LAST MODIFIED: December 15, 2020
At Personica, we believe that the less information we have about you, the better.
Personica (Fishbowl Inc.) (“Personica,” “we,” “us,” or “our”) provides a variety of online, subscription services and in-person services in the digital marketing, customer relationship management, and brand and business analytics tools to commercial enterprises mostly focused on the hospitality industry.
We understand that when you use our Services, you are placing your trust in us to appropriately oversee your personal data. It is this trust that serves as the basis for our commitment to take a straightforward and transparent approach to data protection, and part of this approach is ensuring that you are informed about how we may collect and process your personal data. To ensure you are fully informed of our practices, we recommend that you read the entire Policy.
OUR ROLE AND OTHER IMPORTANT INFORMATION
What is Personal Data and Why We Need It. As used in this Policy, “Personal Data” means information which, either alone or when combined with other information we hold, identifies an individual, such as name, mailing address, email address, IP address, and telephone number. By contrast, “Anonymous Data” means data that, alone or combined with other information available to us or a third party with whom the data is shared, does not permit identification of an individual. We collect and use both Personal Data and Anonymous Data as described below. We need certain Personal Data for our legitimate business purposes, including to provide the Services. For example, our Users will be asked to provide certain information to access and the Apps or visitors to our Site will be asked to consent to use of certain technology to help us tailor our marketing efforts. This consent, which you may withdraw at any time, provides the legal basis we need to process your Personal Data. You are not required to provide the Personal Data that we request, but we may not be able to provide you with the Services, the Site, or respond to your inquiries if you don’t.
Data Protection Law. Certain provisions of the Policy apply only to residents of, or people subject to the laws of, jurisdictions with specific statutes governing individuals’ rights over their Personal Data, such as the California Consumer Privacy Act (“CCPA”), the European Union’s General Data Protection Legislation (“GDPR”), the United Kingdom’s Data Protection Act (“UK DPA”), and the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA,” together with CCPA and GDPR, the “Data Protection Law”). These provisions are clearly labeled. Otherwise, the Policy applies to all users of our Services.
INFORMATION WE MAY COLLECT ABOUT YOU
Over the course of the last twelve (12) months, we collect information in the following ways:
Information You Provide.
- Contact and Registration Data. We collect contact and professional data about you through communications and through our Services. For example, you provide your contact information to us when you sign up to learn more about our Services, download content, register for an event, and visit our offices. Typically, contact data includes your name and contact methods, such as telephone number, email address, and mailing address, and registration data includes the business name and mailing address, administrator contact information, and may include an end user’s business email address or other information.
- Contract and Payment Data. We may receive contract details (like signatures) from you or your organization and use third-party payment processing services to collect payment and billing information, which may contain Personal Data such as billing name, billing address and payment card details, in connection with our Services.
- Biographical and Support-related Data. We may also collect biographical and support-related Personal Data from you via our help center and other customer support portals. For example, when you participate in interactive features, trainings, online surveys, contests, promotions, sweepstakes, activities, or events, we may ask you to provide a biographical information, such as your name, occupation, organization name, and areas of expertise. You may also be asked to provide contact information, a summary of the problem you are experiencing, and any other information that would be helpful in resolving a customer support request.
- Feedback. If you provide us with Feedback, including reviews posted on App Stores, or suggestions made via direct research or outreach, we may use Personal Data provided in connection with the Feedback in order to respond to you. We may use Feedback without limitation as described in the Terms.
- Job Applicant Data. You provide your contact and professional information, including your resume with educational and work background, when you apply for a job with us. You may also provide us with sensitive information, like your Social Security Number or other government identifier, racial or ethnic origin, or other such Personal Data in connection with your job application.
- Audio, Electronic, or Visual Data. If you attend a Personica event, we may record that event, take photos at the event, and interview you at the event. We use this information for business and marketing purposes to better inform the public about Personica and provide testimonials about our Services.
- Other Data. We may also collect other types of information in the manner disclosed by us when the information is collected.
Data Collected by Technology.
- Usage Data. Like many services, we use logs to collect data about the use of the Services (for example, use of features and interactions with the Apps and the Site) in order to provide and improve the Services (“Usage Data”). Usage Data is kept logically separated from Personal Data. Certain Personica personnel can access Usage Data to analyze the use of the Services and provide user and technical support. Usage Data is also used to automatically send context-appropriate messaging within the Services (e.g., account set-up notices), and to generate Aggregated Data.
- Aggregated Data. We derive information about the use of our Services by aggregating Usage Data (e.g., most popular features). This “Aggregated Data” is Anonymous Data, is owned by us, and is primarily used to help analyze and improve the Services.
- Social Media Platforms. Our Site may use social media features, such as the Facebook “like” button, the Instagram “heart” button, Twitter sharing features, and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on our Site to a profile page of yours that is provided by a third-party social media network in order to share content with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our Site. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our Site, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our Site with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the respective companies that provide the relevant Social Media Features.
Data Obtained from Others. We receive information about users from our service providers (such as when validating an account with a payment processor) or from your employer, from publicly available sources like social media accounts, and from data providers such as marketing partners and researchers, where they are legally allowed to share your Information with us.
HOW DOES PERSONICA USE YOUR PERSONAL DATA?
General. We use Personal Data to provide and promote the Services and respond to your requests, including to:
- Establish, maintain, and secure your account.
- Identify you as a User and provide the Services you request.
- Perform fraud detection and authentication.
- Measure traffic and usage activity to improve the Services and your interactions with them.
- Send you administrative notifications via email or within the Services, such as payment reminders or support and maintenance advisories. You will receive these notices even if you choose not to receive marketing communications.
- Provide you with the correct interfaces and options when you are accessing the Services.
- Provide personalized information across the Services by identifying whether you have used specific features within the Services, visited pages on our Site, or seen one of our advertisements.
- Respond to customer support inquiries and other requests.
- Promote the Services or send you other Personica marketing information (if you opt-in to receive marketing communications when creating an account or afterwards).
- Manage advertising efforts on third-party sites and platforms as further described below.
Contractual Compliance. To comply with a contractual obligation (for example, using your contact information to facilitate payment for the Services). We will advise you upon collection whether the provision of your information is mandatory and of the possible consequences if you do not provide us with your information.
Legal Compliance. For compliance with our legal obligations where other laws require the processing of your information (for example, health and safety, taxation and anti-money laundering laws) or where we need your information to protect your vital interests or those of another person.
Legitimate Interests. Our (and our service providers) legitimate interests which include the provision of the Services, and/or the carrying out of marketing and profiling activities, provided always that our legitimate interests are not outweighed by any prejudice or harm your rights and freedoms.
Automated Decision Making and Profiling. We do not use your Personal Data for automated decision-making.
HOW DOES PERSONICA SHARE PERSONAL DATA?
Sale of Personal Data. Personica does not sell your Personal Data (as “sell” is normally defined – see the YOUR PRIVACY RIGHTS section for information about “sales” as defined in California) or use it except as stated in this Policy. We share your Personal Data in the following circumstances:
Third Parties You Designate. We may share Personal Data with third parties where you have instructed us to do so (e.g., by using the Services’ “sharing” or “emergency contact” features). While this data is transferred through our servers, we do not have access to it, as noted elsewhere in this Policy.
Service Providers. We provide Personal Data to service providers solely as required to provide the Services, including to create accounts, provide technical support, process payments, or enable communication between you and Personica. We review the security and data privacy practices of these service providers to ensure that they comply with applicable laws and this Policy.
Marketing. We provide hashed or deidentified IP addresses and device IDs to service providers to optimize our advertising efforts.
Administrators. Administrators of the Services within your organization can see the email addresses used to access the plan and certain Usage Data.
Corporate Restructuring. If Personica or its business or assets are acquired by, or merged into, another company, that company will possess any Personal Data we hold at such time, and will assume our rights and obligations under this Policy. Accordingly, we may share Personal Data in connection with any such transaction. Personal Data and other information may also be transferred as a business asset in the event of Personica’s insolvency, bankruptcy, or receivership.
Other Disclosures. We will inform you of any other disclosures or your Personal Data, and obtain your consent, prior to such disclosure. However, regardless of your choices regarding Personal Data, Personica may disclose your Personal Data (a) where required to comply with law enforcement directives, applicable laws or governmental orders; or (b) if we believe in good faith that doing so is necessary to protect our rights, those of other users, or the Services.
Our Services are not directed to, and we do not intend to or knowingly collect Personal Data online from, children under the age of majority in the countries where the Services are accessed and used. If you are under the age of under the age of majority in your country, do not provide us with any Personal Data either directly, on any website forums, or by other means.
If you learn that a child has accessed or used the Services without parental permission, please contact us as set forth in the Contact Us section below.
DATA SECURITY AND RETENTION.
Data Security. We use robust physical, organizational, technical, and administrative measures to safeguard all data we hold or process, and we regularly re-assess and revise our policies and practices to improve security. While we go to great lengths to protect your data, no method of data transmission or storage is totally secure; therefore, we cannot guarantee the security of data in our control. If you believe your data may have been compromised by us or the use of this Site or the Services, please contact us immediately. You may review our Terms for more information regarding the security of our Apps.
Data Retention. We will retain your Personal Data for a period of time that is consistent with the original purpose of the data collection, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We determine the appropriate retention period for Personal Data by considering the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
YOUR INFORMATION CHOICES
Direct Email Marketing. If you wish to withdraw from direct email marketing communications from us, you may click the “unsubscribe” button included in our emails. Please note, you cannot unsubscribe from critical transactional emails that are related to our provision of our Services (such as those related to security).
Analytics. To opt-out of analytics on our Site, you may adjust your cookie preferences as described below. For more information on how to opt-out of tracking technology from Google Analytics, click here.
Applications. You can stop all collection of information by an App by uninstalling that App. You may use the standard uninstall process available as part of your desktop or mobile device or via the mobile application marketplace or network. Uninstalling an App does not delete your account. To do that, please contact us at firstname.lastname@example.org.
Device Settings. Most devices provide users with the ability to change device permissions (e.g., disable/access location services, contacts). For most devices, these controls are located in the device’s settings menu. If you have questions about how to change your device permissions, we recommend you contact your mobile service carrier or your device manufacturer as different devices may have different permission settings. Please note that certain functionality of the Services may be impaired or limited depending on your device settings.
YOUR PRIVACY RIGHTS
Personal Data Transfers. To facilitate our global operations, we transfer information from countries in which our Customers, affiliates or service providers operate for the purposes described in this Policy to the United States or other locations that may not provide for the same level of data protection as your jurisdiction. When we share Personal Data, we ensure that the recipient of your Personal Data offers an adequate level of data protection, for example, by entering into the appropriate back-to-back agreements, standard contractual clauses (as approved by the European Commission), asking you for your prior consent to such international data transfers, or using other available mechanisms available under applicable Data Protection Law or as otherwise approved by the relevant data protection authority. By using the Services, you agree to the transfer, storing or processing of your data in accordance with this Policy.
- International Transfers within Personica Affiliates. When we share information about you within and among our affiliates, for transfers from the EEA, Switzerland, or the United Kingdom, we make use of standard contractual data protection clauses or, to the extent permissible, we rely on our certification to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to help safeguard the transfer of information we collect from the European Economic Area (EEA), the United Kingdom, and Switzerland. Please see our Privacy Shield notice for more information.
- International Transfers to Third Parties. Certain third parties described in this Platform Policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of Customers located in such jurisdictions, we make use of the legal mechanisms approved by the applicable data protection authority. For example, for Customers located in the European Economic Area or Switzerland, we make use a variety of legal mechanisms to safeguard the transfer, including the European Commission-approved standard contractual data protection clauses or other appropriate legal mechanisms. For transfers to or from the United Kingdom, we make use of the standard contractual clauses. Please contact us if you need more information about the legal mechanisms that we rely on to transfer Personal Information outside the EEA, Switzerland, and the United Kingdom.
- Privacy Shield Notice. Fishbowl, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. Personica is committed to the Frameworks’ applicable principles regarding transfers of Personal Data received from the European Economic Area (EEA), the United Kingdom, and Switzerland, in reliance on each Privacy Shield Framework. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov. Personica is responsible for the processing of Personal Data it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Data from the EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions. With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Personica is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. You may direct any inquiries or complaints related to our Privacy Shield compliance here. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) here. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Consent. You may withdraw your consent to our processing of your Personal Data, in whole or in part (i.e., for marketing purposes). Certain Services may be ineffective upon opt out. When we share information of Customers located in such jurisdictions, we make use of the legal mechanisms approved by the applicable data protection authority.
European Economic Area (“EEA”). It you are located in the EEA or the United Kingdom, the following provisions apply:
- Processing Purposes. Our legal basis for collecting, using, and processing your Personal Data is contained in the HOW DOES PERSONICA USE YOUR PERSONAL DATA section above.
- Your Rights. Where the collection or processing of your information is subject to the GDPR, you have the following data subject rights. Please note that these rights are not absolute and in certain cases are subject to conditions as specified in applicable law:
- Access. You have the right to request information about how we process your Personal Data and to obtain a copy of that Personal Data.
- Rectification. You have the right to request the rectification of inaccurate information about you and for any incomplete information about you to be completed.
- Objection. You have the right to object to the processing of your Personal Data, which is based on our legitimate interests (as described above).
- Erasure. You have the right to request the erasure of your Personal Data (subject to certain conditions).
- Automated decision-making. You have the right not to have a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
- Restriction. You have the right to ask us to restrict our processing of your Personal Data, so that we no longer process that Personal Data until the restriction is lifted.
- Portability. You have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and to have that Personal Data transmitted to another organization in certain circumstances.
- Complaint. In addition to the above, you have the right to lodge a complaint with a supervisory authority (a list of which is available here) if you consider that our processing of your Personal Data infringes applicable Data Protection Law.
California Residents. If you reside in the State of California, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your Personal Data. This section describes those rights and how to exercise them.
- Collection and Disclosure of Personal Data. Our collection of Personal Data is described in sections (a) through (c) of the INFORMATION WE MAY COLLECT ABOUT YOU heading above. We have shared Personal Data as set forth in HOW DOES Personica SHARE PERSONAL DATA for business or commercial purposes consistent with this Policy. We never exchange Personal Data for money or any other consideration (e.g., trade it for free services). However, the CCPA’s definition of “sale” is very broad, and may include situations like when browsing data is sent to advertisers (when you click on an ad that sends you to Personica, we send a hashed identifier to the referring site so they can receive credit for the referral). While we only send what is needed to properly record the referral, the fact that you clicked on the link and visited Personica may be added to your profile by the ad publisher. This is all done on the Site with cookies and other similar technology and opting out of the sale of your Personal Data will automatically turn them off. You may direct us not to sell your Personal Data by contacting us directly.
- Right to Make a Request Under the CCPA. You have the right to request that we disclose certain information to you regarding our collection, use, and disclosure of your Personal Data over the past 12 months, including the categories and specific pieces of Personal Data we possess, the categories of sources of the Personal Data, the business or commercial purpose for collecting the Personal Data, and the categories of third parties with whom we share or sell the information, and the specific pieces of Personal Data we have collected about you. Upon verified request, we will respond to your request for such information. You also have a right to request that we delete your Personal Data. Please note that, in certain cases, we deny a request to delete your Personal Data if we have a legal basis to do so. For example, we may retain certain information for the reasons stated under the HOW DOES Personica USE YOUR PERSONAL DATA heading above.
- Who May Make a Request? You may make a request on behalf of yourself or you may authorize an agent who is registered with the Secretary of State for the State of California to act on your behalf. You may also make a request on behalf of your minor child.
- Right to Non-Discrimination for Exercise of Consumer’s Privacy Rights. We will not discriminate against individual for exercising their rights under the CCPA.
Instructions for Submitting a Verifiable Request. If you wish to exercise any of these rights, please submit the request by emailing us at email@example.com, or write us at the address below. In your request, please make clear: (i) what Personal Data is concerned; and (ii) which of the above rights you would like to enforce. For your protection, we may only fulfil requests with respect to the Personal Data associated with the email address you send your request from, and we will need to verify your identity before doing so. We will comply with your request promptly, but in any event within the legally mandated timeframes (thirty (30) days for the GDPR and forty-five (45) days for the CCPA). We may need to retain certain information for recordkeeping purposes or to complete transactions that you began prior to requesting such change or deletion.
Process Used to Verify a Consumer Request. We will verify all requests by contacting you using contact information retained in our systems. If our information does not allow us to contact you, then we will verify your identity by asking you to confirm the data we have in our system. We cannot respond to requests that cannot be verified.
CHANGES TO THIS POLICY
This Policy may be updated from time to time, to reflect changes in our practices, technologies, additional factors, and to be consistent with applicable Data Protection Law, and other legal requirements. If we do make updates, we will update the “effective date” at the top of this Policy webpage. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.
If you have any questions or concerns about this Platform Policy or our privacy practices, please contact our DPO:
By Post. If sending via U.S. Mail, please use: Fishbowl, Inc., 44 Canal Center Plaza, Suite 500 Alexandria, VA 22314
Attn: Data Privacy Officer, and if sending within the United Kingdom or EEA please use: Fishbowl Marketing, Ltd., 11 Leadenhall Street, Fifth Floor, London, EC3V 1LP, Attn: Data Privacy Officer.
By Email. Please send all Platform Policy inquiries to firstname.lastname@example.org and for general inquiries please email email@example.com.
By Telephone. Within the United States, please call 1.800.883.1984 and for calls within the United Kingdom or EEA please call 0808-189-1495 Opt 1.
We will reply to your inquiry promptly (no later than 45 days from receipt). We are committed to reaching a fair resolution of any complaint or concern about privacy; however, if you believe that we have not been able to assist you with your complaint or concern and you live in the EEA or the UK, you have the right to lodge a complaint with the competent supervisory authority or the Information Commissioner’s Office (UK).