Privacy

Who we are

Get Glow Ltd t/a Glow is a software company in the UK. Our office is registered at: 1 The Mews, Little Brunswick Street, Huddersfield, HD1 5JL, UK. Our company registration number is 12352436.

How to contact us

• Email: [email protected]
• Website: getglow.io

Privacy Policy

1. Introduction

Before using the website https://getglow.io and the application my.getglow.io, please review and accept this Privacy Policy. This document informs you of the processing carried out by our company, Get Glow Ltd, as the data controller on your personal data.

Get Glow Ltd commits to taking appropriate measures to ensure the protection and confidentiality of the personal data it processes, in accordance with UK GDPR and the Data Protection Act 2018 (UK); and EU GDPR (Europe).

2. Scope of this Policy

This policy applies to individuals who browse our site (“Site”) and users (customers or not) of our Glow application (hereafter referred to as the “Application” or “Glow”).

3. Who is the Data Controller?

The data controller, as defined by the GDPR, is the person who determines the means and purposes of the processing. Our company, Glow, is the data controller. Glow is a UK Limited Company with its registered office located at 1 The Mews, Little Brunswick Street, Huddersfield, HD1 5JL, UK.

4. Purposes and Legal Bases for Processing Personal Data

The purpose of processing corresponds to the objective pursued by the data controller. As a data controller, we commit to only process personal data for specific and legitimate purposes based on legal grounds.

Purpose	Legal Basis
Technical management of the Application: maintenance, hosting, security, and user account management.	Legitimate interest, user contract, execution of pre-contractual measures
Customer management: order tracking, payments, renewals, support service.	User contract
Customer loyalty and commercial prospecting: retaining customers and following up on prospective users.	Legitimate interest
Measuring Application satisfaction: collecting feedback to test, optimize, and improve the platform.	Legitimate interest
Management of the getglow.io website: hosting, maintenance, security, support requests, newsletter subscriptions, audience measurement.	Legitimate interest, consent (where applicable, e.g., testimonials)
Management of the affiliate program: tracking affiliates and commission payments.	Affiliate contract

5. Personal Data We Process as a Data Controller

We commit to processing strictly only the personal data necessary for the purposes outlined above.

Purpose	Type of Personal Data
Technical management of the Application	User account data (e.g., email, first name, last name), connection data (e.g., IP addresses, logs).
Customer management	Customer data (e.g., account details, order-related data, payment information).
Customer loyalty and commercial prospecting	Customer/prospect data (e.g., first name, last name, email, country).
Measuring Application satisfaction	User feedback data (e.g., comments, last login date, OS).
Management of the website https://getglow.io	Connection data, contact form data, newsletter subscriber data.
Management of the affiliate program	Affiliate identity and commission data.

6. Data Retention Periods

We commit to retaining personal data only for the time necessary for their processing and then deleting them once they are no longer needed for the purposes outlined above.

Purpose	Data Retention Period
Technical management of the Application	User account data: retained while active; deleted after 3 years of inactivity without response.
Customer management	Retained as long as the customer subscription continues, then for 10 years.
Customer loyalty and commercial prospecting	Retained during the contractual relationship, then for 3 years post-contract.
Measuring Application satisfaction	Retained for 10 years from user comment.
Management of the website https://getglow.io	Contact form data retained for 2 years; newsletter subscriber data retained for 3 years without engagement.
Management of the affiliate program	Retained for 10 years post-affiliation contract.

7. Who are the Recipients of the Data?

The personal data collected are intended for the use of Glow. However, they may be transmitted to our service providers who participate as processors in the management of the Glow Website and Application, such as the Application host (AWS) and the online payment service provider Stripe. We ensure that our processors commit to complying with GDPR. The list of our processors is available upon request ([email protected]). Glow may disclose personal data to competent authorities in operations aimed at combating criminally punishable activity.

8. Data Transfers to Countries Outside the UK and EU

We may, through our processors, transfer personal data outside the UK or EU. For example, data transfers may occur for hosting or payment processing. Glow ensures that such transfers are conducted in compliance with GDPR and that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place.

9. Data Subject Rights

For EU/EEA Customers (EU GDPR):

• Right to access, rectify, erase, restrict, or object to the processing of data.
• Right to data portability.
• Right to withdraw consent at any time for processing based on consent.

For UK Customers (UK GDPR):

• Same rights as under the EU GDPR.
• Right to lodge a complaint with the ICO (Information Commissioner’s Office).

For Canadian Customers (PIPEDA):

• Right to access your personal data and request corrections where necessary.
• Right to withdraw consent for processing, subject to legal or contractual restrictions.
• Right to lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC).

10. Complaint Handling

For individuals in specific jurisdictions:

• UK: Lodge complaints with the ICO via their website.
• EU/EEA: File complaints with your local Data Protection Authority.
• Canadian: Submit complaints to the Office of the Privacy Commissioner of Canada (OPC).

Data Processing Agreement

Updated on January 6, 2025

In the context of using the Glow solution (hereinafter referred to as the “Solution” or “Glow Solution”), the company Glow may carry out the processing of personal data as a processor on behalf of its users (hereinafter “Users”): freelance developers or web or digital agencies working on and managing WordPress sites on behalf of their clients.

Under this data processing agreement, the User entrusts Glow with the processing of personal data. In this context, the User acts as the data controller with respect to Glow, which in turn acts as a processor.

This agreement is made in accordance with the provisions of the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR). Each party undertakes to comply with the obligations incumbent upon them under this regulation and this agreement.

1. Purpose of this personal data processing agreement

This agreement aims to define the conditions under which Glow, in its capacity as a processor, carries out the processing of personal data on behalf of the User, who is the data controller. To consult the processing carried out by Glow as a data controller, the User is invited to refer to the Privacy Policy.

2. Definitions

Personal Data: Refers to any information relating to an identified or identifiable person. A person who can be identified, directly or indirectly, in particular by reference to an identifier or one or more specific elements unique to their identity, is deemed identifiable.

Regulation: Refers to the applicable regulations for the Parties on the date of the considered Processing, in particular, the Data Protection Act 2018 in the UK and the General Data Protection Regulation (“GDPR”) 2016/679 of the European Parliament and of the Council of April 27, 2016.

Processing: Refers to any operation or set of operations carried out on Personal Data, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as locking, erasing, or destruction, regardless of whether this operation is carried out automatically or not.

Data Controller: Refers to the Party who, alone or jointly, determines the purposes and means of a Processing. In the context of this agreement, and with respect to Glow, the data controller is the User.

Processor: Refers to any natural or legal person who processes Personal Data on behalf of the Data Controller. In the context of this agreement, the Processor with respect to the User is Glow.

Data Subject(s): Refers to any natural person whose Personal Data may be subject to Processing by the Processor under this agreement.

3. User obligations

In the context of using the Glow Solution, Glow performs processing of personal data of the User’s end client(s), as well as individuals interacting with the WordPress site(s) of these end client(s). The User entrusts Glow with “cascading” subcontracting activities on personal data, on behalf of their end client(s). The User, as a Data Controller with respect to Glow and as a processor with respect to their end client(s), commits to complying with all obligations incumbent upon them under the Regulation. In particular, the User declares to have informed and signed a written data processing agreement in accordance with Article 28 of the GDPR, with their end client(s), expressly authorizing them to use the Glow Solution, install the Glow plugin on their WordPress site(s) and perform the personal data Processing described below, under the conditions defined in this agreement. The User undertakes that the data processing agreement to be concluded between them and their end client(s) reflects the personal data processing described below in Article 4 and complies with the conditions defined in this agreement.

4. Characteristics of the Processing

The User’s instructions according to which Glow must carry out the Data Processing are those set out in this agreement. Any modification of the agreement must be established in the form of a written amendment signed by both Parties.

The processing may have the following purposes:

• Establishment of maintenance reports related to sites
• Cleaning of databases

The Processing instructions may include the following:

• Generate and distribute maintenance reports for the end client(s), related to the technical health of the end client(s) WordPress site(s).
• Delete unnecessary data from databases.

The Processing may consist of: Consultation, structuring, exporting, preservation, transmission, dissemination, deletion

The Data Subjects may be:

• The end client of the User: i.e., the publisher of the site on which the Glow plugin is installed
• Individuals interacting with the end client’s site (internet users – administrators – users)

The types of Data processed may be:

• Identification data of the end client: name, first name, site address, email, telephone.
• Data stored on the end client’s site. These Data may include (depending on the site):
  • Civil status, identity, identification data, images (name, first name, address, photograph, date and place of birth, etc.)
  • Connection data (IP addresses, logs, terminal identifiers, login identifiers, timestamp information, etc.)
  • Location data (movements, GPS data, GSM, etc.)
  • Personal life (lifestyle habits, family situation…)

The User ensures that no sensitive data is processed under this agreement.

5. Duration of Retention of Processed Data:

If the User is a client of Glow, i.e., they have subscribed to a paid subscription: maintenance reports are retained for the duration the paid subscription to Glow plus 90 days.

Data processed in the context of cleaning databases (spam) are deleted at the User’s request.

6. Obligations of Glow

The User acknowledges that the obligations of Glow enable them to fully satisfy their obligations under the applicable legislation, including the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR) 2016/679 of the European Union, as well as any relevant UK-specific data protection regulations post-Brexit. Glow, in its capacity as a processor, commits to processing Data only on documented instructions from the User.

Glow undertakes not to transfer the Data outside of the United Kingdom (UK) or the European Economic Area (EEA) without having provided, prior to the transfer, appropriate safeguards as defined by the Regulation. To this end, the Parties agree that the transfer of Data may be governed by Glow’s acceptance of the UK’s and European Commission’s Standard Contractual Clauses – module 3 (transfer from processor to processor). The User authorises Glow to transfer the Data processed by Glow, where applicable.

Furthermore, Glow commits to:

• Implement appropriate technical and organizational measures considering the state of knowledge, implementation costs, and the nature, scope, context, and purposes of processing, as well as the associated risks, to prevent any loss, damage, alteration, or unauthorized access to the Data.
• Ensure that all persons authorized to process the Data under its responsibility commit to respecting confidentiality.
• Destroy all the Data it holds at the end of the agreed retention periods, unless there is an express and prior request from the User for the return of these Data (in which case they will be returned in the format used by Glow); upon request from the User, this return can be made in another format and/or be accompanied by assistance services provided under the conditions of reversibility specified by Glow; in any case, Glow will delete any copy of these Data following the aforementioned procedures, unless Union law, UK law, or the law of the Member State requires the retention of these Data.
• Ensure, in the event of using a service provider (who will then be qualified as a “subsequent processor”), to pass on all the contractual obligations regarding Data protection imposed on it; it is specified that the User gives Glow general authorization to subcontract the Processing to subsequent processors of its choice. The list of these subsequent processors is available upon request.
• Provide the User, considering the nature of the Processing and the information available to Glow, with all necessary information to enable them to fulfill their obligations under Articles 35 and 36 of the GDPR, as applicable under UK law if relevant.
• Assist the User, considering the nature of the Processing, with appropriate technical and organizational measures, so that the latter can fulfill their obligation to respond to requests from Data Subjects wishing to exercise their rights under Chapter III of the GDPR.
• Notify the User of any Data breach (as defined in Article 4 of the GDPR) as soon as possible after becoming aware of it, in accordance with the provisions of Article 33.2 of the GDPR and UK law if applicable.
• Provide the User, upon request and when required by the GDPR or the UK Data Protection Act 2018, with the necessary information to enable them to notify the supervisory authority or the Data Subjects.
• Immediately inform the User if, in its opinion, an instruction constitutes a violation of the provisions of the GDPR, the UK Data Protection Act 2018, or any other applicable data protection laws.
• In the event that Glow is required to transfer Data under the law to which it is subject (whether UK or EU law), it commits to informing the User of this legal obligation before processing, unless the relevant law prohibits such information for significant reasons of public interest.

The User may, at their expense, conduct or have conducted, by any service provider of their choice bound by professional secrecy, audits related to the compliance of Glow with its obligations regarding the processing of personal data under this agreement, during its execution. The User commits to notifying Glow in writing of any audit mission with a minimum notice of ten (10) calendar days, communicating the purpose of the mission, the envisaged duration of the mission, which may not exceed 4 days, and the names of the appointed experts. The Parties will agree on the scheduling of the audit, the auditor committing to cause minimal disruption in Glow’s activities. A copy of the audit report prepared by the auditor will be given to each party and will be jointly reviewed by the Parties, who commit to meeting for this purpose. If the audit confirms a breach by Glow of its obligations, it will bear the audit costs and implement, at its expense, the necessary corrective measures within thirty (30) working days from the delivery of the audit report. Except as provided above, the User bears all costs incurred by them for the audits. In the absence of correction within the said period, the User may terminate this agreement and the Glow subscription for breach, under the conditions provided in the General Terms and Conditions of Sale.

In the context of the points mentioned above, the User undertakes to formulate their requests within sufficient time to allow Glow to respond without disrupting its activity or having to work urgently, except for compelling reasons beyond the control of the User. The services referred to in this article will be provided by Glow at no additional cost, without prejudice to any additional requests from the User, which will be billed according to a quote previously validated by the User, except in urgent cases (in which case the services will be provided at the current rate of Glow on the day of the request).

Furthermore, in accordance with Article 30.2 of the GDPR, Glow will keep a register of processing activities carried out on behalf of the User. In this context, Glow must record the contact details of the person in charge of issues related to the protection of personal data or, where applicable, the Data Protection Officer (DPO) of the User, if the User communicates this information.

The User is informed that the GDPR representative designated by Glow is: Phil Storey, legal representative of Glow. He can be reached by email: [email protected].

This agreement will enter into force on the date of creation of the User’s account on the Glow Solution. It will remain in force as long as Glow performs Processing entrusted by the User under the Terms of Use and the present agreement.