UPDATED ON NOVEMBER 29TH, 2018
In simplified form (greater detail is below), our Policy can be summarized as follows:
We may collect some information about you, as described in this Policy, but you have some choices about how much you share about yourself.
We do not knowingly collect information from children under 13 years of age.
We will not sell your personal information but may share such information with our vendors and our Clients in connection with providing the Services.
If we use a third party to assist us, they will be bound to protect your information.
We may collect, use and share aggregate, anonymous information about our users.
In certain legal situations, we may be compelled to disclose your personal information.
If you are outside the United States, you understand and agree that we may store your information in the United States.
We participate in, and comply with, the EU-US Privacy Shield Principles and the Swiss-US Privacy Shield Principles (the “Privacy Shield Principles”) regarding the collection, use, sharing, and retention of personal information from the European Union and Switzerland.
This Policy applies to your use of the Services, whether you are Client or an End User of the Services, including in connection with one or more events (each, an “Event”). Please read this Policy carefully, as it describes how we collect, use and share your information. By accessing and interacting with the Services, you consent to this Policy.
If you are an End User, you acknowledge that we will share your information, including your personally identifiable information, with our Client(s) as specified in this Policy for the purpose of providing the Services, including in connection with one or more Event(s) that you may attend.
Information you provide as you use the Services. When you register for an Attendify account, you must provide us with certain personal information about yourself, such as name and email address. You may also voluntarily choose to provide us with personal information as you use the Services, including, without limitation, by completing your profile and registering for and interacting with others in connection with one or more Events. This may include personal information about you, such as your address, phone number and company name (if you are a Client). If you correspond with us by email, we may retain the content of your email messages, your email address and our responses. We may also retain any messages you send through the Service.
Information we collect from you passively. We automatically collect certain information about you as you use the Services, including, without limitation, through cookies on the Attendify website and in-app tracking when you use our Apps. This may include information about your device (such as your Unique Device Identifier), your location, your Internet usage, and how you interact with the Services. This may include information about the way you use the Services, the parts of our Services you use and third party apps or websites you visit when you leave our Services.
Information we collect from third parties. If you are an End User, we may receive information about you from a Client, and we may collect information from your social media accounts if you choose to give us permission to access your social media accounts. We may also work with third parties who collect information about you when you use our app. For example, our vendors might use scripts or other tools to track your activities on our Services. They may do this to make sure our Services function properly.
We use information to administer and provide the core functionality of the Services. For example, we use your information, such as your contact information, in connection with any Events for which you register.
We use information to improve our products and services. We may use your information to make our website, apps and products better. We might use your information to customize your experience with us.
We may use information to respond to your requests or questions. For example, we might use your information, such as your email address, to respond to your customer questions or feedback.
We may use information to communicate with you about your account or our relationship. We may contact you about your account or feedback. We might also contact you about this Policy or our app Terms of Service, found at https://attendify.com/terms_of_service/
We may use information for security purposes. We may use information to protect our company, a Client, and/or our website and apps.
We may use information for promotional purposes. For example, we might provide you with information about new features, updates, new products or special offers from time to time. If you prefer not to receive promotional messages from us, please read the choices section below in Section 5.
We will share information to provide the functionality of the Services. These are third parties who perform services on our behalf. For example, we may share information with external social media services if an End User elects to cross-publish a post. We may also share information with our vendors who provide payment processing, hosting, customer support, email marketing and other services to us. If you are an End User, we will also share your information (including your contact information and information about your engagement on the Services) with the Client associated with your account in order to provide the functionality of the Services. The Client may contact you in relation to one or more Events for which you have registered (including through push notification on your device), or for their own marketing and promotional purposes.
We may share information to comply with the law. We will also share information if we think we have to in order to comply with the law or to protect ourselves. For example, we will share information to respond to a court order, subpoena, or a request from a government agency or investigatory body. We might also share information when we are investigating potential fraud.
We may share information with any successor to all or part of our business. For example, if all or a part of our business was sold, we may share information as part of that transaction.
We may otherwise share information with your permission.
You can opt out of receiving our promotional emails. To stop receiving our promotional emails, follow the instructions in any promotional message you get from us. Even if you opt out of getting marketing messages, we will still send you transactional messages. These include responses to your questions.
You can control cookies and other browser-based tracking tools. For example, your browser may give you the ability to control cookies or other browser-based tracking tools. Please note that if you block cookies, certain features on the Attendify website may not work.
Our Do Not Track Policy: Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals.
You can control tools on your mobile devices. For example, you can turn off the GPS locator or push notifications on your phone. Please note that turning off certain tools on your mobile device may affect the functionality of certain features of the Services.
Our Services are meant for use by adults only. We do not knowingly collect personally identifiable information from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 13 has given us information, you can email us at firstname.lastname@example.org. You can also write to us at the address listed at the end of this Policy. Please mark your inquiries “COPPA Information Request.” Parents can learn more about how to protect children's privacy on-line here.
We keep your personal information as long as necessary to provide the functionality of the Services, or as otherwise required by law. If you would like to access your information or would like us to delete or modify your information, you may contact us by email at email@example.com, or you may write to us at the address listed at the end of this Policy. However, we may also keep your information as otherwise required by law.
To continue to provide an effective service, we may store non-personally identifiable information perpetually and may anonymize your personally identifiable information and store that anonymized information perpetually. Additionally, we use third-party services and do not control their practices related to storage and retention of your information.
We use reasonable efforts to secure your information and to attempt to prevent the loss, misuse, and alteration of the information that we obtain from you. However, the Internet and mobile apps are not 100% secure. We cannot promise that your use of our Services will be completely safe. We are not responsible to our users or to any third party due to any such loss, misuse, or alteration of data, except to the extent required by the Privacy Shield Principles or applicable law. We encourage you to use caution when using apps and the Internet. This includes not sharing your passwords. To learn more about how to protect yourself online, visit www.ftc.gov.
If you have any questions about this Policy or want to correct or update your information, please email us at firstname.lastname@example.org.
You can also write to us or call at:
This Policy may be updated from time to time, but the changes will not apply retroactively. If you continue to use the Services after such become effective, you will be bound by the updated Policy.
We will notify you of any material changes to our Policy as required by law. We will also post an updated copy on our website (www.attendify.com) and app. Please check our website and app periodically for updates.
If you reside in California, you have the right to ask us one time each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please send us an email at email@example.com, or write to us at the address listed at the end of this Policy. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.
Data Protection Laws. If you are a resident of the European Union (“EU”) or Switzerland, you are entitled to certain protections under the EU’s General Data Protection Regulation (“GDPR”) and/or other applicable laws (collectively, the “Data Protection Laws”), and this section applies to your use of the Services. As used in this section, the terms “processing,” “processor,” “controller” and “personal data” have the meaning given to them in the Data Protection Laws.
How we obtain your personal data. Generally, we obtain your personal data from you because you want to use the Services. In order to use the Services (for example, to attend a Client’s Event), you will need to register for the Services and create an Attendify account. Without providing this information, you will not be able to use the Services. You may also voluntarily provide additional personal data in order to make greater use of the Services, and we may collect personal data about you (such as your IP address) to provide the functionality of the Services. Finally, we may obtain your name, contact information, employment information, biographical information and other personal data about you from a Client in connection with one or more Events. Please refer to the section of this Policy titled “We collect information from and about you” for more information.
Our role with respect to your personal data. When we process your personal data on behalf of our Client for the purpose of providing the Services, we act as a processor of your personal data, as defined under the Data Protection Laws. In such situations, the controller(s) of your personal data, as defined under the Data Protection Laws, are any Client(s) who organize any Event(s) which you attend. You may be able to find the contact information of the relevant Client by looking at the Event they posted. However, when we process your personal data for our own purposes (such as improving the Services and making the Services available to you beyond a particular Client’s Event), we may be considered the controller of your personal data for purposes of such processing.
Purposes and legal bases for processing. Your personal data will be processed for the purposes described in this Policy. Refer to the section titled “We use information about you as disclosed and described here” for how we process your personal data, and to the section titled “We use information about you as disclosed and described here” for how our Clients may process your personal data. The legal grounds for our processing, and our Clients’ processing, of your personal data are:
first and foremost, you provided your consent by agreeing to this Policy, which you may withdraw at any time by emailing us at firstname.lastname@example.org;
it is necessary for our contractual relationship;
it is necessary for us to comply with our legal or regulatory obligations; and/or
the processing is in our legitimate interest as a provider of the Services. Such interests include the protection of the security and integrity of our systems, our direct marketing (which you can opt out of) and providing you with customer service and the core functionality of the Service.
Categories of recipients of personal data. Your personal data will be shared by us described in this Policy. See the section titled “We may share information with third parties” for more details. The categories of recipients generally include: any Client(s) whose Event you sign up for or attend, our vendors who make it possible for us to provide the Services, any successor to our business and any governmental authority in compliance with the law.
Period for which personal data will be stored. We will store your personal data as long as necessary to provide the functionality of the Services. For example, we may store your personal data as long as your personal data is posted on or connected with any Events that you have attended, and/or as long as the Client is using such data for their own business purposes. We may also store your personal data as long as required by law.
International transfer of personal data. Please also note that you are transferring your personal data outside of those regions to the United States of America (“US”) for storage and processing. By providing any personal data on or to the Services, you consent to such transfer, storage, and processing.
EU-US Privacy Shield. We participate in, and comply with, the Privacy Shield Principles regarding the collection, use, sharing, and retention of personal data from the EU and Switzerland. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Our participation in Privacy Shield applies to all personal data that is subject to this Policy and is received from the EU or Switzerland. We will comply with the Privacy Shield Principles in respect of such personal data.
To learn more about Privacy Shield, please visit: https://www.privacyshield.gov/. To view a list of companies that have certified that they adhere to the Privacy Shield principles, please visit: https://www.privacyshield.gov/list. If you have a Privacy Shield-related question or complaint, please contact us at email@example.com, or write to us at the address listed at the end of this Policy.
Disputes with us. As part of our participation in Privacy Shield, if you have a dispute with us about our adherence to the Privacy Shield Principles, we will seek to resolve it through JAMS, an independent alternative dispute resolution body based in the US. To make a claim with JAMS under the Privacy Shield Principles, please visit https://www.jamsadr.com/eu-us-privacy-shield.
In certain circumstances, you may have the right to invoke binding arbitration under Privacy Shield, as described in Annex I to the Privacy Shield Principles, which can be found at the following URL: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
As a Privacy Shield participant, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission and other authorized statutory bodies. Under certain circumstances, we may be liable for the transfer of personal data that we receive and subsequently transfer to a third party, as described in the Privacy Shield Principles.
Additionally, please note that, if you believe that any processing of personal data relating to you infringes the Data Protection Laws, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work or place of an alleged infringement.
Your rights. Finally, you may have certain rights under the Data Protection Laws with respect to your personal data. Such rights may include, but are not limited to, the right to request access to your personal data, that your personal data be corrected or deleted, to restrict the processing of your personal data or to object to processing of your personal data. To exercise such rights, you may contact us at firstname.lastname@example.org or write to us at the address listed in this Policy. Specifically, and without limiting your rights under the Data Protection Laws, you may do any of the following:
request access to your personal data to be able to correct, amend, or delete such personal data where it is inaccurate or has been processed in violation of the Privacy Shield Principles,
request that your personal data not be used for a purpose that is materially different from the purposes for which it was originally collected or for purposes subsequently authorized by you; or
request that we do not disclose your personal data to third parties (other than those that are acting as our agent to perform tasks on our behalf, such as payment and data processors). However, as the core functionality of the Services require that we share your personal data with Clients, you will not be able to use the Services if you request that we not disclose your personal data to Clients.
Government requests. As described in this Policy, we may share personal data with third parties and may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.