Effective Date of Current Policy: June 28, 2018
For purposes of this Policy, personal data shall mean any information relating to an identified or identifiable natural person. This might be by reference to an identifier such as a name, ID number, location data or online identifier, or by factors specific to them, such as their physical, genetic, economic or social identity.
The Company is a global company, as such, we may transfer and access such personal information from around the world, including from other countries. In transferring your personal information, in will rely on lawful measures to transfer your personal information outside the EEA and Switzerland, such as the EU standard contractual clauses or Privacy Shield Framework. If you are visiting the Service from the EEA or other regions with laws governing data collection and use, please note that by providing this personal information, you acknowledge that your personal information may be transferred to the other jurisdictions in which we operate.
NOTICE TO SUBSCRIBER’S CLIENTS, ETC: If a Subscriber uses the Service to interact with or collect personal data from, other individuals, such as the Subscriber’s customers, employees, or agents (the “Data Subjects”), the Subscriber is solely responsible for ensuring compliance with all applicable laws in connection with the collection and/or processing of personal data of the Data Subjects. If you are a Data Subject please note that the Company has no relationship with you whatsoever and its only relation is with the Subscriber with whom you may interact. For any questions regarding the collection of your personal data or to amend your personal data, and for all other reasons, you must contact the Subscriber.
NOTICE TO SUBSCRIBERS: Please note that the EU’s General Data Protection Regulation (GDPR) applies to the Subscriber if the Subscriber collects personal data of the Data Subjects and any of the following two criteria are met: (i) the processing of personal data is done in the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the EU or not; or (ii) the processing of personal data of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the EU; or (b) the monitoring of their behavior as far as their behavior takes place within the EU.
Because the Company does not collect or determine the use of any personal data of Data Subjects, nor the purpose for which such data is collected by the Subscriber, how such data is collected and how it is used, the Company does not act as a data controller as defined under GDPR and bears no responsibility under the GDPR associated with a data controller.
Your obligations (which extend to your employees, agents, subcontractors, etc., collectively your “Personnel”) include, but are not limited to (i) promptly (and under no circumstances after seventy two hours) notifying the Company of becoming aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed or any investigation by a governmental authority concerning your handling of personal data; (ii) promptly and in good faith responding to any inquiries or requests by the Company regarding the collection and/or processing of personal data by you; (iii) maintaining relevant records of collecting and/or processing of personal data subject to GDPR; (iv) transferring or processing the personal data outside the EU or European Economic Area in compliance with GDPR and with prior written notification of the Company; and (v) ensuring that your Personnel is aware of and complies with the foregoing obligations.
The Company is under no circumstances obligated to, but reserves the right to monitor (and audit) the Subscriber’s compliance with the foregoing. To the extent that the Company suffers any losses as a result of the breach by the Subscriber of the foregoing obligations or failure to abide by the foregoing obligations, the Subscriber shall hold harmless and shall fully indemnify the Company from such losses. The Company is not responsible for the content of any personal data of Data Subjects or any other information that is stored on the Company’s or its third party suppliers’ servers at the discretion of the Subscriber. The Company owes no responsibility and bears no liability to the Data Subjects. If you need a signed Data Processing Agreement in addition to this Policy and the Terms, please contact us at firstname.lastname@example.org.
Privacy Shield Compliance
The Company has applied to be certified under the Privacy Shield framework. Once this process is complete, we will provide a statement of compliance in this section of our Policy.
Personal Information We Collect
We collect information from you when you register on our Service. The types of personal information you provide to us may include contact information such as your name, email address, and other unique information such as user IDs and passwords. You may also customize your profile by adding your photo, mobile phone, position within your organization, etc.
If you choose to invite another person to join our Service, we will ask you for the invitee’s email address and automatically send him or her a one-time email inviting him or her to register at the Service on your behalf, using your name. We use and store this information only for the purpose of sending this one-time email.
You may also choose to submit information about third parties by uploading your address book, which may include names, email addresses, addresses, and other personal information of your contacts. If you give us your password to automatically export this data, we will not store your password after you have uploaded your contacts’ information.
We publish your name, your title and your organization name in a public directory where other users can find it and request a connection with you. Only if you approve a contact request will your name be added to user's address book, and their name will be added to your address book. At any time you can delete a previously approved contact from your address book. You may also elect to withdraw from having your information published for other users to see by changing your privacy setting.
We also publish your name and contact information in your local organization's directory. Your name is visible to members of your organization. You can provide your contact information, such as phone number or Skype/IM ID, and add it to your profile. This information will be visible to any member in your organization. In addition, your organization members can change this information to fix typos and incorrect or obsolete information. You cannot elect to withdraw from having your name and contact information listed within your local organization's directory.
Your contact information cannot be visible to users who are not members of your organization without your permission.
If any user from your address book adds you to a shared project, your name will become visible to all members of this project. At any time you can exit such a project.
If any user from your address book adds you to a restricted project, your name will become visible to any administrator of such a project. At any time you can exit such a project.
We only collect “sensitive” personal information when you voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards. Sensitive information includes personal information regarding a person's race, ethnicity, political, philosophical religious or similar beliefs, trade union membership, physical or mental health, sexual life, sexual orientation, or criminal record. Please use your discretion when providing sensitive information to the Company, and under any circumstances, do not provide sensitive information to the Company, unless you thereby consent to the Company’s use of that information for its legitimate business purposes and consent to the transfer and storage of such information to and in the Company’s databases. If you have any questions about whether the provision of sensitive information to the Company is, or may be, necessary or appropriate for particular purposes, please contact us at email@example.com.
Non-Personal Information We Collect
As with most other websites, we collect and use the data contained in log files. The information in the log files includes your IP (internet protocol) address, your ISP (internet service provider), the browser you used to visit our Site, the time you use the Service, and which pages you visited throughout our Service.
Cookies and Web Beacons
You can choose to disable or selectively turn off our cookies or third-party cookies in your browser settings. However, this can affect how you are able to interact with our Service as well as other websites. This could include the inability to log in to services or programs, such as forums or accounts.
Personal information cannot be collected via cookies and other tracking technology; however, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.
BY ACCESSING OR USING THE SERVICE OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU AGREE THAT WE, OR A THIRD PARTY ACTING ON OUR BEHALF, CAN PLACE THESE COOKIES ON YOUR COMPUTER OR INTERNET ENABLED DEVICE.
We use several third party usage analytics tools including Google Analytics. More information about how Google Analytics is used by Company can be found here: http://www.google.com/
What We Use Your Information For
We may use the information we collect about you (including personal information, to the extent applicable) for a variety of purposes, including to (a) provide, operate, maintain, improve, and promote the Service; (b) enable you to access and use the Service; (c) process and complete transactions; (d)provide customer service and support and send you related notices; (e) send promotional communications; (f) process and deliver contest or sweepstakes entries and rewards; (g) monitor and analyze trends, usage, and activities in connection with the Service and for marketing or advertising purposes; (h) monitor and assess compliance with our policies and standards; and (i) for other purposes for which we obtain your consent. With regard to newsletters, updates and other general communications, we will - where legally required - only provide you with such information if you have opted in. You have the opportunity to opt out of receiving such communications at any time.
Legal Basis for Processing (EEA only)
If you are an individual from the European Economic Area (EEA), we use your personal data, we may process your personal data on one or more of the following legal grounds: (i) because processing is necessary to perform a contract with you, such as to deliver the Service; (ii) to comply with our legal obligations; (iii) because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms. We may also process your data based on your consent where you have expressly given that to us.
How We Share The Information That We Collect
We share information, including personal information, with our third-party service providers that we use to provide hosting for and maintenance of the Service. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us.
We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms and conditions, or as otherwise required by law.
We may share your personal data with any third party to whom we assign or novate any of our rights or obligations.
We may also instruct service providers, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. We will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
We may also use aggregated personal data and statistics for the purpose of monitoring the Service usage in order to help us develop our Service.
We will otherwise only disclose your personal data when you direct us or give us permission to do so, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our (or a third party’s) legitimate interests which are not already described in this Notice, we will make clear to you at the relevant time what those legitimate interests are.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
How Long We Retain Your Personal Information
We will retain your personal information for as long as is needed to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. For personal information that we process on behalf of our users, we will retain such personal information in accordance with the terms of our agreement with them, subject to applicable law.
Your Privacy Rights
Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com. Users may update or change their account information by editing their profile within the Service. To make a request to have personal information maintained by us returned to you or removed, please email firstname.lastname@example.org. Requests to access, change, or remove your information will be handled within thirty (30) days; provided that, notwithstanding such request, this information may be retained for as long as you maintain an account for the Service, or as needed to provide you with Service, comply with our legal obligations, resolve disputes and enforce our agreements.
Additional Rights for EEA and Certain Other Territories
If you are from certain territories (such as the EEA), you may have the right to exercise additional rights available to you under applicable laws, as follows:
What is a Subject Access Request?
This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us at email@example.com. We will respond to your request within thirty days of receipt of the request.
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by firstname.lastname@example.org. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
Objections to processing of personal data
It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claims. To invoke this right, please contact us at email@example.com. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
To invoke this right, please contact us at firstname.lastname@example.org. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
Your Right to be Forgotten
Should you wish for us to completely delete all information that we hold about you for, contact us at email@example.com. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through the Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Service without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through the Service, please contact us at firstname.lastname@example.org, and we will use commercially reasonable efforts to delete that information.
How To Contact Us
By email: email@example.com.
California Online Privacy Protection Act Compliance
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent (subject to the exceptions set forth in this Policy).
Working With Google User Data
Disclaimer: this Service is neither owned by, nor managed by Google or its services.
You may choose to allow this Service to make certain actions, view, and/or modify data on your behalf using your Google account and Google services, including Drive, Docs, Calendar, and Mail. Before making such actions, viewing, or modifying data, this Service asks for proper permissions, and we don’t use these permissions for any other purpose except for that purpose for which they were granted.
In particular, it is possible for you to log in to this Service using your Google account, which will require that the Service gains access to your name and email address stored in your Google account.
If you use Google Drive then you may choose to allow the Service to use metadata and content of a Google Drive document you have access to when communicating using this Service; or change the document sharing options to make it accessible to your correspondents.
If you use Google Docs then you may choose to allow the Service to use metadata and content of a Google Docs document you have access to when communicating using this Service.
If you use Google Calendar then you may choose to allow this Service to add events to a calendar you have access to as required by the communication you do using this Service.
If you use Google Mail then you may choose to allow this Service to read incoming emails in an electronic mailbox you have access to, mark these incoming emails as read, and use data in these emails in communication you do using this Service.
You may also choose to allow the Service to read your Google Mail address book, including names and email addresses, if you want to contact some of those people via this Service.
Terms And Conditions