LAST UPDATED: April 3, 2019
Please note that this Policy does not apply to your use of third-party sites, services, or applications you may access through the Services. We encourage you to review the privacy policies of those third parties for more information regarding their privacy practices.
This policy applies in circumstances where we are acting as a data controller with respect to the Personal Information (as defined herein) of Users of our Services; in other words, where we determine the purposes and means of the processing of that Personal Information.
INFORMATION WE MAY COLLECT
We collect information you provide directly to us when using the Services. For purposes of providing the Services to you, we collect certain information that can identify you (“Personal Information”), such as your name and contact information (email, address, company affiliation and phone number), as well as financial information such as credit card details. Personal Information also includes, for purposes of this Policy, the definition of personal data as such term is defined in Article 4(1) of the GDPR. We will never sell, rent, trade or use your Personal Information other than as specifically needed to provide the Services specifically requested by you. The Boring Lab discloses Personal Information only to those of its employees, contractors, affiliated organizations and subcontractors that (i) need to know the information in order to process it on yours and our behalf, and (ii) that have agreed in writing to non-disclosure restrictions at least as strong as those herein.
When you access or use the Services, we automatically collect information about you, including some or all of the following:
- Log Information: We log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to the Services. Publicly available tools can sometimes provide the approximate location for IP addresses.
- Device Information: We collect information about the computer or mobile device you use to access the Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
- Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored in device memory that help us to improve the Services and your experience, see which areas and features are popular, and count visits. We may also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in the Services or emails and help deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.
We also may collect other types of information in the following ways when you visit or use the Services:
- Details of how you used and interacted with the Services, such as your search queries and how you responded to certain questions.
- Device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- Our server logs automatically collect information, such as your IP address, your browser type and language, and the date and time of your visit, which helps us track your movements around the Services and understand trends.
- Information We Collect From Other Sources
We may also obtain information from other sources and combine that with information we collect through the Services. For example, we may collect information about you from third parties who provide services on our behalf, such as maintaining and monitoring usage of the Services and processing payment transactions.
We may use information about you for various purposes, including the following:
- Provide, maintain, and improve the Services;
- Provide and deliver the products and services you request, process transactions, and send you related information;
- Verify your identity and, if applicable, authorization for you to use the Services;
- Process payment for Services you order;
- Manage your account;
- To prevent or address service, security, technical issues or at your request in connection with customer support matters;
- Respond to your comments, questions, and requests;
- Send you technical notices and other administrative messages;
- Communicate with you about products and services, offered by us or others, and provide news and information we think will be of interest to you;
- Monitor and analyze trends, usage, and activities in connection with the Services;
- Conduct research, analysis, and surveys;
- Personalize and improve the Services and provide content or features that match user profiles or interests;
- Enforce our Terms of Service / End User License Agreement;
- Link or combine with information we get from others in connection with the Services; and
- Carry out any other purpose for which the information was collected.
This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable User of the Services. For example, we may use User data to generate, among other things, statistics about Users, their profession or industry, or the demographic distribution of Users.
- With vendors, consultants, subcontractors and other service providers who need access to such information to carry out work on our behalf. These parties only have access to such information as necessary to perform their functions and may not use it for any purpose other than to provide services to us;
- In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process, or as otherwise required by any applicable law, rule, or regulation;
- If we believe your actions are inconsistent with the spirit or language of our User agreements or policies, or to protect the rights, property, and safety of you, us, or others;
- In connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company;
- With your consent or at your direction.
We will retain your Personal Information for the period of time that is necessary to fulfil the original purposes for which it has been collected. Please keep in mind that, in certain cases, a longer retention period may be required or permitted by law or to allow us to pursue our business interests, conduct audits, comply with our legal obligations, enforce our agreements or resolve any dispute.
The criteria used to determine our retention periods include:
- Time needed to provide you with our Services or to operate our business.
- Whether your account with us is active. You may contact us to make your account inactive at any time.
- Legal, contractual, or similar obligations to retain your data, such as mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of contract or litigation.
Please note that we are not responsible for storing any information that you provide to us or for any content or information that we provide to you. You are solely responsible for retaining backup files of any information and content that you provide or receive in connection with the Services.
We work hard to protect your information and take appropriate commercially reasonable physical, electronic, and other security measures to help safeguard information and data from loss, unauthorized access, alteration, misuse or disclosure. Our security practices include:
- Encrypting many of our Services using SSL;
- Frequent review of information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We secure access to all transactional areas of our websites and apps using ‘https’ technology.
- Access to your Personal Information is password-protected, and sensitive data (such as payment card information) is secured and tokenised to ensure it is protected.
- We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
- Physical safeguards, with locked doors and file cabinets, controlled access to our facilities and secure destruction of media containing your Personal Information
- Technology safeguards, like the use of anti-virus and endpoint protection software, and monitoring of our systems and data centers to ensure that they comply with our security policies
- Organizational safeguards, like training and awareness programs on security and privacy, to make sure employees understand the importance and means by which they must protect your Personal Information
No method of transmission over the Internet or method of electronic storage is 100% secure, however. Therefore, we cannot guarantee its absolute security.
The Boring Lab does not seek to collect sensitive Personal Information (also known as special categories of data as defined in Article 9 of the GDPR). If we do so we will always collect the data in accordance with applicable data privacy requirements. If you choose to provide us with unsolicited sensitive Personal Information, you will be asked to consent to our processing of such data on a case-by-case basis by using a specific express consent form.
The Boring Lab reserves the right to change, modify, add, or remove portions of this Policy at any time and without prior notice, and any changes will become effective immediately upon being posted unless we advise you otherwise. However, we will not use your Personal Information in a way that is materially different than the uses described in this Policy without giving you an opportunity to opt out of such differing uses. Your continued use of the Services after this Policy has been amended shall be deemed to be your continued acceptance of the terms and conditions of the Policy, as amended. We encourage you to review this Policy regularly.
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an email to firstname.lastname@example.org.
The Services are intended for users who are eighteen (18) years of age and older. If you are under the age of eighteen (18), you are not permitted to submit any Personal Information to us. If you believe we might have any information from or about a child under eighteen (18), please contact us at email@example.com.
By using our services or providing your Personal Information to us, you expressly consent to the processing of your Personal Information by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Sometimes we’ll need to transfer your Personal Information between countries to enable us to supply the Services you’ve requested. In the ordinary course of business, we may transfer your Personal Information from your country of residence to ourselves and to third parties located in and outside the United States.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your Personal Information outside your country of residence for our ordinary business purposes.
This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your Personal Information on servers in the United States or in other countries.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your Personal Information in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your Personal Information.
Access and Control of Your Personal Information
You may request updates, corrections or deletions of Personal Information at any time by contacting us at firstname.lastname@example.org. Whenever you have given us your consent to use your Personal Information, you have the right to change your mind at any time and withdraw that consent.
- Access to personal information: you have the right to request what Personal Information we hold about you subject to our right to identity verification. If you request a copy of your data, we may charge you a fee, except where this is not permissible under applicable law.
- Correction and deletion: in some jurisdictions, including the EU (according to data protection laws for data subjects in the EU), you have the right to correct or amend your Personal Information if it is inaccurate or needs to be updated. You may also have the right to request the deletion of your Personal Information, however this may not be always possible due to legal requirements and other obligations to keep such data. If we are asked to delete your data, we may keep some minimal information about you to be able to demonstrate that we have fulfilled our obligations.
- Filing a complaint: In some jurisdictions, including according to data protection laws in the EU for complaints issued from subjects in the EU, you have the right to lodge a formal complaint with a data protection authority.
- Marketing preferences: We may send you marketing communications about our services, via different channels such as email, phone, SMS, postal mailings and third-party social networks, in accordance with relevant marketing laws. When required by applicable law, we will obtain your consent before starting these activities.
You may opt out of receiving marketing communications from us by following the instructions in those communications or by emailing us at email@example.com. In such cases, we will retain minimum Personal Information to note that you opted out in order to avoid contacting you again. Please note that even if you opt out from receiving marketing communications, we may still send you administrative communications, such as technical updates for our Services, order confirmations, notifications about your account activities, and other important notices.
If you have any questions about this Policy, or our information practices, please contact us by email at firstname.lastname@example.org.