- 1. General Statements
- 2. Information About Us and this Privacy Policy
- 3. What Data Are We Collecting About You?
- 4. Use of Cookies on Our Websites
- 5. How We Collect Personal Data
- 6. Why (and How) We Use Personal Data
- 7. Marketing our Products
- 8. Disclosures of your personal data
- 9. International transfers
- 10. Data security
- 11. Your legal rights
- 12. Third Party Services
- 13. Contact Us
- 14. Further Reading
- 15. International Rights
- 16. Your California Privacy Rights
- 17. Modifications
- 18. Change Log
Web Privacy Policy
You may know that there are laws about how businesses can collect and use information from their customers, app users, or anyone visiting their website. These laws set different requirements, but they all relate to the same idea, which is that you have the right to know what information you’re sharing with us, what we’re doing with it, and why. When the information that we collect identifies you or your household—or if it could identify you or your household—it’s called “personal data.” We want to and are required to protect your personal data. Our Privacy Policy explains how we try to do so, but it’s a long document with a lot to discuss. So, you can:
- Go to the section that has the topic you’re interested in;
- Use a keyword search for your topic; or
- Get in touch with us to ask a question, ask us to show you the data we have about you, or ask us to delete your personal data.
1. General Statements
1.1 This is the Privacy Policy for CollaborationRoom.Ai., but we’ll refer to ourselves as “CollaborationRoom,” or “the Company,” or use “we/us/our” pronouns.
1.2 We have a Privacy Policy for a few reasons. First, it’s required by law. Second, and more importantly, we want you to understand how we use data so you can make an informed decision about how you share with us, what you share with us, and how we use your information. Finally, our Privacy Policy sets internal rules for how we use data and it holds us accountable: if we don’t tell you what we’re doing here, in the Privacy Policy, we won’t do it at all unless we specifically obtain your permission.
1.3 We want this Privacy Policy to be understandable on its own, but there are concepts, terms, and phrases that have specialized meaning because they come directly from privacy laws. You can look at the “Further Reading” section to get a clearer idea of what these terms mean.
1.4 We operate in more than one country and specific laws in many places require that specific things are included within a privacy policy. We believe that including all these requirements throughout a privacy policy makes it harder for normal people to read. As such, we made the decision to write this Privacy Policy in the clearest way that we can and included the specific international legal requirements in the “International Rights” section at the end of this Privacy Policy.
1.5 In some sections below we refer to “GDPR art.” and then mention some numbers and letters. Where we do this, we are referencing a specific article within the European Union’s General Data Protection Regulation (or GDPR) that permits us to collect and use your data in a specific way. We do this for two reasons: (1) because we are required to under GDPR and (2) because GDPR is generally considered to be the one of the highest standards of privacy law in the world and we want you to know that, irrespective of where you live, we are applying the highest standards when it comes to your personal data.
1.2 We have a Privacy Policy for a few reasons. First, it’s required by law. Second, and more importantly, we want you to understand how we use data so you can make an informed decision about how you share with us, what you share with us, and how we use your information. Finally, our Privacy Policy sets internal rules for how we use data and it holds us accountable: if we don’t tell you what we’re doing here, in the Privacy Policy, we won’t do it at all unless we specifically obtain your permission.
1.3 We want this Privacy Policy to be understandable on its own, but there are concepts, terms, and phrases that have specialized meaning because they come directly from privacy laws. You can look at the “Further Reading” section to get a clearer idea of what these terms mean.
1.4 We operate in more than one country and specific laws in many places require that specific things are included within a privacy policy. We believe that including all these requirements throughout a privacy policy makes it harder for normal people to read. As such, we made the decision to write this Privacy Policy in the clearest way that we can and included the specific international legal requirements in the “International Rights” section at the end of this Privacy Policy.
1.5 In some sections below we refer to “GDPR art.” and then mention some numbers and letters. Where we do this, we are referencing a specific article within the European Union’s General Data Protection Regulation (or GDPR) that permits us to collect and use your data in a specific way. We do this for two reasons: (1) because we are required to under GDPR and (2) because GDPR is generally considered to be the one of the highest standards of privacy law in the world and we want you to know that, irrespective of where you live, we are applying the highest standards when it comes to your personal data.
2. Information About Us and this Privacy Policy
2.1 This Privacy Policy outlines how we collect and process your personal data through your use of our website, app, or any other services sponsored or controlled by us (an in-person survey, for instance). In other words, if we’re collecting personal data in any form, this Privacy Policy applies.
2.2 Along those lines, CollaborationRoom is the “Controller” of the personal data it collects, which means we are the entity that decides how to collect, process, and use the personal data. 2.3 We’ll provide links to this Privacy Policy wherever we can – on our websites, in an app or service, etc. You should read this Privacy Policy, think about it, ask questions, and decide if you’re comfortable with it. Also read our Terms and Conditions, which control how we provide our services, and any other notices or policies we post, so that you can make an informed decision about interacting with us.
2.4 When we make a change to this Privacy Policy, we’ll post a notice for you to review. This Privacy Policy was last changed on 25 November, 2023.
2.5 We are not responsible, though, for links to third party sites that we present to you, either on this website or in the app. Once you access sites or apps via those links, our Privacy Policy no longer applies, and so you’ll need to read their privacy policies as well.
2.2 Along those lines, CollaborationRoom is the “Controller” of the personal data it collects, which means we are the entity that decides how to collect, process, and use the personal data. 2.3 We’ll provide links to this Privacy Policy wherever we can – on our websites, in an app or service, etc. You should read this Privacy Policy, think about it, ask questions, and decide if you’re comfortable with it. Also read our Terms and Conditions, which control how we provide our services, and any other notices or policies we post, so that you can make an informed decision about interacting with us.
2.4 When we make a change to this Privacy Policy, we’ll post a notice for you to review. This Privacy Policy was last changed on 25 November, 2023.
2.5 We are not responsible, though, for links to third party sites that we present to you, either on this website or in the app. Once you access sites or apps via those links, our Privacy Policy no longer applies, and so you’ll need to read their privacy policies as well.
3. What Data Are We Collecting About You?
3.1 Not all data is “personal data” under the law, but much of it is, and more than you might think. Because we operate in more than one country, we’ve taken the approach that the broadest definition of personal data is best, because it allows us to explain what we collect more simply. And so, for our purposes, personal data is:
Any information that can, either alone or with other information, be used to identify an actual human person or their household.
3.2 These are the categories of personal data that we collect:
3.4 Unless you’ve provided us with informed consent of your willingness to participate in a survey or study, we will not solicit any sensitive categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, or information about criminal convictions or offenses.
3.2 These are the categories of personal data that we collect:
- “Basic Data” means your name, your email address, your physical address, your phone number, and similar data related to your business (phone, address, title). Basic Data is collected in the course of setting up your account. You will be required to provide Basic Data to use some of our services, such as registering, setting up accounts, providing feedback, dealing with customer service, and the like.
- “Purchase Data” is all Basic Data plus credit card or payment information, and any ID you’ve used to verify your identify, your account, your service usage, any claims or issues you’ve reported to us related to your service, and any other information related to your purchase of a service from us. Purchase Data is collected only if you elect to provide it to us in the course of using our services. You may be required to provide Purchase Data to use some of our services, such as completing purchases from our website, receiving customer support and making a claim.
- “Diagnostic Data” means all the basic information we collect about your use of a service and how well they are working. This includes, for example, when you log in, which software version you have installed, operating system, battery level, service features used, when you open or close the session, etc.
- “Technical Data” means any information we collect as we operate our websites and apps, like your IP address when you connect to our websites, your mobile device identifier, what browser you used to access our site and what operating system you’re using, the movement of your mouse on the screen (mouse hovers and clicks, for example) the length of time you spend on our website or app, any extensions or apps you pair with ours.
- “Usage Data” means Recognition Data, Session Data and Location Data. We collect Usage Data automatically.
- “Recognition Data” is data we collect to validate that you are the person appearing on screen in order to validate your identity and when you are in a session. We intermittently capture this biometric data during the course of your use of the services in order to perform this task, and for no other reason. We do not store your biometric data internally; instead, we create a hashed key of your biometric markers (in other words, coded information about your appearance) that validates that you are on screen. We don’t use Recognition Data in any other way..
“Session Data” means any and all activity you generate during your use of our service, including activity, productivity, results, error rates, engagement, text, vocal commentary or input, and anything else you do during a session.
“Location Data” means the location that you share with us from your mobile/desktop device when you use the service. Location Data comes in two forms: (1) IP address; and (2) GPS location. We can use your IP address to understand your location when you use the service, however, we don’t use your IP address to track or record your specific location permanently, just to ensure that you are logging in from an authorised and approved location. GPS location is a very precise record of your location based on your mobile/desktop device’s GPS coordinates - “Profile Data” means the more detailed profile information that you’ve set up and shared with us. Your profile data includes your account id, your password, your activity while logged in (including sessions, ratings, notes, submissions, comments, and feedback), social media posts, activity and history, and related data. Profile Data is collected only if you elect to provide it to us in the course of creating and using an account profile.
- “Feedback and Marketing Data” means information that we collect to suggest new products or services that you might find interesting. This includes any surveys or questionnaires we conduct (whether they’re in an email, on our website, in the app, or at a physical location). Feedback and marketing data also means all other forms of personal data, your preferences when it comes to how, when, and why we communicate with you about our products and services, and any interactions you have with our marketing materials (for instance, whether you opened a survey or responded to an in-store questionnaire). Feedback and Marketing Data is collected whenever you provide the types of feedback described in the section or interact with our marketing materials.
- “Third Party Data” means any personal data about you that we obtain – whether by purchasing it or simply receiving it – from anywhere outside of CollaborationRoom. We don’t control how those third parties get their data about you, but we won’t take any personal data about you from a third party unless they can prove to us that they had your data lawfully and properly in the first place and are permitted to share it with us. Oftentimes, but not always, this data is publicly available information like an address, business title, or social media profile.
- “Commercial or Employment Data” means any personal data that we obtain about our partners, vendors, contractors, counterparties, or anyone that we do business with. This is not a category that includes data we collect about our customers, nor is it the data we collect about our employees (which is governed by our own internal privacy policy). Instead, this is the data we collect in the operation of our business, and includes any personal data that we collect and process in the course of dealing with non-customers in California.
3.4 Unless you’ve provided us with informed consent of your willingness to participate in a survey or study, we will not solicit any sensitive categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, or information about criminal convictions or offenses.
4. Use of Cookies on Our Websites
Cookies are small, unique strings of code stored on your computer that make it easier for you to use our site and help us improve site functionality and security. We may use both session cookies (which expire once you close your browser) and persistent cookies (which stay on your computer until you delete them).
We may use our own proprietary cookies, as well as cookies hosted by third party vendors. These cookies include non-personally identifiable information that allows advertisers and content owners to provide a more customized web experience. They may be used to tailor content on our site as well as on sites you may visit in the future. They may collect data such as your browser type, your operating system, Web pages visited, time of visits, content viewed, and other clickstream data.
When you visit our web sites or open a marketing email you have received from us, we or one of our partners may place or recognize a unique cookie on your browser. These cookies, which do not contain personally identifiable information, enable us to send you messages about our services, customize our services and gather analytics about our web traffic. Additionally, emails we send to you may contain a bit of code known as a “web beacon.” This code helps us understand the time and date that a user has opened an email and when he/she has used a link within the email to visit a website, allowing us to collect analytics about our traffic, customize our services, and send you messages about our services. You can disable our web beacons by turning images “off” in your email client (e.g., Outlook, Outlook Express).
We may also use cookies to automatically collect information about your computer when you visit our sites, and automatically store it in log files. This may include the type of browser software you use, the operating system you are running, the website that referred you, and your Internet Protocol (“IP”) address. The information generated by the cookies about your use of our websites is transmitted to service providers and used to evaluate your visits to the sites and to compile analytical and statistical reports on website activity and other data for Collaborationroom.AI
You, through your browser, may reject the use of, or delete, cookies, but this may prevent the best end-user experience for you on our website. Additionally, if you wish to opt out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser.
We may use our own proprietary cookies, as well as cookies hosted by third party vendors. These cookies include non-personally identifiable information that allows advertisers and content owners to provide a more customized web experience. They may be used to tailor content on our site as well as on sites you may visit in the future. They may collect data such as your browser type, your operating system, Web pages visited, time of visits, content viewed, and other clickstream data.
When you visit our web sites or open a marketing email you have received from us, we or one of our partners may place or recognize a unique cookie on your browser. These cookies, which do not contain personally identifiable information, enable us to send you messages about our services, customize our services and gather analytics about our web traffic. Additionally, emails we send to you may contain a bit of code known as a “web beacon.” This code helps us understand the time and date that a user has opened an email and when he/she has used a link within the email to visit a website, allowing us to collect analytics about our traffic, customize our services, and send you messages about our services. You can disable our web beacons by turning images “off” in your email client (e.g., Outlook, Outlook Express).
We may also use cookies to automatically collect information about your computer when you visit our sites, and automatically store it in log files. This may include the type of browser software you use, the operating system you are running, the website that referred you, and your Internet Protocol (“IP”) address. The information generated by the cookies about your use of our websites is transmitted to service providers and used to evaluate your visits to the sites and to compile analytical and statistical reports on website activity and other data for Collaborationroom.AI
You, through your browser, may reject the use of, or delete, cookies, but this may prevent the best end-user experience for you on our website. Additionally, if you wish to opt out of Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser.
5. How We Collect Personal Data
We collect personal data in a variety of ways, depending on how you interact with us, including:
5.1 Direct interactions. You may give us your Basic, Purchase, Product, Usage, Profile, or Feedback and Marketing Data, by interacting with us, as when you:
5.3 From third parties or publicly available sources. We may receive personal data about you from various third parties and public sources. That includes, among others, our third-party vendors for:
5.1 Direct interactions. You may give us your Basic, Purchase, Product, Usage, Profile, or Feedback and Marketing Data, by interacting with us, as when you:
- use our services;
- create an account or profile;
- download, update or use our products;
- use our services on more than one device;
- sign up to receive information, including marketing information, from us;
- make a claim against us or communicate with us about your service;
- contact customer support or request technical assistance;
- contact us via social media accounts or our website(s);
- enter a promotion or survey;
- engage in a commercial transaction or relationship with us as a business entity, contractor, vendor, or other third party;
- give us feedback or reviews; or
- apply and/or interview for a job with us.
5.3 From third parties or publicly available sources. We may receive personal data about you from various third parties and public sources. That includes, among others, our third-party vendors for:
- completing sales;
- monitoring activity on our website, including user interaction and fraud prevention; and
- identity validation.
6. Why (and How) We Use Personal Data
6.1 As mentioned above, there are several lawful justifications for using your personal data in certain situations. Our promise to you is that we will only use personal data when we have a lawful justification for doing so. In some situations, the only lawful justification for using your personal data is when you provide us with your consent to use your personal data. If you ever give us your consent to use your personal data, don’t worry, you are not giving that consent forever. We will always give you the option to change your mind and withdraw your consent at any time.
6.2 The following list sets out how we use personal data, and the lawful basis for doing so:
6.2 The following list sets out how we use personal data, and the lawful basis for doing so:
- Providing our services. We will use all of the data outlined above in order to provide our services, including providing feedback and information to our clients. We need this information to be able to fulfil our part of our contract with you or the entity that has hired you, and so collecting this data is necessary to the performance of our contract with you (GDPR art. 6(1)(b)).
- Completing a transaction. We need Basic Data and Purchase Data so you can buy one of our services, pay for it, and for us to connect it with you. We need Commercial Data to operate our business and transact with others. We need this information to be able to fulfill our part of our contract with you, and so collecting this data is necessary to the performance of our contract with you (GDPR art. 6(1)(b)).
- Providing customer service. Depending upon what you contact us for and request, we will use any and all categories of personal data we have in order to provide you with customer service. For instance, if you call us to discuss a problem with your service, we’ll use Basic Data, Purchase Data, and likely also Usage Data to be able to respond to your query. We need this information to be able to fulfill our part of our contract with you (GDPR art. 6(1)(b)), and because we have a legitimate interest in being able to respond to your questions (GDPR art. 6(1)(f)).
- Service safety, failure diagnosis and correction. We want our services to operate in the best way possible for you. The more we know about the basic operation and workings of our services, the more quickly we can understand that there is a problem and fix that problem. More importantly if there was ever an issue that impacted the safety of our users, we would want to discover it and take corrective steps ASAP. We therefore use Product Data to monitor the proper functioning of our services so that we can analyze trends in failures and bugs to establish whether these are isolated events or issues that need solving. We use Product Data for this purpose because we have a legitimate interest in ensuring consumer safety and resolving product issues (GDPR art. 6(1)(f)).
- Marketing to you and others. See section 7 below, “Marketing our Products.”
- Managing our website and apps. We’ll use Basic Data, Technical Data, Purchase Data, and Profile Data to keep our services operating properly (fraud detection and prevention, site maintenance and updates, maintenance and updates, IP logs). We use this data because we have a legitimate interest in administering/improving our services, running IT services, ensuring network security, and preventing fraud (GDPR art. 6(1)(f)), and because we need to demonstrate our compliance with data security obligations both as a legal matter and if we are involved in a business reorganization (a merger or acquisition) (GDPR art. 6(1)(c), GDPR art. 6(1)(f)).
- Creating insights and analysis. We’ll use Basic Data, Usage Data, Profile Data, and Feedback and Marketing Data to analyze how customers use our services, how they use, review or rate other services related to ours, how we might be able to build better services and to understand general trends in the market. We may share or sell those analyses or data points to third parties, but we want to be clear: we’re not selling your name, address, personal usage, or anything that directly identifies you. Instead, we’re going to compile a picture that says something like “we were able to verify employees in Colorado age 40-50 at a rate greater than 99.9%.” Other than for sharing with employers, we will never share an insight that says, for instance, “Employee A, who is lives in Cedar Rapids, was on X number of calls last month.”
- Internally managing our company and engaging with third parties. We use Commercial and Employment Data in the course of operating our business, just as any company would do. We don’t use this data for any purposes other than those for which it was originally given (for instance, we don’t use Commercial Data to market to an independent contractor who performed a task for the Company.). To the extent that a contract, agreement, or other document sets out different uses for Commercial or Employment Data in a manner that is different to what is set out here, that document will control.
- Creating and managing your profile. When you create a profile on our website or in our app, you agree to share Basic Data, Usage Data and Profile Data with us so that we can provide you with a tailored, custom experience (use metrics, recommendations, trends, etc). We need this information to be able to fulfill our part of our contract with you, and so collecting this data is necessary to the performance of our contract with you (GDPR art. 6(1)(b)).
We also use this information to create our own internal user profile for you, which we use to market products to you, deliver content that we think is relevant to you, to advertise to you, to learn about you in particular and our customers more generally, and to create an analysis of our business, our customers, and our market. We have a legitimate interest in doing these things to grow our business and learn about our industry (GDPR art. 6(1)(f)), but we will only process this information in this way if you have agreed (consented) to us doing so, and you can withdraw your consent at any time (GDPR art. 6(1)(a)).
7. Marketing our Products
7.1 Promotional offers
We use your Basic, Usage, Profile, and Feedback and Marketing Data to create a marketing profile for you so that we can create information about what products, services, or other goods you may find interesting. If you’ve opted-in to receive communications, we’ll send you emails, texts, or other communications in the format you’ve chosen. We may ask you to opt-in to marketing communications via email, on our website, in the app, or in a physical location like a conference. We may also use the profiles we create to make marketing materials for others, but none of those materials will identify you personally.
7.2 Third-party marketing We may use third-party vendors to help us identify who our customers are when they visit our site. We share data with them so that it’s easier for us to track what our customers are doing on our websites — figuring out what they’re browsing through, what images they click on, what their activity is like on the site if they’ve forgotten to log into their account, etc. This is about us getting a clearer idea of what our customers do online, but only on our sites. And we use this information only for internal marketing purposes: we don’t sell any of the insights or data we get about our customers to anyone else. Some third-party vendors may also have access to this data, and we don’t control what they do with it (though they still can only use it for lawful purposes).
7.3 Opting out You can ask us or third parties to stop sending you marketing messages at any time by contacting us.
Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
7.4 Cookies Cookies are small files that track your activity online. Some of them are purely functional (they allow websites to load faster) and some of them are for marketing (tracking how you interact with websites). We use cookies for both purposes, but you can read more about cookies (and how to block them) in our cookie policy online.
7.5 Change of purpose We only use your personal data in the ways we’ve outlined in this Privacy Policy, unless we think there is a reason that we can use it for another purpose that 1) is fair, and 2) is compatible with the original reason we collected it. We’ll tell you if we need to use your personal data for a purpose other than the original purpose for which we collected it If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7.6 Data retention We delete or anonymize your personal data as soon as it is no longer required for the purposes we have collected, unless we are legally required to continue processing of your personal data. The one primary exception here is that, if you ask us to delete your data and “forget” you, or ask us not to contact you, we’ll keep your email address on our master do-not-contact list as proof that we followed you request and so that we can avoid contacting you in the future.
7.7 Automated Decisions We don’t use an automated decision-making system (an algorithm or machine learning tool) to make decisions about you.
7.2 Third-party marketing We may use third-party vendors to help us identify who our customers are when they visit our site. We share data with them so that it’s easier for us to track what our customers are doing on our websites — figuring out what they’re browsing through, what images they click on, what their activity is like on the site if they’ve forgotten to log into their account, etc. This is about us getting a clearer idea of what our customers do online, but only on our sites. And we use this information only for internal marketing purposes: we don’t sell any of the insights or data we get about our customers to anyone else. Some third-party vendors may also have access to this data, and we don’t control what they do with it (though they still can only use it for lawful purposes).
7.3 Opting out You can ask us or third parties to stop sending you marketing messages at any time by contacting us.
Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
7.4 Cookies Cookies are small files that track your activity online. Some of them are purely functional (they allow websites to load faster) and some of them are for marketing (tracking how you interact with websites). We use cookies for both purposes, but you can read more about cookies (and how to block them) in our cookie policy online.
7.5 Change of purpose We only use your personal data in the ways we’ve outlined in this Privacy Policy, unless we think there is a reason that we can use it for another purpose that 1) is fair, and 2) is compatible with the original reason we collected it. We’ll tell you if we need to use your personal data for a purpose other than the original purpose for which we collected it If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7.6 Data retention We delete or anonymize your personal data as soon as it is no longer required for the purposes we have collected, unless we are legally required to continue processing of your personal data. The one primary exception here is that, if you ask us to delete your data and “forget” you, or ask us not to contact you, we’ll keep your email address on our master do-not-contact list as proof that we followed you request and so that we can avoid contacting you in the future.
7.7 Automated Decisions We don’t use an automated decision-making system (an algorithm or machine learning tool) to make decisions about you.
8. Disclosures of your personal data
8.1 Sometimes, we will share your personal data with:
- Outside third parties. As explained above, we use outside vendors and service providers to enable our company to function. The kinds of third parties we share your data with are:
- Service providers acting as processors based outside of the European Economic Area (EEA) who provide IT and system administration services including cookies/user experience/analytics.
- Professional advisers acting as processors including lawyers, bankers, auditors and insurers based outside the EEA who provide consultancy, banking, legal, insurance and accounting services.
- Logistics providers to process and deliver your order and to deal with any post-purchase and/or customer service issues.
- Customer support personnel who respond to questions and warranty claims. We’ll also share personal data if we buy, sell, transfer, or merge parts of our business with another company.
- Regulators. If we are subject to an audit, review, or other inquiry by a properly constituted regulatory agency (like the Federal Trade Commission for instance), they may require us to share the data we have, including personal data.
- Subpoenas and legal demands. We have to comply with lawful subpoenas or investigative demands from courts and law enforcement agencies. We want to be transparent on this point: if law enforcement (or anyone else with a valid subpoena) follows the correct legal process and demands information about you from us, it’s very likely that we have to share that information. That means we might have to share data about where you’ve used our service.
9. International transfers
9.1 We operate in the United States and will transfer data from other parts of the world as outlined in this Privacy Policy.
9.2 For those present in the EU, if we transfer your personal data outside of the EEA to a place that does not have a similar degree of protection for personal data (as described under GDPR), we will use other measures to protect your data such as Standard Contractual Clauses (SCC).
9.3 If you have questions about transferring data out of the EEA, please contact us and we’ll provide you with more information.
9.2 For those present in the EU, if we transfer your personal data outside of the EEA to a place that does not have a similar degree of protection for personal data (as described under GDPR), we will use other measures to protect your data such as Standard Contractual Clauses (SCC).
9.3 If you have questions about transferring data out of the EEA, please contact us and we’ll provide you with more information.
10. Data security
10.1 We work hard to keep your data (and ours) safe. We use a variety of tools – technological, administrative, and physical – to keep data secure. These safeguards are designed to ensure that whatever personal data we keep is protected against unlawful access or use. Despite our best efforts, however, no security measures are completely impenetrable.
10.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Your legal rights
11.1 When you provide us with personal data, you have rights about how we use it, and why. In some circumstances, those rights are set out in specific legislation like the European Union’s GDPR, Canada’s PIPEDA, or California’s Consumer Privacy Act. In general, you have the right to:
11.2 No fee usually required In some rare circumstances, you may have to pay a fee regarding a request, but in general you don’t have to pay anything to exercise these data rights.
11.3 What we may need from you In order to make sure that you’re the person entitled to exercise the rights listed above, we’ll sometimes request information to verify your identity. We will not ask for more data than is necessary to confirm your identity.
11.4 Time limit to respond We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Withdraw consent.
11.2 No fee usually required In some rare circumstances, you may have to pay a fee regarding a request, but in general you don’t have to pay anything to exercise these data rights.
11.3 What we may need from you In order to make sure that you’re the person entitled to exercise the rights listed above, we’ll sometimes request information to verify your identity. We will not ask for more data than is necessary to confirm your identity.
11.4 Time limit to respond We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12. Third Party Services
As explained above, we may provide links to websites or services operated by third parties. This Privacy Policy does not apply to these third-party websites or services. If you follow a link to any of these websites or services, please note that these websites or services have their own privacy policies and terms & conditions, and that we do not accept any responsibility or liability for their policies.
13. Contact Us
If you have any questions about this Privacy Policy, please contact us:
By email: privacy@collaborationroom.ai
By mail: Global Import L.L.C d/b/a
Collaborationroom.AI
14205 SE 36th Street
Suite 100
Bellevue WA 98006
By email: privacy@collaborationroom.ai
By mail: Global Import L.L.C d/b/a
Collaborationroom.AI
14205 SE 36th Street
Suite 100
Bellevue WA 98006
14. Further Reading
Privacy rights are very complicated. We want you to be able to make informed choices about how and why you share your data with us. Here are some links to important guidance and documents from governments and policy groups that talk about key issues. We’ve outlined key rights under the GDPR and CCPA below, but here are some other helpful links:
Key Terms
The European Commission provides a good explanation of what “personal data” is, and you can read the entire GDPR here.
Your EU Rights
If you’re present in the European Union, the Information Commissioner’s Office in the UK provides a succinct explanation the rights you have when it comes to data.
FTC Principles
The Federal Trade Commission is the main US federal agency that handles privacy issues. They have a series of posts about consumer privacy rights that you can read here.
PIPEDA
Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) covers privacy rights as well, and the Office of the Privacy Commissioner offers its explanation of rights here.
Key Terms
The European Commission provides a good explanation of what “personal data” is, and you can read the entire GDPR here.
Your EU Rights
If you’re present in the European Union, the Information Commissioner’s Office in the UK provides a succinct explanation the rights you have when it comes to data.
FTC Principles
The Federal Trade Commission is the main US federal agency that handles privacy issues. They have a series of posts about consumer privacy rights that you can read here.
PIPEDA
Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) covers privacy rights as well, and the Office of the Privacy Commissioner offers its explanation of rights here.
15. International Rights
Rights for EU Residents
If you are present in the EU, you have the right to:
Request access to your personal data (commonly known as a “data subject access request”) (GDPR art.15). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you (GDPR art.16). This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data (GDPR art.17). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. We’ll also maintain a record of your email address in a master list of deletion requests to demonstrate that we have complied with your request and will not contact you in the future.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms (GDPR art.21). You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data (GDPR art.18). This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party (GDPR art.20). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You have the right to object to the processing of your personal data under certain circumstances in particular if we process your personal data on the basis of legitimate interest (GDPR Art. 6 (1)(b)) or if we use your personal data for marketing purposes.
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work or place of the alleged infringement if you consider that our processing of your personal data infringes the applicable data protection laws. Please contact us at privacy@collaborationroom.ai and we will provide you with detailed information as regards the contact details of the appropriate supervisory authority.
If you are present in the EU, you have the right to:
Request access to your personal data (commonly known as a “data subject access request”) (GDPR art.15). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you (GDPR art.16). This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data (GDPR art.17). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. We’ll also maintain a record of your email address in a master list of deletion requests to demonstrate that we have complied with your request and will not contact you in the future.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms (GDPR art.21). You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data (GDPR art.18). This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party (GDPR art.20). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You have the right to object to the processing of your personal data under certain circumstances in particular if we process your personal data on the basis of legitimate interest (GDPR Art. 6 (1)(b)) or if we use your personal data for marketing purposes.
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work or place of the alleged infringement if you consider that our processing of your personal data infringes the applicable data protection laws. Please contact us at privacy@collaborationroom.ai and we will provide you with detailed information as regards the contact details of the appropriate supervisory authority.
16. Your California Privacy Rights
If you are a California customer, you have the right to receive, once per year, free of charge, 1) the identity of any third party company to which we have disclosed your personal information as defined by California’s “Shine the Light” law for that company’s own direct marketing purpose; and 2) a description of the categories of personal information disclosed. To request this information, please contact us at privacy@collaborationroom.ai or the mail address set forth in the section entitled “Contact Us” below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are not required to respond to requests made by means other than through the provided email or mail address.
California consumers have a right to knowledge, access, and deletion of their personal information under the California Consumer Privacy Act. California consumers also have a right to opt out of the sale of their personal information by a business and a right not to be discriminated against for exercising their California privacy rights. We do not discriminate in response to privacy rights requests.
California consumers with a CollaborationRoom account or who interact with our services can exercise their rights directly or through an authorized agent by signing in to their account. If you are a California consumer without an account and you or your authorized agent would like to exercise your privacy rights, to you can make a CCPA “Do Not Sell” request to us by emailing us at privacy@collaborationroom.ai or submitting a request at https://collaborationroom.ai
If you do not have an account, we will ask you for information that we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with us, but the specific information requested may differ depending on the circumstances of your request for your security and to protect privacy rights. If we delete your personal information, we will both render certain personal information about you permanently unrecoverable and also deidentify certain personal information.
Do Not Track
California law requires us to let you know whether we respond to web browser Do Not Track (DNT) signals. DNT is a way for users to inform websites that they do not want their webpage visits tracked. Since the industry and legal standard for what DNT means or how to comply with it, we currently do not respond to DNT signals. Learn more about DNT here.
California consumers have a right to knowledge, access, and deletion of their personal information under the California Consumer Privacy Act. California consumers also have a right to opt out of the sale of their personal information by a business and a right not to be discriminated against for exercising their California privacy rights. We do not discriminate in response to privacy rights requests.
California consumers with a CollaborationRoom account or who interact with our services can exercise their rights directly or through an authorized agent by signing in to their account. If you are a California consumer without an account and you or your authorized agent would like to exercise your privacy rights, to you can make a CCPA “Do Not Sell” request to us by emailing us at privacy@collaborationroom.ai or submitting a request at https://collaborationroom.ai
If you do not have an account, we will ask you for information that we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with us, but the specific information requested may differ depending on the circumstances of your request for your security and to protect privacy rights. If we delete your personal information, we will both render certain personal information about you permanently unrecoverable and also deidentify certain personal information.
Do Not Track
California law requires us to let you know whether we respond to web browser Do Not Track (DNT) signals. DNT is a way for users to inform websites that they do not want their webpage visits tracked. Since the industry and legal standard for what DNT means or how to comply with it, we currently do not respond to DNT signals. Learn more about DNT here.