Twilio Privacy StatementEffective Date May 25, 2018, updated on December 31, 2019
Twilio is a cloud communications platform that provides software developers with building blocks to add communications to web and mobile applications or manage email applications (such as through our SendGrid products and services).
We understand that when you use Twilio’s platform you are placing your trust in us to handle your data appropriately, including the personal information of you and your end users. That is why we take a “No Shenanigans” approach to data protection.
Part of our “No Shenanigans” approach is to make sure that you, the developer, have information about how we process personal information in connection with your use of our products and services, including our website. We want to enable you to make informed decisions about your personal information when building your software applications on Twilio’s platform. We also want to provide you with relevant information to help your end users make informed decisions about their personal information when they use your software applications built on Twilio’s platform.
We’re realists here. And, as much as our Privacy Team wishes it were otherwise, we know that most developers don’t spend their time reading privacy notices...
But they do read API docs! So, we’ve added information to our Twilio API docs and SendGrid Documentation about personal information processing to give you information to help you build in a smarter, more privacy-aware way.So, let’s say you’ve read everything here and you’ve checked out our product-specific API docs, but you still have more questions or concerns about how we’re processing personal information, or you would like to know more about how to exercise your rights. You can contact our Privacy Team in the Office of the Data Protection Officer by either emailing us at [email protected] or, by writing to us at:
WORLDWIDE HEADQUARTERS
375 Beale Street, Suite 300, San Francisco, CA 94105
EUROPEAN HEADQUARTERS
25-28 North Wall Quay, Dublin 1, IrelandTable of Contents
Let’s Get Oriented
How Twilio Processes Your Personal Information
How Twilio Processes Your End Users’ Personal Information
When and Why We Share Your Personal Information Or Your End Users’ Personal Information
Transfers of Personal Information Out of the EEA and Switzerland
SendGrid Services
Automated Decision Making
Handling disputes relating to our data protection practices
How We Secure Personal Information
Other Information You May Find Useful
Let’s Get OrientedTwilio processes two broad categories of personal information when you use our products and services:
Your personal information as a customer (or potential customer) of Twilio’s services — information that we refer to as Customer Account Data, and
The personal information of your end users who use or interact with your application that you’ve built on Twilio’s platform, like the people you communicate by way of that application — this category contains both your Customer Usage Data (e.g., communications metadata) and your Customer Content (e.g., the contents of communications).
Twilio processes these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end users.
How Twilio Processes Your Personal InformationData protection laws and privacy laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.
A processor processes personal information on behalf of a controller based on the controller’s instructions. When Twilio processes your Customer Account Data, the Twilio entity with whom you are contracting is acting as a controller.
Broadly speaking, we use Customer Account Data to further our legitimate interests to:
understand who our customers and potential customers are and their interests in Twilio’s product and services,
manage our relationship with you and other customers,
carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations and
help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.
What Personal Information Twilio collectsWhile we’re on the subject of Customer Account Data and Customer Usage Data, we’d like to give you a brief summary of the categories of personal information that might be found in the Customer Account Data and Customer Usage Data that we collect from our customers and their end users, so you can know at a glance what we’re talking about.
We collect and process your personal information:
When you visit a Twilio public-facing website like twilio.com, twilio.org, authy.com, or sendgrid.com, sign up for a Twilio event, like SIGNAL, or make a request to receive information about Twilio or our products, like a Twilio whitepaper or a newsletter;
When you contact our Sales Team or Customer Support Team; and
When you sign up for a Twilio, Authy, or SendGrid account and use our products and services.
We call this personal information Customer Account Data. We also collect Customer Usage Data from you when you send or receive communications through your use of our services. This data might take different forms, and we might use it for different purposes — read on for more information.
Learn More
What Customer Account Data Twilio Processes When You Visit Our Website, Sign Up for a Twilio Event, or Make a Request for Information About Twilio and WhyWhen you visit our website, sign up for a Twilio event or request more information about Twilio, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.
Learn More
What Customer Account Data Twilio Processes When You Communicate with Our Sales or Customer Support Teams and WhyYou may share personal information, like your contact information, with a member of our Sales or Customer Support Team when you communicate with them. We keep a record of this interaction.
Learn More
What Customer Account Data Twilio Processes When You Sign Up for and Log Into a Twilio Account and WhyWhen you sign up for an account with us, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on Twilio makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
Learn More
Other Customer Account Data We Collect and WhyWe may collect information about you, as our customer, from publicly-available sources so we can understand our customer base better.
Learn More
How Long We Store Your Customer Account DataTwilio will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask Twilio to delete specific personal information from your Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
Learn More
How To Make Choices About Your Customer Account DataYou can make various choices about your Customer Account Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used, when you log into your Twilio account or through the marketing preferences center. Any other requests about your data you cannot make through these self-service tools, you can request by emailing [email protected] or contacting Customer Support.
Learn More
California Consumer Access and Deletion RightsFor those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:
that we provide details about the categories of personal information that we collect about you, including how we collect and share it;
that we provide you access to the personal information we collect about you; and
that we delete the personal information we have about you.
Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request.
Learn MoreHow Twilio Processes Your End Users’ Personal InformationYour end users’ personal information typically shows up on Twilio’s platform in a few different ways:
Communications-related personal information about your end users, like your end users’ phone numbers for number-based communications, your end users’ email addresses for email communications, IP addresses for IP-based communications, or device tokens for push notifications, show up in our systems when you use or intend to use this information to contact your end user through use of our products and services.
Your end users’ personal information may show up in “friendly names,” which are strings you provide, if you choose to include your end users’ personal information as part of a string.
Your end users’ personal information may also be contained in the content of communications you (or your end users) send or receive using Twilio’s products and services.
We call the information in the first two bullets above Customer Usage Data. The information in the third bullet is what we refer to as Customer Content.
As noted above, data protection law (including privacy law) in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When Twilio processes Customer Content, we generally act as a processor. When we process Customer Usage Data, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain Customer Usage Data for the legitimate interests of billing, reconciling invoices with telecommunications carriers, and in the context of troubleshooting and detecting problems with the network.
What Customer Usage Data and Customer Content Twilio Processes and WhyWe use Customer Usage Data and Customer Content to provide services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.
Learn More
How Long Do We Store Customer Usage Data and Customer Content and Exercising Choices About End User Personal InformationDetails regarding how long your end user personal information may be stored on Twilio systems and how to delete, access, or exercise other choices about end user data will depend on which Twilio products and services you are using and how you are using them. For that reason, our API docs for each of our products and services, along with SendGrid’s documentation, are the best place to find more detailed information about managing end user data collected and stored in connection with your use of our products and services.
Learn MoreWhen and Why We Share Your Personal Information Or Your End Users’ Personal InformationWe do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent to do this. Further, we do not sell your end users’ personal information. We also do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so. You can read more in our CCPA Notice.
Learn MoreTransfers of Personal Information Out of the EEA and SwitzerlandWhen you use our account portal, or our other products and services, personal information of you and your end users processed by Twilio may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your communications in the most efficient way.
Twilio employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law, including Binding Corporate Rules and the EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield Frameworks.
Learn MoreSendGrid ServicesThe SendGrid services work a little differently from the rest of Twilio’s services, and we’d like to make sure you’re aware of those differences. Most importantly, SendGrid services are not currently covered by Twilio’s Binding Corporate Rules, which means that we rely on Privacy Shield for any cross-border data transfers relating to the SendGrid services. However, even where SendGrid services are not covered by our Binding Corporate Rules, we are committed to providing a high level of data protection for our SendGrid customers. There are a few other elements that are specific to the SendGrid services, and you should read on for more information.
Learn MoreAutomated Decision MakingTwilio may use automated decision making using a variety of signals derived from account activity to help identify and suspend accounts sending spam or engaged in other abusive or fraudulent activity. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.
Handling disputes relating to our data protection practicesWe hope we can resolve any disputes relating to our data protection practices between us. You can raise your concern or dispute by emailing our Privacy Team at [email protected] or by writing to us at:
Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 (our worldwide headquarters)
or
Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland (our EEA headquarters).
For individuals in the EEA, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.
Learn MoreHow We Secure Personal InformationWe use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.
Learn MoreOther Information You May Find UsefulHere’s some other information about our privacy practices, such as how we handle certain types of data like children’s data or protected health information, how we handle do-not-track signals, what to expect if we make changes to our notice, and the legal bases for processing personal information.
Learn More
Information from ChildrenWe do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for a Twilio account. If we discover someone who is underage has signed up for a Twilio account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for a Twilio account, please contact us at [email protected].
Do-Not-Track SignalsTwilio does not currently respond to web browser’s Do-Not-Track signals. You can learn more about Do Not Track here, and you can learn more about the cookies the Twilio website sets here and, for the SendGrid website, here.
Changes to Our Privacy NoticeWe may change our Privacy Notice from time to time. If we make changes, we’ll revise the “Effective” date at the top of this notice, and we may provide additional notice such as on the Twilio website homepage, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.
Legal Basis for Processing Personal Information (EEA only)
If you are from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided in the introduction section of this privacy statement.
Twilio is a cloud communications platform that provides software developers with building blocks to add communications to web and mobile applications or manage email applications (such as through our SendGrid products and services).
We understand that when you use Twilio’s platform you are placing your trust in us to handle your data appropriately, including the personal information of you and your end users. That is why we take a “No Shenanigans” approach to data protection.
Part of our “No Shenanigans” approach is to make sure that you, the developer, have information about how we process personal information in connection with your use of our products and services, including our website. We want to enable you to make informed decisions about your personal information when building your software applications on Twilio’s platform. We also want to provide you with relevant information to help your end users make informed decisions about their personal information when they use your software applications built on Twilio’s platform.
We’re realists here. And, as much as our Privacy Team wishes it were otherwise, we know that most developers don’t spend their time reading privacy notices...
But they do read API docs! So, we’ve added information to our Twilio API docs and SendGrid Documentation about personal information processing to give you information to help you build in a smarter, more privacy-aware way.So, let’s say you’ve read everything here and you’ve checked out our product-specific API docs, but you still have more questions or concerns about how we’re processing personal information, or you would like to know more about how to exercise your rights. You can contact our Privacy Team in the Office of the Data Protection Officer by either emailing us at [email protected] or, by writing to us at:
WORLDWIDE HEADQUARTERS
375 Beale Street, Suite 300, San Francisco, CA 94105
EUROPEAN HEADQUARTERS
25-28 North Wall Quay, Dublin 1, IrelandTable of Contents
Let’s Get Oriented
How Twilio Processes Your Personal Information
How Twilio Processes Your End Users’ Personal Information
When and Why We Share Your Personal Information Or Your End Users’ Personal Information
Transfers of Personal Information Out of the EEA and Switzerland
SendGrid Services
Automated Decision Making
Handling disputes relating to our data protection practices
How We Secure Personal Information
Other Information You May Find Useful
Let’s Get OrientedTwilio processes two broad categories of personal information when you use our products and services:
Your personal information as a customer (or potential customer) of Twilio’s services — information that we refer to as Customer Account Data, and
The personal information of your end users who use or interact with your application that you’ve built on Twilio’s platform, like the people you communicate by way of that application — this category contains both your Customer Usage Data (e.g., communications metadata) and your Customer Content (e.g., the contents of communications).
Twilio processes these categories of personal information differently because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end users.
How Twilio Processes Your Personal InformationData protection laws and privacy laws in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.
A processor processes personal information on behalf of a controller based on the controller’s instructions. When Twilio processes your Customer Account Data, the Twilio entity with whom you are contracting is acting as a controller.
Broadly speaking, we use Customer Account Data to further our legitimate interests to:
understand who our customers and potential customers are and their interests in Twilio’s product and services,
manage our relationship with you and other customers,
carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations and
help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.
What Personal Information Twilio collectsWhile we’re on the subject of Customer Account Data and Customer Usage Data, we’d like to give you a brief summary of the categories of personal information that might be found in the Customer Account Data and Customer Usage Data that we collect from our customers and their end users, so you can know at a glance what we’re talking about.
We collect and process your personal information:
When you visit a Twilio public-facing website like twilio.com, twilio.org, authy.com, or sendgrid.com, sign up for a Twilio event, like SIGNAL, or make a request to receive information about Twilio or our products, like a Twilio whitepaper or a newsletter;
When you contact our Sales Team or Customer Support Team; and
When you sign up for a Twilio, Authy, or SendGrid account and use our products and services.
We call this personal information Customer Account Data. We also collect Customer Usage Data from you when you send or receive communications through your use of our services. This data might take different forms, and we might use it for different purposes — read on for more information.
Learn More
What Customer Account Data Twilio Processes When You Visit Our Website, Sign Up for a Twilio Event, or Make a Request for Information About Twilio and WhyWhen you visit our website, sign up for a Twilio event or request more information about Twilio, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.
Learn More
What Customer Account Data Twilio Processes When You Communicate with Our Sales or Customer Support Teams and WhyYou may share personal information, like your contact information, with a member of our Sales or Customer Support Team when you communicate with them. We keep a record of this interaction.
Learn More
What Customer Account Data Twilio Processes When You Sign Up for and Log Into a Twilio Account and WhyWhen you sign up for an account with us, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on Twilio makes requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
Learn More
Other Customer Account Data We Collect and WhyWe may collect information about you, as our customer, from publicly-available sources so we can understand our customer base better.
Learn More
How Long We Store Your Customer Account DataTwilio will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask Twilio to delete specific personal information from your Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
Learn More
How To Make Choices About Your Customer Account DataYou can make various choices about your Customer Account Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used, when you log into your Twilio account or through the marketing preferences center. Any other requests about your data you cannot make through these self-service tools, you can request by emailing [email protected] or contacting Customer Support.
Learn More
California Consumer Access and Deletion RightsFor those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:
that we provide details about the categories of personal information that we collect about you, including how we collect and share it;
that we provide you access to the personal information we collect about you; and
that we delete the personal information we have about you.
Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request.
Learn MoreHow Twilio Processes Your End Users’ Personal InformationYour end users’ personal information typically shows up on Twilio’s platform in a few different ways:
Communications-related personal information about your end users, like your end users’ phone numbers for number-based communications, your end users’ email addresses for email communications, IP addresses for IP-based communications, or device tokens for push notifications, show up in our systems when you use or intend to use this information to contact your end user through use of our products and services.
Your end users’ personal information may show up in “friendly names,” which are strings you provide, if you choose to include your end users’ personal information as part of a string.
Your end users’ personal information may also be contained in the content of communications you (or your end users) send or receive using Twilio’s products and services.
We call the information in the first two bullets above Customer Usage Data. The information in the third bullet is what we refer to as Customer Content.
As noted above, data protection law (including privacy law) in certain jurisdictions, like the EEA, differentiate between “controllers” and “processors” of personal information. When Twilio processes Customer Content, we generally act as a processor. When we process Customer Usage Data, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain Customer Usage Data for the legitimate interests of billing, reconciling invoices with telecommunications carriers, and in the context of troubleshooting and detecting problems with the network.
What Customer Usage Data and Customer Content Twilio Processes and WhyWe use Customer Usage Data and Customer Content to provide services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.
Learn More
How Long Do We Store Customer Usage Data and Customer Content and Exercising Choices About End User Personal InformationDetails regarding how long your end user personal information may be stored on Twilio systems and how to delete, access, or exercise other choices about end user data will depend on which Twilio products and services you are using and how you are using them. For that reason, our API docs for each of our products and services, along with SendGrid’s documentation, are the best place to find more detailed information about managing end user data collected and stored in connection with your use of our products and services.
Learn MoreWhen and Why We Share Your Personal Information Or Your End Users’ Personal InformationWe do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent to do this. Further, we do not sell your end users’ personal information. We also do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so. You can read more in our CCPA Notice.
Learn MoreTransfers of Personal Information Out of the EEA and SwitzerlandWhen you use our account portal, or our other products and services, personal information of you and your end users processed by Twilio may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your communications in the most efficient way.
Twilio employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law, including Binding Corporate Rules and the EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield Frameworks.
Learn MoreSendGrid ServicesThe SendGrid services work a little differently from the rest of Twilio’s services, and we’d like to make sure you’re aware of those differences. Most importantly, SendGrid services are not currently covered by Twilio’s Binding Corporate Rules, which means that we rely on Privacy Shield for any cross-border data transfers relating to the SendGrid services. However, even where SendGrid services are not covered by our Binding Corporate Rules, we are committed to providing a high level of data protection for our SendGrid customers. There are a few other elements that are specific to the SendGrid services, and you should read on for more information.
Learn MoreAutomated Decision MakingTwilio may use automated decision making using a variety of signals derived from account activity to help identify and suspend accounts sending spam or engaged in other abusive or fraudulent activity. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.
Handling disputes relating to our data protection practicesWe hope we can resolve any disputes relating to our data protection practices between us. You can raise your concern or dispute by emailing our Privacy Team at [email protected] or by writing to us at:
Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105 (our worldwide headquarters)
or
Twilio Ireland Limited, 25-28 North Wall Quay, Dublin 1, Ireland (our EEA headquarters).
For individuals in the EEA, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.
Learn MoreHow We Secure Personal InformationWe use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.
Learn MoreOther Information You May Find UsefulHere’s some other information about our privacy practices, such as how we handle certain types of data like children’s data or protected health information, how we handle do-not-track signals, what to expect if we make changes to our notice, and the legal bases for processing personal information.
Learn More
Information from ChildrenWe do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EEA) to sign up for a Twilio account. If we discover someone who is underage has signed up for a Twilio account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for a Twilio account, please contact us at [email protected].
Do-Not-Track SignalsTwilio does not currently respond to web browser’s Do-Not-Track signals. You can learn more about Do Not Track here, and you can learn more about the cookies the Twilio website sets here and, for the SendGrid website, here.
Changes to Our Privacy NoticeWe may change our Privacy Notice from time to time. If we make changes, we’ll revise the “Effective” date at the top of this notice, and we may provide additional notice such as on the Twilio website homepage, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.
Legal Basis for Processing Personal Information (EEA only)
If you are from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided in the introduction section of this privacy statement.