Privacy Policy
Last Revised: June 15, 2020
Testim Inc. (“Testim”, “us” or “we”) respects the privacy of all data subjects whose personal information we process in the context of providing our online services available at https://www.testim.io/ to our customers (the “Customer(s)” and the “Services”, respectively), including the privacy of:
- data subjects whose Personal Information is included in the content which our Customers upload to the Services (“Customer Content”); and
- individual users of our Services, who use the Service on behalf of our Customers (the (“Permitted User(s)” or “you”).
This privacy policy (“Privacy Policy”) is incorporated by reference to our Terms of Service, available at: https://www.testim.io/terms-of-service or to any other agreement executed between the Customer and Testim with respect to the Services.
We believe that you have a right to know our practices regarding the personal information we may collect and process in the context of our Services, and we are committed to protecting the personal information entrusted with us. Please read the following carefully in order to understand Testim’s views and practices regarding the processing of personal information and how Testim treats it.
1.Table of Contents
2. About this Privacy Policy
3. Who we are?
4. Your acknowledgment of this policy
5. Which Personal Information may we collect?
6. How do we collect Personal Information?
7. What are the purposes of the collection and processing of Personal Information?
8. Sharing Personal Information with third parties
9. Data subject’s rights
10. Location of your data
11. Minors
12. Third party service providers and third party software
13. Security
14. Data retention
15. Changes to the Privacy Policy
16. Have any Questions?
2.About this Privacy Policy
This Privacy Policy applies when you use our Services via our online platform, which may be accessed via our website at https://www.testim.io/ (the “Site”). Please note that our Privacy Policy regarding visitors of our Site who are neither Customers nor Permitted Users, is available at: https://www.testim.io/privacy-policy-website.
In addition, a dedicated Cookie Policy is also available at: https://www.testim.io/cookie-policy.
3. Who we are?
In this policy, references to Testim, or to “we” or “us” are to Testim Inc. and its affiliates, including without limitation Testim Computerized Verifications Ltd., which is a registered company in the state of Israel, no. 515125748 at Ha’arbaa 30 Tel-Aviv 6473926. Individuals wishing to contact us about data protection issues may do so by writing to us at the above address or by emailing us at [email protected].
4. Your acknowledgment of this policy
This Privacy Policy details how Personal Information collected via the Services is used and processed by Testim.
BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES, THE CUSTOMERS AND THE PERMITTED USERS ACKNOWLEDGE THAT THEY ARE, OR HAVE HAD, THE OPPORTUNITY TO BECOME AWARE OF AND AGREE (IN JURISDICTION WHERE SUCH CONSENT IS REQUIRED) TO THIS PRIVACY POLICY AND TESTIM’S PRACTICES DESCRIBED THEREIN, INCLUDING THE PROCESSING (WHICH INCLUDES, INTER ALIA, COLLECTING, USING, DISCLOSING, RETAINING OR DISPOSING) OF THE CUSTOMER CONTENT, AND PERSONAL INFORMATION RELATING TO THE PERMITTED USER, UNDER THE TERMS OF THIS POLICY.
5. Which Personal Information may we process?
During and as part of the use of our Services, we collect and process: (i) non-identifiable and anonymous information, which consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Information”); and (ii) personal information, which is information relating to an identified or identifiable natural person (“Personal Information”), all with respect to two types of data subjects:
5.1. Personal Information which relates to Permitted Users:
(Permitted Users are those individuals who have opened an account to use our services and use our Services on behalf of our Customers, such as Customers’ employees or contractors).
- Technical and Behavioral Information.
- Like most websites and online services, we passively collect certain Non-Personal Information from your devices when Permitted Users access and browse, access and use our Services, including: (i) technical information such as the type and version of the Permitted User’s device and its operating system, the type of browser, screen resolution, device browser and keyboard language, Wi-Fi connectivity and the type and name of the device and/or browser, etc.; and (ii) behavioral information which may include the Permitted User’s click-stream, the activities of the Permitted User on the Services and additional information of a similar nature (collectively, “Technical and Behavioral Information”). We may also use third-party service providers such as Google Analytics to obtain detailed analytics on the device and the Permitted User’s behavior on the Services for purposes of advertising, research, security and fraud prevention. Please note that we or our third-party service providers will collect such Technical and Behavioral Information by using certain technologies such as Cookies (as further detailed under our Cookie Policy at https://www.testim.io/cookie-policy (“Cookie Policy”)).
- Any Non-personal Information connected or linked to or associated with any Personal Information shall be deemed as Personal Information, as long as such connection, linkage or association exists.
- Personal Information which is provided by the Permitted Users.
- Opening an Account: Personal Information is collected from the details the Permitted Users provide when opening an account in order to use the Services: full name, business email address, position in the company (e.g., CEO, HR, manager), phone number and country of residence. Permitted Users may also, voluntarily, provide a profile picture for their account. Additional information may be requested in the future.
- Use of Social Network Accounts: Alternatively, Permitted Users may sign up to the Services via one of their existing social network accounts (e.g. GitHub or Google). When registering to the Service through such existing third-party accounts, then such third-party accounts provide us with access to certain information, which is detailed and displayed in the notice which appears during the integration process, which may include the Permitted User’s name, email address, profile photo and user-id on such account. Please read such notices carefully in order to understand what information is made available to us via such third-party accounts. We may collect login information and other relevant information necessary to enable us to access such third-party accounts in order to collect the aforementioned information. Please remember that the manner in which third-party accounts use, store or disclose your information is governed solely by their policies and we will have no liability or responsibility for the privacy practices or other actions of such third parties. If you do not agree to these practices, please do not use third-party accounts in order to use our Services. You hereby agree that such information will be stored even after the linkage to your third-party accounts expires, for any reason.
- Communications with Testim: we may collect and process any Personal Information Permitted Users may provide to us as part of any communications with us, by any means, including email correspondence and by use of the chatbot available on the Site.
- Personal Information collected via technology.
- Geolocation data: during your use of the Services, Testim will access, collect, process, monitor and/or remotely store “geolocation data”, including through the collection of IP addresses and other similar information to determine your location for analytics, advertising and security purposes.
- Identifiers: during your use of the Services, we will access, collect, process, monitor and/or remotely store online identifiers, such as Internet Protocol (IP) address, AD-ID or other unique identifiers, for the purpose of providing you with targeted advertising and for statistical and metric purposes.
- Technical and Behavioral Information: to the extent that the Technical and Behavioral Information detailed above under Section 5.1.1 will be linked to or associated with a specific individual then such information will be considered as Personal Information.
- Recording of the Services’ User Interface: in order to provide support services to our Customers and their Permitted Users, Testim may record (through a third-party service provider) the Services’ user interface, and as a result thereof the Permitted Users’ interactions with the Services’ user interface, and any Personal Information related thereto, may be captured. Please note that we only record the browser windows where the Services’ user interface is open and not any other screen on the applicable workstation or device.
5.2. Personal Information included in the Customer Content:
In order to use Testim’s Services, Customers and Permitted Users may upload certain Personal Information pertaining to third parties, such as the Customer’s clients, to the Services (the Customer Content). For example, when performing a test via the Services, in a ‘live’ environment, the test may entail the processing of Personal Information included in the Customer Content available in such an environment. Personal Information included in the Customer Content may be recorded in the outputs produced as a result of the use of the Services, such as in screenshots, HTML files, element locate data, element locate results and runtime console logs.
Please note that the Customer Content (including Personal Information) collected as part of your use of the Services, may be accessed by our IT team, support team, customer success team, R&D team and/or by our account managers, worldwide, solely in order to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers.
6. How do we collect Personal Information?
There are three main methods we use to collect Personal Information:
6.1. We collect information via your entry, connection, access and/or use of the Services. In other words, when you access or use the Services, we are aware of your usage of the Services, and may gather, collect and record the information related to such usage. For example, when you use the Services, we collect your IP address and other online identifiers.
6.2. We collect information which you provide us voluntarily. For example, we collect Personal Information that you provide via the Services, such as the details provided when opening an account to use the Services.
6.3. We collect information provided by you via the Services as part of the Customer Content. Personal Information may be provided to us as part of any Customer Content uploaded in the context of your use of the Services (e.g., Personal Information included in the testing environment, where a test is being conducted).
7. What are the purposes of the collection and processing of information?
7.1. Non-personal Information is processed in order to:
- Enhance your experience on the Services;
- Create statistical information and learn about the preferences of Permitted Users and general trends regarding the Services (e.g. understand which features are more popular than others);
- Deliver targeted advertising and run advertising campaigns related to our products and services;
- Keep the Services safe and secure; and
- Prevent fraudulent activity on our Services.
7.2. Personal Information is processed in order to:
- Enable the operation of the Services, including the process of opening an Account to use the Services;
- Provide Customers and their Permitted Users with technical support;
- Conduct internal operations, such as: troubleshooting, data analysis, testing, research, statistical analysis, as well as the improvement of the provided Services and the Testim’s AI engine;
- Keep the Services safe and secured against fraudulent and criminal activity;
- Comply with our legal obligations and provide us with the ability to protect our rights and legitimate interests;
- Send advertisements, updates, notices, announcements and additional information related to Testim and its Services, by email, SMS, phone or otherwise;
- Provide targeted and behavior-based advertising; and
- Maintain data processing records and general administrative purposes.
Note to Permitted Users located in the EU:
Please note that all Personal Information included in any Customer Content uploaded to the Services is processed in order to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers. However, as a ‘data processor’, Testim is not legally obligated to determine the legal basis for processing such data, and it is each Customer’s responsibility, in its capacity as a ‘data controller’, to determine the lawful basis for enabling Testim to process such data.
In order for Testim to process Personal Information relating to Permitted Users, as detailed herein, such processing must be justified by a “basis” for processing, as follows:
● the processing is based on your consent – where you provide us with your consent to contact you for marketing purposes or when we use cookies to collect information about your use of the Services, you will be asked to consent to such activities before we can process your Personal Information for such purposes. The Personal Information that you may voluntarily provide as part of opening an account to use the Services, such as your profile picture, is also processed based on your consent. If you choose not to give us your consent for such processing activities, or if you decide later to remove your consent, this may affect our ability to provide you with our Services.
● the processing is necessary for the performance of a contract – we may process your Personal Information for the purpose of creating an account to use the Services, to provide technical support, to keep the Services safe and secure and to prevent fraudulent and criminal activity in our Services, all as required to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers. We also rely on this basis for processing activities that are required in order to let you know of changes to our Service’s terms of use and privacy policy.
● the processing is necessary to comply with legal obligations – we may process your Personal Information for disclosure of information to authorities and to maintain data processing records and general administrative purposes, as required by legal obligations that apply to us; and
● the processing is in our legitimate interests – subject to your interests and fundamental rights, we shall perform the Personal Information processing activities described herein under our legitimate interest in: (i) marketing our products and services, including our legitimate interest in performing online advertising campaigns and sending advertisements, updates, notices, announcements and additional information related to Testim and the Services; (ii) offering comfortable and safe access to our Website and Services, (iii) conducting internal operations, including troubleshooting, data analysis, testing, research and statistical purposes, Services and the Testim’s AI engine; (iv) personalizing the Services and ensuring that Testim provides the best Services to its Customers, (v) ensuring that the Services are safe and secured against fraudulent and criminal activity; and (vi) managing our internal operations, maintaining records and email tracking. Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests.
Note to non-EU Permitted Users:
BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES, YOU CONSENT TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION AS SPECIFIED HEREIN. |
8. Sharing Personal Information with third parties
8.1. Testim respects its Customers’ and their Permitted Users’ privacy and will not disclose, share, rent, or sell their Personal Information to any third party, including Customer Content containing Personal Information, other than as permitted under this Privacy Policy.
8.2. In addition to using the information collected by us for the purposes described under Section 7 above, we may also share your Personal Information and the Customer Content in the following cases:
- Testim’s Personnel: Personal Information that we collect and process may be transferred to or accessed by personnel of Testim for the sole purpose of enabling the operation of the Services and to contact you (as detailed in Section 7 above). Please note that all of Testim’s personnel that will have access to your Personal Information and the Customer Content are under an obligation of strict confidentiality with respect to such Personal Information.
- Service Providers: we share Personal Information with vendors, commercial software providers, consultants and data processors who perform services on our behalf, including without limitation, companies that provide analysis, messaging services and services which host the Services. Please note that we collect, hold and manage your Personal Information and the Customer Content through third parties’ cloud based services, as reasonable for business purposes, which may be located in countries outside of the Customers’ and/or their Permitted Users’ jurisdiction. For more information regarding our service providers, please refer to Section 12 below.
- In addition, we may share Personal Information in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy Policy or any other agreement or terms of service between a Customer and Testim, and to defend against any claims or demands asserted against us by a Customer and/or its Permitted Users or on a Customer’s and/or a Permitted User’s behalf; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) to protect the rights, property, or personal safety of Testim, its Customers and their Permitted Users or the general public; and (e) when Testim is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of the assets of Testim (while such acquired company or investor may be located in countries outside of the Customers’ and/or their Permitted Users’ jurisdiction).
8.3. For avoidance of doubt, Testim may transfer and disclose Non-Personal Information, i.e., non-identifiable and anonymous information which consists of Technical And Behavioral Information that does not pertain to a specific individual, to third parties, at its discretion, including without limitation for statistical, analytical and research purposes and for customization, developing and improvement of our Services.
9. Data subjects’ rights
9.1. Customer Content: the Customer Content may contain Personal Information, as determined by the Customer. Testim has implemented certain technical and organizational measures in its Services to assist its Customers in independently accessing the Personal Data included in such Customer Content. However, due to technical limitations and the nature of the Services, not all Personal Information contained in the Customer Content may be retrieved, accessed, amended, ported or restricted, as may be required under the data protection laws which are applicable to the Customer. Notwithstanding, all Personal Data is automatically deleted in regular 30-day intervals (or as otherwise set by the Customer) and may also be deleted at any time by the Customer, at its sole discretion. To the extent that the Customer, in its use of the Services, does not have the ability to exercise its obligations towards data subjects whose Personal Information is included on the Customer Content, please send us an email to: [email protected], and, to the extent that we are technically capable to do so, we will make commercially reasonable efforts to assist.
9.2. Permitted Users: Testim acknowledges that you have the right to access and change the Personal Information we collect and process about you. You may update the Personal Information that you entered when opening your account to use the Services, by using the designated page on your account. However, if you find that your are unable to do so or if you wish to access or to correct, amend, or delete Personal Information, please send us an email to: [email protected] and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law.
Note to Permitted Users located in the EU:
We hereby inform you of the following rights (by virtue of EU law), in respect of your Personal Information:
● Right to access: you may have the right to request a review of your Personal Information held by Testim. We may refuse to comply with your access request if the request is manifestly unfounded, excessive or repetitive in nature.
● Right to rectification: if the Personal Information processed by Testim is incorrect, incomplete or not processed in compliance with applicable law or this Privacy Policy, you may have the right to have your Personal Information rectified.
● Right to erasure: under certain conditions, you may be entitled to require that Testim will delete or “block” your Personal Information (e.g. if the continued processing of those data is not justified).
● Right to Portability: you may have the right to transfer your Personal Information between data controllers (i.e. to transfer your Personal Information to another entity). The right to data portability only applies where your Personal Information is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
● Right to object to or withdraw consent: where that lawful basis for processing your Personal Information is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and you may have the right to object to such processing. Where you object on the grounds of legitimate interest, we shall no longer process your Personal Information unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the processing of your Personal Information is based on your consent, you have the right to withdraw your consent to such processing at any time.
● The right to restrict processing: under certain circumstances, you may have the right to object to the processing of your Personal Information due to your particular situation.
● Right to lodge a complaint: you have the right to lodge a complaint before the relevant data protection authority or supervisory authority of your jurisdiction.
To exercise these rights, where applicable, please contact us by sending an email to: [email protected] |
10. Location of your data
The information collected from you by Testim, including the Customer Content, as detailed in this Privacy Policy, may be transferred to, and stored in, servers which may be located in countries outside of your jurisdiction and in countries that are not considered to offer an adequate level of protection under your local laws. It may also be processed by Testim and its suppliers, service providers or partners’ staff operating outside your country.
Testim is committed to protecting your Personal Information, including the Customer Content, and will take appropriate steps to ensure that your Personal Information and the Customer Content is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy. Such steps may include, but not limited to, putting in place data transfer agreements and ensuring our third-party service providers comply with Testim’s data transfer protection measures.
Note to Permitted Users located in the EU:
If you are located in the EU, you have a right to request further information regarding the data transfer mechanisms used by us with respect to data transfers to third countries outside the EU.
In order to keep your Personal Information safe, we apply strict safeguards when transferring it outside of the EEA, which may include the following:
● Transferring your personal information to countries approved by the European Commission as having adequate data protection laws, such as Israel;
● Entering into standard contracts that have been approved by the European Commission and which provide an adequate level of high quality protection, with the recipients of your Personal Information;
● Transferring your Personal Information to organizations that are Privacy Shield Scheme certified, as approved by the European Commission. |
BY SUBMITTING YOUR PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT, THROUGH THE SERVICES, YOU ACKNOWLEDGE, AND AGREE, IN JURISDICTION WHERE SUCH CONSENT IS REQUIRED, TO SUCH TRANSFER, STORING AND/OR PROCESSING OF PERSONAL INFORMATION.
11. Minors
The Services are intended solely for Permitted Users over the age of sixteen (16). Therefore, Testim does not intend and does not knowingly directly collect any Personal Information from Permitted Users under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Services.
12. Third Party Service Providers and Third Party Software
12.1. During the Services provision period , we may use third-party service providers (such as hosting cloud services), who may collect, store and/or process your Personal Information and the Customer Content,. Such vendors may be located in countries that do not have the same data protection laws as the laws applied in the Customers’ and their Permitted Users’ jurisdiction.
12.2. Please read the third-party service providers’ terms of use and privacy policies to understand their privacy practices.
12.3. Such third party service providers may include without limitation the following categories of service providers:
- Images editing services, including Applitools, which servers are located in the U.S. (Applitools Inc. is Privacy Shield certified);
- Cloud hosting services, including AWS, which servers are located in the U.S. (Amazon.com Inc. is Privacy Shield certified) and Microsoft Azure, which servers are located in the U.S. (Microsoft Corporation is Privacy Shield certified);
- Infrastructure services, including Intercom, which servers are located in the US. (Intercom Inc. is Privacy Shield certified) and Cloudinary, which servers are located in the U.S. (Cloudinary Inc. is Privacy Shield certified);
- UI recording services’, including Auryc.com, which is obligated by a DPA to the EU Model Clauses;
- Behavioral analytics services, including Mixpanel, which servers are located in the U.S. (Mixpanel Inc. is Privacy Shield certified) and Google Analytics, which servers are located in the U.S. (Google LLC is Privacy Shield certified); and
- Advertising and marketing services, including Facebook, which servers are located in the U.S. (Facebook Inc. is Privacy Shield certified) and HubSpot, which servers are located in the U.S. (HubSpot Inc. is Privacy Shield certified).
13. Security
13.1. We take appropriate measures to maintain the security and integrity of our Services and prevent unauthorized access to them or use thereof through generally accepted industry standard technologies and internal procedures. Some of the security measures that we employ include, without limitation:
- the adoption of technical and organizational means, to ensure the security of the Customer Content, including Personal Information;
- compliance with the AICPA SOC 2® – SOC for Service Organizations: Trust Services Criteria and the SOC Type 2 auditing procedures and guidelines;
- the application of highly secure design and implementation methods to all our Services, including state of the art encryption mechanisms and secure architecture design to all storage and transmission mechanisms used for the processing and transmission of Customer Content and Permitted Users data, including Personal Information, to our third party service providers as described above; and
- the application of separation of duty among our employees and an access control management, which prevents unauthorized personnel from accessing the Customer Content and Permitted Users data, including Personal Information.
13.2. Please note, however, that there are inherent risks in transmission of information over the Internet or by using other methods of electronic storage and we cannot guarantee that unauthorized access or use of such information will never occur.
13.3. Testim will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Information and will inform you of such breach as required by applicable law.
13.4. TO THE EXTENT THAT TESTIM IMPLEMENTED THE REQUIRED SECURITY MEASURES UNDER APPLICABLE LAW, TESTIM SHALL NOT BE RESPONSIBLE OR LIABLE FOR AN UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION INCLUDED IN THE PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT.
14. Data retention
14.1. Permitted User’s Personal Information: Generally, we will keep Permitted User’s Personal Information only for as long as it is relevant and useful for the purpose for which it was originally collected.
14.2. Personal Information contained in Customer Content:
- Testim will retain the Personal Information contained in Customer Content for the time period set by the Customer via the Services. Please note that if no other setting or requirement was explicitly presented by the Customer, all Customer Content which is included in the results of test run via the Services, including without limitation in test results, Screenshots, HTML Files, Element Locate Results and Runtime Console Logs, will be retained for a default period of thirty (30) days.
- Testim will retain the Personal Information included in Element Locate Data without limitation of time, during the Customer’s engagement with Testim.
- All the aforementioned retention periods can be reduced or extended by Testim upon a Customer’s request. Upon termination of the Customer’s engagement with Testim, all of the Customer Content is deleted. Furthermore, if you delete a test generated by the Services, then all the Customer Content associated with that test shall be deleted as well.
14.3. Testim may store personal data for longer periods of time if the personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and in such cases, the personal data will be subject to the implementation of appropriate technical and organizational measures to safeguard the rights and freedoms of the data subjects; or if it is under a statutory obligation to do so, and in such case Testim shall notify the data subjects of that legal obligation (unless the Company is prohibited by applicable law from doing so), and will implement appropriate technical and organizational measures to ensure that the personal data retained is used to fulfil that statutory obligation and no other purpose. Please note that personal data which has been fully anonymized, as well as aggregated data, do not constitute ‘personal data’, and as such may be retained by the Company indefinitely.
15. Changes to the Privacy Policy
Testim reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently to check for any changes. In case of any material change, we will make reasonable efforts to post a clear notice on the Services or we will send you an e-mail, regarding such changes, to the e-mail address that you may have provided us with. Such material changes will take effect seven (7) days after such notice was provided on our Service or sent to you via e-mail, whichever is earlier. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” and your continued use of the Services on or after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes. In the event that the TOS should be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by the law and without any prior notice.
16. Have any questions?
If you have any questions (or comments) concerning this Privacy Policy, please send us an email to the following address: [email protected] and we will make an effort to reply within a reasonable timeframe.