The Company often provides the Services to an entity or organization (the “Controlling Entity”) that controls the information related to the Services and then provides certain individuals access to the Services (an “End User”) and the information controlled by the Controlling Entity (e.g. an employer who provides access to the Services to its employees). Where a Controlling Entity controls the information related to an Account (as defined below), the Services are administered for the End User by the Controlling Entity as the administrator. In that case, certain provisions of this Policy regarding the handling and request for Personal Information will not apply and the End User may need to contact the Controlling Entity as administrator to assist with requests made pursuant to this Policy. For more information, please see “Notice to End Users” below. End Users can inquire with the Company at any time at firstname.lastname@example.org about any request described herein and the Company will advise whether an administrator must be contacted.
I. Information That We Collect
A. Information provided by the user
When you register for the Services and establish an account (your “Account”), we collect certain Personal Information such as your name, email address and the organization or company with which you work. Additionally, we may collect other optional information that you provide such as an image or avatar. In connection with certain aspects of the Services, we may request, collect and/or display some of your Personal Information. We will not send your Personal Information outside of our system without your approval. If there are any Services provided that you elect to utilize that requires a fee to be collected directly by the Company, then we will collect certain personal and financial information in order to process the transaction.
The Company may from time to time conduct voluntary surveys of users. We encourage users to participate in the surveys because they provide important information to us regarding the types of Services that we offer and the manner in which the Services are delivered. If you participate in a survey, then we will collect the information contained in your survey answers. Surveys are strictly optional.
B. Information that we collect automatically when you use the Services
We collect information that does not personally identify you, such as what site referred you to ours. We collect certain information about your visit to use the Services, which we may use to customize individual communications with you or to tailor your experience using the Services. Generally, the Services automatically collect usage information, such as the number of times that you login to the Services. This data may be used in aggregate form or other anonymous forms that does not personally identify you. This data is used to analyze how the Services are used so that we can improve the Services.
We automatically record information from your device when you interact with the Services, which may include cookies, IP address and other mobile identifiers. Additionally, we may collect some information that is specific to the device that you use to access the Services, which may include, among other things, network information, how the device interacts with the Services and unique device identifiers. We do not make this information public but we may share this information with our business partners, service providers and other agents and representatives with whom we conduct business.
We also gather certain demographic data and statistical information about both registered and unregistered users, some of which may be derived from Personal Information. This information is aggregated and analyzed. We do this by collecting information from large numbers of visits to the Services and studying the information as a whole to draw conclusions about trends across users. The trends relate to, among other things, the frequency with which users access particular parts of the Services. Based on conclusions we draw from this information we may tailor the display and functionality of the Services. The information we gather about your visits to the Services could be a part of this general, aggregated data.
Some Services may include features based on your actual, physical location (the “Location Services”). To the extent you use any Location Services, we may collect and store information about your location at the time you use those Location Services. We also may receive and/or collect your location information from your use of the Services generally.
C. Information that we collect from third parties
If you access the Services or register using a third party service not owned by us, such as your login credentials from Slack, then we may receive Personal Information from that third party service. You acknowledge and agree that by providing us with Personal Information either directly or indirectly through another source that you allow us and others to identify you. If you share your login credentials to third party services with us, then we may use such information to post content on those third party services on your behalf. You acknowledge that some of your information from your Account and the accounts on these other services may be transmitted and shared by the Company and the providers of these other services. We also collect information from Controlling Entities and its related End Users (a “Work Group”) in the course of using the Services, including information related to your work for the Controlling Entity, such as your job functions and performance (collectively, the “Work Information”). Other users of our Services that are in your Work Group may provide information about you when they utilize the Services and submit content. Certain members of a Work Group will have access to all of the Controlling Entities information related to the Services, including Personal Information; the Controlling Entity designates who within the Work Group has such access. We will not send your Work Information outside of our system without your approval.
If you connect our Services to a third party service not owned by the Company, then the third party service will inform you of the permissions that are being granted. When this type of information sharing occurs, the third party service providers are not subject to this Policy and likely have policies that differ from this Policy. We encourage you to read the policies, including privacy policies, of all applicable third party service providers.
II. How We Use the Information
A. Provide the Services
The Company’s primary use of the Personal Information that you provide is to provide the Services to you, including to identify you when you log in, provide customer support, process transactions with you and operate and improve the Services. For example, if there is a problem processing the payment transaction for fee-based Services, then we will use the Personal Information that you provide to contact you in order to resolve the processing problems. We also may include features tailored to you to enhance your experience and improve your ability to collaborate effectively with others.
B. Provide Support to Users and Communicate with Users About the Services and Updates to the Services
The Company reserves the right to contact you, using the Personal Information that you provide, and send communications relating to the Services, such as administrative messages and announcements about the Services, such as updates and Services offerings. We do not offer the option to opt out of receiving these communications as they are necessary for proper administration of the Services we provide to you. We may, in our discretion, communicate with you via email, SMS, MMS, other text message or push notification and we may collect information regarding such communications, such as confirmation when you read a message or open an email. This information is used to improve our customer service and the Services.
C. Improve the Services Including Research and Development
In an effort to improve our Service offerings we use Personal Information and feedback about how people use our Services to identify trends and usage patterns, troubleshoot, develop new products and features and undertake any other research and development that will benefit our users. We automatically analyze and aggregate certain information in furtherance of the aforementioned objectives. We also may test certain features on certain segments of our users before providing those features to all of our users.
D. Conduct Analytics
We use standard log files and IP addresses to administer the Services and, if there are problems in the operation of the Services, to diagnose problems. Your IP address and referring URLs may also be used to gather broad demographic information that could be distributed to advertisers. This information is disclosed only in aggregate form and would not contain information that identifies individual users of the Services.
All of the usage information, demographic data and other statistical information that we collect is aggregated and anonymized and does not personally identify you. We use this data to analyze how the Services are used so that we can improve the Services. Based on our analysis we may tailor the display and functionality of the Services.
E. Comply with law, protect our business interest and legal rights, provide security, prevent fraud and monitor the services
If we are required by applicable law or regulation, or where we believe it is necessary to protect our legal rights and/or the interests of other parties, we may use Personal Information about you in connection with legal claims, compliance and regulatory matters and disclosures related to audit functions or a business transaction involving the ownership of the Company and/or its assets. We also use your Personal Information to take security measures to protect and verify your Account and detect, prevent, and respond to potential or actual security incidents and to monitor and protect against other deceptive, illegal or prohibited activity.
F. User referrals
If you choose to refer a friend to our Services and provide contact information to us we will contact your friend inviting him or her to use our Services. The information that you provide will be used solely for contacting your referrals.
G. Other specific services not listed if user provides consent
We will use your Personal Information for any other specific purpose for which you provide us with consent.
III. Who we share information with
A. Other Users of the Services
We share certain information about you, including Personal Information and Work Information, with other users of the Services. In particular, we share certain information about you that has both been provided to us and that has been generated through the use of the Services with other users in your Work Group. For the OrgVitals Service, only users designated as part of the Work Group’s leaders have access to much of the data collected about you and your Work Group. The Company does not share or make external any of this data collected. However, we establish benchmarks and scoring metrics across anonymized, aggregated data that is shared with all users of the Services.
Certain Personal Information related to your Account, such as your username and avatar, may be displayed to other users of the Services. Additionally, some of your activity on the Services may be public such as any content that you post through your use of the Services or any content that you post in other public forums, such as social media accounts. You should be aware that any content you post on public portions of the Services or other third party services, such as social media accounts, will be publicly available and available to be seen and further disclosed by other users and search engines. Thus, all users should carefully consider the information that is posted in public areas and users may not want to post any private information in these public forums.
B. Vendors and service providers that help us operate
We may disclose your information, including Personal Information and Work Information, with service providers that perform functions on our behalf. We share this information in order to provide the Services to you. Examples of such disclosure are customer service representatives that work on our behalf and providing financial information to third payment processors to process fee-based transactions. Any information disclosed to such third parties would be treated as confidential and only used in the course of providing the Services.
C. Attorneys, law enforcement agencies and government authorities
D. Change of company ownership
We may sell the Company or substantially all of the Company’s assets and depending on the nature of the transaction, your Personal Information and Work Information may be a part of the assets that are transferred. If the entire business is sold to another company, then your Personal Information and Work Information will likely become the property of the acquiring company. Additionally, if we go out of business or enter bankruptcy your Personal Information and Work Information may be acquired by a third party. The acquiring company may have privacy policies different from those stated in this Policy. You acknowledge that such transfers may occur and that any such acquirer may continue to use your Personal Information and Work Information according to their policies.
E. Other Information Sharing
If you are a company or organization that uses the Services then we may disclose to the general public that the company or organization is a customer of the Company.
F. Links to Third Parties
IV. How we protect your information
A. Industry Standard Safeguards
The security of the Personal Information that you provide is extremely important to us. We will exercise reasonable care in maintaining secure transmission of information from your computer to our servers, however, we cannot guarantee the security of any information, including Personal Information and/or Work Information. We store all information using industry-standard techniques. We do not warrant the security of the information that you transmit to us and accept no liability for the unintentional disclosure of such information. You are responsible for the security of your Account and preventing unauthorized access to your Account.
B. Where we process your information and store
The Company is based in the United States but we are a remote company with a team of employees and contractors located in other countries and we offer Services to domestic and international business clients. Information that we collect, including Personal Information, may be transferred to our employees and contractors in the United States and other countries as we provide the Services and undertake our legal and contractual obligations. As a result, Personal Information may be transferred to and stored on servers located in the United States and in countries different from the country in which that information was initially collected. Similarly, information we collect may be accessed by Company personnel and our third-party service providers from countries other than the ones in which the information is stored.
VI. Opt-out; Account Update and Deletion; Access to Information
Users of the Services have the option to receive periodic communications from the Company regarding, among other things, new features/products offered and information about events related to our Services. All users can be removed from the Company’s mailing lists that involve promotional communications by sending an email to email@example.com. All promotional email communication will contain the “unsubscribe” email address link. Despite any opt-out to promotional communications, we may send you Service related communications.
The Personal Information that you provide can be updated by accessing your Account and following the directions. You can also email customer service at firstname.lastname@example.org indicating the information that you would like to have updated. If you would like to delete your Account you may do so by sending a request to delete your account to privacy@unitonomy. In order to delete your Account we will need to verify that you have the authority to delete the Account. Upon terminating your Account, any association between your Account and information we store will no longer be accessible by you, however, certain information may remain in our records and activity generated prior to deletion of your Account will remain stored by the Company.
Certain applicable laws, such as the State of California and the European Economic Area (“EEA”), may provide certain rights to residents of those areas regarding the Personal Information that has been provided to the Company, including access to the information that we have collected, use and/or disclose. You may be entitled to request that the Company delete or remove your Personal Information. Notwithstanding the foregoing, the Company may not be able to comply with your request to delete Personal Information for specific legal reasons. In that case, you will be notified at the time that you make the request. In order to protect Personal Information from unauthorized access or deletion, the Company may require users to provide additional information for verification. If we cannot verify a user’s identity, then we will not provide or delete Personal Information.
A. Notice to End Users
Many of the Services are intended for use by Controlling Entities, who then provide access to the Services via separate logins for End Users; an example of this situation is where an employer procures the Services and provides its employees with access to the Services. The Controlling Entity controls all the information related to its Account and the End Users to whom it provides access, including all information provided directly by an End User. The Controlling Entity is the administrator (the “Administrator”) of the Services responsible for the applicable Accounts and/or Service sites over which it has control. The Controlling Entity determines the individual End User(s) that may exercise administrative rights on its behalf. If you are an End User, please direct your data privacy questions to the Controlling Entity as your administrator, as your use of the Services is subject to the Controlling Entities policies. The Company is not responsible for the privacy or security practices of a Controlling Entity, which may be different from this Policy. If you are not an End User associated with a Controlling Entity, but you access the Services with an email address provided by a third party, then the owner of the domain associated with the applicable email address may assert administrative control over the Account associated with the email address and thus the Services provided thereunder.
Unless agreed otherwise in writing, Administrators generally have the authority to:
• access, retain and/or change all of the information about your Account and stored as a part of your Account, including Personal Information;
• terminate or otherwise restrict access to your Account and the Services, including restricting your ability to modify and delete information;
• reset Account passwords or require you to reset your password and change the email address associated with your Account; and
• manage, install, integrate or remove the service provided by other third parties, such as third party applications.
If you do not want a Controlling Entity to be the Administrator of your Account with the authority to assert control over your Account and access to the Services, then you should not register for the Services through a Controlling Entity. If you are an End user, please contact the applicable Controlling Entity’s policies for more information.
B. European Economic Area
If you are an individual in the EEA, the Company will collect and process information about you only where we have legal bases for doing so under applicable laws. Those legal bases depend on the Services you use and how you use them. As such, we collect and use your information only where: 1) we need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services; 2) the collection and use of the information satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; 3) the user gives the Company consent to use the information for a specific purpose; or 4) the Company needs to process your information data to comply with a legal obligation. If the user has consented to the Company’s use of information about the user for a specific purpose, the user has the right to revoke the consent at any time, provided that the revocation will not affect any processing that has already been conducted. Where the Company uses the information because it or a third party (e.g. your Work Group) has a legitimate interest to do so, the user has the right to object to that use though, in some cases, this may mean no longer using the Services. An individual in the EEA has the following rights to request: (i) access to Personal Information, (ii) that any inaccuracies be rectified or incomplete information be completed, (iii) erasure, (iv) that processing be restricted (under certain circumstances), and (v) that your Personal Information be transferred to you or another organization (under certain circumstances). Individuals in the EEA also have the right to object to processing of your Personal Information under certain circumstances.
С. California Privacy Notice
This section of the Policy (the “California Privacy Notice”) is for California residents and supplements the information contained in the rest of this Policy. This California Privacy Notice applies solely to all visitors, users, and others who reside in the State of California (“California Residents” or “you”). The Company adopts this California Privacy Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this California Privacy Notice.
Your Rights and Choices
The CCPA provides California Residents with specific rights regarding their personal information. This California Privacy Notice describes the CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
California Residents have the right to request that we disclose certain information about our collection and use of their personal information over the past 12 months. Once we receive and confirm the verifiable consumer request from you, we will disclose to you the following: 1) the categories of personal information we collected about you; 2) the categories of sources for the personal information we collected about you; 3) our business or commercial purpose for collecting or selling that personal information; 4) the categories of third parties with whom we share that personal information; 5) the specific pieces of personal information we collected about you (also called a data portability request); 6) if we sold or disclosed your personal information for a business purpose, two separate lists disclosing: a) sales, identifying the personal information categories that each category of recipient purchased; and b)
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either calling us at 502-519-8040 or emailing us at email@example.com.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: 1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and 2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
The Company endeavors to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services;
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to Our Privacy Notice
We reserve the right to amend this California Privacy Notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.
If you have any questions or comments about this California Privacy Notice, our Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 502-519-8040 firstname.lastname@example.org
Postal Address: Unitonomy Inc.
238 Pennsylvania Ave.
Louisville, KY 40206
VIII. Policy Updates
We reserve the right to make changes to this Policy and will periodically make such changes. Use of information that we collect is subject to the Policy in effect at the time of such collection. All users of the Services should regularly review this Policy for the latest information on our policies. If we make material changes to this Policy we will notify you in the Services or by other means at our discretion. You are bound by any changes to the Policy when you use the Services after such changes have been first posted.
This Policy was last revised on April 8, 2020.