Effective Date of Current Policy: January 16, 2020
For purposes of this Policy, personal data shall mean any information relating to an identified or identifiable natural person. This might be by reference to an identifier such as a name, ID number, location data or online identifier, or by factors specific to them, such as their physical, genetic, economic or social identity.
The Company is a global company, as such, we may transfer and access such personal information from around the world, including from other countries. In transferring your personal information, in will rely on lawful measures to transfer your personal information outside the EEA and Switzerland, such as the EU standard contractual clauses or Privacy Shield Framework. If you are visiting the Service from the EEA or other regions with laws governing data collection and use, please note that by providing this personal information, you acknowledge that your personal information may be transferred to the other jurisdictions in which we operate.
NOTICE TO SUBSCRIBER’S CLIENTS, ETC: If a Subscriber uses the Service to interact with or collect personal data from, other individuals, such as the Subscriber’s customers, employees, or agents (the “Data Subjects”), the Subscriber is solely responsible for ensuring compliance with all applicable laws in connection with the collection and/or processing of personal data of the Data Subjects. If you are a Data Subject please note that the Company has no relationship with you whatsoever and its only relation is with the Subscriber with whom you may interact. For any questions regarding the collection of your personal data or to amend your personal data, and for all other reasons, you must contact the Subscriber.
NOTICE TO SUBSCRIBERS: Please note that the EU’s General Data Protection Regulation (GDPR) applies to the Subscriber if the Subscriber collects personal data of the Data Subjects and any of the following two criteria are met: (i) the processing of personal data is done in the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the EU or not; or (ii) the processing of personal data of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the EU; or (b) the monitoring of their behavior as far as their behavior takes place within the EU.
Because the Company does not collect or determine the use of any personal data of Data Subjects, nor the purpose for which such data is collected by the Subscriber, how such data is collected and how it is used, the Company does not act as a data controller as defined under GDPR and bears no responsibility under the GDPR associated with a data controller.
Your obligations (which extend to your employees, agents, subcontractors, etc., collectively your “Personnel”) include, but are not limited to (i) promptly (and under no circumstances after seventy two hours) notifying the Company of becoming aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed or any investigation by a governmental authority concerning your handling of personal data; (ii) promptly and in good faith responding to any inquiries or requests by the Company regarding the collection and/or processing of personal data by you; (iii) maintaining relevant records of collecting and/or processing of personal data subject to GDPR; (iv) transferring or processing the personal data outside the EU or European Economic Area in compliance with GDPR and with prior written notification of the Company; and (v) ensuring that your Personnel is aware of and complies with the foregoing obligations.
The Company is under no circumstances obligated to, but reserves the right to monitor (and audit) the Subscriber’s compliance with the foregoing. To the extent that the Company suffers any losses as a result of the breach by the Subscriber of the foregoing obligations or failure to abide by the foregoing obligations, the Subscriber shall hold harmless and shall fully indemnify the Company from such losses. The Company is not responsible for the content of any personal data of Data Subjects or any other information that is stored on the Company’s or its third party suppliers’ servers at the discretion of the Subscriber. The Company owes no responsibility and bears no liability to the Data Subjects. If you need a signed Data Processing Agreement in addition to this Policy and the Terms, please contact us at firstname.lastname@example.org.
Privacy Shield Compliance
The Company has applied to be certified under the Privacy Shield framework. Once this process is complete, we will provide a statement of compliance in this section of our Policy.
The personal information we collect, and how we use it
We collect information about you when you register to use our service. The personal information you provide may include your first name, last name, email address, date of birth, and other unique information like usernames and passwords. You may customize your profile with a photo, mobile number, job title, and so on.
If you invite another person to join our service, we will ask for their email address. Then we will automatically send him or her a one-time email message on your behalf (mentioning your name) inviting them to sign up.
You can also submit information about third parties by uploading your address book, which may include names, emails addresses, postal addresses, and other personal information about your contacts. If you give us your password to automatically export this data, we won’t store the password after the information is uploaded to our site.
We publish your name, profile picture, and contact information in your organization’s catalog. Your organization’s administrator can change your login (email address) or block your account. Members of your organization can change your name and contact information to fix typos, incorrect details, or outdated information. You can’t refuse the publishing of your name and contact information in your organization’s catalog.
Your name and your organization’s name can be visible to all users in the search results inside the service. Your profile picture may be available for viewing via a direct link. Any member of the service can see your name and profile picture in tasks, announcements, projects, subprojects, forms, and roles another user has added you to within the service.
We only collect “sensitive” personal information when you voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards. Sensitive information includes personal information regarding a person's race, ethnicity, political, philosophical religious or similar beliefs, trade union membership, physical or mental health, sexual life, sexual orientation, or criminal record. Please use your discretion when providing sensitive information to the Company, and under any circumstances, do not provide sensitive information to the Company, unless you thereby consent to the Company’s use of that information for its legitimate business purposes and consent to the transfer and storage of such information to and in the Company’s databases. If you have any questions about whether the provision of sensitive information to the Company is, or may be, necessary or appropriate for particular purposes, please contact us at email@example.com.
Non-Personal Information We Collect
As with most other websites, we collect and use the data contained in log files. The information in the log files includes your IP (internet protocol) address, your ISP (internet service provider), the browser you used to visit our Site, the time you use the Service, and which pages you visited throughout our Service.
Cookies and Web Beacons
You can choose to disable or selectively turn off our cookies or third-party cookies in your browser settings. However, this can affect how you are able to interact with our Service as well as other websites. This could include the inability to log in to services or programs, such as forums or accounts.
Personal information cannot be collected via cookies and other tracking technology; however, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.
BY ACCESSING OR USING THE SERVICE OR ENTERING YOUR LOGIN DETAILS TO ACCESS AREAS RESERVED FOR REGISTERED USERS, YOU AGREE THAT WE, OR A THIRD PARTY ACTING ON OUR BEHALF, CAN PLACE THESE COOKIES ON YOUR COMPUTER OR INTERNET ENABLED DEVICE.
We use several third party usage analytics tools including Google Analytics. More information about how Google Analytics is used by Company can be found here: http://www.google.com/
What We Use Your Information For
We may use the information we collect about you (including personal information, to the extent applicable) for a variety of purposes, including to (a) provide, operate, maintain, improve, and promote the Service; (b) enable you to access and use the Service; (c) process and complete transactions; (d)provide customer service and support and send you related notices; (e) send promotional communications; (f) process and deliver contest or sweepstakes entries and rewards; (g) monitor and assess compliance with our policies and standards; and (h) for other purposes for which we obtain your consent. With regard to newsletters, updates and other general communications, we will - where legally required - only provide you with such information if you have opted in. You have the opportunity to opt out of receiving such communications at any time.
Some user data collected by Service may be collected from third parties via user-configured integrations, with third party policies restricting Permitted purposes these data may be used for. When using such user data the Service further restricts Permitted purposes to be in compliance with such third party policies. For example, when working with data obtained via Google API the Service only uses the user data in compliance with Google API User Data Policy.
Legal Basis for Processing (EEA only)
If you are an individual from the European Economic Area (EEA), we use your personal data, we may process your personal data on one or more of the following legal grounds: (i) because processing is necessary to perform a contract with you, such as to deliver the Service; (ii) to comply with our legal obligations; (iii) because processing is necessary for purposes of our legitimate interest or those of any third party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms. We may also process your data based on your consent where you have expressly given that to us.
How We Share The Information That We Collect
We share information, including personal information, with our third-party service providers that we use to provide hosting for and maintenance of the Service. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for any other purpose than necessary to provide or improve user-facing features that are prominent in our application's user interface.
We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms and conditions, or as otherwise required by law.
We may also instruct service providers, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. We will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
We may also use aggregated personal data and statistics for the purpose of monitoring the Service usage in order to help us develop our Service.
We will otherwise only disclose your personal data when you direct us or give us permission to do so, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our (or a third party’s) legitimate interests which are not already described in this Notice, we will make clear to you at the relevant time what those legitimate interests are.
Some user data collected by Service may be collected from third parties via user-configured integrations, with third party policies imposing restrictions on sharing data. When working with such user data the Service further restricts sharing user data to be in compliance with such third party policies. For example, when working with data obtained via Google API the Service only shares the user data in compliance with Google API User Data Policy.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
How Long We Retain Your Personal Information
We will retain your personal information for as long as is needed to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. For personal information that we process on behalf of our users, we will retain such personal information in accordance with the terms of our agreement with them, subject to applicable law.
Automated Data Deletion Policy
Ninety (90) days after your organization’s account for the Service is deleted, an automated process will begin that permanently deletes Service Data related to your organization. The deletion process may be postponed for reasons outlined in this Policy (such as tax, accounting, or other legal requirements).
Once commenced, this process cannot be reversed and Service Data will be permanently deleted. The deletion process will be complete 120 days after it begins. All tasks, comments and attached files, keys, tokens and password hashes, as well as emails and other contact info will be deleted.
Your Privacy Rights
Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com. Users may update or change their account information by editing their profile within the Service. To make a request to have personal information maintained by us returned to you or removed, please email firstname.lastname@example.org. Requests to access, change, or remove your information will be handled within thirty (30) days; provided that, notwithstanding such request, this information may be retained for as long as you maintain an account for the Service, or as needed to provide you with Service, comply with our legal obligations, resolve disputes and enforce our agreements.
Additional Rights for EEA and Certain Other Territories
If you are from certain territories (such as the EEA), you may have the right to exercise additional rights available to you under applicable laws, as follows:
What is a Subject Access Request?
This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us at email@example.com. We will respond to your request within thirty days of receipt of the request.
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by firstname.lastname@example.org. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
Objections to processing of personal data
It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claims. To invoke this right, please contact us at email@example.com. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
To invoke this right, please contact us at firstname.lastname@example.org. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
Your Right to be Forgotten
Should you wish for us to completely delete all information that we hold about you for, contact us at email@example.com. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through the Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Service without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through the Service, please contact us at firstname.lastname@example.org, and we will use commercially reasonable efforts to delete that information.
How To Contact Us
By email: email@example.com.
California Online Privacy Protection Act Compliance
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent (subject to the exceptions set forth in this Policy).
Working With Google User Data
Disclaimer: this Service is neither owned by, nor managed by Google or its services.
You may choose to allow this Service to make certain actions, view, and/or modify data on your behalf using your Google account and Google services, including Drive, Docs, Calendar, and Mail. Before making such actions, viewing, or modifying data, this Service asks for proper permissions, and we don’t use these permissions for any other purpose except for that purpose for which they were granted.
In particular, it is possible for you to log in to this Service using your Google account, which will require that the Service gains access to your name and email address stored in your Google account.
If you use Google Drive then you may choose to allow the Service to use metadata and content of a Google Drive document you have access to when communicating using this Service; or change the document sharing options to make it accessible to your correspondents.
If you use Google Docs then you may choose to allow the Service to use metadata and content of a Google Docs document you have access to when communicating using this Service.
If you use Google Calendar then you may choose to allow this Service to add events to a calendar you have access to as required by the communication you do using this Service.
If you use Google Mail then you may choose to allow this Service to read incoming emails in an electronic mailbox you have access to, mark these incoming emails as read, and use data in these emails in communication you do using this Service.
You may also choose to allow the Service to read your Google Mail address book, including names and email addresses, if you want to contact some of those people via this Service.
Compliance with Google API User Data Policy
The policies of this Service regarding collecting, storing, processing, and sharing Google user data are in compliance with Google API User Data Policy. In particular, the following restrictions hold:
- This Service limits use of Google user data to providing or improving user-facing features that are prominent in the application's user interface.
- This Service does not transfer Google user data to others except for cases when it is necessary to provide or improve user-facing features that are prominent in the application's user interface, or as necessary to comply with applicable law.
- This Service doesn't use or transfer Google user data for serving ads, including retargeting, personalized, or interest-based advertising; and
This Service doesn't allow humans to read Google user data, unless
- First obtained the user's affirmative agreement for specific messages;
- It is necessary for security purposes (such as investigating a bug or abuse);
- It is necessary to comply with applicable law; or
- The use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.
Terms And Conditions