Updated 17 December 2020
1 - Introduction
2 - Information Collection and Use
We must use your data in order to provide and improve the Platform for you. We collect several types of information to do this, as outlined below.
2.1 - Types of Data Collected
2.1.1 - Personal Data
While using our Platform, we may ask you to provide us with certain personally identifiable information (“Personal Data”). Personally identifiable information may include, but is not limited to your name, email address, billing information, cookies, usage data and information associated with your Visly user account (including Github username, email address, organizations and account avatar).Please note that if you do not wish to share certain Personal Data, such as Visly user account information, you will not be able to use the Visly app.
2.1.2 - Usage Data
We may also collect information that your browser sends whenever you visit our Platform, including through a mobile device (“Usage Data”).
This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access our Platform with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Cookies are files with small amounts of data that may include an anonymous unique identifier that we store on your device if you opt to allow them. They contain information that is transferred to your computer’s hard drive and help us provide a better user experience for you – further detail of how they help us is laid out below.
With your consent to allow cookies, we are able to hold certain information we get from cookies. Please note that if you do not accept cookies, you may not be able to use some portions of our Platform.
We do not share any information collected by the cookies with any third parties.
Session cookies (first-party)
- Expiration: 30 days after the session is concluded.
- Opt out: As these cookies are essential to the site’s function, it is not possible to opt out of them.
Functional cookies (first-party)
- Expiration: 30 days after the session is concluded.
- Opt out: To opt out, please choose the ‘block cookies’ function in your browser.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.
2.2 - Use of Data
2.2.1 - Essential Data Use
Visly Inc uses the collected data to provide, maintain and improve our Platform and to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. This processing is necessary to perform our contract with you.
We also use the collected data as necessary for the following legitimate business interests:
- to notify you about changes to our Platform and provide customer support;
- to allow you to participate in interactive features of our Platform when you choose to do so;
- to monitor the usage of our Platform;
- to detect, prevent and address technical issues; and
- to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.
2.2.2 - Opt-In Data Use
Upon providing us with any Personal Data, you will be given the option to receive newsletters and other marketing materials from us. Should you opt in to receiving this type of communication from us, we may contact you to provide information on new product launches, Platform feature updates and the like. You may opt out of receiving these emails at any point after opting to receive them, either by clicking the ‘unsubscribe’ link at the bottom of each message or by contacting us. Please note that if you unsubscribe from our marketing lists, we will continue to contact you regarding essential system and security updates to our Platform and to respond to your enquiries.
2.2.3 - Other Data Uses
For European Economic Area (“EEA”) residents, pursuant to your rights under the General Data Protection Regulation 2016/679 (“GDPR”) and the EU-US Privacy Shield Framework (“Privacy Shield”), detailed further below under clauses 3.4, 3.5, and 3.6, Visly Inc. will only process your Personal Data in ways that are compatible with the purposes outlined above, or for purposes that you later authorize. Before we use your Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with notice and the opportunity to opt out. We maintain reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.
2.3 - Retention of Data
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Platform, or we are legally obligated to retain this data for longer time periods.
3 - Data Transfer, Disclosure and Rights
3.1 - International Transfer of Personal Data
When providing Visly Inc. with information, please note that the information, including Personal Data, may be transferred to, processed on and maintained on servers located outside of your state, province, country or other governmental jurisdiction. Data protection laws in those jurisdictions may differ from those of your jurisdiction. Currently, we transfer data to and from the United States and various states within the EEA, including but not limited to the United Kingdom and Sweden.
Transfers of data between EEA states are protected by the GDPR. Details of your rights under this regulation can be found below under clause 3.4, entitled ‘Your Rights Under the GDPR’. Transfers of data between EEA states, Switzerland and the United States (“US”) are protected by a set of GDPR-compliant standard contractual clauses (“SCCs”), which are incorporated into Visly Inc’s individual agreements with foreign data processors and controllers. Details of your rights and protection under the SCCs can be found below under clause 3.5. Additionally, Visly Inc. is a member of both the EU-US and Swiss-US Privacy Shield programs. Details of your rights under this scheme can be found below under clause 3.6, entitled ‘Your Rights Under the Privacy Shield’.
3.2 - Disclosure of Data
3.2.1 - Circumstances of Disclosure
Under certain circumstances, we may disclose personal information, that either you have provided or we have collected. Those circumstances include:
- Disclosure for Law Enforcement: we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
- Business Transaction: if any company in our group is involved in a merger, acquisition, asset sale, or other change in corporate control (“Transaction”), your Personal Data may be transferred to the buyer in connection with the Transaction and/or during the diligence process.
- Other cases, including:
- to our subsidiaries and affiliates;
- to contractors, service providers, and other third parties we use to support our business; and
- with your consent in any other cases.
3.2.2 - Service Providers
We may employ third party companies and individuals to facilitate our Platform (“Service Providers”), provide the Platform on our behalf, perform Platform-related services or assist us in analyzing how our Platform is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We use Mixpanel and Intercom to analyze the use of our Platform and provide customer service.
Mixpanel has the ability to collect and track information on our Platform’s users. Currently, we allow Mixpanel to access data on user actions within our app (for example, if a user creates or edits a component). The data Mixpanel receives is fully anonymized and contains no information personally identifiable to Mixpanel.
However, if you would like to opt out of data sharing with Mixpanel, please change your browser settings to ‘Do Not Track’ – instructions on how to do this can be found here: https://allaboutdnt.com/#adjust-settings. To ensure you are completely opted out of data sharing, please contact us at email@example.com so that we can ensure your Mixpanel user profile is deleted. For more information on how data transferred to Mixpanel is protected in compliance with the GDPR, please refer to their Data Processing Addendum.
Intercom manages our user profiles, customer communication, and customer support. They may receive information such as your email, name, job role (as selected during Visly account setup), and company. as well as any information supplied in customer support emails. If you would prefer to opt out of having your user profile shared with Intercom, please email us at firstname.lastname@example.org. Please note that opting out from data sharing with Intercom will remove our ability to send you product updates and beta testing invitations.
We use Productboard to compile and process feedback and feature requests from users ("User Feedback"), as well as update users when their feature requests are fulfilled.
Productboard has the ability to collect certain Personal Data on our Platform's users. This may include the user's name, (where applicable) user avatar, email address, company and communication between Visly or employees of Visly with the user regarding their feature request. This data transfer can happen in one of two ways: when a user makes a feature request in Visly's community Slack channel ("Community Slack"); or when a user makes a feature request via email ("Email"). Please note that users may also submit feature requests directly to Visly's public roadmap ("Roadmap"), via the in-app feature request function or directly through Visly's website. As the user is providing any Personal Data they share directly to Productboard in this instance, this does not constitute a transfer of data from Visly to Productboard.
If you would prefer to opt out of having your Personal Data shared with Productboard, please email us at email@example.com. Please note that opting out of data sharing with Productboard may impact our ability to fulfill your feature requests.
We use Stripe to process payments for Platform Subscriptions.
3.3 - Security of Data
You use our Platform at your own risk. While the security of your data is important to us, please remember that no method of transmission over the Internet or of electronic storage is 100% secure. Although we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
3.4 - Your Rights Under the GDPR
If you are a European Union (EU) or European Economic Area (EEA) resident, you have certain data protection rights under the GDPR. You can find out more about the GDPR here: https://eur-lex.europa.eu/eli/reg/2016/679/oj.
In certain circumstances, you have the following data protection rights:
- the right to access, update or to delete the information we have on you;
- the right of rectification, which is the right to have your information updated or changed if it is inaccurate or incomplete;
- the right to object to our processing of your Personal Data;
- the right of restriction, which is the right to request that we restrict the processing of your personal information;
- the right to data portability, which is the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format; and
- the right to withdraw consent at any time where we rely on your consent to process your personal information.
If you wish to exercise any of these rights, please email us at firstname.lastname@example.org. Please note that we may ask you to verify your identity before responding to such requests. Also note that we may not able to provide our Platform to you without some necessary data.
Under the GDPR, you also have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
3.5 - Your Rights Under the SCCs
Visly Inc. relies on a set of Standard Contractual Clauses to ensure that any third party to which your data may be transferred (“Data Importers”) outside of the EEA handles your data in ways compliant with the GDPR. These clauses are incorporated into our individual user agreements with those parties. The third parties to whom we currently transfer data, and details of what type of data may be transferred, can be found above in clause 3.2.2.
Under these SCCs, Visly Inc. agrees and warrants:
- (a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- (b) that it has instructed and throughout the duration of the personal data-processing services will instruct the Data Importer to process the personal data transferred only on Visly Inc’s behalf and in accordance with the applicable data protection law and the SCCs;
- (c) that the Data Importer will provide sufficient guarantees in respect of the technical and organisational security measures specified by the European Commission in its decision 2010/87/EU;
- (d) that after assessment of the requirements of the applicable data protection law, these security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- (e) that it will ensure compliance with the security measures;
- (f) to forward to the data protection supervisory authority any notification received from the Data Importer or any sub-processor relating to changes in legislation that would be likely to have an adverse effect on the Data Importer’s ability to fulfill its obligations under the SCCs and/or prevent the conduct of an audit of it if we decide to continue the transfer or to lift the suspension;
- (g) to make available to you upon request a copy of the SCCs and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the SCCs, unless the SCCs or the contract contain commercial information, in which case we reserve the right to remove such commercial information;
- (h) that, in the event of sub-processing, the processing activity is carried out in accordance with the applicable principles under Clause 11 of the European Commission’s decision of 2010/87/EU, by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the SCCs; and
- (i) that we will ensure compliance with the above clauses.
Further, under the SCCs, if you suffer damage as the result of any breach of the above clauses (3.5(a)-(i)) on our part or on the part of the Data Importer, you have the right to compensation from Visly Inc. for the damage suffered. In the event that you are unable to claim compensation from us as a result of our ceasing to operate at law as a business or our insolvency, by virtue of the SCCs, you have the right to issue a claim against the Data Importer implicated in the breach, provided that there operates no successor entity to Visly Inc that has taken on its entire legal obligations.
For information on the obligations of the Data Importers, as well as what security measures and safeguards they have put in place to protect your data, please see the individual Data Importers’ policies above in Clause 3.2.2.
3.6 - Your Rights Under the Privacy Shield
General. We process Personal Data in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below.
Choice. You may opt out of (i) the disclosure of your Personal Data to third parties that do not provide services to us and/or (ii) uses of your Personal Data for purposes that are materially different from the purposes for which the Personal Data was collected unless you have authorized such different purposes. To exercise these rights, please contact us. Please see Section 3.4 of this policy for additional information.
Accountability for Onward Transfers. We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third-party service providers (described in Section 3.2 above). If such service providers process Personal Data in a manner inconsistent with the Privacy Shield Principles, we are responsible for the harm caused.
Access. EU users have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please see Section 3.4 above for more information on the rights of users in the EU (and, to the extent applicable, users in Switzerland).
Recourse, Enforcement, Liability. In compliance with the Privacy Shield Principles, Company commits to resolve complaints about our processing of your Personal Data. EU and Swiss users with inquiries or complaints regarding this Privacy Shield Policy should first contact Visly Inc. at: email@example.com.
We have further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.
4 - Links to Other Sites
5 - Children's Privacy
Our Services are not intended for use by children under the age of 16 (“Children”).
We do not knowingly collect personally identifiable information from Children under 16. If you become aware that a Child has provided us with Personal Data, please contact us at firstname.lastname@example.org. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove that information from our servers.