Effective Date: May 25th 2018
If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at firstname.lastname@example.org.
How Do We Collect and Use Information?
If you use our Services, we collect information that identifies or can be used to identify you (“PII”). The types of PII we may collect (directly from you or from third-party sources, such as your organization) and our privacy practices depend on the nature of the relationship you have with Bipsync and the requirements of applicable law. Some of the ways that Bipsync may collect PII include:
- You may provide PII directly to Bipsync through interacting with the Services and requesting Services or information, as described below.
- As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.
Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services (including your Account, if you are an Account holder), to respond to your comments and questions, to use your email address or other contact information to send you information related to the Services and to enable you to enjoy and easily navigate our Services.
Information You Provide
Account Information: If you create an Account, we’ll collect certain PII such as your name and email address.
Communications with Us: We may collect PII from you such as email address, phone number or mailing address when you choose to request information about our Services, request to receive customer or technical support, or otherwise communicate with us, including via the Contact section of the Site.
Information Provided by Your Organization
If you are an Authorized User, we may receive information about you from your organization to supplement information provided by you, such as your name and email address, to help with Account set-up or management of support requests.
Information Collected Using Cookies and other Web Technologies
“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services and to monitor how many visitors view our Services.
Information Related to Use of the Services
Information Sent by Your Mobile Device
We may collect certain information that your mobile device sends when you use our Services, such as a device identifier, user settings, and the operating system of your device, as well as information about your use of our Services. Such information helps us to, and will only be used in order to, improve, customize and enhance our Services.
In some cases we collect and store information about where you are located, such as by converting your IP address into a rough geolocation. We may use location information to improve and personalize our Services for you.
What Information Do We Share With Third Parties?
We will not share any PII that we have collected from you except as described below:
Information Shared with Your Organization
If you are an Authorized User, under the terms of the Agreement between Bipsync and your organization, your organization and other personnel and Authorized Users from your organization are permitted to access the information in your Account, both during your use of the Services and/or when you or your organization ceases using the Services. In addition, at a minimum, the name associated with your Account may be displayed to others within your organization and in connection with your use of the Bipsync Services. Certain User roles assigned by your organization may allow personnel from your organization with specific User credentials access to Account information as required for purposes such as compliance or management of Users and User groups.
Information Shared with Our Services Providers
We may engage third-party service providers to work with us to administer and provide the Services. These third-party service providers have access to your PII only for the purpose of performing services on our behalf, and in compliance with applicable laws and regulations (including, without limitation, the CAN-SPAM Act of 2003 and the Privacy Shield (as defined herein), as applicable). All such third-party service providers will be required to maintain the confidentiality of all PII that they process on our behalf and to implement and maintain reasonable security controls to protect the confidentiality, integrity and availability of such PII. Such third parties include: customer relationship management software providers, Internet hosting and cloud service provider services, and customer support services and software.
If you are an Authorized User, your organization may require us, and our service providers, to store your PII in a specific region.
Information Shared with Other Third Parties
We may share aggregated and de-identified information (such that information cannot be identified as the information of a particular User and will therefore not include PII) with third parties for industry research and analysis, demographic profiling and other similar purposes, and for third-party programs to access the Services in a manner that extends the Bipsync user experience and helps us operate and improve the Services.
Information Disclosed in Connection with Business Transactions
Information that we collect from our Users, including PII, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your PII, will be disclosed or transferred to a third-party acquirer in connection with the transaction. The disclosure and transfer of any of your PII to such third-party acquirer will be done in compliance with applicable law and regulation (including but not limited to the Privacy Shield, as the case may be), and only as necessary in order to enable Bipsync or the relevant acquirer to continue to perform services to you or your organization.
Information Disclosed for Our Protection and the Protection of Others
We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. In certain circumstances, we will disclose any of your PII to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas), law enforcement requests and national security requests; (ii) to protect our rights and safety and the rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity. In the event of such disclosure or transfer of your PII to public authorities, there is a chance that Bipsync will not be able to require such public authorities to implement and maintain reasonable security controls to protect the confidentiality, integrity and availability of your PII.
Where Do We Send Information?
As our Users operate globally, we need to send User PII to different countries in order to provide the Services, and you might send your PII to different countries in the course of using Bipsync Services. As indicated above, if you are an Authorized User, your organization may require us to store your PII in a specific region. When we send PII outside of the European Economic Area (EEA), we use a variety of legal mechanisms to make sure that your PII is sent with appropriate safeguards:
EU-US Privacy Shield
We may send some of your PII from the EEA to Bipsync Ltd. in the US. Bipsync complies with the EU-U.S. Privacy Shield Framework (together with the Swiss-U.S. Privacy Shield, the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce and the European Commission regarding the collection, use and transfer of personal data from European Union member countries, as well as from Iceland, Liechtenstein and Norway. Bipsync commits to adhere to and has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability, as well as the Supplemental Privacy Shield Principles, in each case with respect to all PII that Bipsync receives in reliance on the EU-U.S. Privacy Shield. To learn more about the Privacy Shield, and to view Bipsync’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
Swiss-US Privacy Shield
We may send some of your PII from Switzerland to Bipsync Ltd. in the US. Bipsync complies with the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from Switzerland. Bipsync has certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Privacy Shield, and to view Bipsync’s certification, please visit https://www.privacyshield.gov.
The Federal Trade Commission and the relevant EU data protection authorities have jurisdiction to investigate and enforce any issues relating to compliance with or certification to the Privacy Shield. Bipsync will cooperate and comply with the dispute resolution panel established by the relevant EU data protection authorities.
The Security of Your Information
We take reasonable measures to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
In the context of an onward transfer, Bipsync has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Bipsync shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless Bipsync proves that it is not responsible for the event giving rise to the damage.
Links to Other Sites
Modifying Your Information
You can access the PII associated with your Account via your Account. If you want Bipsync to delete your PII and/or your Account, you can do so by contacting us at email@example.com. Please note that if you are an Authorized User and you make a request to delete your PII and that data is necessary for the continuation of Services your organization has purchased, the request will be honored only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements. We’ll take steps to delete your PII as soon as is practicable. If you are a User located in the EU, you have specific rights over your PII, such as:
- Access: to know whether we process PII about you, to access that PII and find out how we use it and who we share it with;
- Portability: to receive a subset of the PII we collect from you in a structured, commonly-used and machine-readable format, and to request that we transfer such PII to another party;
- Correction: to require us to correct PII about you that is accurate or incomplete;
- Erasure: to request that we erase PII we hold about you in certain circumstances. Note that in cases where we grant your request for deletion, copies of erased PII may remain in archived/backup copies for our records, as we are not always able to delete information from those locations;
- Restriction: to require us to stop processing the PII we hold about you other than for storage purposes in certain circumstances; and
- Objection: to object to our processing of PII about you and we will consider your request.
Treatment of Authorized User PII Following Termination
If you are an Authorized User who is utilizing the Bipsync Services under your organization’s Agreement with Bipsync, then following the termination of your or your organization’s access to or use of the Bipsync Services, Bipsync may, if required by the Agreement or your organization, but subject to the requirements of applicable law or any Governmental Authority, deliver to your organization or destroy any PII we have in our possession.
Our Policy Toward Children
Our Services are not directed to children under 13 and we do not knowingly collect PII from children under 13. If we learn that we have collected PII of a child under 13 we will take steps to delete such information from our files as soon as possible.
“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their PII (if any) for their direct marketing purposes in the prior calendar year, as well as the type of PII disclosed to those parties. Bipsync does not share PII with third parties for their own marketing purposes.
In compliance with the Privacy Shield Principles, Bipsync commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Bipsync at firstname.lastname@example.org.
Bipsync has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland.
As a Privacy Shield participant, Bipsync commits to binding arbitration at the request of an individual to address any complaint relating to our privacy notice or our information practices that has not been resolved by other recourse and enforcement mechanisms.