Last Revised February 15, 2019
Section 1. Overview
Section 3. Information We Collect
Section 4. How We Use Your Personal Data
Section 6. Change of Purpose
Section 7. Sharing and Disclosure
Section 8. Collection and Use of Non-Personal Data
Section 9. Aggregated Data
Section 10. Your Choices
Section 11. California Users
Section 12. Data Retention
Section 13. Information Security and Confidentiality
Section 15. Contact Us
Our primary goals are to enable users to safely and effectively utilize our Solutions, to provide and improve our Solutions, to provide quality customer service, and to respond to you. We may collect Personal Data and Non-Personal Data and process the same as set forth herein.
i. Personal Data
“Personal Data” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.
ii. Non-Personal Data
“Non-Personal Data” means data that is not associated with or linked to your Personal Data. Non-Personal Data does not, by itself, permit the identification of individual persons.
You may choose to voluntarily provide us your Personal Data in the following ways: (i) accessing and/or using, and/or allowing someone else to access or use our Solutions and/or (ii) communicating with us.
i. To make our Solutions available to you, and to respond to your requests;
ii. To notify you about changes to our Solutions;
iii. To ensure Solution features are presented in the manner most effective for your device; and/or
iv. To contact you with relevant marketing and/or promotional materials. If you no longer consent to such use, please send an email to firstname.lastname@example.org with “Opt-out” in the subject line.
When you are accessing and/or using our Solutions, we may collect, use, store, and transfer different kinds of Personal Data, which we have grouped together as follows:
i. Account Data
Account Data includes first name, last name, business name, username, password or similar identifiers, biometric data, feedback, and survey responses, birthday and/or gender about users and the organizations they work for.
ii. Contact Data
Contact Data includes billing address, delivery address, email address, and telephone numbers of defined personnel of such Account.
iii. Financial Data
Financial Data includes bank account and payment card details about the Account.
iv. Technical Data
Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, application data, device identifier, user settings, and other technology on the devices use to access our Solutions. PLEASE NOTE: DEPENDING ON THE ACCOUNT’S JURISDICTION, IP ADDRESS MAY BE CONSIDERED PERSONAL DATA.
v. Usage Data
Usage Data includes information about use of our Solutions.
We group the different kinds of Personal Data as follows:
|PURPOSE/ACTIVITY||TYPE OF DATA||LAWFUL BASIS FOR PROCESSING INCLUDING BASIS OF LEGITIMATE INTEREST|
|To administer and maintain our Solutions (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)||
· Account Data
· Contact Data
· Technical Data
· Necessary for our legitimate interests (to run our business, provide for the administration and IT services, network security, and prevent fraud)
· Necessary to comply with our legal obligations
|To provide you with and contact you about the applicable Solution.||
· Account Data
· Contact Data
· Usage Data
· Financial Data
· Technical Data
|· Necessary for our legitimate interests (to study how users use our Solutions and to develop them)|
|To use data analytics to improve our Solutions, marketing, customer relationships, and experiences||
· Technical Data
· Usage Data
|· Necessary for our legitimate interests (to keep our Solutions updated and relevant )|
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably determine we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. If you want an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at the email or physical address specified in the Contacting Us section below.
i. Third-Party Vendors
We may from time to time use certain third-parties including business partners, suppliers, and subcontractors (“Vendors”) to perform services related to our Solutions (for example, without limitation, website hosting, maintenance services, database management, web analytics, billing, payment processing, fraud protection, credit risk reduction, and/or improvement of our Solutions). These Vendors have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
ii. Compliance with Law
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose your Personal Data to government or law enforcement officials or private parties in response to lawful requests when we believe disclosure or sharing is necessary to comply with any legal obligation, enforce or apply our terms and conditions, respond to claims and legal process, protect our property and rights or the property or rights of a third party, protect the safety of the public or any person, or prevent or stop any illegal, unethical or legally actionable activity (including for the purposes of fraud protection).
iii. Corporate Restructuring
If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our websites or Solutions of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
v. Other Legitimate Business Purposes
We may also disclose your Personal Data when it may be necessary for other legitimate purposes as reasonably determined by us.
We may use Non-Personal Data for any lawful purpose. We collect Non-Personal Data, including as described below:
i. Log Data
When you visit/use our Solutions, we automatically collect technical and statistical data about your visit/use, such as your browser type, internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, clickstream data, the pages you visit, and any search terms you use (“Log Data”). We will use and share Log Data for any purpose including industry analysis, demographic profiling, and other purposes.
ii. IP Address
We may also collect your public IP address when you access and use our Solutions. We may use your public IP address in order to determine whether certain requests are fraudulent or frivolous, and we may automatically cross-reference your public IP address with your domain name (usually the domain name of your ISP or employer). Because you may be visiting/using our Solutions from your personal residence, your IP address and any associated domain name are treated as “Personal Network Information” instead of Personal Data. “Log Data” does not include Personal Network Information. Although such Personal Network Information may be used to administer and maintain our Solutions, it is not shared with any third parties, except as described above in the sections titled “Third-Party Vendors,” “Compliance with Laws,” “Corporate Restructuring,” “Affiliates,” and “Other Legitimate Business Purposes.” PLEASE NOTE: DEPENDING ON YOUR JURISDICTION, YOUR IP ADDRESS MAY BE CONSIDERED PERSONAL DATA. IN ALL SUCH CASES IT WILL BE ACCORDINGLY TREATED AS SUCH.
After removing any personally identifying information from within the set of Personal Data, Personal Network Information, and Log Data we collect from you, we may combine that information with information we collect from other users and customers (collectively, “Aggregated Data”) in order to improve the quality and value of our services and to analyze and understand how our Solutions are used. We may share and use Aggregated Data with third parties for industry analysis, demographic profiling, and any other legal purposes.
The following choices are available to you to access, delete, or manage your Personal Data. Please be aware that any failure to provide requested information may prevent you from accessing or using certain features of our Solutions.
i. How You Can Access or Correct Your Information
You can access a variety of your Personal Data by contacting us at the email or physical address specified in the Contacting Us section below. We use this procedure to better safeguard your information. You can correct factual errors in your Personal Data by sending us a request that credibly shows error.
ii. You Can Request for Your Information to Be Deleted
You can ask us to erase or delete all or some of your Personal Data (provided it is no longer necessary for legal purposes or to provide services to you). You may place a request by contacting us at the email or physical address specified in the Contacting Us section below. All Personal Data that we are not legally required to maintain shall be deleted within 30 days of receiving the request. We will take reasonable steps to verify the requester’s identity before proceeding with deletion. Please realize that if a request to delete Personal Data is intiated while there are any outstanding requests for our Solutions, all such requests may be canceled.
iii. How You Can Opt Out
of Cookies. You may disable or delete cookies in your web browser, but doing so may impact the usability of the applicable Solution features. To block cookies, you can also browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari.) according to the browser provider’s configuration of that feature.
i. California Shine the Light Act
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year.
To request a copy of the information disclosure provided by us pursuant to Section 1798.83 of the California Civil Code, your request must include contact us at the email or physical address specified in the Contacting Us section below with “California Privacy Request” in the first line.
Please note that under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any request that is not sent to the designated email or physical address.
ii. California Do Not Track Disclosure
Do Not Track is a privacy preference that some users may set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not recognize or respond to Do Not Track browser settings or signals and we will still receive information. As a result, we may still collect information about you and your internet activity, even if you have turned on the Do Not Track signal.
We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we may consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. We may have to keep certain information about our customers for regulatory compliance purposes only.
In some circumstances we may use anonymized Aggregated Data derived from your Personal Data as described above for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
The security of Personal Data is important to us. We employ (and require our Vendors to maintain) generally accepted standards of organizational, administrative, physical, procedural, and technological measures designed to protect your information from improper loss or misuse, and unauthorized access, disclosure, alteration, and destruction during processing.
However, please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, although we comply with legal obligations and strive to use commercially appropriate means to protect the security of your Personal Data, we cannot guarantee its absolute security or that unauthorized access to it will never occur. If you have questions or concerns about the security of your Personal Data, you can contact us at the email or physical address specified in the Contacting Us section below.
ATTN: Data Protection Officer
1103 Schrock Road, Suite 200
Columbus, OH 43229