Last Revised: Sep 10, 2021
Currents Software Inc. (“Currents”, “us” or “we”) respects the privacy of all data subjects whose personal information we process in the context of providing our online services available at https://currents.dev to our customers (the “Customer(s)” and the “Services”, respectively), including the privacy of:
- data subjects whose Personal Information is included in the content which our Customers upload to the Services (“Customer Content”); and
- individual users of our Services, who use the Service on behalf of our Customers (the (“Permitted User(s)” or “you”).
We believe that you have a right to know our practices regarding the personal information we may collect and process in the context of our Services, and we are committed to protecting the personal information entrusted with us. Please read the following carefully in order to understand Currents’s views and practices regarding the processing of personal information and how Currents treats it.
3. Who we are?
In this policy, references to Currents, or to “we” or “us” are to Currents Software Inc. and its affiliates. Individuals wishing to contact us about data protection issues may do so by writing to us at the above address or by emailing us at email@example.com.
4. Your acknowledgment of this policy
5. Which Personal Information may we collect?
During and as part of the use of our Services, we collect and process: (i) non-identifiable and anonymous information, which consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Information”); and (ii) personal information, which is information relating to an identified or identifiable natural person (“Personal Information”), all with respect to two types of data subjects:
5.1. Personal Information which relates to Permitted Users
Permitted Users are those individuals who have opened an account to use our services and use our Services on behalf of our Customers, such as Customers’ employees or contractors.
5.1.1 Technical and Behavioral Information (Non-Personal) which relates to Permitted Users
Like most websites and online services, we passively collect certain Non-Personal Information from your devices when Permitted Users access and browse, access and use our Services, including: (i) technical information such as the type and version of the Permitted User’s device and its operating system, the type of browser, screen resolution, device browser and keyboard language, Wi-Fi connectivity and the type and name of the device and/or browser, etc.; and (ii) behavioral information which may include the Permitted User’s click-stream, the activities of the Permitted User on the Services and additional information of a similar nature (collectively, “Technical and Behavioral Information”).
We may also use third-party service providers such as Google Analytics to obtain detailed analytics on the device and the Permitted User’s behavior on the Services for purposes of advertising, research, security and fraud prevention.
Any Non-personal Information connected or linked to or associated with any Personal Information shall be deemed as Personal Information, as long as such connection, linkage or association exists.
5.1.2 Personal Information which is provided by the Permitted Users.
Opening an Account
Personal Information is collected from the details the Permitted Users provide when opening an account in order to use the Services: business email address and company name. Permitted Users may also, voluntarily, provide a profile picture for their account. Additional information may be requested in the future.
Use of Social Network Accounts
Alternatively, Permitted Users may sign up to the Services via one of their existing social network accounts (e.g. GitHub or Google).
When registering to the Service through such existing third-party accounts, then such third-party accounts provide us with access to certain information, which is detailed and displayed in the notice which appears during the integration process, which may include the Permitted User’s name, email address, profile photo and user-id on such account.
Please read such notices carefully in order to understand what information is made available to us via such third-party accounts. We may collect login information and other relevant information necessary to enable us to access such third-party accounts in order to collect the aforementioned information.
Please remember that the manner in which third-party accounts use, store or disclose your information is governed solely by their policies and we will have no liability or responsibility for the privacy practices or other actions of such third parties. If you do not agree to these practices, please do not use third-party accounts in order to use our Services.
You hereby agree that such information will be stored even after the linkage to your third-party accounts expires, for any reason.
Communications with Currents
We may collect and process any Personal Information Permitted Users may provide to us as part of any communications with us, by any means, including email correspondence and by use of the chatbot available on the Site and the Service.
5.1.3 Personal Information collected via technology
During your use of the Services, Currents will access, collect, process, monitor and/or remotely store “geolocation data”, including through the collection of IP addresses and other similar information to determine your location for analytics, advertising and security purposes.
During your use of the Services, we will access, collect, process, monitor and/or remotely store online identifiers, such as Internet Protocol (IP) address, AD-ID or other unique identifiers, for the purpose of providing you with targeted advertising and for statistical and metric purposes.
Technical and Behavioral Information
to the extent that the Technical and Behavioral Information detailed above under Section 5.1.1 will be linked to or associated with a specific individual then such information will be considered as Personal Information.
Recording of the Services’ User Interface
In order to provide support services to our Customers and their Permitted Users, Currents may record (through a third-party service provider) the Services’ user interface, and as a result thereof the Permitted Users’ interactions with the Services’ user interface, and any Personal Information related thereto, may be captured.
Please note that we only record the browser windows where the Services’ user interface is open and not any other screen on the applicable workstation or device.
5.2. Personal Information included in the Customer Content
In order to use Currents’s Services, Customers and Permitted Users may upload certain Personal Information pertaining to third parties, such as the Customer’s clients, to the Services (the Customer Content). For example, when performing a test via the Services, in a ‘live’ environment, the test may entail the processing of Personal Information included in the Customer Content available in such an environment.
Personal Information included in the Customer Content may be recorded in the outputs produced as a result of the use of the Services, such as in screenshots, HTML files, element locate data, element locate results and runtime console logs.
Please note that the Customer Content (including Personal Information) collected as part of your use of the Services, may be accessed by our IT team, support team, customer success team, R&D team and/or by our account managers, worldwide, solely in order to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers.
6. How do we collect Personal Information?
There are three main methods we use to collect Personal Information:
6.1. We collect information via your entry, connection, access and/or use of the Services
In other words, when you access or use the Services, we are aware of your usage of the Services, and may gather, collect and record the information related to such usage. For example, when you use the Services, we collect your IP address and other online identifiers.
6.2. We collect information which you provide us voluntarily
For example, we collect Personal Information that you provide via the Services, such as the details provided when opening an account to use the Services.
6.3. We collect information provided by you via the Services as part of the Customer Content.
Personal Information may be provided to us as part of any Customer Content uploaded in the context of your use of the Services (e.g., Personal Information included in the testing environment, where a test is being conducted).
7. What are the purposes of the collection and processing of information?
7.1. Non-personal Information is processed in order to:
- Enhance your experience on the Services;
- Create statistical information and learn about the preferences of Permitted Users and general trends regarding the Services (e.g. understand which features are more popular than others);
- Deliver targeted advertising and run advertising campaigns related to our products and services;
- Keep the Services safe and secure; and
- Prevent fraudulent activity on our Services.
7.2. Personal Information is processed in order to:
- Enable the operation of the Services, including the process of opening an Account to use the Services;
- Provide Customers and their Permitted Users with technical support;
- Conduct internal operations, such as: troubleshooting, data analysis, testing, research, statistical analysis, as well as the improvement of the provided Services and the Currents’s algorithms;
- Keep the Services safe and secured against fraudulent and criminal activity;
- Comply with our legal obligations and provide us with the ability to protect our rights and legitimate interests;
- Send advertisements, updates, notices, announcements and additional information related to Currents and its Services, by email, SMS, phone or otherwise;
- Provide targeted and behavior-based advertising; and
- Maintain data processing records and general administrative purposes.
Note to Permitted Users located in the EU 🇪🇺
Please note that all Personal Information included in any Customer Content uploaded to the Services is processed in order to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers.
However, as a ‘data processor’, Currents is not legally obligated to determine the legal basis for processing such data, and it is each Customer’s responsibility, in its capacity as a ‘data controller’, to determine the lawful basis for enabling Currents to process such data.
In order for Currents to process Personal Information relating to Permitted Users, as detailed herein, such processing must be justified by a “basis” for processing, as follows:
the processing is necessary to comply with legal obligations – we may process your Personal Information for disclosure of information to authorities and to maintain data processing records and general administrative purposes, as required by legal obligations that apply to us; and
the processing is in our legitimate interests - subject to your interests and fundamental rights, we shall perform the Personal Information processing activities described herein under our legitimate interest in: (i) marketing our products and services, including our legitimate interest in performing online advertising campaigns and sending advertisements, updates, notices, announcements and additional information related to Currents and the Services; (ii) offering comfortable and safe access to our Website and Services, (iii) conducting internal operations, including troubleshooting, data analysis, testing, research and statistical purposes, Services and the Currents’s AI engine; (iv) personalizing the Services and ensuring that Currents provides the best Services to its Customers, (v) ensuring that the Services are safe and secured against fraudulent and criminal activity; and (vi) managing our internal operations, maintaining records and email tracking. Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests.
Note to non-EU Permitted Users:
BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES, YOU CONSENT TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION AS SPECIFIED HEREIN.
8. Sharing Personal Information with third parties
8.1. When do we share Personal Information
8.2. Use Cases for Sharing Personal Information
In addition to using the information collected by us for the purposes described under Section 7 above, we may also share your Personal Information and the Customer Content in the following cases:
Currents’s Personnel Personal Information that we collect and process may be transferred to or accessed by personnel of Currents for the sole purpose of enabling the operation of the Services and to contact you (as detailed in Section 7 above). Please note that all of Currents’s personnel that will have access to your Personal Information and the Customer Content are under an obligation of strict confidentiality with respect to such Personal Information.
Service Providers we share Personal Information with vendors, commercial software providers, consultants and data processors who perform services on our behalf, including without limitation, companies that provide analysis, messaging services and services which host the Services. Please note that we collect, hold and manage your Personal Information and the Customer Content through third parties’ cloud based services, as reasonable for business purposes, which may be located in countries outside of the Customers’ and/or their Permitted Users’ jurisdiction. For more information regarding our service providers, please refer to Section 12 below.
8.3. Non-Personal Information Transfer
For avoidance of doubt, Currents may transfer and disclose Non-Personal Information i.e., non-identifiable and anonymous information which consists of Technical And Behavioral Information that does not pertain to a specific individual, to third parties, at its discretion, including without limitation for statistical, analytical and research purposes and for customization, developing and improvement of our Services.
9. Data subjects’ rights
9.1. Customer Content
The Customer Content may contain Personal Information, as determined by the Customer.
Currents has implemented certain technical and organizational measures in its Services to assist its Customers in independently accessing the Personal Data included in such Customer Content. However, due to technical limitations and the nature of the Services, not all Personal Information contained in the Customer Content may be retrieved, accessed, amended, ported or restricted, as may be required under the data protection laws which are applicable to the Customer.
Notwithstanding, all Personal Data is automatically deleted in regular 30-day intervals (or as otherwise set by the Customer) and may also be deleted at any time by the Customer, at its sole discretion. To the extent that the Customer, in its use of the Services, does not have the ability to exercise its obligations towards data subjects whose Personal Information is included on the Customer Content, please send us an email to: firstname.lastname@example.org, and, to the extent that we are technically capable to do so, we will make commercially reasonable efforts to assist.
9.2. Permitted Users
Currents acknowledges that you have the right to access and change the Personal Information we collect and process about you.
You may update the Personal Information that you entered when opening your account to use the Services, by using the designated page on your account. However, if you find that your are unable to do so or if you wish to access or to correct, amend, or delete Personal Information, please send us an email to: email@example.com and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law.
Note to Permitted Users located in the EU 🇪🇺
We hereby inform you of the following rights (by virtue of EU law), in respect of your Personal Information:
Right to access: you may have the right to request a review of your Personal Information held by Currents. We may refuse to comply with your access request if the request is manifestly unfounded, excessive or repetitive in nature.
Right to erasure: under certain conditions, you may be entitled to require that Currents will delete or “block” your Personal Information (e.g. if the continued processing of those data is not justified).
Right to portability: you may have the right to transfer your Personal Information between data controllers (i.e. to transfer your Personal Information to another entity). The right to data portability only applies where your Personal Information is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.
Right to object to or withdraw consent: where that lawful basis for processing your Personal Information is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and you may have the right to object to such processing. Where you object on the grounds of legitimate interest, we shall no longer process your Personal Information unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the processing of your Personal Information is based on your consent, you have the right to withdraw your consent to such processing at any time.
The right to restrict processing: under certain circumstances, you may have the right to object to the processing of your Personal Information due to your particular situation.
Right to lodge a complaint: you have the right to lodge a complaint before the relevant data protection authority or supervisory authority of your jurisdiction.
To exercise these rights, where applicable, please contact us by sending an email to: firstname.lastname@example.org
10. Location of your data
Such steps may include, but not limited to, putting in place data transfer agreements and ensuring our third-party service providers comply with Currents’s data transfer protection measures.
Note to Permitted Users located in the EU 🇪🇺
If you are located in the EU, you have a right to request further information regarding the data transfer mechanisms used by us with respect to data transfers to third countries outside the EU.
In order to keep your Personal Information safe, we apply strict safeguards when transferring it outside of the EEA, which may include the following:
Transferring your personal information to countries approved by the European Commission as having adequate data protection laws, such as Canada or US;
Entering into standard contracts that have been approved by the European Commission and which provide an adequate level of high quality protection, with the recipients of your Personal Information;
Transferring your Personal Information to organizations that are Privacy Shield Scheme certified, as approved by the European Commission.
BY SUBMITTING YOUR PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT, THROUGH THE SERVICES, YOU ACKNOWLEDGE, AND AGREE, IN JURISDICTION WHERE SUCH CONSENT IS REQUIRED, TO SUCH TRANSFER, STORING AND/OR PROCESSING OF PERSONAL INFORMATION.
The Services are intended solely for Permitted Users over the age of sixteen (16). Therefore, Currents does not intend and does not knowingly directly collect any Personal Information from Permitted Users under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Services.
12. Third Party Service Providers and Third Party Software
12.1. Third Party Service Providers and Your Data
During the Services provision period, we may use third-party service providers (such as hosting cloud services), who may collect, store and/or process your Personal Information and the Customer Content.
Such vendors may be located in countries that do not have the same data protection laws as the laws applied in the Customers’ and their Permitted Users’ jurisdiction.
12.2. Subprocessors List
Our third-party Sub-Processors service providers list is available at https://currents.dev/sub-processors.
We take appropriate measures to maintain the security and integrity of our Services and prevent unauthorized access to them or use thereof through generally accepted industry standard technologies and internal procedures. Some of the security measures that we employ include, without limitation:
- the adoption of technical and organizational means, to ensure the security of the Customer Content, including Personal Information;
- the application of highly secure design and implementation methods to all our Services, including state of the art encryption mechanisms and secure architecture design to all storage and transmission mechanisms used for the processing and transmission of Customer Content and Permitted Users data, including Personal Information, to our third party service providers as described above; and
- the application of separation of duty among our employees and an access control management, which prevents unauthorized personnel from accessing the Customer Content and Permitted Users data, including Personal Information.
13.2. Inherited Risks
Please note, however, that there are inherent risks in transmission of information over the Internet or by using other methods of electronic storage and we cannot guarantee that unauthorized access or use of such information will never occur.
13.3. Law Compliance
Currents will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Information and will inform you of such breach as required by applicable law, as detailed in Section 5 of our Data Processing Agreement.
TO THE EXTENT THAT CURRENTS IMPLEMENTED THE REQUIRED SECURITY MEASURES UNDER APPLICABLE LAW, CURRENTS SHALL NOT BE RESPONSIBLE OR LIABLE FOR AN UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION INCLUDED IN THE PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT.
14. Data retention
14.1. Permitted User’s Personal Information
Generally, we will keep Permitted User’s Personal Information only for as long as it is relevant and useful for the purpose for which it was originally collected.
14.2. Personal Information contained in Customer Content
Currents will retain the Personal Information contained in Customer Content for the time period set by the Customer via the Services. Please note that if no other setting or requirement was explicitly presented by the Customer, all Customer Content which is included in the results of test run via the Services, including without limitation in test results, Screenshots, HTML Files, Element Locate Results and Runtime Console Logs, will be retained for a default period of thirty (30) days.
Currents will retain the Personal Information included in Element Locate Data without limitation of time, during the Customer’s engagement with Currents.
All the aforementioned retention periods can be reduced or extended by Currents upon a Customer’s request. Upon termination of the Customer’s engagement with Currents, all of the Customer Content is deleted. Furthermore, if you delete a test generated by the Services, then all the Customer Content associated with that test shall be deleted as well.
14.3. Storage Period
Currents may store personal data for longer periods of time if the personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and in such cases, the personal data will be subject to the implementation of appropriate technical and organizational measures to safeguard the rights and freedoms of the data subjects; or if it is under a statutory obligation to do so, and in such case Currents shall notify the data subjects of that legal obligation (unless the Company is prohibited by applicable law from doing so), and will implement appropriate technical and organizational measures to ensure that the personal data retained is used to fulfil that statutory obligation and no other purpose.
Please note that personal data which has been fully anonymized, as well as aggregated data, do not constitute ‘personal data’, and as such may be retained by the Company indefinitely.
16. Representation for data subjects in the EU
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/15737831043
Have any questions?