Last revised on May 26, 2021
A. Types of Data We Collect and How We Collect It
We collect the following personal data you provide when you use our Website, including when you sign up for an account and use one of our products, or otherwise engage or communicate with us:
A.1 Data You Provide To Us
- Registration: To create an account you must provide data including your name, email address and a password. You also have the option to affiliate yourself with your employer, place yourself in your employer’s org chart and include a biography, photo and certain social media links.
- User activity: As you use our Website, we collect information about how you access and use it, including your activity on pages on the Website, photos or media you upload to the Website and other content you provide.
A.2 Data from Third Parties
- Data collection: Our active community of contributors may post content that includes information about you (as part of completing an org chart or other articles, posts or comments), including your name, email address, job title and affiliation to your employer. As part of our mission to make every org chart public, we may collect information about you, including your name, photo, job title, office location, employer, social media profile and professional biographies. Data on the Website comes variety of publicly available sources, including from webpages on the internet such as company websites, news articles, company team pages and various other sources.
- Third Party Services: If you link, connect, or log in to your Account with a third-party service (e.g., Google, Facebook), the third-party service may send us information such as your profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings on that service.
A.3 Data Collected Automatically
Usage data collected using cookies: We, and our third-party service providers, automatically collect certain types of usage information when you visit or use our Website, through the use of statistical and tracking cookies and similar technologies. We use such cookies to help customize your experience so that your use of our Website is as relevant and as valuable to you as possible, including by:
We use the following types of Cookies:
- saving your password so you don’t have to re-enter it each time you visit our Website;
- recognizing you to deliver content specific to your interests
- tracking the pages you’ve visited.
You may modify your browser preferences relating to cookies. You have the choice to accept all cookies, to be notified when a cookie is set or to reject all cookies. If you choose to reject cookies, certain of the functions and conveniences of our Website may not work properly. We do not link non-personal data from cookies to personally identifiable information without your permission. To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find more information about cookies, including information about how to manage and delete cookies, please visit http://www.allaboutcookies.org/.
- Essential Cookies: Essential cookies are required in order to provide you with features or services that you have requested. For example, certain cookies enable you to log into member-only areas of our Website. Disabling these cookies may make certain features and services unavailable.
- Functional Cookies: Functional Cookies are used to record your choices and settings regarding our Website, maintain your preferences over time and recognize you when you return to our Website. These cookies help us to personalize our content for you and remember your preferences (for example, your choice of language or region).
<li><u>Device and location information:</u> To help us protect against fraud, and improve the user experience on our Website, certain of our third-party service providers collect your location data, including current and historical information concerning your geographic location and IP addresses used in conjunction with our Website, information about the URL of both the site you came from and the one you go to and the time of your visit, your device and its software, such as browser type, Internet service provider, platform type, device type, operating system, a unique ID (that allows us to uniquely identify your browser, mobile device, or your account), and other similar information.</li>
A.4. Other Sources
We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
B. How We Use Your Data
We will only collect and process personal data about you where we have a legal basis for doing so. Legal bases include:
- consent (where you have given consent),
- contract (where processing is necessary for the performance of a contract with you (e.g., to allow you to access our Website if you create an account with us); and
- legitimate interests (e.g., our legitimate interests the legitimate interests of third parties such as your employer, provided that such processing shall not outweigh your rights and freedoms, which can include:
- enabling or administration of our business, such as for quality control, consolidated reporting, and customer service;
- enabling us to better understand and improve our business, user and partner relationships; and
- enabling us and our users and visitors to connect with each other, build partnerships, find jobs and economic opportunity and conduct business through leveraging our org charts).
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. See the section below entitled “Your Rights” detailing the specific rights that you have and can exercise at any time. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at email@example.com.
For example, we use your information:
- To meet or fulfill the reason you provided the information to us.
- To communicate with you about the Website, including announcements, notifications, updates or offers.
- To operate, provide support and assistance for the Website.
- To create and manage your account or the accounts for other users.
- To personalize your experience, website content and communications based on your preferences.
- To respond to user inquiries and fulfill user requests.
- To market, improve, and develop the Website, including testing, research, analysis, and product development (including creation and enhancement of org charts and related products and services).
- To protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security and integrity of our Website.
- To comply with applicable laws and our legal or contractual obligations, resolve disputes, and enforce our terms of service.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
We will not collect additional categories of personal data or use the data we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you notifications and updates to org charts that you have decided to follow, newsletters and other content that may be of interest to you, or email you about your use of the Website. If you do not want to receive communications from us, contact us at firstname.lastname@example.org.
C. How We Share/Disclose Information
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the personal data we collect. For further information on your choices regarding your personal data, see the “Your Rights” section below. We do not sell, lease or rent your personal data to third parties, aside from substantial corporate transactions (described below). We may share your personal data in the instances described below:
- Users of the Website: As part of our mission to make every org chart public, some of your personal data may be visible to other users of our Website and to the public (such as holding a certain position within an org chart, making a move to a new organization, taking up a new position within a team etc.).
- Authorized third-party vendors and service providers: We share personal data with certain authorized and vetted contractors, subcontractors, third-party vendors, and service providers who help us run and protect our business. The categories of service providers to whom we entrust personal data include service providers for: (i) our offering of the Website and the related products and services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities; and (vi) the provision of IT, web hosting and related services.
We use the following IT vendors: Chartio, Amplitude, Zapier, Customer.io, Retool, Geckoboard, Segment, AWS, Google Analytics, Bugsnag, Delighted, HubSpot, Copper. Please note that these third-party services have their own privacy policies, and we strongly recommend that you read their privacy policies as well as terms and conditions of use to understand how they collect, use, and share your information.
- Substantial corporate transactions: We may share personal data in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, reorganization, financing, change or control or acquisition of all or a portion of our business by another company or third party, asset sale, initial public offering, or in the unlikely event of bankruptcy or similar proceeding.
- Legal purposes: We disclose personal data to respond to subpoenas, court orders, legal process, law-enforcement requests, legal claims, or government inquiries and to protect and defend the rights, interests, safety, and security of The Org, our affiliates, users, or the public.
- With your consent: We share personal data for any other purposes disclosed to you with your consent. We may also share information with others in an aggregated or otherwise.
D. Your Rights
For personal data that we have about you, you have the right to access, correct, seek erasure and to restrict us from using your personal data. If you decide to exercise these rights, you can:
- Ask to access and/or obtain a copy of your data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form. You can also download your account data by clicking “Download Data” in the Account settings section of our Website.
- Ask us to amend or correct your data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- Ask us to delete your data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide services to you). You can also delete your position on your company’s org chart by clicking “Edit” on your position and clicking “Delete Position” on the bottom of the page.
- Ask us to limit or stop using your existing data: You can ask us to stop using all or some of your existing personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
If you have any questions about exercising your rights, or would like us to remove your information from the Website, please contact us at email@example.com. Please include the following information if you submit a deletion request for your position on an org chart:
E. Data Security and Retention
We retain personal data about you for as long as you have an open account with us or as otherwise necessary to offer the products and services offered on our Website. In some cases we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation.
We seek to protect your personal data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of personal data and how we are processing that data, including but not limited to:
- Our Website uses SSL (https).
- Account passwords are hashed when stored in our database.
- The authenticity of request methods are verified to prevent CSRF (cross-site request forgery) attacks.
- Access to AWS is limited on a need to know basis and requires Two-Factor Authentication (2FA).
- Employees must have a specific reason they need access to personal data and obtain access approval from someone with administrative access.
- Our data tools have encryption at rest functionality. Data is encrypted unless we need to see it directly for a specific purpose. When data travels between our various tools, it is secure and encrypted. It is only decrypted when we look at it for a specific reason.
By using our Website or providing personal data to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Website. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Website, by mail or by sending an email to you.
F. Other Important Information Pertaining to Privacy
- Children’s Privacy: Our Website is not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us as set forth below. If we learn that we have collected a child’s personal data in violation of applicable law, we will promptly take steps to delete such information, stop processing the child’s information and terminate the child’s account.
- International Data Transfers: All information processed by us may be transferred, processed, and stored anywhere in the world (for instance, on servers or databases co-located with hosting providers), including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.
118 Spring Street,
New York, NY 10012, United States,