Warmly provides a number of tools to help high growth B2B companies identify, track, and convert potential leads. Many of our services involve the use of tracking technologies, including cookies, web beacons (also known as pixels or clear GIFs), and session replay technology. For a description of these technologies and instructions relating to the use of Warmly’s services, please visit our help center at https://help.warmly.ai/en/collections/4026381-warmly-warm-leads-platform.
These FAQs are intended to provide general information to questions that our customers frequently have about the technologies used in our services.
THESE FAQS ARE NOT AND SHOULD NOT BE TREATED AS LEGAL ADVICE. We are not lawyers, and we cannot provide guidance to any customer’s specific situation or circumstance. Please obtain independent legal advice regarding recent developments under privacy laws and compliance questions specific to your business, website, and use of our services.
Do I need to update my privacy policy or cookie consent practices to use Warmly?
Most of our customers have not needed to change their privacy policy or cookie consent practices because they already have strong policies and practices in place due to prior use of tracking technology such as for advertising, data enrichment or CRM utilization.
Customers are likely to need to at least disclose how they are collecting personally identifiable information or that they use 3rd party services like Warmly as sources of personal information used in their marketing.
If not already there, we recommend you add this to your privacy policy, subject to approval from your legal team:
"When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt out of receiving this advertising by visiting: {{your general opt out link or https://warmly.ai/p/do-not-sell-share-my-data}}
Please seek individualized guidance from your legal counsel if there are any further concerns about your specific business.
What types of tracking technologies do Warmly’s services use?
Warmly’s services use a Javascript snippet, which is a single line of code added to customer websites to enable customers to identify and learn more information about the visitors from your web traffic for sales and marketing use cases. The Javascript snippet has two components: (1) a string of Javascript code added to a customer website, and (2) a Warmly cookie.
Which categories of personal data are collected by Warmly’s Javascript snippet?
The Warmly Javascript snippet collects the following categories of data:
IP Address
URL and URL’s UTM parameters
Session cookie
Session status (active, idle, closed)
ClientId (so we know which customer is associated with the traffic)
Form fill information
User agent
Messages exchanged via chat
Pages visited
Time spent on page
Inbound widget interactions from the end user (e.g. requesting a call/chat)
What types of legal or regulatory restrictions apply to these tracking technologies?
First and foremost, Warmly monitors and works to comply with laws regarding tracking technologies globally including registering to comply in specific US states. Depending on the laws and regulations that may apply to your company, the use of cookies and similar tracking technologies may require consent from users or be subject to other rules or requirements. This FAQ provides a general overview of common rules that many of our customers consider when using Warmly’s services.
The European Union and the United Kingdom
In the European Union (EU) and the United Kingdom (UK), various laws, rules, and regulations may govern the use of cookies and similar technologies on online properties, including the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, the UK General Data Protection Regulation (UK GDPR), the UK Privacy and Electronic Communications Regulations (PECR), and other “cookie consent” rules. In general, these rules require online properties to collect consent prior to the collection of certain personal data (including pseudonymized data like IP address or cookie ID) or before placing “non-essential” cookies or similar files on a user’s device or browser. Under these rules, typically opt-in consent must be collected through the use of a consent management platform (CMP) or other tool before allowing cookies or similar technologies to be placed on a user’s device.
The United States
In the United States, multiple states have now enacted comprehensive privacy laws that govern the collection, use, disclosure, and processing of personal data, some of which are currently effective and others which go into effect over the next few years. While these laws do not directly regulate the use of specific types of tracking technologies, they do include rules relating to consent, including for “selling” personal data, for “sharing” personal data for purposes of cross-context behavioral advertising, or for using personal data for “targeted advertising” purposes. In many cases, these requirements will apply to the collection of data via tracking technologies on a covered company’s website.
Notably, United States privacy laws include thresholds that exempt small businesses, and many of these laws do not apply to personal data when it is collected in the context of a B2B relationship or interaction. Customers should consult with legal counsel to determine whether they are subject to these laws, and whether their collection of B2B data through Warmly’s services is covered by applicable privacy laws.
California
In the United States, the California Consumer Privacy Act (CCPA) governs the collection, use, and disclosure of Californian’s personal information by businesses that fall within the CCPA’s scope, including in the B2B context. Notably, the CCPA grants California residents the right to opt-out of “sales” and “sharing” of their personal information.
“Sale” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s personal information to a third party for monetary or other valuable consideration, subject to limited exceptions.
“Share” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident’s personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged. There are also limited exceptions to what is considered a “share” under the CCPA.
“Cross-context behavioral advertising” means the targeting of advertising to a California resident based on the individual’s personal information obtained from their activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the individual intentionally interacts.
While every company should conduct an independent legal review of Warmly’s services and the company’s specific obligations under the CCPA and other privacy laws, some customers classify their use of Warmly’s services as “selling” or “sharing” personal information under the CCPA and, as a result, enable users to opt-out from their data being collected by Warmly’s services. Please note, every business is different, and the approach taken by some businesses may not be relevant to or appropriate for other companies. It is imperative for individual Warmly customers to seek legal counsel when determining their opt-out and other compliance obligations under privacy laws.
Warmly offers chatbot technology that includes the use of AI. What privacy considerations should customers be aware of?
First and foremost, Warmly monitors and works to comply with laws regarding the use of AI. When customers install Warmly’s chatbot code, Warmly will collect the data points identified and use that data for the services and as described in Warmly’s Privacy Policy. As a result, when using the chatbot, customers should generally be aware of obligations under privacy laws for collecting and sharing personal data, and any requirements relating to the use of tracking technologies.
All Warmly customers are required to comply with privacy laws and to provide all disclosures via a privacy policy or otherwise that are required by law.
In addition, California’s “bot” disclosure law (Cal. Bus. & Prof. Code § 17941) states the following:
“(a) It shall be unlawful for any person to use a bot to communicate or interact with another person in California online, with the intent to mislead the other person about its artificial identity for the purpose of knowingly deceiving the person about the content of the communication in order to incentivize a purchase or sale of goods or services in a commercial transaction or to influence a vote in an election. A person using a bot shall not be liable under this section if the person discloses that it is a bot.
(b) The disclosure required by this section shall be clear, conspicuous, and reasonably designed to inform persons with whom the bot communicates or interacts that it is a bot.”
We encourage all customers to clearly disclose their use of the Warmly chatbot and ensure that end users are informed about how their personal data is collected in connection with their use of the chatbot, as well as the fact that the Warmly chatbot utilizes AI to provide responses.
In addition, please note that laws and regulations governing artificial intelligence and other automated processing technologies are rapidly evolving. As with all matters relating to privacy, customers should consult with their own independent legal counsel when installing and using the Warmly service.
Warmly surfaces contacts that visited your website - is this legal?
Due to GDPR, Warmly’s providers are not allowed to and do not match individual contacts inside of the EU (only company contacts). Our database of personal information only contains profiles that have been matched to US home addresses, and our providers only resolve US traffic.
For the US regulatory restrictions, please refer to FAQ #4 on legal and regulatory restrictions applying to tracking technologies. If you are compliant with these state-level regulations, the use of our product will not change that compliance status.
All Warmly data providers sign Data Processing Agreements in line with the latest legal and regulatory frameworks and additionally subscribe to known opt-out registries such as as the California Consumer Opt-Out Request Form.
Individuals can opt-out at any time at Warmly’s Opt Out form.
Do the Warmly services create a “screen recording” or otherwise provide customers the ability to replay user sessions?
The Warmly services include “session-observing” technology by which customers can observe user sessions in real-time, such as user movements and clicks on a website or webpage. Currently, Warmly does not provide functionality to record these user sessions and replay them at a later date – the session must be observed as it is occurring.
Session observing, as opposed to screen recording, means that utilizing Warmly should not necessitate the need to change any of your current practices or policies.
But as is the case when using any of Warmly’s services or features, customers should ensure that they are complying any legal requirements to provide clear disclosures to their website visitors and other users about how they are using Warmly’s services and the data being collected. For more information about Warmly’s collection of personal data in connection with the session-observing features of our services, please visit our Privacy Policy and review the section titled “Personal Information Collected Automatically – Our Services.”
How does Warmly proactively monitor changes to jurisdictional data privacy laws and regulations?
The privacy regulators landscape is rapidly evolving, and Warmly takes steps to proactively monitor any changes by engaging with specialists and reviewing legislative developments on a quarterly basis. Over time, Warmly may update this page to align with changes to Warmly’s products and services and developments in privacy regulation.
Are there any restrictions on the types of data that Warmly will collect?
As stated in our Privacy Policy, Warmly’s services are not intended for use with minors under the age of 18. In addition, Warmly’s services should not be used by customers to collect any data or information classified as “sensitive” or “special category” under data protection or privacy laws, such as personal data indicating racial or ethnic origin, religious or philosophical beliefs, citizenship or immigration status, political opinions, trade union membership, health information, sex life or sexual orientation, or other sensitive data. If you are using Warmly’s services, please do not share or otherwise these categories of data available to Warmly.
This article was written by the Customer Success team at Warmly. Please feel free to reach out to your CSM directly or [email protected]