PRIVACY POLICY
(Last updated and effective: 7/27/2020)
Shiny Inc. provides a collaboration platform via:
The Rock website (the "Site").
The Rock mobile and desktop application(s) (collectively, the "App").
Other related internet services (collectively, the "Service(s)").
Shiny Inc. (the "Company", "we" or "us") operates the
Service for users of the Service or the organization you represent ("you").
This Privacy Policy sets forth our policy with respect to information that is collected
from visitors to the Site and users of the App and/or Services. Under applicable law,
Shiny Inc, is the "data controller" of personal data collected through the
Services. Shiny Inc only collects the minimum amount of information necessary to
operate, develop and grow the services we build.
Information we collect
When you use our Services, we may collect information from you as described as below:
Information you provide
We collect information from you when you voluntarily provide information, for example
when you register for access to the Services or use certain Services. Information we
collect may include (but is not limited to) username, email address, and any messages,
images, or other content you share through a space, tasks, notes, files or other parts
of the Service.
Data we collect automatically
When you interact with us through the Services, we receive and store information such as
a device ID, IP address, and other information gathered commonly made available through
your browser, mobile devices, servers you use. We may store such information or such
information might be included in databases owned and maintained affiliates, agents or
service providers. The Services may use such information or this information might be
combined with other information to track specific indicators relevant to the operation
of the site. For example, to track the total number of visitors to the Site or App as
well as the number of tasks or notes users have sent.
Aggregated information
To better understand and support the users of the Service, we may conduct research on
our customer demographics, interests and behavior based on the information collected.
This research may be compiled and analyzed on an aggregate basis, and we may share this
aggregate data with our affiliates, agents, and business partners. We may also disclose
aggregated user statistics to other third parties for other lawful purposes or in order
to describe our service to current and prospective business partners.
Information through third parties
You may give us permission to collect your information in other services such as
federated authentication service providers such as Google, Microsoft or Facebook. For
example, you may connect your Google or Microsoft to your Rock account. When you do
this, it allows us to obtain information from those accounts including but not limited
to your email address, profile image, contacts and other information you explicitly
grant us access to.
Referrals
If someone has referred any of our products or services to you through any of our
referral programs, that person might have provided us your name, email address and other
potentially personal information. You may contact us at privacy@rock.so to
request that we remove your information from our database. Any information you provide
for this purpose will only be used for the specific reason for which it was provided.
Social media
When you interact or engage with us on social media sites (Facebook, LinkedIn, and
others) we may collect such publicly accessible information, including profile
information, to allow us to connect with you, improve our product, or better understand
user reactions and issues. Once collected this information may remain with us even if
you delete it from social media sites. We may also add and update information about you
from other publicly available sources.
Cookies
We utilize cookies and other similar technologies to improve and enable the Service. For
instance, to keep track of which account you have logged into and other account specific
settings. Cookies are pieces of data that sites and services can set on your browser or
device that can be referenced on future visits. In the future, we might use cookies to
save additional data to enable new features as they become available. We may use
technologies such as single pixel gifs and web beacons to record log data enabling us to
track engagement with email and specific parts of the service. You can disable cookies
before visiting our Services. However, if you do so certain features of the website
might not work correctly.
We may use other third party web analytics tools like Google Analytics on our website and
app that might employ cookies to collect specific information regarding your use of our
Service. At any time you can disable cookies in your browser settings.
Advertising
We may advertise our Service in other applications or websites. Advertising platforms,
including Google, Facebook and Twitter may provide their own services that we integrate
with our Service. These services may collect information for optimizing advertising
campaigns outside of what we monitor as part of our Service. These services are governed
by their own privacy policy and terms of service and you may be able to opt-out of any
personalized advertising provided by them through opt-out programs administered by third
parties, including the Network Advertising Initiative (NAI), the Digital Advertising
Alliance (DAA). In absence of a consistent industry-wide standard for compliance, our
Services currently do not respond to "Do Not Track" (DNT) signals and operate
as described in this Privacy Policy whether or not a DNT signal is received.
Where information is processed
Shiny Inc is based in the United States. Independent of where you are located, you
consent to the processing and transferring of your information in and to the U.S. and
other countries. The laws of the United States and other countries governing data
collection and use may not be as protective and comprehensive as the laws of the country
where you live.
Use of your information
The information you provide will be used in a manner that conforms with this Privacy
Policy. If you provide information for a certain reason, we may use the information in
connection with the reason for which it was provided. For instance, if you provide
information to gain access to the service, we will use the information you provided to
give you access to services and may monitor your use of such services. Shiny Inc and its
affiliates or subsidiaries may also use your information collected through the Services
to help us improve the content and functionality of the Services as well as to better
understand our users. Shiny Inc and its affiliates may use your information to contact
you about anything Service related, for example updates to our Service or planned
Service disruptions, as well as other services we believe might be of interest to you.
If we contact you, each marketing email or message will contain instructions allowing
you to opt-out of future marketing communications. If at any point you want to opt-out,
you can do so through our website as well as through the process indicated in this
document.
Legal bases for handling your information
Some jurisdictions require companies to tell you about the legal basis a company relies
on to use or disclose your personal data. To the extent this is applicable to you, our
legal grounds are as follows:
To honor our commitments to you
A majority of our processing of personal data is to enable the Service we provide to our
users as a result of acceptance (or expected acceptance) of our terms of service. For
instance, we handle personal data on this basis to provide our Service and create your
account.
Legitimate interests
In many cases, we handle personal data on the ground that it furthers our
legitimate interests in ways that do not override interests of fundamental
rights and freedoms of affected individuals. This includes (but are not limited
to): customer service, providing a safe and exemplary user experience, marketing
(e.g. emails to inform you about new features), customer service, safeguarding
our users/employees/property, improving and analyzing our business, managing
legal issues, consent (i.e. handling personal data on the basis of your express
or implied consent), legal compliance (i.e. fulfilling our legal obligations) or
processing job applications.
Sharing your information
We do not sell your information. The trust you have placed in us by sharing your
information with us is something we appreciate and consider this to be an
important part of our relationship with you. In certain circumstances, we might
however share your information with certain third parties:
Business Transfers
As our business matures, we might sell or buy businesses or assets. In the event of
a corporate sales/merger/reorganization/bankruptcy, dissolution or similar event,
your information may be part of any transferred assets.
Consent
We may transfer your information with your implied or explicit consent.
Related companies
For purposes consistent with this Privacy Policy we may share your information with
any affiliates, agents or subsidiaries. We might also hire other companies or
individuals to perform certain business-related activities who may use your
information to perform these activities. For example, sending out an email to inform
you about a new feature or processing payments.
Employees and independent contractors
Some employees and independent contractors have access to information covered in
this Privacy Policy on a need-to-know basis. We require all employees and
independent contractors to follow this Privacy Policy for personal information that
we share with them.
Legal Requirements
If required to do so by law or in the good belief that such an action is necessary,
we may disclose your information if such an action is necessary to (a) comply with a
legal obligation, (b) protect and defend the rights or property of the Company or
any subsidiaries or agents (c) protect the personal safety of users of the Services
or the public, or (d) protect against legal liability.
Aggregated or Non-identifiable Data
Non-personally identifiable or aggregated data may be shared with our partners
or others for business purposes.
Unsolicited information
Ideas for new products, features or improvements to existing products might be
provided by you through unsolicited submissions ("Unsolicited
Information"). All Unsolicited Information shall be deemed non-confidential and
we shall be free to reproduce, use, disclose and distribute such Unsolicited
Information to others with limitation or attribution.
Children
Our services are for users age 16 and over and we do not knowingly collect
personal information from children under the age of 16. If you are a parent of
guardian of a child under the age of 16 and believe he, she or they has
disclosed personal information to us please contact us at
support@rock.so. For residents of the European Economic Area (EAA), where
processing of personal data is based on consent, Shiny Inc will not knowingly
engage in processing for users under the age of consent established by
applicable data protection law. If we learn that we are processing data from
such users, we will halt processing and will take reasonable measures to
promptly remove application information from our records.
Third party websites
The Services may contain links to other websites not operated or controlled by
Shiny Inc. (the "Third Party Sites"). This Privacy Policy applies only
to the Services and does not apply to any Third Party Sites. The links from the
Service to any Third Party Sites does not imply that we endorse or have reviewed
the Third Party Sites. For any information about the privacy policies governing
those sites please refer directly to them.
Data retention
In general we retain personal data for so long as its relevant for the purposes
identified in the Privacy Policy. To dispose of personal data, we may anonymize
it, delete it or take other appropriate steps. Data may persist in copies made
for backup and business continuity purposes for additional time as required.
Security
We take reasonable steps to ensure that information provided via the Services
are protected from loss, misuse, and unauthorized access, disclosure,
alteration, or destruction. However, no internet or email transmission is ever
fully secure or error free.
Your data rights and choices
Individuals in the European Economic Area (EEA), California, Canada, Costa Rica
and some other jurisdictions outside of the United States have certain legal
rights to obtain confirmation of whether we hold personal data about them, to
access personal data we hold about them, and to obtain its correction, update,
amendment or deletion in specific circumstances. They may also object to our
uses or disclosures of personal data, to request a restriction on its processing
or withdraw any consent even though most of these actions will not apply
retroactively. These rights will also not affect our ability to continue
processing data for lawful purposes.
How can I access personal data you have about me?
If you would like to submit a data access request, send an email to
support@rock.so with "Personal Data Request" in the subject
title. After verification of your identity, we will then follow up with details
around how to start the process and access the personal data we have on you within
45 days. If we require more time (up to 90 days), we will inform you in writing. We
cannot respond to your request, if we cannot verify your identity or if your request
lacks enough details to help us handle this request.
How do I correct, update, amend or delete the personal data you have about me?
If you would like to submit a data access request, send an email to
support@rock.so with "Personal Data Request" in the subject
title along with an explanation of what data subject right you are seeking to
exercise. After verification of your identity, we will then follow up with details
around how to start the process and access the personal data we have on you within
45 days. If we require more time (up to 90 days), we will inform you in writing. We
cannot respond to your request, if we cannot verify your identity or if your request
lacks enough details to help us handle this request.
How do I object or restrict the manner in which Shiny Inc processes my personal
data?
You have a right to ask us to stop using or limit our use of your personal data in
specific circumstances, for instance if your personal data is inaccurate or if we
have no lawful basis to keep using your data. We also offer constituents of the EEA
the right to opt out of all our processing of their personal data for direct
marketing purposes. To exercise this right click the "Unsubscribe" link in
any of our marketing emails or through the email subscription page on our website.
The rights and options described in this Privacy Policy are subject to
limitations and exceptions under applicable law. In addition to these rights,
you have the right to lodge a complaint with the relevant supervisory authority.
We do encourage you to contact us first so we can do our best to resolve any of
your concerns.
California Privacy Rights
If you are a consumer residing in California you are afforded additional rights with
respect to your personal information through the California Consumer Privacy Act
("CCPA") and the "Shine the Light" law.
Our collection and Use of Personal Information
The following categories of personal information are collected as part of
running the Service: identifiers (such as username, the email address you used to
sign up, your phone number if you provided this), commercial information (a record
of what you have bought from or subscribed to), financial data (payment information
if you bought anything from Shiny Inc.), internet or other network or
computer/device information (how you interact with the Service), location
information (based on IP address which may indicate approximate location, inference
data about you, and other information that identifies or reasonably associated with
you. We collect personal data for business and commercial purposes as described in
"Use of your information" section above. For examples of
data points we collect and the sources of such collection please refer to the
"Information we collect" section above.
Disclosure of Personal Information
Your personal information may be shared with third parties as described in our
"Sharing your information" section in this document. We
disclose the categories of personal information mentioned above for business or
commercial purposes.
No sale of Personal Information
We do not sell personal information of our users. As a result, certain obligations
as laid out in the California Consumer Privacy Act are not relevant to our business.
Exercising Your Consumer Rights
If you are a California resident, you have the right to request (a) more
information about the categories and specific pieces of personal information we
have collected and disclosed for a business purpose in the last 12 months (b)
deletion of your personal information (c) opt out of sales of your personal
information, if applicable. These requests can be made as detailed in
"Your data rights and choices" section above. We will
not discriminate against you if you exercise your rights under the California
Consumer Privacy Act.
Changes to this privacy policy
We reserve the right to update or modify this Privacy Policy at any time and from
time to time without prior notice. We kindly ask you to review this policy
periodically, and especially before you provide any personal information. This
Privacy Policy was last updated on the date indicated in the section above. Your
continued use of the Services after any changes or revisions to this Privacy Policy
shall indicate your agreement with the terms of such revised Privacy Policy.
Contact us
Feel free to contact us if you have any questions about this Privacy Policy or the
information practices of Shiny Inc and the Services we provide. You may reach us as
at: privacy@rock.so.
|