Privacy Policy for Pingboard Services

Pingboard, Inc. provides online staff directory and organizational chart services for use by businesses and other organizations. We are headquartered in Austin, Texas, USA, but offer our services to customers worldwide.

How to Contact Us

By email: dpo@pingboard.com \ By mail: 21750 Hardy Oak Blvd Ste 104, PMB 46048, San Antonio, TX 78258-4946

Changes to Privacy Policy

We may change this Privacy Policy. We will manage your personal data in accordance with the Privacy Policy version that was published on the date that we collected the data about you.

Definitions

The data we collect about you depends on how we interact with you. We use these terms to explain those relationships:

• Privacy Policy is posted;
• visitor means an individual who visits our website, our social media pages, or visits our offices, interacts with us at a trade show or other industry event, or communicates with us in some other way other than as an account admin or staff user;
• account admin means an individual who interacts with us as a representative of our customer and includes individuals who have administrative access to the services on behalf of the customer;
• customer means the business or other organization that establishes an account with us or our reseller for the use of our services;
• staff user means an individual whose personal information is included in the information we process as part of providing our services; such as a member of the customer’s staff;
• When we use the word** services **we are referring to Pingboard’s online applications, including staff directory, organizational charts, and mobile app;
• site or website refers to https://pingboard.com and any other website where this Privacy Policy is posted;
• we, our, and us refer to Pingboard, Inc.;
• you and your refer to visitors, account admins, and staff users as indicated by the context.

Data Collection Methods

Automated data collection on our website and services

When you visit our site or use our online services, our servers capture data that may be used to identify you or your device, such as your IP address, device identifier, and information about your device such as the operating system, time zone setting, language setting, browser settings, and browser plug ins. Our servers may also capture information about your visit to our site or services platform, such as the web page you visited before coming to our site, the time and duration of your visit on each page on the site, and your navigation path from page to page (i.e., what you click on). Depending on your device settings, we may also capture location information. We use third-party service providers such as Google Analytics, Fullstory, and ConversionRuler to capture other information about your site visit, such as recordings of you scrolling activity on each page of our site.

We and our third-party analytics providers may place a cookie on your browser so that we may identify you as a return visitor if you visit our site more than once. Please see How to Opt Out of Cookies below for information on how to block cookies.

Data provided by advertisers

If you arrive at our site by clicking on a link that is part of an advertisement on another site (including an advertisement on a social media platform), the advertising service will identify the link, enabling us to associate you with the advertising parameters we provided to the advertising service. For example, we may ask an advertising service to target our ad to individuals that the ad service has identified as a human resources professional. If you arrive at our site by means of the link in that ad, we will be able to infer that you are likely a human resources professional. Advertising services are responsible for the collection, use and disclosure of the data they provide to us in accordance with their published privacy policies. See the section below captioned Advertising Ecosystem.

Data you volunteer

We collect personal data that you submit to us as part of a communication with us as a visitor or account admin, such as via chat on our site, email, submission of a web form, telephone, or in person (such as at a meeting, trade show or other event). For example, you may communicate with us as a visitor to obtain more information about our services, or as an account admin to request technical support. The communication may include information that can be used to identify you such as your name, job title, job function, the organization you represent, email address, phone number as well as information about your interest in our company or our services. We do not solicit information from you as part of these communications other than information that is useful to us in light of the purposes described above, but if you choose to volunteer more personal information than we ask for we will collect that as part of the communication.

Account admin data provided by you or your organization Our customers are required to name billing, administrative, technical and other types of service and account admins who have authority to use our services and manage the customer’s account. We collect the name and business contact information of these account representatives, and will require each individual account representative to establish their own set of account credentials (username and password). If the customer wishes to integrate our services with other online services, we will require the customer to provide the access tokens or account credentials used to access those platforms.

If you use a personal payment card or other financial account to make payment arrangements, then we may collect information relevant to the processing of the payment transaction.

Staff user data provided by you or your organization by means of our services

Our customer provides information about staff users that is relevant to the services we provide, such as your name, job title, business or home contact information, the teams that you are on within your organization, and the office you work out of. Our customer may enable you to modify the information they provide, and may also enable you to add information to the service, such as your photo and social media account names.

Marketing Partners and Resellers

We have relationships with other companies that help us market, sell and deliver our services. They may collect personal data of the type described above using the methods described above and provide that data to us. For example, we have relationships with companies who refer customers to us and resellers who offer our services under the reseller’s own brand name. We will treat personal information we receive from our marketing partners and resellers the same as the personal information we collect directly.

Why We Collect Data and How We Use It

This section describes the purpose for which we collect personal data and how we use it for that purpose.

Visitors: We collect and use data about visitors:

• to operate our website – web servers, by their nature, must capture your IP address and information about your browser and device to display our site to you;
• to develop our website and help us develop of product offerings – we use the information about your navigation on our site to help us understand what part of our website and product offerings is of interest to different kinds of visitors so that we can modify and improve our site content and other marketing materials to be more appealing to prospective customers; we may also use the information about your site visits and other visitor interactions to help us measure interest in our services or various features of our services;
• to show you personalized content when you visit our site – we use information about your prior visit to our site to customize your subsequent visits; for example, we may make information about products or services that appear to be of interest to you based on your prior visit more visible to you as part of your navigation of our site;
• to measure the success of our advertising efforts – we use visitor information to verify whether the ad services we purchase from third parties are actually resulting in visits to our site or other visitor interactions;
• to register you for webinars or other online or off-line events we may host – we use your name and contact information to register you for events that you sign up for;
• to communicate with you as part of our marketing efforts – if you provide us with contact information we may use it to send you communications about our company, our products or services, or related topics that we think you may find of interest;

Account Admins: we collect and use data collected about accounts admins (alone or as combined with data collected as part of your visitor activity, such as pre-login activity on the site):

• to provide our online services – we use login credentials to authenticate individuals as authorized administrative users of our services; we use data collected by automated means by our servers as necessary to provide the services to manage our account with you – we use your name and contact information to to send invoices and other account communications, authenticate individuals who request information or support on the customer’s behalf, and administer the customer’s account, such as processing billing information to complete customer purchases;
• to communicate with you as part of our marketing efforts – we use contact information and information about your use of our services to send you communications about our products or services, or related topics that we think you may find of interest; and
• to market our services - if you provide a customer testimonial or other content for marketing purposes we will publish the content with your name or other identifying information that you authorize us to use;  if you agree that we may use you as a reference, we may provide your name and contact information to prospective customers for our services so that they may contact you to discuss your experience with our services.

Staff Users: we collect and use data about you as a staff user only to provide the services or as otherwise authorized in our agreement with our customer, or as may be required by applicable law. We disclose this data to other staff users and account admins as authorized by our customer as part of providing our services. For example, your co-workers who are authorized to use the services as staff users or account admins will see your name, title, photo or other information that you or our customer has provided to use for the purpose of providing the service. If the customer has directed us to provide integrations with third party services, such as Slack, we will disclose your data to the third party as necessary to provide the integration. Some of our customers are subject to special data privacy laws, such as the General Data Protection Regulation adopted by the European Union in May 2018 (the “GDPR”) and the California Consumer Privacy Act of 2018 (the “CCPA”). We make appropriate contractual commitments to our customers in support of their obligations under the GDPR, CCPA or other data privacy and protection laws applicable to them. Please contact us at the address above if you have questions or concerns regarding our processing of the data described in this Section. We ask, however, that if you are a staff user you first contact our customer (typically your employer) if you have a request to access, block, erase or take other action with respect to data that we have about you as a staff user.

Disclosure

We have not sold or leased personal data, and will not sell or lease your personal data unless you give us your consent to do so. The California Consumer Privacy Act includes a definition of “sale” that may include permitting third party advertisers to collect data about our site visitors for use as part of their advertising services generally. During the prior 12 months we have permitted Google, LinkedIn, Twitter, Facebook and Quora to collect data on our site by means of advertising cookies. See the section below captioned Advertising Ecosystem for information on how you block these cookies.

We will not disclose your personal data to third parties except as follows:

Legal Reasons

When we believe release is appropriate to comply with the law, to enforce our terms of use and other rights, or to protect the rights and safety of others.

This may include exchanging information with government regulatory or law enforcement agencies, or with other companies and organizations for fraud protection and legal compliance.

Protecting Network and Information Security

As necessary to protect our information and systems from unauthorized actions that compromise their security or availability, such as disclosures as part of industry initiatives to identify and block malicious actors.

Sale of Business

As part of a sale of a sales of business assets where the purchaser needs the personal data to use the assets.

We may in the future sell all or part of our assets or be involved in a merger. We may provide the company that is seeking to acquire our business with access to personal data as part of their evaluation of our business, but will require them to maintain the personal data in confidence and use it only to evaluate our business. If we complete a transaction, it is customary to transfer personal data that is related to the purchased business assets to the purchaser.

Service Providers

We use the services of companies like the ones listed at https://pingboard.com/legal/subprocessors below to collect data on our behalf or to help us analyze, store, manage and otherwise process your personal data. Each of these companies commits in its contract with us to use the personal data only according to our contract with them or our other instructions as necessary to support our business. They are not authorized to use your personal data for any other purpose. They are not authorized to disclose your personal data to others except with our permission, and only if they require the others to comply with the same restrictions that apply to them.

Advertising Ecosystem

We use online advertising services that enable a practice referred to as “online behavioral advertising.” These services aggregate data about an individual’s behavior on many different sites and online services, and use that data to sell targeted advertising services. For example, we permit Google’s advertising services to collect data about your behavior on the Pingboard Site, as do many other website operators who use Google’s ad services. Google combines the data about an individual that it collects from different sources, and uses this aggregate data to sell advertising services that target the display of ads to web users who meet certain behavioral criteria. Google does not disclose this aggregate data to Pingboard, but we are able to infer that users who interact with our ad meet the advertising criteria we provided. Google collects this data using cookies, web server logs (its own and its advertising customers), clear gifs and other online data collection techniques. See How to Opt Out of Cookies.

Cookies

A cookie is a unique alpha numeric identifier that is placed by a web server on the browser used to view content or use the services of web server. A tracking pixel, also known as a web bug or web beacon, is a small graphic (usually 1 pixel x 1 pixel) invisible to the eye, that is embedded in web content or email. When content that has an embedded web beacon is viewed, the browser will request content from a web server, which in turn will set a cookie.

We use the following types of cookies as part of our website, services and email:

• Strictly Necessary Cookies: These enable you to navigate and use the features in our services. For example, without these, you would not be able to log into secure areas of the service.
• Personalization Cookies: These enable us to identify you as a repeat user and to remember your preferences. For example, we use this to remember how you sort the employee directory so that it is sorted the same way the next time you use the service.
• Analytics Cookies: We use these cookies to analyze how you use our services, to monitor speed of the services, to detect and fix errors, and to understand the effectiveness of our communications and marketing. For example, we use Google Analytics to facilitate analysis of visitors use of the site, including pages viewed, time and frequency of your visits.
• Marketing Cookies: We use these on our website and as part of our email (but not the Pingboard application) to learn how you interact with our website and email. This information helps us, and the advertising services providers we use, better promote our services. For example, if you visit a Pingboard.com page about org chart software, you may later see an ad about Pingboard org charts when you visit a different website.

Cookies may be placed by Pingboard directly or by our service providers.

How to Opt Out of Cookies

The Osano Cookie Consent tool (shown as a cookie icon in the bottom left corner of our website) will record when you have consented to our cookie policy and allow you to control the Personalization, Marketing and Analytical cookies set by using our website. Strictly Necessary cookies cannot be disabled.

Our servers do not recognize or respond to any “do not track” setting you may have in your browser. Using your browser to disable cookies, may impact your ability to use our services.

Additionally, you may disable analytics cookies by visiting the websites of our analytics service providers, currently:

• https://support.google.com/analytics/answer/181881?hl=en
• https://www.fullstory.com/optout
• https://www.conversionruler.com/optout.php

You may disable marketing cookies by visiting:

• https://optout.networkadvertising.org/
• http://www.aboutads.info/choices

Communications Policy

If you do not wish to receive our email or other communications, please send your request to dpo@pingboard.com. Please note that it may take up to ten days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.

Children

Children are not permitted to use our site or services. We do not knowingly collect personal information from anyone under 16. If you are under 16, do not use or provide any information on our Sites unless you have involved your parent or guardian. If we discover that we have information about a child we will delete that information. If you are the parent or guardian of a child and you believe we have personal data about the child without your consent, please contact us at the address appearing at the top of this page and we will delete that information.

Security

Pingboard protects personal data from unauthorized use, disclosure, corruption and destruction using appropriate technical and organizational measures.

Data Integrity

We process personal information only for the purposes for which it was collected and in accordance with this Privacy Policy. We regularly review our data collection, storage, and processing practices to ensure that we only collect, store, and process the minimum personal information needed for the purpose collected. We promptly correct personal information of visitors that we discover is inaccurate, incomplete, or outdated. We depend on our account admins and staff users to update their personal data as necessary.

Data Retention

We will retain your personal data only for as long as reasonably necessary to fulfill the purpose for which it was collected, and to comply with our legal obligations, and will use secure means to destroy the data after that time. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Requests to access, amend, delete or restrict the use of your personal data

Our contact information appears at the top of this Privacy Policy. Please send us a request if you would like to know what personal data we have about you, or would like us to correct inaccurate data, delete your personal data, or restrict the use of your personal data. If you have a request to access, block, erase or take other action with respect to data that we have solely as a data processor for our customer (typically your employer), first contact our customer with the request. We commit to responding to your request promptly and honoring your reasonable requests. We will comply with all applicable legal requirements related to your requests, but please note that we are not required by law to delete or restrict the use of your data in a way that prevents us from complying with our legal obligations to our customer or that interferes with our reasonable record keeping as necessary to demonstrate compliance with our contracts and applicable law.

Additional Information for California Visitors, Account Admins

In addition to our commitments stated above, if our collection of personal information about you for our own general business purposes is covered by the California Consumer Privacy Act you have certain rights under that law.

You may request disclosure of the following specific information:

• the categories of personal information as well as the specific pieces of personal information that we have collected about you for our business purposes over the prior 12 months:
• the categories of sources from which we have collected that personal information,
• our purpose(s) for collecting that personal information,
• the categories of third parties with whom we have shared the personal information, such as our service providers, and
• whether we have sold the personal information to third parties or disclosed the information to third parties for a business purpose, and if so the categories of personal information and third parties.

In addition, you have the right to ask Pingboard to delete your personal information. We will comply with your deletion request and require our service providers to do the same, unless we plan to retain the personal information on a legally permitted basis and we give you notice of this fact and the legal basis on which we rely.

You may make a request by calling our toll-free number (877) 733-5157 or submitting the request online here or by sending an email or physical mail request to the addresses above.

Before responding to your request we may ask you to provide information needed to verify that you are the consumer (or have authorization from the consumer) whose personal information is covered by the request. For account admins, this may be the information you use to log in to the customer’s account. For visitors, this information will depend on the kind of personal data we have about you.

We may not discriminate against you because you make a request described in this Section by denying you our services or providing a different quality or price for our services, unless the different service or price is reasonably related to the value provided to you by your data.

If you are under 16 years of age, you are not authorized to use our website or our services and we don’t want your personal data.

International Data Transfers

Pingboard complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Pingboard has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Pingboard has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

As required under EU-U.S. DPF principles, when we receive information under the Data Privacy Framework and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Data Privacy Framework if the agent processes the information in a manner inconsistent with the Data Privacy Framework and we are responsible for the event giving rise to the damage.

Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.

Pingboard is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Your Rights Under GDPR

If you reside in a member state of the European Union, you have the right under certain circumstances:

• to be provided with access to your personal data held by us;
• to request the rectification or erasure of your personal data held by us;
• to request that we restrict the processing of your personal data;
• to object to profiling activities based on our own legitimate interests;
• to request that your data be transferred to a third party;
• to obtain a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization.

You may exercise your rights by sending an email to dpo@pingboard.com. We will respond to your request promptly. However, if you are exercising your rights with respect to personal data that we have solely as a data processor for our customer (typically your employer organization), first contact your organization with the request. In most cases, your organization can fulfill your request using their administrative access to the services. We will promptly respond to your organization if they ask for our help in responding to your request. If you are not able to resolve your request after working with your organization or Pingboard, you may use the dispute resolution procedures described in the section above captioned “International Data Transfers.”