comply with applicable legal obligations.
Cross-Border Transfers
Under Russian law, cross-border transfers of personal data are permitted only where the recipient country ensures an adequate level of protection of personal data, or where other lawful grounds for transfer apply, such as the data subject’s consent or other circumstances permitted by law. Where personal data is transferred outside of the Russian Federation, ShareCRM will take reasonable steps to ensure that such transfers are conducted in accordance with applicable law.
Consent and Legal Basis
The processing of personal data generally requires a lawful basis under Russian law, which may include the data subject’s consent or other grounds permitted by law. Where processing is based on consent, such consent may be withdrawn in accordance with applicable law, subject to legal or contractual limitations.
Children’s Personal Data
The ShareCRM Platform is not intended for use by children. Where personal data relates to a minor, such data will be processed only in accordance with applicable law and, where required, with the consent of a parent or legal guardian.
Your Rights
Subject to applicable law, you may have rights in relation to your personal data, including the right to obtain information about the processing of your personal data, to request access to and correction of inaccurate personal data, and to exercise other rights provided under applicable Russian data protection laws.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
23. Hong Kong, China
If you are located in the Hong Kong Special Administrative Region of the People’s Republic of China, the processing of your personal data is subject to the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and other applicable laws and regulations.
Collection and Use of Personal Data
Personal data will be collected and used in accordance with the data protection principles set out in the PDPO, including for purposes that are lawful, directly related to ShareCRM’s functions and activities, and reasonably necessary for the provision and administration of the ShareCRM Platform.
Consent and Purpose Limitation
Personal data will not be used for new purposes that are not directly related to the original purpose of collection unless consent is obtained or such use is otherwise permitted under applicable law.
Direct Marketing
Where personal data is used for direct marketing purposes, ShareCRM will comply with the specific requirements under the PDPO, including providing appropriate notices and obtaining consent where required. You may opt out of receiving direct marketing communications at any time by contacting ShareCRM at privacy@sharecrm.com.
Cross-Border Transfers
The PDPO contains provisions relating to the transfer of personal data outside Hong Kong. Where personal data is transferred outside Hong Kong, ShareCRM will take reasonable steps to ensure that such data is protected in a manner comparable to the requirements under the PDPO, in accordance with applicable guidance and best practices.
Your Rights
Subject to applicable law, you may have rights under the PDPO to request access to your personal data and to request correction of inaccurate or incomplete personal data.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
24. Taiwan, China
If you are located in Taiwan, the processing of your personal data is subject to the Personal Data Protection Act of Taiwan (“Taiwan PDPA”) and other applicable laws and regulations.
Collection and Use of Personal Data
Personal data will be collected and processed for specific, legitimate, and necessary purposes in accordance with the Taiwan PDPA. ShareCRM will process personal data only to the extent necessary for providing and administering the ShareCRM Platform, communicating with users, improving services, and complying with applicable legal obligations.
Sensitive Personal Data
Certain categories of personal data, such as medical records, health information, genetic data, sexual life, health examinations, and criminal records, are subject to enhanced protection under the Taiwan PDPA. Where such sensitive personal data is processed, ShareCRM will do so only where permitted by applicable law and with appropriate safeguards in place.
Children’s Personal Data
The ShareCRM Platform is not intended for use by children. Where personal data relates to a minor, such data will be processed only with the consent of a parent or legal guardian, where required under applicable law.
Your Rights
Subject to applicable law, you may have rights under the Taiwan PDPA in relation to your personal data, including the right to:
(i) inquire or request access to your personal data;
(ii) request a copy of your personal data;
(iii) request supplementation or correction of inaccurate personal data;
(iv) request cessation of collection, processing, or use of personal data; and
(v) request deletion of personal data.
Requests to exercise your rights may be submitted by contacting ShareCRM at privacy@sharecrm.com. ShareCRM may take reasonable steps to verify your identity before responding and will respond within the timeframes required by applicable law.
Cross-Border Transfers
Where personal data is transferred outside Taiwan, ShareCRM will take reasonable steps to ensure that such transfers are conducted in accordance with the Taiwan PDPA and any applicable restrictions or requirements imposed by competent authorities, including implementing appropriate safeguards where required by law.