Notice of Information We Collect And How We Use It
Our primary purpose in collecting Personal Information (as defined below) is to provide you with a safe, smooth, efficient, and customized experience in the use of our Services. This allows us to provide services and features that most likely meet your needs, and to customize our service to make your experience safer and easier. We only collect Personal Information about you that we consider necessary for achieving this purpose. “Personal Information” means information that specifically identifies an individual (such as a name, address, telephone number, mobile number, or e-mail address) or other information about that individual that is directly linked to Personal Information. Personal Information does not include “aggregate” information, which is data we collect about the use of our Website and our services. Personal Information does include information displayed in your public profile on our Website. You do not have to use Personal Information for your public profile. Any information you do choose to share in your public profile can be accessed by the Leader of the User Group to which you are a Member and Members of those same User Groups. Other Rallyware users outside of your User Groups may access your information, depending on the specific privacy settings set on your account page, when available, or in the applicable User Group.
In order to use substantial portions of the functionality available through our Website, you must first complete the registration form and create a user name and password. If a specific Registered Client provides you access to the Website, the registration steps might be automatically completed for you by that Registered Client prior to you accessing the Website. During registration, you may be required to give truthful contact information (such as name and email address) in accordance with our Terms of Service available during registration. Once you give us your Personal Information, you are no longer anonymous to us.
When you activate an account, we may collect information such as your name, email address, password, and security questions and answers.
Information We Collect About Website Visitors
We automatically track certain information based upon your use of the Website, which may include Personal Information as described in this document, as well as browsing information, information on learning, training, and performance activities within the on-platform engagement programs, and survey information. We use this information to optimize the content delivered to you through the platform, do internal research on our users’ demographics, interests, and behavior to better understand, protect, and serve you and our community, and may also use this information to provide performance analytics and content improvement recommendations to Registered Clients for specific Co-Branded Subdomains.
By using our Website or our services, you indicate your consent for Rallyware, Registered Clients and our affiliates to send cookies to your computer in order to uniquely identify your browser and improve the quality of our services; you may turn off cookies in your browser though, in doing so, some or all of our services may not work. For a description of how cookies work, please see the section entitled “Cookies” below.
Like many websites, we may automatically gather certain information about our Website traffic and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the Website, to track users’ movements around the Website and to gather demographic information about our user base.
We may link this automatically collected data to Personal Information. IP addresses may be tied to Personal Information to troubleshoot access issues and ban users by IP from the Website or certain communities upon appropriate request.
We may use a third-party tracking service that uses log files and cookies, see below, to track non- Personal Information about visitors to the Website in the aggregate. This service captures usage and volume statistics as well as geographical location data to compile usage reports and maps for optimization and troubleshooting purposes.
We may use both session ID and persistent cookies.
A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
We may set a persistent cookie to store your password, so you do not have to enter it more than once. Persistent cookies also enable us to track and target the interests of our users to enhance the experience on our Website.
If you reject cookies, you may still use our Website, but your ability to use some areas of our Website, such as contests or surveys, may be limited.
Clear Gifs (Web Beacons/Web Bugs)
We may employ a software technology called clear gifs, also referred to as web beacons or web bugs, that help manage content on the Website by tracking what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We may tie the information gathered by clear gifs to our customers’ Personal Information.
We may use clear gifs in our HTML-based emails to let us know which emails recipients have opened. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you would like to opt-out of these emails, please see “Choice and Opt-out.”
We may use Embedded Scripts, which are programming code that collects information about your interactions with the Website, such as the links you click on. The code is temporarily downloaded onto your computer or other device from our server or a third-party provider and is deactivated or deleted when you disconnect from the Website. In addition, we may use a variety of other technologies that collect similar information for security and fraud detection purposes.
You have the option to provide demographic information (such as college affiliation and preferred language of communication) to us; we encourage you to submit this information so we can provide you a more personalized experience on our Website.
If you visit or use our Website on a mobile device, we may collect information from your device, including device ID, your mobile carrier, and your physical GPS location. We may store and use that information for security purposes (for example, for user verification). We do not share your location information with third parties, unless requested and agreed to by the Registered Client. Depending on your device, you may turn off location services by going to your device settings.
Once you have established your account on your mobile device or computer, we may collect information we receive from your mobile device or computer, such as your device’s type, number, and the serial number of its chip.
Use of the Website on a mobile device may allow your mobile carrier or other access provider to view data that appears on the device as a result.
Information We Collect To Respond To Your Choices and Requests
In order to use some features of this Website, you must first complete the registration form and create or use a user name and password. If you are accessing a Co-Branded Subdomain, the registration steps might be automatically completed for you by that Registered Client prior to you accessing the Website. During registration, you are required to give truthful contact information (such as name and email address) in accordance with our Terms of Service. We use this information to contact you about the services on our Website in which you have expressed interest.
If you choose to create a public profile on the Website, we may collect other users’ comments about you in our feedback area.
Surveys, Contests or Promotion
We may provide you the opportunity to participate in surveys, contests or promotions on our Website. If you participate, we will request certain Personal Information from you. The requested information typically includes contact information (such as name and shipping address) and demographic information.
We use this information to notify contest winners and award prizes, to monitor website traffic, or to personalize the Website (in the case of anonymous information collected in surveys), and to send participants an email newsletter.
If you choose to use our referral service (if available) to tell a friend about our Website, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the Website. Rallyware stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program.
Your friend may contact us to request that we remove this information from our database.
Public Message Areas
If you choose to post messages in our forums or other public message areas, or leave feedback for other users, we will collect the information you post. We retain this information as necessary to resolve disputes, provide customer support, and troubleshoot problems as permitted by law.
Depending on the specific privacy settings for each of your User Groups or the Co-Branded Subdomain, if applicable, some or all Members of your User Group and/or other members of the Website may see information posted on the discussion boards, comment sections, your user Profile, and other areas. Please exercise caution in posting personal information in publicly accessible areas and be aware that we do not have control over what other users choose to do with content you share with them.
If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Website, we may collect such information into a file specific to you. We reserve the right to terminate the accounts of visitors who use these services in a manner inconsistent with the Terms of Service.
Communication from Registered Clients
Pursuant to specific Service Agreements with Registered Clients, some or all communication to the users of some or all of the Co-Branded Subdomains will come from the Registered Client and not from us or our other third-party affiliates. Rallyware is not responsible for the content and management of such communications from Registered Clients.
Communication from Us or the Website
Special Offers and Updates
We may occasionally send you information on products, services, special deals, and promotions provided by Rallyware. You can sign up for these emails from us on our registration page or other parts of the Website.
Registered Clients may send you updates and other information. Pursuant to specific service agreements with co-branding partners, all offers to the users of some or all of the Co-Branded Subdomains will come from the partners and not from us or our third-party affiliates. Rallyware is not responsible for the content and management of such communications from Registered Clients.
Out of respect for your privacy, we provide you with the option not to receive communications from Rallyware. Please see the “Choice and Opt-out” section.
If you wish to subscribe to our newsletter(s), we may use your name and email address to send a newsletter to you. Out of respect for your privacy, we provide you a way to unsubscribe. Please see the “Choice and Opt-out” section.
We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
Based upon the Personal Information you provide us, we may send you a welcoming email to verify your username and password. We will communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We may communicate with you by messages on the Website, by email, or by push notification. We will never contact you by telephone unless you specifically agree to it. You may contact customer service at the specific support email address provided on the relevant Co-Branded Subdomain, or by writing to email@example.com, indicating the applicable Co-Branded Subdomain.
We may store information that we collect through cookies, log files, clear gifs, and/or third party sources to create a “profile” of your preferences. We may tie your Personal Information to information in that profile.
We share your profile with third parties in aggregate form only. For profiles associated with Co-Branded Subdomains or areas of the Website, the Registered Clients managing and/or affiliated with those websites or areas of the Website may specify additional constraints and/or parameters of sharing your profile with third parties they are affiliated with. We will not share profile data collected from the Co-Branded Subdomains or areas of the Website unless agreed to by those Registered Clients.
Conditions Under Which We Share Information
Aggregate Information (Non-Personally Identifiable)
We may share aggregated demographic information about our user base with our affiliates and advertisers. This information does not identify individual users. We will not share aggregated demographic information about the user base of Co-Branded Subdomains or areas of the Website managed and/or affiliated with external Registered Clients unless agreed to by those Registered Clients.
Third Party Advertisers
The ads appearing on this Website are delivered to users by our advertising affiliates. We may share Website usage information about users with our advertising affiliates for the purpose of targeting our Internet banner advertisements on this Website.
The advertising relationships explained above do not apply to Co-branding Subdomain or areas of the Website managed and/or affiliated with external Registered Clients. We will not display ads or share usage information received from users of the Co-branding Subdomain with our advertisers unless agreed to by those Registered Clients.
For more information about our third-party advertisers, or to learn more about the choices available to you regarding this anonymous information, please contact firstname.lastname@example.org.
We reserve the right to disclose your Personal Information as required by law and when we believe that disclosure is necessary to protect our rights; to comply with a judicial proceeding, court order, or legal process served on us or the Website; or in connection with an actual or proposed corporate transaction or insolvency proceeding involving all or part of the business or asset to which the information pertains.
Personal Information provided by you on Co-Branded Subdomains and/or communities affiliated with specific Registered Clients or other users, may be shared with the Registered Clients or users or affiliated companies, including advertisers.
Choice and Opt-out
We may provide you the opportunity to ‘opt-out’ of having your Personal Information used for certain purposes, when we ask for this information. We may not provide a direct opt-out option in some Co-Branded Subdomains, in which case your opt-out request should be directed to the corresponding Registered Client for further review and removal as initiated by the Registered Client. The Data Privacy & Data Security Statement in this document further outlines the process for return or destruction of user data.
Some communications from us or our Registered Clients may include task reminders, feature announcements, and other types of communications. You may choose to receive all, some, or none of these emails through the notification preferences feature in your profile and/or by contacting us at email@example.com. If you no longer wish to receive our promotional communications, if any, you may opt-out of receiving them by following the instructions included in such communications or by emailing us at firstname.lastname@example.org.
We will never contact you by telephone unless you specifically agree to it. On some Co-Branded Subdomains or areas of the Website, Registered Clients and Leaders of User Groups may choose to contact you by telephone if you provide them with your telephone number (for example, you might be contacted and asked to clarify the correct email address in case the one you provide to the system is not accessible).
Links to Other Websites
The Website contains links to other websites that are not owned or controlled by Rallyware. Please be aware that we are not responsible for the privacy policies of such other websites.
California Residents – Your California Privacy Rights
Access to Personal Information
If your Personal Information changes, or if you no longer desire our service, you may correct, update, delete or deactivate it, pursuant to specific Registered Client access policies, by making the change on our member information page or by emailing Customer Support for your specific Co-Branded Subdomain or at email@example.com.
Please keep in mind that whenever you voluntarily make your Personal Information or other private information available for viewing by third parties online – for example on blogs, discussion forums, or other community posting or social networking websites – that information can be seen, collected and used by others besides us. We cannot be responsible for any unauthorized third-party use of such information.
Information Security and Unauthorized Access
The security of your Personal Information is important to us. We follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
You are responsible for safeguarding your login information such as your username and password combination. Make sure your computer is protected with appropriate antivirus software that includes anti-malware software and make sure you are running up-to-date versions and continually getting updates. Treat your mobile device just like you would your computer.
If you notice suspicious account activity, or if your computer or mobile device is lost or stolen and you believe there is a reasonable chance of a misuse of your Rallyware login credentials, please contact us immediately at firstname.lastname@example.org. See the “Limitation of Liability” section in Terms of Service for a statement limiting our liability in case of misuse.
If you have any questions about security on our Website, you can email us at email@example.com.
Children Under 16
Our Website is not directed to people under 16 years of age. If you become aware that your child has provided us with Personal Information without your consent, please contact us at firstname.lastname@example.org. We do not knowingly solicit or collect Personal Information from children under 16. If we become aware that a child under 16 has provided us with Personal Information, we will immediately take steps to remove that information and terminate the applicable account.
Terms of Service
Please also visit our Terms of Service section establishing the use, disclaimers, and limitations of liability governing the use of our Website.
Rallyware Data Privacy & Data Security Statement
This Data Privacy and Data Security Statement is provided by Rallyware to Registered Clients and to users of Rallyware’s Services, which may or may not be affiliated with the Clients. Rallyware may update this Statement from time to time, with updated versions to be published on the Website and the Co-Branded Subdomains.
- “Authorized Persons” means Rallyware’s employees, agents, and contractors that have a need to know or otherwise access User Data to enable Rallyware to provide the Services.
- “Controller” means a controller as defined under the GDPR.
- “Data Protection Laws” means all international, federal, national and state privacy and data protection laws and regulations to the extent applicable to Rallyware and the Services.
- “Data Breach” means any loss or unauthorized access, acquisition, theft, destruction, disclosure or use of User Data that occurs while such User Data is in the possession of or under the control of Rallyware.
- “GDPR” means the EU General Data Protection Regulation 2016/679.
- “Personal Data” means information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Process” or “Processing” means any operation or set of operations that are performed upon User Data, whether or not by automatic means, such as collection, accessing, processing, use, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, transmittal, alignment or combination, blocking, erasure, destruction or otherwise used as set out in the applicable Data Protection Laws.
- “Processor” means a processor as defined under the GDPR.
- “Services” means Rallyware’s services, solutions and products.
- “Sub-Processor” shall mean an entity engaged by Rallyware to assist it in Processing the User Data in fulfillment of its obligations with regard to the Services.
- “Third Party” is any person or entity other than Rallyware, its Registered Clients, and Registered Client’s Users.
- “User Data” means all data relating to a User that is (i) provided to Rallyware by Registered Client or User or (ii) otherwise obtained, accessed, developed, or produced by Rallyware. User Data may include Personal Data.
2. Data Privacy
- 2.1. Compliance with Laws. Rallyware is committed to complying with its obligations under all Data Protection Laws. For purposes of the GDPR in regards to Co-Branded Subdomains, Registered Client is considered the Controller and Rallyware is its Processor; if Registered Client is considered a Processor for purposes of the GDPR, then Rallyware is considered its Sub-Processor.
- 2.2. Distribution of User Data. Users should provide Rallyware only with Personal Data that is requested by Rallyware or that is otherwise necessary for Rallyware to provide the Services. Registered Client may also provide Rallyware with Personal Data, with the Registered Client responsible for obtaining all required consents from Users. Rallyware is not responsible for any other Personal Data.
- 2.3. Limitations on Use of Personal Data. Rallyware shall not Process User Data other than for the purposes specified by Users and Registered Clients. Rallyware shall not Process User Data for the benefit of any Third Party. Rallyware shall access only the User Data that it needs to perform the Services (i.e., no more than necessary). Rallyware will not store User Data longer than necessary to achieve the permitted purposes specified by User and Registered Client.
- 2.4. Restrictions. Except with a User’s or a Registered Client’s prior written approval, on a case-by-case basis, Rallyware will not: use User Data other than as necessary for Rallyware to provide the Services; disclose, sell, assign, lease or otherwise provide User Data to Third Parties (other than to its affiliates or Sub-Processors) except to the extent required or permitted by Data Protection Laws; or merge User Data with other data, modify, or commercially exploit any User Data.
- 2.5. Sensitive Personal Data. Registered Clients and Users are advised never to provide Rallyware with Sensitive Personal Data, unless necessary. “Sensitive Personal Data” means: information that reveals a natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership; information or data concerning a natural person’s health or sex life or sexual orientation; or genetic data or biometric data about a natural person.
- Rallyware may engage Sub-Processors in connection with the provision of the Services, provided, however, that Rallyware may not provide a Sub-Processor with access to User Data unless the Sub-Processor has a business need to know and/or access the relevant User Data, as necessary for the purposes of the Services, has signed a written obligation of confidentiality, or is otherwise under professional obligations of confidentiality.
4. Data Subject Rights; Cooperation
- Rallyware shall use commercially reasonable efforts to cooperate and assist with a User’s exercise of his/her rights under applicable Data Protection Laws with respect to Personal Data processed by Rallyware, including, without limitation, the right to be forgotten, the right to data portability, and the right to access data under the GDPR.
5. Return or Destruction of User Data
- Upon the written request of a User, Rallyware will return User Data to the User in a commonly readable format or securely delete User Data as soon as reasonably practicable. However, if Rallyware is required by law to retain User Data or if User Data is stored in a manner such that it cannot readily be returned or destroyed without affecting other data, then Rallyware will continue to protect such User Data in accordance with this Statement and limit any use to the purposes of such retention. Please note that in cases when a specific Registered Client provides you access to the Website, the Registered Client may have an automatic re-registration process in place that could re-create your profile on the Website, which may include User Data available to the Registered Client; in this case, we highly recommend that you contact the Registered Client to request that your User Data be excluded from the automatic re-registration process.
6. Data Security
- 6.1. Security Program Requirements. Rallyware will maintain a security program that contains administrative, technical, and physical safeguards appropriate to the complexity, nature, and scope of its activities. Rallyware’s security program shall be designed to protect the security and confidentiality of User Data against unlawful or accidental access to, or unauthorized processing, disclosure, destruction, damage or loss of User Data. At a minimum, Rallyware’s security program shall include: limiting access of User Data to Authorized Persons; implementing network, application, database, and platform security; means for securing information transmission, storage, and disposal within Rallyware’s possession or control; means for encrypting User Data transmitted by Rallyware over public or wireless networks or stored on media within Rallyware’s possession or control; and means for keeping firewalls, routers, servers, personal computers, and all other resources current with appropriate security-specific system patches.
- 6.2. Regular Reviews. Rallyware shall ensure that its security measures are regularly reviewed and revised to address evolving threats and vulnerabilities.
7. Data Breach Procedures
- 7.1. Notification. Rallyware shall notify Registered Client and any affected User of any Data Breach as soon as practicable and without undue delay after becoming aware of it. Such notification shall at a minimum: describe the nature of the Data Breach, the categories of Users and Personal Data records concerned; communicate the name and contact details of Rallyware’s data protection officer or other relevant contact from whom more information may be obtained; and describe the measures taken or proposed to be taken to address the Data Breach.
- 7.2. Remedial Actions. In the event of a Data Breach for which Rallyware is responsible, Rallyware will use commercially reasonable efforts to: remedy the Data Breach condition, investigate, document, restore the Services, and undertake required response activities; provide regular status reports to Registered Client on Data Breach response activities; assist Registered Client with the coordination of media, law enforcement, or other Data Breach notifications; and assist and cooperate with Registered Client in its Data Breach response efforts.
Effective Date: May 24, 2018