Reading Time: 12 minutes

Privacy Policy

This Cloverleaf.me, Inc. (“Cloverleaf” or “Company” or “we” or “us”) “Privacy Policy” applies to https://cloverleaf.me/ (“Site”) as well as Cloverleaf’s service (which includes its features and other Cloverleaf branded or co-branded websites and applications, including sub-domains, international versions, widgets and chat bots, mobile versions and mobile apps) (together, the Site and service referred to collectively as the “Service”), each of which is owned and operated by Cloverleaf. This Policy applies to information and data collected directly by us, (“Personal Information”) and does not apply to any data collection by third-parties that are not affiliated or otherwise acting under the direction and control of Cloverleaf. If our privacy practices for a certain application differ from those explained in this Privacy Policy, we will let you know at the time we ask for or collect your information. We recognize and respect your privacy. 

It is our policy to comply with all applicable privacy and data protection laws, which may include the General Data Protection Regulation, Regulation (EU) No. 2016/279 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). This commitment reflects the value we place on earning and keeping the trust of our customers, business partners, and others who share their data with us.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. We may make changes to the Privacy Policy from time to time. We, therefore, encourage you to check the Privacy Policy periodically for updates.

Data Controller

In some situations in which Cloverleaf collects Personal Information, Cloverleaf is the data controller responsible for your Personal Information. As such, we determine the purpose and means of processing your Personal Information and have the primary responsibility for ensuring your Personal Information is processed in accordance with GDPR regulations. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at support@cloverleaf.me.

We may utilize data processors to process your data on our behalf, or may at times act as a Data Processor processing your data on behalf of a Data Controller. These data processors are listed here. To view a list of our subprocessors, click here.

 

Types of Personal Information Collected Through the Service

We may collect the following types of Personal Information through the Service:

  • Your contact information such as first and last names, email address, job title, affiliate organization (if any), phone number, reporting relationships, and any applicable Self-Assessment Data (see below);
  • Personal information contained in legal agreements (such as invoices and orders);
  • Information posted by you to the Service such as comments, suggestions, feedback, opinions, or media; 
  • Any other Personal Information you submit through the Service or to us in the form of an email; and
  • Information that you provide to the Service by enabling the Service to retrieve data from other systems (e.g., Calendar systems, etc.)

Self-Assessment Data

Utilizing our Service involves you taking one or more self-assessment tests and providing information about yourself (collectively, “Self-Assessment Data”). For more information about our self-assessment tests and information that we will collect from you during that submission process, please visit this link https://help.cloverleaf.me/en/collections/1757272-assessments.

Any Self-Assessment Data that you provide through the Service becomes a part of your user profile which may also be shared with your associated organization(s) and their authorized consultants, if any, and applicable self-assessment test providers. If you share Self-Assessment Data with an organization, other users within that organization will have access to your Self-Assessment Data. Your Self-Assessment Data will be displayed along with your profile to that organization. You and your organizations may also place your profile into teams or groups, and the users of such teams and groups will have access to your profile and Self-Assessment Data. Our Service dashboard enables users to manage their information (e.g., keep their information up to date, re-take self-assessment tests if they choose, share information and results with others and delete information upon request). Your user profile and Self-Assessment Data may be shared with third parties and members of your organization, subject to your privacy settings. We are not responsible for the accuracy of your Self-Assessment Data or any information that you post to your profile. We cannot prevent such information from being used by others in a manner that may violate this Privacy Policy, the law or your personal privacy. Taking self-assessment tests and posting of any information or content to the Service are subject to our Terms of Use

Types of Uses of Information & Personal Information

We collect, store and use all information including Personal Information you provide to us in various ways always in accordance with this Privacy Policy and as follows:

  • To provide and improve the Service and offerings or services provided by us to better understand how users access and use the Service and offerings provided by us;
  • To process product orders received through the Service or other ways you communicate them to us (e.g., email, phone);
  • To evaluate business opportunities; 
  • To effectuate or enforce a transaction or agreement; 
  • To adjust offerings or services provided by us to you;
  • To provide you with information about our products and services that we believe you may find of interest, including to send you mailing lists, and marketing and promotional e-mails;
  • To authenticate visitors to the Service; 
  • To be able to respond to requests or inquiries, and for similar, customer-service-related purposes; and
  • We automatically collect through the Service information that is often not personally identifying, such as the website from which visitors came to the Service, Service visitors’ IP address, browser type and other information relating to the device through which they access the Service. We may combine this information with the Personal Information we have collected from you.

For clarity, we do not make any warranty, express, implied or otherwise, that we will be able to prevent loss, misuse, unauthorized access to, or alteration of personally identifiable information you provide to us. You make any disclosure of personally identifiable information to us at your own risk.

Types of Sharing of or Disclosures of Personal Information

We may share or disclose Personal Information to third parties for the following purposes:

  • In aggregated, or non-personally identifying, forms of information about Service users for marketing, advertising, research, statistical analysis or other reasonable business purposes;
  • To provide you with information relating to products or services that we believe you may find of interest;
  • In response to a subpoena or other legal process by a governmental entity or third party, or if otherwise required by law;
  • To protect or enforce our rights including with respect to our assets and properties; 
  • In the event of the sale or dissolution (bankruptcy) of assets, in whole or in part, of our business or any of its affiliates;
  • In the process of fulfilling orders, providing, or performing functions on our behalf (e.g., such as third-party service providers, contractors, payment processors, banks, and collection agencies); and 
  • To provide products or services requested including the self-assessment test providers.
  • When such third parties act as subprocessors enabling Us to provide the Service.  To view a list of our subprocessors, click here.

In some instances in which subprocessors are used, Cloverleaf may act as a data controller. Cloverleaf respects the rights of all users to delete their data when Cloverleaf is the data controller, and will duly forward request to the data controller if Cloverleaf is acting as a data subprocessor and act on it when the request from the controller is received. For all non-organization users, Cloverleaf is the data controller. For some organization users, Cloverleaf may act as a subprocessor to the organization. Cloverleaf respects the rights of all users to access their data. Cloverleaf provides users management capabilities and access to their assessment results and other data in the platform and will export this data when duly requested. Cloverleaf retains the data of users while they maintain an account, and/or while their organization maintains an account and for up to 30 days afterward, unless the users discontinues use and requests deletion under the terms outlined above. Cloverleaf maintains activity logs for technical and legal purposes which are retained for 1 year and deleted thereafter. Upon full data deletion, Cloverleaf will totally delete Personal Information and irreversibly de-reference (anonymize) any other information that may be retained for aggregate usage in platform improvement. Such data will only be retained if it can be totally severed from any possible connection to the originally attached identity.

 

Cookies, Beacons and Analytics

When you interact with the Service, we strive to make your experience easy and meaningful. Our Service uses technology, or those of third-party service providers, such as cookies, web beacons (clear GIFs, web bugs) and similar technologies to track user activity and collect site data. We may combine this data with the Personal Information we have collected from you.

COOKIES

We (including our subprocessors) use cookies for Service functionality and to track visitor activity on the Service. A cookie is a text file that a website transfers to your computer’s hard drive for record-keeping purposes. Our cookies assign a random, unique number to each visitor’s computer. They do not contain information that would personally identify the visitor, although we can associate a cookie with any identifying information that is or has been provided to us while visiting the Service. We use cookies that remain on your computer for a specified period of time or until they are deleted (persistent cookies). We may also use cookies that exist only temporarily during an online session (session cookies) – these cookies allow us to identify you temporarily as you move through the Service. Most browsers allow users to refuse cookies but doing so may impede the functionality of some portions of our Service.

WEB BEACONS

Web beacons are tiny graphics with a unique identifier, similar in function to cookies, that are used to track the online movements of Web users. In contrast to cookies, which are stored on your computer’s hard drive, Web beacons are embedded invisibly on webpages or e-mails and may not be disabled or controlled through your browser. 

Third Parties

We may also engage third parties to track and analyze Service activity on our behalf. To do so, these third parties may place cookies or web beacons to track user activity on our Service. We use the data collected by such third parties to administer and improve the quality of the Service, analyze usage of the Service, and provide a more enhanced user experience on the Service, such as personalizing and delivering relevant offers and content based on user activity on the Service. In cases where such third parties are engaged, they act as our subprocessors and are bound by applicable agreements concerning usage of personally identifiable information. 

User Content

The Service may allow users to post information. Any information that you post to the Service becomes public information and may be viewable by other users, as well as visitors to the Service. In addition, your name, as well as other optional information you choose to submit along with the information you post, will be publicly displayed along with your comment or blog. We are not responsible for the privacy of any information that you choose to post to the Service, or for the accuracy of any information contained in those postings. We cannot prevent such information from being used by others in a manner that may violate this Privacy Policy, the law, or your personal privacy. Your posting of any content to any of the Service is subject to our Terms of Service (located here: https://cloverleaf.me/terms).

Third-Party Links

The Service contains links to other, third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites. 

Email Policy

In addition to usage of your e-mail to provide you with Service, we may use your email address to communicate with you about orders you have placed, inquiries you have made about our products and services, or information you have shared with us through the Service or email. We may send you emails from time-to-time, about information that we believe may be of interest to you. We may also send you news and offers about our products and services, or those of our chosen partners. Examples include, but are not limited to, our blog, newsletter, information about special offers, or other products or offerings.

If, at any time, you would like to stop receiving promotional e-mails, you may follow the opt-out instructions contained in any such e-mail. Please note that it may take a few business days for us to process opt-out requests. If you opt-out of receiving emails or promotions, we still may send you e-mails to you in accordance with this Privacy Policy, as requested by you, or in reference to other customer service purposes.

We may transfer your personal information outside the European Economic Area (EEA) to countries that do not provide the same level of protection for personal information. In such cases, we will ensure that appropriate safeguards are in place to protect your personal information, such as using standard contractual clauses approved by the European Commission.

Children

Our website and Services are not intended for children under 16 years of age. We will not knowingly solicit or collect personal data from children under 16, or the relevant minimum age under applicable local legal requirements, except as permitted under applicable law. If we learn that we have received information directly from a child under 16 without his or her parent’s or legal guardian’s consent, we will make commercially reasonable efforts to delete such information. 

Reasons for Processing Your Personal Information

We may process the personal data you provide for the following reasons and legal bases:

Why we process your data
Legal basis for processing
To allow us to connect your accounts to our Services.
Performance of a contract with you or your organization
To help you build your user profile on our Services.
Performance of a contract with you
To confirm your identity.
Performance of a contract with you
To receive your feedback that you submit through social media comments and to communicate with you.
Legitimate interest to manage our website
To market new services that are of interest to you through email.
Consent
To perform compliance checks with relevant financial and regulatory laws.
Necessary to comply with our legal obligation
To allow you to exercise your data privacy rights.
Necessary to comply with our legal obligation

In addition, we may process your personal data for the following reasons:

  •   To carry out our obligations and enforce our rights.
  •   To investigate and deter fraudulent, unauthorized or illegal activity.
  •   In any other way we may describe when you provide the information.
  •   For any other purpose with your consent.

We may use information that is not personal data for any purpose. For example, we may aggregate usage data from many people in a way that does not identify any individuals to calculate the percentage of users accessing a feature on our website. 

Retention

We will take reasonable steps to avoid collecting personal data that is not necessary. We will only retain your personal data for the period necessary to achieve the purposes described in this privacy policy. Your express agreement may permit us to retain your personal data for a longer period. Furthermore, legal requirements may require us to retain portions or all of the personal data we hold for a longer period of time. For example, we may be required to retain your information for tax, financial reporting, and other regulatory compliance reasons. When we are no longer required to retain your personal data, we will delete, erase, or anonymize your personal data as required by applicable law and regulations.

For the categories of data that we collect the following table shows the maximum retention period for the information.

Data Category
Maximum Retention Period
Identity
If your identity, location and contact data from your profile is deleted, we will retain the information for 24 months after the deletion of your profile.
Contact Information
If your identity, location and contact data from your profile is deleted, we will retain the information for 24 months after the deletion of your profile.
Profile Data
If your identity, location and contact data from your profile is deleted, we will retain the information for 24 months after the deletion of your profile.
Transaction Data
Your transaction data will be maintained for 24 months.
Communication Data
Your communication data, specifically your self-assessment data, will be retained for 24 months after the deletion of your profile. If this data can be fully and irreversibly anonymized, it may be retained in perpetuity.
Marketing Data
Marketing Data will be retained for 24 months. If you decide to opt-out from the newsletter, we will retain your email address for 6 months to respond to your requests.
Device and Usage Data
Device and Usage Data will be retained for no greater than 24 months.

Your Data Protection Rights & Do Not Track Disclosures

Your Rights

 You may have the right to:

  •   Access your information;
  •   Correct your information;
  •   Delete your information;
  •   Opt out of certain processing of your information;
  •   Obtain a portable copy of your information;
  •   Opt out of sales of your information;
  •   Opt out of processing of your sensitive data;
  •   Initiate a private cause of action for data breaches;
  •   Opt out or control use of automated decision making of your information, and
  •   Not be discriminated against for exercising one or more of these rights.

Specifically, you may have additional or complementary rights under one or more state or local laws, including but not limited to:

  • The European Data Protection Law, which includes the EU General Data Protection Regulation 2016/679 as amended, replaced or superseded from time to time, the UK Data Protection Act 2018, the UK GDPR as applicable as part of UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (as amended), or the Swiss Federal Act on Data Protection;
  • The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA); 
  • The Argentine Personal Data Protection Law;
  • Brazil’s General Data Protection Law;
  • Chile’s Law for the Protection of Private Life no. 19.628 and its updates;
  • Colombia Law No. 1581;
  • Mexico’s Federal Law on the Protection of Personal Data;
  • Peru law No. 29733;
  • Uruguay’s Protection of Personal Data and Habeas Data no.  18.331;
  • Costa Rica Laws No. 7975 and 8968;
  • and any other jurisdictional laws regarding processing or cross-border transfers of Personal Information (e.g., those of Japan, Australia, and New Zealand), or
  • U.S. State Privacy laws, such as:
    • California Consumer Privacy Act (2018; effective Jan. 1, 2020);
    • California Privacy Rights Act (2020; fully operative Jan. 1, 2023);
    • Colorado Privacy Act (2021; effective July 1, 2023);
    • Connecticut Data Privacy Act (2022; effective July 1, 2023);
    • Indiana Consumer Data Protection Act (2023; effective Jan. 1, 2026);
    • Iowa Consumer Data Protection Act (2023; effective Jan. 1, 2025);
    • Montana Consumer Data Privacy Act (2023, effective Oct. 1, 2024);
    • Oregon Consumer Privacy Act (2023; effective July 1, 2024);
    • Tennessee Information Protection Act (2023; effective July 1, 2025);
    • Texas Data Privacy and Security Act (2023; effective July 1, 2024);
    • Utah Consumer Privacy Act (2022; effective Dec. 31, 2023), or
    • Virginia Consumer Data Protection Act (2021; effective Jan. 1, 2023).

To Exercise Your Rights or Otherwise Contact Us

You may exercise any of your rights by contacting us via email at support@cloverleaf.me or utilizing the contact form listed below. While we strive for error-free performance, we cannot always catch an unintended privacy issue. As a result, we encourage your questions and comments about any privacy concerns. Please direct them to us by email at the following: https://cloverleaf.me/contact.

Last Revised: August 2, 2024