Privacy Notice

Effective as of: December 1, 2024

The PDF version of this document is available here

This Privacy Notice constitutes our privacy statement and policy and describes how accessiBe Ltd. and its affiliates, including accessiBe Inc. (collectively, “accessiBe”, “Company”, “our”, “we”, or “us”) collect, use and disclose information, and what choices you have with respect to your information. 

This Privacy Notice should be read together with our Terms of Service (the “Terms”) and is incorporated by reference therein and into any other separate agreement that you may have with accessiBe. Capitalized terms used in this Privacy Notice that are defined in our Terms shall have the meanings applied to them in our Terms unless explicitly stated otherwise.

This Privacy Notice applies to our Services and to any other communication between an individual (“you” or “Visitor(s)”) and us.

The term “Personal Information”, as used in this Privacy Notice, means information that relates to an identified or identifiable individual. 

Please read this Privacy Notice carefully and make sure that you fully understand and agree with it. If you do not agree to the provisions of this Privacy Notice, do not access or use the Services.

You are not legally required to provide us with any Personal Information, but please keep in mind that without it, we may not be able to provide you with the full range of Services or with the best user experience when using the Services (depending on the specific Service provided). 

1. A Summary of this Privacy Notice
   

   The following summary of this Privacy Notice will give you a quick and clear view of our practices; however, the full applicable terms are found in the full text of the Privacy Notice. Please take the time to read our full Privacy Notice. 

   Information we collect and receive. We collect most of the Personal Information related to you through the registration and login processes to our Services and your engagement with our website. Read more. 

   How we use Your Personal Information. We collect the Personal Information related to you for providing the Services, for improving them, and to protect us and the Services from misuse and law violations. Read more.

   How your Information is shared. We share information with our service providers as necessary to facilitate our business. We will share information when we change our corporate structure or when our Company or its business is acquired, and we will share the information with our affiliated entity(ies). Read more.

   Cross-border data transfers. We use cloud-based services to store and process data in the United States, European Union, United Kingdom and Australia and will store them at additional sites, at our discretion, in accordance with applicable laws. Read more.

   Data Privacy Framework Notice. accessiBe adheres to the EU-U.S. Data Privacy Framework Principles regarding the collection, use, and retention of Personal Information that is transferred from the European Union, the United Kingdom and Switzerland to the U.S. Read more.

   How long we retain your Information. We retain different types of Personal Information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements. Read more.

   How we Protect Your Information. We implement physical, technical and organizational measures to secure your Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Read more.

   Your Rights as a Visitor from the EEA, UK or Switzerland.  If we process Personal Information related to you when you are in the EEA, the United Kingdom or Switzerland, further terms apply to our processing in relation to your rights as a data subject under EEA, UK or Swiss data protection laws. Read more. 

   Specific provision for California residents. If you are a California resident, you are entitled to specific privacy rights. Read more.

   Modifications to this Privacy Notice. We may update this Privacy Notice from time to time as provided herein. Read more.

   Additional Information and Contact Details. You may contact us at: [email protected]. Read more.

2. Information we Collect and Receive
   We collect various types of information, including Personal Information, when a Customer or a Visitor (including anyone acting on their behalf) accesses or uses our Services as more fully set forth in this Privacy Notice.
    a.  Information You Provide.

1. Account Information. When you register and create (or update) an account that enables you or anyone else to access and use Services, we collect certain Personal Information, including full name, email address, and phone number. The Personal Information that is part of an account comes directly from you and may include Personal Information. You may edit certain elements of your Personal Information at any time via your account or by sending us an email to [email protected] requesting such edits. If you provide Personal Information of a person other than yourself, you represent and warrant to us that you have full rights and authority to do so.
2. Payment Details. When you purchase a license to use Services you may provide us or our third-party payment processor with your billing information, such as your name, credit card number, card expiration date, CVV code, banking information, and/or billing address. Any provision of information to a third-party payment processor is governed by such third-party processor’s terms and conditions.
3. Device and Technical Information. Through our website we may collect information about the devices used to access Services, including the following: IP Address, referring URL and domain, device type, device ID, operating system and version, browser type and version, and screen resolution.
4. Support Information. When you interact with us via our website chatbot, contact our customer support team or provide us with feedback, we will collect certain Personal Information either generated by your use of Services or Personal Information that you choose to share with us (this may include, by way of example, your name or email address). We process all information that you input into the chatbot, although we usually only require your email address.  We may combine the information we collect from you through Services with other Personal Information we have about you as described in this Privacy Policy. Any information combined with Personal Information will be treated as Personal Information. We may document your communication with our support team or with other similar contact channels.
5. Marketing Communication. When you contact us via the “Get Demo” feature on our website, sign up to receive a demo, request to receive a scan using our accessScan service, or any other marketing communication from us, including news regarding the Services, we will collect and process your name, email address, and phone number in order to comply with your request. We may also collect additional information, such as your role or job title at the company you work for and details about the company you work for.

b. Information Collected from Other Sources

1. accessScan Communication. When you sign up to receive the full accessScan pdf audit report of your website, we will collect and process your full name and email address to comply with your request. We may also use such information to contact you for marketing purposes.
2. Usage Information. When a website implements accessWidget, it sends the following data to our servers: Image URLs, link URLs, HTML structure, CSS attributes, clicks, interactions, and pages viewed.
3. End-User information.When any third party or end-user operates the accessWidget when browsing a website, we may process its IP address and URL, and other information that is not Personal Information. It is your liability to use your commercially reasonable efforts to disclose such information to your end users clearly and obtain their consent to such processing.
4. Log Information. Our servers automatically collect information when you access or use our Website and record it in log files. The log information we collect may include your IP Address, the address of the web page visited before using the Website, browser type and settings, and cookie data.
5. Cookies. We use cookies and similar technologies to operate and improve the Services, serve and measure the effectiveness of advertising campaigns, and analyze our Website traffic and trends. You can obtain further information on our use of cookies in our Cookie Policy.

c. Information from Social Media.
We also collect social media handles, content, and other data posted on our official social media pages (such as feedback, reviews, email address, and other information). If you submit any such information (including Personal Information), note that we may (at our discretion) store and present such information to third parties. If you wish to remove such information, please contact us at [email protected].

d. Data obtained through analytics tools
We use analytics tools (e.g., Google Analytics) and others to collect data about the use of our Website. Analytics tools collect data such as IP Address, how often Visitors visit the Website, which pages they visit and when, the Visitor’s activities, and which website, ad, or e-mail message brought them there.

e. Information We Collect from Third Parties.
We may collect information about you from other sources that may include your Personal Information. These sources may include the following: (i) third parties providing your information in connection with any referral program; (ii) third parties requesting services for or on your behalf; (iii) third parties providing information in connection with any claims or disputes; (iv) our Service Providers (as such term is defined below), such as third-party payment processors and social media services; (v) publicly available sources; and (vi) marketing service providers. We may combine the information collected from third parties as set forth above with other information which is in our possession.

f. Information Collected in accordance with Applicable Law.
We will also collect the information we are required or otherwise authorized to collect under applicable laws to authenticate or identify you or to verify the information you have provided or we have collected from you via the Services.

3. Communications
We may contact you via email, telephone or otherwise about changes to the Services, updates to your account, billing issues, and important notices related to the Services, such as security notices or notices regarding your account with us (“Essential Communications”). You may not opt out of these Essential Communications. In addition, we may from time to time send you newsletters, updates on new features, offerings, events, special opportunities, and other marketing or promotional emails. You may opt out of receiving these emails by clicking on the unsubscribe link, which is part of the emails you receive.

4. How We Use Your Information
We use the information that we collect in accordance with the Terms, your instructions, or for complying with applicable law; and based on our legitimate interests in maintaining and improving our Services and offerings, understanding how the Services are used, optimizing our marketing, customer service, and support operations, and protecting and securing our Visitors, ourselves and members of the general public.If you reside or are using the Services in a jurisdiction governed by privacy laws which determine that "consent" is the only legal basis for the processing of Personal Information (in general or specifically with respect to the types of Personal Information you choose to share via the Services) your acceptance of the Terms and of this Privacy Notice (including by browsing our Website or using any of the Services) will be deemed as your consent to the processing of your Personal Information for all purposes detailed in this Privacy Notice. If you wish to withdraw such consent, please contact us at [email protected].

1. 1. provide, maintain and update the Services (including your account), and any other products or services we may offer. For example: to provide you with the Services in accordance with the Terms, address/prevent any errors in the Services, or provide you with assistance and support in relation to the Services;
   2. to authenticate the identity of our Visitors, and to allow them to access and use the Services;
   3. communicate with you. For example: when you send us an email, make a request or inquiry, or share a comment or concern;
   4. send you service, technical, updates, administrative messages, and other types of communications such as marketing and advertising communications relating to the Services;
   5. improve and optimize the Services. For example; improving the features of the Services based on historical usage;
   6. detect, investigate and prevent fraud, security risks, any misuse of the Services, violations of the Terms and other illegal activities;
   7. to create aggregated statistical data, inferred non-personal information or anonymized or pseudonymized data (rendered non-personal), which we or our business partners may use to provide and improve Services;
   8. billing, account management, and other related matters. For example: to contact you about an invoice or rejected payment method;
   9. respond to court orders, lawsuits, subpoenas, and government requests, and as required to comply with applicable law and our legal obligations; and
   10. carry out any other purpose readily apparent to you or described to you at the time the information is collected.

5. How your Personal Information is Shared

1. 1. Legal Compliance. We may disclose or allow government and law enforcement officials access to your Personal Information in response to a subpoena, search warrant, or court order (or similar requirement) or in compliance with applicable laws and regulations.
   2. Service Providers. We may engage selected third-party companies and individuals to perform services complementary to our own (collectively, “Service Providers“). Our Service Providers may have access to Personal Information, depending on each of their specific roles and purposes in facilitating and enhancing the Services, and may only use the information for such limited purposes as determined in our agreements with them. 
   3. Use for Other Persons. If you are using the Services for the benefit or on behalf of another person (including as a Partner or affiliate), we may share Personal Information with such other person.
   4. Protecting Rights and Safety. We may share Personal Information with others if we believe in good faith that this will help protect the rights, property, or personal safety of accessiBe, any of our Visitors, or any members of the general public.
   5. accessiBe Subsidiaries and Affiliated Companies. We may share Personal Information internally within our group for the purposes described in this Privacy Notice. In addition, should we or any of our subsidiaries or affiliates undergo any change in control or ownership, including by means of merger, acquisition, or purchase of substantially all or part of its assets or business, Personal Information may be shared with or transferred to the parties involved in such an event.

6. Data Transfers
Your Personal Information may be transferred to countries outside of the country where you access and use the Services, that have different data protection laws. For Visitors in the European Economic Area (EEA), the UK, or Switzerland, this means that their Personal Information may be transferred to countries outside the EEA, the UK, or Switzerland, for example, to the United States or other jurisdictions which are not deemed to provide an adequate level of data protection. When we transfer your Personal Information, we ensure that there is a lawful basis for the transfer (Such as Standard Contractual Clauses as adopted by the European Commission and as amended from time to time or by adhering to equivalent data transfer regulations to protect the security and confidentiality of such Personal Information.) and that adequate protection for your Personal Information is provided as required by applicable law. If you have any questions about the transfer of your Personal Information to other countries, please email us at [email protected].
When we transfer Personal Information to the US, we make use of the EU-U.S. Data Privacy Framework to receive Personal Information transfers from the European Union/European Economic Area to the U.S. (see “EU-U.S. Data Privacy Framework Notice” section below), and the standard contractual data protection clauses, which have been approved by the European Commission, to safeguard the transfer of Personal Information we collect from the European Economic Area, the United Kingdom (the "UK"), and Switzerland.

7. Data Privacy Framework Notice
accessiBe complies with the principles of the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce and relies on the European Commission’s adequacy decision for the EU-U.S. DPF to receive Personal Information transfers from the European Economic Area. AccessiBe has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. accessiBe has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF (together with the EU-U.S. DPF Principles, the “DPF Principles”). If there is any conflict between the terms in this Policy and the DPF Principles, the DPF Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. 
Under the DPF Principles we are responsible for the processing of Personal Information we receive and, subsequently, for the Personal Information that we then transfer to a third-party service provider, if the Personal Information is processed in a manner inconsistent with the Data Privacy Framework.
If you have any questions, concerns, or complaints about our compliance with the DPF Principles, we encourage you to contact us under the contact details set forth in the section titled “Additional Information and Contact Details” below.
If you have an unresolved complaint regarding our handling of Personal Information we received in reliance on the Data Privacy Framework, please contact JAMS, our U.S.-based third-party dispute resolution provider (free of charge), at https://www.jamsadr.com/DPF-Dispute-Resolution.
Finally, if you have a complaint that we have violated the DPF Principles that has not been resolved by other means, you may have the ability to invoke binding arbitration as outlined more fully on the Data Privacy Framework website.  
accessiBe is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
To learn more about the DPF Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

8. How Long we Retain Personal Information
We will retain Personal Information related to an account as long as the account is active, in accordance with the Terms, to resolve disputes, and to comply with applicable law. After you request to have an account closed, we may retain Personal Information for up to thirty (30) calendar days to allow us a reasonable time to properly close the account (or, if longer retention of certain data is required under law or in order to protect our rights, we will retain such data for such longer period of time). After such period, we may retain certain Personal Information pertaining to you for as long as necessary for the purposes described in this Privacy Notice, including without limitation, conducting audits, complying with our legal obligations, resolving disputes, and enforcing the Terms and other rights we may have. 
If you do not have an account, we will retain your Personal Information to comply with our legal obligations, resolve disputes, and enforce the Terms and other rights we may have, all as required or otherwise permitted under applicable law, whichever is shorter. Once this period has expired, we will delete your data. If we use your Personal Information in an aggregated anonymous format for business purposes, it will not be deleted. You will not be identifiable from this data.

9. How We Protect Your Information
The security of your Personal Information is important to us. We have deployed appropriate security measures to protect the Personal Information we collect from misuse, damage, or unauthorized access. The measures we use take into account the applicable industry standards, the available technology, and the Personal Information we collect. However, while we take steps to safeguard your Personal Information, we cannot guarantee complete protection and security for information transmitted over the internet, information that is stored on our servers or that is in our or any third party’s possession.

10. Your Rights as a Visitor from the European Economic Area, the United Kingdom or Switzerland

a. The General Data Protection Regulation ("GDPR"), the UK General Data Protection Regulation (“UK GDPR”) and the Swiss Federal Act on Data Protection (“FADP”) provide Visitors who are EEA, UK or Swiss residents (as applicable) specific rights regarding their Personal Information. If the GDPR, the UK GDPR or the FADP applies to the processing of Personal Information related to you by us, then the terms listed in this section apply, in addition to your rights under this Privacy Notice

b. We process Personal Information related to you on the following lawful grounds:

1. All processing of Personal Information related to you that is not based on the lawful grounds indicated below is based on your consent.
2. We process your account details to perform the contract with you.
3. We will process Personal Information related to you in order to comply with a legal obligation and to protect your and others’ vital interests.
4. We will also rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
   - communications with you, including direct marketing where you are our Customer, prospective Customer, or a user or client of our Customer or where you make contact with us through our Website or other digital assets;
   - cyber security;
   - support, customer relations, service operations;
   - enhancements and improvements to your and other users’ experience with our Services;
   - fraud detection and misuse of the Services.

c. In addition to your rights under this Privacy Notice, you have the following rights:

1. You are entitled to access the Personal Information that we keep about you together with information about how and on what basis the Personal Information is being processed and to rectify when such information is inaccurate. If you find that the Personal Information related to you is not accurate, complete or updated, then please provide us with the necessary information to correct it.
2. At any time, you may contact us if you want to withdraw your consent to the processing of Personal Information related to you. Exercising this right will not affect the lawfulness of processing based on consent prior to its withdrawal.
3. At any time, you may request that we delete the Personal Information related to you or restrict our processing of said Personal Information. We will review your request and, in accordance with the provisions of applicable law, use our judgment to reach a decision about your request.
4. If you exercise one (or more) of the above-mentioned rights, pursuant to the provisions of applicable law, you may request to be informed that third parties that hold Personal Information related to you, in accordance with this policy, will act accordingly
5. You may ask to transfer Personal Information related to you according to your right to data portability.
6. Where we rely on our legitimate interest for the processing of the Personal Information related to you, you will have the right to object to the processing of the Personal Information related to you.
7. You have the right not to be subject to a decision based solely on automated processing, for example, profiling, which produces legal effects concerning you or similarly significantly affects you.
8. You have a right to file a complaint with a data protection supervisory authority of your habitual residence or place of work of an alleged infringement of the GDPR, UK GDPR or FDPA.

d. A summary and more details about your rights under EU data protection laws are available on the EU Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.

e. Please contact us by email at [email protected] in order to exercise your rights. When you ask us to exercise any of your rights under this Privacy Notice or applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim to be, to avoid disclosure of Personal Information relating to other individuals, and to ask you to provide further information to better understand the nature and scope of information that you wish to access or have deleted, etc. Such additional information will be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request), in accordance with the provisions of Section ‎6 above. We may redact from the information which we will make available to you, any Personal Information related to others. We will provide you information regarding actions taken by us in relation to your request within 30 days.

f. Under the GDPR and the UK GDPR, there is a distinction between the “controller” and the “processor” of Personal Information (as defined under these laws). In general: (i) we act as an independent data controller with respect to Customer account data, and the applicable Customer acts as a data controller with respect to its account data, (ii) we act as a data controller with respect to Personal Information of our Website’s visitors, and (iii) we act as a data processor with respect to Customer user data, and the applicable Customer acts as a data controller with respect to its user data. Please note that where we act as data processers with respect to your Personal Information, you must contact the relevant person who acts as the data controller with respect to your Personal Information, to exercise your rights.

g. If you are not satisfied with our response or you believe that we are not processing your Personal Information in accordance with applicable law, you have the right to lodge a complaint with your local Data Protection Authority. You can find the contact information for your local Data Protection Authority here: https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htmNew Window.

11. Specific Provision for California Residents

This section applies solely to Visitors who reside in the State of California.

a. Personal Information that we collect. In the preceding twelve (12) months we have collected the following categories of personal information:

1. identifiers and Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, email address and IP address;
2. commercial information, such as payment details;
3. Internet or other similar network activity including, but not limited to, website and mobile usage and session information, search history, and information regarding your interaction with an internet website, application or advertisement, as detailed in our Cookie Policy; and
4. inferences drawn from other personal information.

b. Our business purposes for collecting your personal information. We collect your personal information for various business purposes, such as to provide you with the Services and make them better, all as described above under Section ‎4.

c. The categories of sources from which your personal information is collected. We obtain the categories of Personal Information listed above from various sources, including directly from you, from your activities using the Services, and from third-party service providers, as further described above under Section ‎2.

d. The categories of third parties with whom we share your personal information. We may share your Personal Information with various third parties such as our service providers and our affiliates, as further described above under Section ‎5.
We do not sell your Personal Information for the intents and purposes of the California Consumer Privacy Act (CCPA), but we “share” the Personal Information with certain third party cookie providers (as further detailed in our cookie policy).

To opt out of such "sharing" of Personal Information, please click here

e. The categories of personal information disclosed to said third parties. In the preceding twelve (12) months we have disclosed the following categories of personal information for business purposes:

1. identifiers and Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, email address and IP address.
2. Commercial information, such as payment details.
3. Internet or other similar network activity.
4. Inferences drawn from other personal information.

In the preceding twelve (12) months, we have not sold personal information.

f. Your Rights as a California Resident. If you are a California resident:

1. California Civil Code Section 1798.83 permits you to request in writing a list of the categories of Personal Information relating to third parties to which we have disclosed certain categories of Personal Information during the preceding year for their direct marketing purposes. To make such a request, please contact us at [email protected].
2. You have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months under the CCPA, and to ask that we provide you with the following information:
   - the categories of and specific pieces of Personal Information we collected about you;
   - the categories of sources for the Personal Information we collected about you;
   - our business or commercial purpose for collecting that Personal Information;
   - the categories of Personal Information that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that particular category of Personal Information;
   - if we disclose your Personal Information for business purposes, we will provide you with a list which will identify the Personal Information categories that each category of recipient obtained.
   You may receive a copy of the Personal Information related to you by mail or electronically. Further, you may request to transfer specific Personal Information to another entity, provided that such transfer is technically feasible in a structured, commonly used, machine-readable format.
3. You have the right to ask us to correct Personal Information related to you that you find is erroneous, not accurate, complete or up to date.
4. You have the right to request that we delete your Personal Information. Upon confirmation of your request, we will delete (and direct our Service Providers to delete) your Personal Information from our records unless an exception under applicable law applies.
5. You also have a right not to be discriminated against for exercising your rights under the CPPA.

g. Exercising Your Rights. To exercise your rights under the CPPA as described above, please submit your request to us by sending an email to [email protected].  Only you or a person authorized to act on your behalf can make a request related to your Personal Information. A request for access can be made by you only twice within a 12-months period. We cannot respond to your request or provide you with the requested Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. We will only use the Personal Information provided in your request to verify your identity or authority to make the request. We will do our best to respond to your request within 45 days of its receipt.  If we require more time (up to additional 45 days), we will inform you of the reason and extension period in writing. Any disclosures that we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons for our inability to comply with your request, if applicable. We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such a decision and provide you with a cost estimate before processing your request further.

12. Modifications to this Privacy Notice 
We may modify this Privacy Notice at any time, at our discretion, to maintain compliance with applicable laws, rules, and regulations as well as when we update the Services and our business evolves. Modifications are effective when they are posted on our Website, and we encourage you to review this Privacy Notice periodically to stay informed. 
The date on which this Privacy Notice was last revised is identified at the top of the page. If we have your contact details, we will provide a 10-days prior notice if any substantial changes are made, via any of the communication means available to us, or on the Services. After this notice period, all amendments shall be deemed accepted by you. If you do not agree to these changes, you should terminate your engagement with us and stop using the Services (including browsing our Website).

13. Additional Information and Contact Details
While the Services may contain links to other websites or services, we are not responsible for their privacy practices and encourage you to pay attention and read the privacy notices of each and every website and service you visit. This Privacy Notice applies only to the Services.Please note that we do not allow the use of the Services or our Website to anyone younger than the age of 18 years. If we learn that anyone younger than 18 has unlawfully provided us with Personal Information, we will take steps to delete such information.If you have any questions or concerns about this Privacy Notice, please contact us via email at [email protected].