Updated March 2020
2 Information Collection and Use
We must use your data in order to provide and improve the Platform for you. We collect several types of information to do this, as outlined below.
2.1 Types of Data Collected
2.1.1 Personal Data
While using our Platform, we may ask you to provide us with certain personally identifiable information ("Personal Data"). Personally identifiable information may include, but is not limited to your name, email address, billing information, cookies and usage data.
2.1.2 Usage Data
We may also collect information that your browser sends whenever you visit our Platform, including through a mobile device ("Usage Data").
This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access our Platform with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Cookies are files with small amounts of data that may include an anonymous unique identifier that we store on your device if you opt to allow them. They contain information that is transferred to your computer's hard drive and help us provide a better user experience for you -- further detail of how they help us is laid out below.
With your consent to allow cookies, we are able to hold certain information we get from cookies. Please note that if you do not accept cookies, you may not be able to use some portions of our Platform.
We do not share any information collected by the cookies with any third parties.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.
2.2 Use of Data
2.2.1 Essential Data Use
Visly Inc uses the collected data to provide, maintain and improve our Platform and to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. This processing is necessary to perform our contract with you.
We also use the collected data as necessary for the following legitimate business interests:
to notify you about changes to our Platform and provide customer support;
to allow you to participate in interactive features of our Platform when you choose to do so;
to monitor the usage of our Platform;
to detect, prevent and address technical issues; and
to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.
2.2.2 Opt-In Data Use
Upon providing us with any Personal Data, you will be given the option to receive newsletters and other marketing materials from us. Should you opt in to receiving this type of communication from us, we may contact you to provide information on new product launches, Platform feature updates and the like. You may opt out of receiving these emails at any point after opting to receive them, either by clicking the 'unsubscribe' link at the bottom of each message or by contacting us. Please note that if you unsubscribe from our marketing lists, we will continue to contact you regarding essential system and security updates to our Platform and to respond to your enquiries.
2.2.3 Other Data Uses
For European Economic Area ("EEA") residents, pursuant to your rights under the General Data Protection Regulation 2016/679 ("GDPR") and the EU-US Privacy Shield Framework (“Privacy Shield”), detailed further below under clauses 3.4 and 3.5, Visly Inc. will only process your Personal Data in ways that are compatible with the purposes outlined above, or for purposes that you later authorize. Before we use your Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with notice and the opportunity to opt out. We maintain reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.
2.3 Retention of Data
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Platform, or we are legally obligated to retain this data for longer time periods.
3 Data Transfer, Disclosure and Rights
3.1 International Transfer of Personal Data
When providing Visly Inc. with information, please note that the information, including Personal Data, may be transferred to, processed on and maintained on servers located outside of your state, province, country or other governmental jurisdiction. Data protection laws in those jurisdictions may differ from those of your jurisdiction. Currently, we transfer data to and from the United States and various states within the EEA, including but not limited to the United Kingdom and Sweden.
Transfers of data between EEA states are protected by the GDPR. Details of your rights under this regulation can be found below under clause 3.4, entitled 'Your Rights Under the GDPR'. Transfers of data between EEA states, Switzerland and the United States (“US”) are protected by the Privacy Shield. Details of your rights under this scheme can be found below under clause 3.5, entitled ‘Your Rights Under the Privacy Shield’.
3.2 Disclosure of Data
3.2.1 Circumstances of Disclosure
Under certain circumstances, we may disclose personal information, that either you have provided or we have collected. Those circumstances include:
Disclosure for Law Enforcement: we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
Business Transaction: if any company in our group is involved in a merger, acquisition, asset sale, or other change in corporate control ("Transaction"), your Personal Data may be transferred to the buyer in connection with the Transaction and/or during the diligence process.
Other cases, including:
- to our subsidiaries and affiliates;
- to contractors, service providers, and other third parties we use to support our business; and
- with your consent in any other cases.
3.2.2 Service Providers
We may employ third party companies and individuals to facilitate our Platform ("Service Providers"), provide the Platform on our behalf, perform Platform-related services or assist us in analyzing how our Platform is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We use Mixpanel and Intercom to analyze the use of our Platform and provide customer service.
Mixpanel has the ability to collect and track information on our Platform's users. To opt out of data sharing with Mixpanel, please change your browser settings to 'Do Not Track' -- instructions on how to do this can be found here: https://allaboutdnt.com/#adjust-settings. To ensure you are completely opted out of data sharing, please contact us at email@example.com so that we can ensure your Mixpanel user profile is deleted.
Intercom manages our user profiles and customer support. If you would prefer to opt out of having your user profile shared with Intercom, please email us at firstname.lastname@example.org. Please note that opting out from data sharing with Intercom will remove our ability to send you product updates and beta testing invitations.
We use Stripe to process payments for Platform Subscriptions.
3.3 Security of Data
You use our Platform at your own risk. While the security of your data is important to us, please remember that no method of transmission over the Internet or of electronic storage is 100% secure. Although we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
3.4 Your Rights Under the GDPR
If you are a European Union (EU) or European Economic Area (EEA) resident, you have certain data protection rights under the GDPR. You can find out more about the GDPR here: https://eur-lex.europa.eu/eli/reg/2016/679/oj
In certain circumstances, you have the following data protection rights:
the right to access, update or to delete the information we have on you;
the right of rectification, which is the right to have your information updated or changed if it is inaccurate or incomplete;
the right to object to our processing of your Personal Data;
the right of restriction, which is the right to request that we restrict the processing of your personal information;
the right to data portability, which is the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format; and
the right to withdraw consent at any time where we rely on your consent to process your personal information.
If you wish to exercise any of these rights, please email us at email@example.com. Please note that we may ask you to verify your identity before responding to such requests. Also note that we may not able to provide our Platform to you without some necessary data.
Under the GDPR, you also have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
3.5 Your Rights Under the Privacy Shield
General. We rely on our Privacy Shield certification to transfer Personal Data that we receive from the EU and Switzerland to the U.S. and we process such Personal Data in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below.
Choice. You may opt out of (i) the disclosure of your Personal Data to third parties that do not provide services to us and/or (ii) uses of your Personal Data for purposes that are materially different from the purposes for which the Personal Data was collected unless you have authorized such different purposes. To exercise these rights, please contact us. Please see Section 3.4 of this policy for additional information.
Accountability for Onward Transfers. We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third-party service providers (described in Section 3.2 above). If such service providers process Personal Data in a manner inconsistent with the Privacy Shield Principles, we are responsible for the harm caused.
Access. EU users have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please see Section 3.4 above for more information on the rights of users in the EU (and, to the extent applicable, users in Switzerland).
Recourse, Enforcement, Liability. In compliance with the Privacy Shield Principles, Company commits to resolve complaints about our processing of your Personal Data. EU and Swiss users with inquiries or complaints regarding this Privacy Shield Policy should first contact Visly Inc. at: firstname.lastname@example.org.
We have further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.
4 Links to Other Sites
5 Children's Privacy
Our Services are not intended for use by children under the age of 16 ("Children").
We do not knowingly collect personally identifiable information from Children under 16. If you become aware that a Child has provided us with Personal Data, please contact us at email@example.com. If we become aware that we have collected Personal Data from Children without verification of parental consent, we will take steps to remove that information from our servers.