LAST UPDATED: DECEMBER 20, 2019
The Services and our business may change from time to time. As a result, at times it may be necessary for Privy to make changes to this Policy. We will not make changes that result in significant additional uses or disclosures of your Personal Information without allowing you to “opt in” to such changes. We may also make non-significant changes to this Policy that generally will not significantly affect our use of your Personal Information, for which your opt-in is not required. We encourage you to check this page periodically for any changes. If any non-significant changes to this Policy are unacceptable to you, you must immediately contact us and, until the issue is resolved, stop using the Services. Your continued use of the Services following the posting of non-significant changes to this Policy constitutes your acceptance of those changes.
To the extent that the Services are available to individuals located in the European Economic Area and the United Kingdom, this Policy sets out our practices and obligations under the General Data Protection Regulation 2016/679 (the “GDPR”). If an organization with which you are associated (our “End Customer”) signs up to use our Services, we may receive Personal Information about you in connection with our provision of the Services to the End Customer. To the extent we process (as defined in the GDPR) that Personal Information solely in order to provide the Services to the End Customer, under the GDPR, to the extent applicable, we will act as a processor (as defined in the GDPR) on behalf of the End Customer in respect of that Personal Information; this Policy will not apply to the processing of that Personal Information and the End Customer will act as a controller (as defined in the GDPR) in respect of that Personal Information and is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law. To the extent we process your Personal Information for any other lawful business purpose of ours, under the GDPR, to the extent applicable, we will act as a controller of such Personal Information and this Policy will apply to the processing of such Personal Information.
For the avoidance of doubt, this Policy does not apply to information collected from you through tools in the Services that are embedded within the websites of Privy’s End Customers (“Tools”), such as information you may provide to complete forms, or to the use of information submitted via a Tool on an End Customer’s website by the applicable End Customer or its service providers.
1. Information Collected
When you interact with us through the Site or other Services, we may collect Personal Information and other information from you, as further described below:
Personal Information That You Provide:
We collect Personal Information from you when you voluntarily provide such information, such as when you contact us with inquiries, subscribe to our e-mail newsletter, submit comments to our blog, register for access to the Services or use certain Services. For instance, Privy may collect the following information about you: name, address, zip code, telephone number, e-mail address, and access credentials for the Services. Wherever Privy collects Personal Information we make an effort to provide a link to this Policy.
Non-Identifiable Data: When you interact with Privy through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you, unless it is combined with Personal Information. Privy may store such information itself or such information may be included in databases owned and maintained by Privy affiliates, agents or service providers. We may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors' Internet service providers. It is important to note that Privy uses no Personal Information in this process.
For the avoidance of doubt, the Site may use third-party service platforms (including to help analyze how users use the Site). These third-party service platforms may place cookies on your computer or mobile device. If you would like to disable "third party" cookies, you may be able to turn them off by going to the third party's website.
Here are links to the main third-party platform we use:
Aggregated Personal Information: In an ongoing effort to better understand and serve the users of the Services, Privy often conducts research on its customer demographics, interests and behavior based on the Personal Information and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Privy may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. Privy may also disclose aggregated user statistics in order to describe our Services to current and prospective business partners, and to other third parties for other lawful purposes.
Public Areas: The Services may feature community areas and other public forums, including but not limited to a blog (the “Public Areas”). These Public Areas are open to the public and should not be considered private. We cannot prevent such information from being used in a manner that may violate this Policy, the law, or your personal privacy. We are not responsible for the results of such postings or for the accuracy of any information contained in those postings.
Any information you share in a Public Area (including Personal Information) is by design open to the public and is not private. You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot regulate or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google, Yahoo, MSN, and Bing. If you mistakenly post personal information in a Public Area you can send us an e-mail to request that we remove it by contacting us at email@example.com. You should understand that in some cases, we may not be able to remove your information.
2. Use of Information:
Privy uses the Personal Information you provide in a manner that is consistent with this Policy and to the extent that the law allows. Pursuant to the GDPR, legal bases for our processing your Personal Information may include (without limitation):
(a) where you have given consent to the processing, which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
(b) where it is necessary to perform the contract we have entered into or are about to enter into with you (whether in relation to the provision of the Services or otherwise); and/or
(c) where it is necessary for the purposes of our legitimate interests (or those of a third party) in providing the Services and your interests or fundamental rights and freedoms do not override those legitimate interests.
If you provide Personal Information for a certain reason, we may use the Personal Information in connection with the reason for which it was provided. For instance, if you contact us by e-mail, we will use the Personal Information you provide to answer your question or resolve your problem. In addition to the foregoing purposes, we and our affiliates may use your information to: (a) improve the content and functionality of the Services and provide the Services; (b) better understand our users; (c) improve our marketing and promotional efforts and customize the Services content, layout, and Services to better suit your needs; and (d) resolve disputes, troubleshoot problems and enforce the Terms & Conditions or any other agreement we may have with you.
In addition, Privy and its affiliates may use your information to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each communication we send you will contain instructions permitting you to “opt-out” of receiving future communications. In addition, if at any time you wish not to receive any future communications or you wish to have your name deleted from our mailing lists, please contact us at firstname.lastname@example.org.
3. Disclosure of Information
There are certain circumstances in which we may share your Personal Information or other information with third parties without further notice to you, as set forth below:
Business Transfers: As we develop our business, we might sell or buy businesses or assets or receive funding. In the event of a corporate sale, merger, reorganization, dissolution, strategic investment by a third party in Privy, or similar event, Personal Information may be shared in connection with any of the foregoing and/or as part of the transferred assets.
Related Companies: We may also share your Personal Information with our affiliates for purposes consistent with this Policy.
Agents, Consultants and Related Third Parties: Privy, like many businesses, sometimes hires other companies or individuals to perform certain business-related functions. When we employ another company to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
Legal Requirements: Privy may disclose your Personal Information if required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation, including lawful requests by public authorities, including to meet national security or law enforcement requirements, (b) protect and defend the rights or property of Privy, (c) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (d) identify, contact or bring legal action against someone who may be violating the Terms & Conditions or other agreement with us, to detect fraud, or for assistance with a delinquent account.
Privy takes reasonable steps to protect the Personal Information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Site may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Information to Privy via the Internet.
5. Third Party Sites
This Policy applies only to the Services. The Site and other Services may contain links to other websites not operated or controlled by Privy, including those operated by End Customers (the “Third Party Sites”). The policies and procedures described here do not apply to the Third Party Sites or services. The links from the Site or placement of Tools on certain Third Party Sites does not imply that Privy endorses or has reviewed the Third Party Sites. We suggest contacting those sites, services, entities or persons directly for information on their privacy policies.
6. Children’s Online Privacy Protection
The Services are not designed for or directed to children under the age of 13. Privy does not knowingly collect Personal Information from children under the age of 13. In fact, as currently operated persons under the age of 18 may not use the Services. By providing information to Privy, you represent that you are 18 years of age or older.
This Policy does not apply to any Personal Information collected by Privy other than Personal Information collected through the Services. This Policy shall not apply to any unsolicited information you provide to Privy through the Services, to the Public Areas, or through any other means. This includes any ideas for new products or modifications to existing products, submissions made to the Public Areas, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and Privy shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.
8. Access to Information; Contacting Privy
We generally use Personal Information as described in this Policy or the Terms & Conditions or as authorized by you or as otherwise disclosed at the time we request such information from you. You generally must "opt in" and give us permission to use your Personal Information for any other purpose. You may also change your preference and "opt out" of receiving certain marketing communications from us by following the directions provided in association with the communication or such other directions we may provide or by contacting email@example.com.
Under certain circumstances and in compliance with the GDPR, you may have the right to:
Request access to your Personal Information (commonly known as ‘subject access request’). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it;
Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
Request erasure of your Personal Information. This enables you to ask us to delete or remove your Personal Information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your Personal Information in certain circumstances;
Object to processing of your Personal Information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
Request the restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information, for example, if you want us to establish its accuracy or the reason for processing it;
Request the transfer of your Personal Information to another party; and
Lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If you have any complaints about the way we process your Personal Information, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.
If you want to review, verify, correct or request erasure of your Personal Information, object to the processing of your Personal Information, or request that we transfer a copy of your Personal Information to another party, please contact firstname.lastname@example.org.
Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Policy prior to such update, correction, change or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.
You should be aware that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your Personal Information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all Personal Information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.
To keep your Personal Information accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Information in our possession that you have previously submitted via the Services. Please also feel free to contact us if you have any questions about this Policy or the information practices of this Site. You may contact us as follows:
By postal mail or courier:
Attn: Privacy Agent
201 South St, 2nd Floor
Boston, MA 02111
We will retain your personal information for as long as necessary to fulfill the purposes for which we collected it. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of that information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.