PRIVACY POLICY

CRM Infusion LLC ("CRM Infusion," "Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website at www.crminfusion.com (the "Website"), interact with our content, or communicate with us. It also explains, at a high level, how we handle client CRM data in the course of providing consulting services.

By using the Website, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Website.

1. SCOPE AND ROLES

This Privacy Policy applies to:

  • Visitors to our Website.
  • Individuals who submit forms, book calls, or otherwise contact us.
  • Representatives of our business clients and prospects.

For Website and marketing activities, we generally act as a data controller of the personal information we collect about you. For CRM data we access inside client systems (e.g., Salesforce, HubSpot) while providing consulting services, we generally act as a data processor on behalf of our clients, who remain the data controllers. That processing is governed by separate written agreements and data processing terms with each client.

2. INFORMATION WE COLLECT

We may collect the following categories of information:

2.1 Information You Provide to Us

  • Contact details: name, email address, phone number, company name, job title.
  • Inquiry details: the content of messages you send us, including through contact forms, email, or booking tools.
  • Newsletter/marketing preferences: your subscription status and communication preferences.

2.2 Information Collected Automatically

When you use the Website, we may automatically collect:

  • Technical identifiers: IP address, browser type and version, device type, operating system, approximate location (based on IP).
  • Usage data: pages viewed, links clicked, referring/exit pages, timestamps, and other analytics data related to your interaction with the Website.
  • Cookies and similar technologies: small files stored on your device that help us recognize your browser, remember preferences, and analyze Website usage.​

You can adjust your browser settings to refuse cookies or to alert you when cookies are being sent. Some parts of the Website may not function properly without cookies.​

2.3 Client CRM Data (Service Data)

When we provide consulting services, we may access or process data stored in your CRM or related systems (e.g., Salesforce, HubSpot) via service accounts you control. This data may include customer contact information and other business records, as defined in the applicable service agreement. For this Service Data:

  • You (the client) determine what is collected and how it is used.
  • We process it only according to your documented instructions and applicable contracts.

2.4 Payment Information (Stripe)

If you purchase products or services from us online, payment processing is handled by our third‑party payment processor, Stripe. Depending on the transaction, Stripe may collect and process personal information such as your name, email address, billing address, payment card details, transaction amount, and device/technical data, in accordance with its own privacy policy. We do not store your full payment card number, but we may receive limited information related to your payment method (such as the last four digits of your card, card type, and expiration date) and transaction metadata for recordkeeping, fraud prevention, and accounting purposes.

3. HOW WE USE INFORMATION

We use the information we collect for the following purposes:

  • To operate, maintain, and improve the Website.
  • To respond to your inquiries, requests, and messages.
  • To send you marketing communications about our services, events, and content, where permitted by law and subject to your choices.
  • To analyze Website performance and user behavior to improve content and user experience.
  • To maintain the security and integrity of the Website, including detecting and preventing fraud or abuse.
  • To comply with legal obligations and enforce our Terms of Service.

For Service Data in client CRMs, we use information solely to provide the contracted services (such as configuration, implementation, or advisory work) and for no independent purposes.

4. LEGAL BASES FOR PROCESSING (GDPR/UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases for processing:

  • Contract performance: to respond to your requests or perform services under agreements with you or your organization.
  • Legitimate interests: to operate and improve our Website, communicate with business contacts, and secure our systems, provided these interests are not overridden by your rights.
  • Consent: for certain marketing activities, cookies, or where required by law. You may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Legal obligations: to comply with applicable laws, regulations, or legal processes.

5. HOW WE SHARE INFORMATION

We may share your information with:

  • Service providers and sub‑processors who support our operations, such as:
    • Website hosting, analytics, and CRM tools.
    • Email and marketing automation providers.
    • Collaboration and productivity tools (e.g., cloud document and communication platforms).
    • Payment processing providers (including Stripe) when you complete a transaction with us.
  • Professional advisers such as lawyers, accountants, and auditors, where necessary.
  • Business transferees in connection with a merger, acquisition, or sale of all or part of our business or assets.
  • Authorities and third parties when required by law, regulation, or legal process, or to protect our rights, safety, or property.

For Service Data, we share or disclose information only as permitted by our contracts with clients (for example, with authorized sub‑processors identified or approved in data processing agreements).

We do not sell your personal information for monetary consideration. If and to the extent "sale" or "sharing" is defined broadly under applicable law, we will comply with any related notice and opt‑out requirements.

When you make a payment, your personal information will be shared with Stripe so that they can process the transaction, detect and prevent fraud, and comply with their legal obligations, as described in the Stripe Privacy Policy.

For more information about how Stripe handles personal information, please see the Stripe Privacy Policy at https://stripe.com/privacy.

6. INTERNATIONAL TRANSFERS

We are based in the United States, and your information may be processed in the U.S. or other countries that may have different data protection laws than your country of residence.

Where required by law, we implement appropriate safeguards for international transfers, such as:

  • Standard Contractual Clauses approved by the European Commission or UK equivalents.
  • Other lawful transfer mechanisms or derogations as permitted by applicable law.

7. DATA RETENTION

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including:

  • To provide the Website and related services.
  • To comply with legal, tax, and accounting obligations.
  • To resolve disputes and enforce our agreements.

For Service Data, retention and deletion are handled according to our contracts with clients and their instructions (for example, deletion or return at the end of an engagement, subject to any legal obligations to retain certain records).

8. YOUR RIGHTS AND CHOICES

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information:

  • Access: Request confirmation of whether we process your personal information and receive a copy.
  • Correction: Request that we correct inaccurate or incomplete personal information.
  • Deletion: Request that we delete your personal information, subject to certain exceptions.
  • Restriction: Request that we restrict processing of your personal information in certain circumstances.
  • Objection: Object to certain processing, including direct marketing.
  • Portability: Request a copy of personal information you provided to us in a structured, commonly used, and machine‑readable format where technically feasible.
  • Consent withdrawal: Where processing is based on consent, withdraw that consent at any time.

To exercise your rights, please contact us using the details in Section 11. We may need to verify your identity before responding. Where we process Service Data as a data processor, we will direct you to the relevant client (data controller), as they are responsible for handling rights requests for that data.

California and Certain U.S. State Rights

If you are a resident of California or certain other U.S. states with comprehensive privacy laws, you may have additional rights, such as:

  • The right to know categories and specific pieces of personal information we have collected about you.
  • The right to request deletion of personal information, subject to exceptions.
  • The right to correct inaccurate personal information.
  • The right to opt out of certain uses or disclosures that qualify as "selling" or "sharing" under applicable law.

Where required, we will provide additional state‑specific disclosures on or linked from this page.

9. SECURITY

We use reasonable technical and organizational measures designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Limiting access to personal information to personnel with a legitimate business need.
  • Using secure hosting and network protections.
  • Employing access controls and, where applicable, multi‑factor authentication.

No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.​

For Service Data, we follow security and access principles aligned with our client agreements, including least‑privilege access, the use of service accounts, and avoiding long‑term local storage of CRM data except where necessary and appropriately protected.

10. CHILDREN'S PRIVACY

The Website is intended for business and professional users and is not directed to children under 16. We do not knowingly collect personal information from children under 16 through the Website. If you believe we have collected such information, please contact us so we can delete it.

11. CONTACT US

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

CRM Infusion, LLC
Email: info@crminfusion.com
Website: www.crminfusion.com

If you are in the EU/EEA or UK and believe we have not adequately addressed your concerns, you may have the right to lodge a complaint with your local data protection authority.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we do, we will update the "Last Updated" date at the top of this page. Material changes may be communicated by additional notice where required by law. Your continued use of the Website after any changes become effective signifies your acceptance of the revised Privacy Policy.

13. CANADA-SPECIFIC PRIVACY DISCLOSURES

If you are located in Canada, or if we provide services to organizations subject to Canadian privacy laws, additional requirements may apply.

13.1 PIPEDA and Provincial Privacy Laws

Where applicable, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial private-sector privacy laws. These laws require, among other things:

  • Identifying the purposes for which personal information is collected, used, or disclosed.
     • Obtaining meaningful consent where required.
     • Limiting collection, use, and disclosure to what is necessary for identified purposes.
     • Providing individuals with access to their personal information and the ability to request corrections.

Where we act as a data processor (service provider) on behalf of Canadian clients, we process personal information solely in accordance with our written agreements and the client’s instructions.

13.2 Cross-Border Transfers

Personal information may be processed or stored outside of Canada, including in the United States. In such cases, the information may be subject to the laws of those jurisdictions. Where required, we implement contractual and organizational safeguards appropriate to the sensitivity of the information.

13.3 Quebec and Other Provincial Requirements

Certain provinces, including Quebec, may impose additional obligations, such as data protection impact assessments, enhanced transparency requirements, and mandatory breach reporting. Where applicable, we support our clients in meeting these requirements in accordance with our contractual obligations.

14. HEALTHCARE AND PROTECTED HEALTH INFORMATION

CRM Infusion does not operate as a healthcare provider. However, in the course of providing consulting services to clients in regulated industries, we may access or process personal information that qualifies as Protected Health Information (PHI) or Personal Health Information under applicable laws.

14.1 United States (HIPAA)


 Where we provide services to clients subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and we access PHI on their behalf, we will do so only pursuant to a written agreement, such as a Business Associate Agreement (BAA), where required. We process such information solely to provide contracted services and implement reasonable safeguards consistent with our contractual obligations.

14.2 Canada (Provincial Health Privacy Laws)

Where we provide services involving Personal Health Information subject to provincial healthcare privacy laws, such as Ontario’s Personal Health Information Protection Act (PHIPA) or similar legislation in other provinces, we process such information strictly in accordance with the client’s documented instructions and applicable agreements.

14.3 Safeguards

For healthcare-related data processed on behalf of clients, we apply heightened access controls, least-privilege principles, and secure authentication practices consistent with contractual and legal requirements. We do not use such data for independent purposes.

 

Last Updated: February 11, 2026