Last updated: June 24, 2019
Permission.io, Inc. (“Permission”, “we”, “us” or “our”) respects the privacy of our users (“data subject”, “user”, “you”, or “your”). This Policy applies to information we collect when you use our websites https://Permission.io and all subdomains of https://Permission.io (“Sites”) including any other media form, media channel, forums, mobile website, or mobile application related or connected thereto provided or officially sponsored by Permission, any other Permission websites that link to this Policy (collectively, the “Websites”) or Permission Services.
Any information relating to an identified or identifiable natural person (“data subject” or “user” or “you”), is considered personal data. An identifiable natural person is anyone who can be directly or indirectly identified, in particular by reference to an identifier such as a name, an identification number, location data, online identifiers, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Sensitive Personal Data
This refers to the various categories of personal data identified by European and other data privacy laws as requiring special treatment, including (in some circumstances) the need to obtain explicit consent. These categories comprise personal identity numbers, personal data about your personality and private life, racial or ethnic origin, nationality, political opinions, membership of political parties or movements, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health, genetic code, addictions, sexual life, property matters or criminal records (including information about suspected criminal activities).
When you share personal data with us for processing, you become the data subject according to the General Data Protection Regulation, making us the controller responsible for processing.
Controller, Controller Responsible for Processing
The legal person, public authority, agency or other body which determines the purposes and means of processing personal data, whether alone or jointly with others. Where the purposes or means of processing are determined by Union or Member State law or other applicable law, rules or regulations, the controller (or the specific criteria for nominating the controller) may be provided for by the governing authority.
We consider any operation or set of operations performed on any personal data to be processing, whether through automated means or otherwise. Such operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction, and disseminating or otherwise making personal data available.
Restriction of Processing
To limit the processing of personal data in the future, such data may be marked to indicate this restriction of processing.
Any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person is considered profiling. In particular, such processing may be used to analyze or predict aspects concerning that natural person’s performance at work, health and economic situation, personal preferences, interests, reliability, behavior, location or movements.
Processing personal data in a way that prevents that data from being attributed to a specific user without additional information is considered pseudonymization. This process ensures that information required to identify a natural person using pseudonymized data is kept separately, and is subject to both administrative and technical measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
As defined by the General Data Protection Regulation, the processor is a natural or legal person, public authority, agency or other body that processes data on behalf of the controller.
The recipient is any natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or otherwise. Public authorities, however, which may receive personal data in the framework of a particular inquiry (in accordance with Union or Member State law, and other applicable laws, rules, and regulations), are not considered recipients. Processing of personal data by those public authorities must be in compliance with the applicable data protection rules according to the purposes of such processing.
Third parties consist of any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
We consider consent of a user to be any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them, either by a statement or by a clear affirmative action.
We use automated website analytics and cookies
We partner with selected third party vendors, see below, which may allow tracking technologies and remarketing services on our Websites through the use of first party cookies and third party cookies, to, among other things, analyze and track users’ use of our Websites, determine the popularity of certain content and better understand online activity.
By accessing the Websites, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policies and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors.
Note: You should be aware that getting a new computer, installing a new Internet browser, upgrading an existing browser, or erasing or otherwise altering your Internet browser’s cookies may also clear certain opt-out cookies, plugins or settings.
To improve our Site, Permission may use the following “cookies” to track your visit:
|Google Analytics||To measure effectiveness of advertising and users’ interaction with content.|
|To enable functionality with social media features.|
|To enable functionality with social media features.|
|Youtube||To enable functionality with social media features.|
|To enable functionality with social media features.|
|Medium||To enable functionality with social media features.|
|To enable functionality with social media features.|
|Telegram||To enable functionality with social media features.|
|GitLab||To enable functionality and link to our code repository|
|Mixpanel||To enable application analytics and user interaction statistics|
|SendGrid||To orchestrate email communication with Members|
|HubSpot||To manage and maintain email communication|
|Threat Metrix||To enable functionality of verified user account creation, prevent fraud and for security purposes.|
We use tracking pixels for email updates and newsletters
Our newsletter and emails sent from or on behalf of Permission may contain tracking pixels, or a transparent image embedded in emails to enable log file recording and analysis. We use information collected in this manner to perform statistical analysis of the success or failure of online marketing and customer outreach efforts. Based on the embedded tracking pixel, we may be able to determine if and when an email was opened, and which links in the email were accessed.
Personal data collected using tracking pixels is stored and analyzed by us (and is not shared with third parties) to optimize the delivery of our newsletters and emails, and to improve the relevance of the distributed content. Many email clients and web browsers support functionality to opt out or prevent the use of these tracking mechanisms, however users are entitled to revoke their consent to receiving our newsletter at any time, after which personal data collected in this manner will be deleted by us. We automatically consider a withdrawal or cancellation of subscription to our newsletter as a revocation of your consent.
We may collect personal data
When you access or register with the Websites, or when you choose to participate in other activities related to the Websites like online chat, contact or support, purchases, and subscriptions to services or newsletters, you may be asked to voluntarily share personally identifiable information with us. This information includes details such as your first and last name, postal address, email address, phone number and other similar contact data, as well as demographic information such as your age, gender, hometown, place of employment and interests. You’re not obligated to provide us with any personal information of any kind, and you are free to change or completely remove any information shared with us at any time, however refusing to provide requested personal data might prevent you from using certain features of the Websites.
If you choose to register for an account with Permission or on our Websites, it may be possible for you to share personal data with us. Personal data that we ask for will be indicated as such with an explanation of why we are requesting it, and what it will be used for. By registering and providing us with personal data in this manner, you are providing explicit consent for your information to be used in accordance with this Policy.
We may require additional verification of your consent through a double opt-in procedure where we send a confirmation email to the email address provided for legal purposes and to prevent abuse of our services. To make sure we’re sending newsletters to only those who are interested in receiving them, we may periodically send additional confirmation emails to verified subscribers of our newsletter. Other than confirmation emails, we will not send unsolicited email newsletters to an email address without first receiving consent.
We generally don’t seek to collect sensitive personal data through our Websites, but if we do, we will ask you to consent to our proposed uses of the data. We may also collect some sensitive personal data incidentally. By providing us with unsolicited sensitive personal data, you consent to our using the data subject to applicable law as described in this Policy.
You might provide financial data
When you purchase, order, return, exchange or request information about our services from the Websites, you may be asked to share financial data with us related to your payment method. This information may include your valid credit card number, card brand, and expiration date, as well as other details necessary to process your payment information. We store only very limited (if any) financial information that we collect. Otherwise, all financial information is processed and stored by our payment processors, such as Stripe and PayPal. We encourage you to review their privacy policies and contact them directly for responses to your questions.
You might voluntarily share additional data
We automatically collect any information you provide when you voluntarily submit it to us such as your first and last name, email address, phone number, job title and company name. You may choose to contact us by email or through our Websites for a variety of purposes such as product or company inquiries, customer support inquiries and sales requests. Throughout our Websites, we may also provide the opportunity to register for events or conferences, order or request white papers, or participate in online surveys. When we collect this type of information, we will notify you as to why we are asking for information and how this information will be used. It is completely up to you to choose whether or not you want to provide it.
We do collect some general data
Whenever you (or any other manual or automated system) accesses our Websites, we collect some general data and information about the request and store the relevant details in server or system log files. This data includes details like your IP address, your browser type and version used, your operating system, the time and date you accessed the Websites, and the pages you viewed directly before and after accessing the Websites. Additional detail may be collected or derived from this information for use in the event of an attack on our information technology systems.
We use this information to make sure the content of our Websites is delivered correctly, to optimize our Websites content, marketing and advertisements, to ensure the long-term performance and viability of our information technology systems and Websites, as well as to provide law enforcement with the information necessary for criminal prosecution in case of cyberattack or other unauthorized access and activities.
To support these efforts, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and security of our company, and to maintain an optimal level of protection for the personal data we process. This anonymous data stored separately from all personal data provided by users to protect their privacy and ensure that we do not draw any conclusions about any individual users when analyzing this data.
How long do we keep your data?
We only process and keep any personal data that you share with us for as long as needed to achieve the purpose of storage, as long as consent is maintained, or as long as is granted by the European or other legislators in laws or regulations we are subject to. The exact length of time we keep personal data depends on the respective statutory retention period for that type of information. After that period of time passes, or if storage of personal data is not applicable, personal data is routinely blocked, deleted or erased as long as it is no longer necessary for the fulfillment or initiation of a contract with us or our business purposes.
How do we use your information?
Having accurate information about you helps us provide a smooth, efficient, and customized experience. Generally speaking, we use any information we collect to provide services to you, keep our Websites running smoothly, and protect us legally. More specifically, we may use information collected about you via our Websites to:
- Create and manage your account
- Contact you about your account or orders
- Send you a newsletter once you successfully subscribe
- Respond to your comments, questions and requests and provide customer service
- Send you technical notices, updates, security alerts and support and administrative messages
- Compile anonymous statistical data for use internally or with third parties
- Maintain and improve the efficiency and operation of our Websites and products
- Assist with the development of our products and other purposes related to Permission’s business
- Monitor and analyze usage and trends to improve your experience with our Websites and products
- Process and deliver contest entries and rewards
- Assist law enforcement and respond to subpoenas, and to resolve disputes and troubleshoot problems
- To prevent account fraud and for security purposes
In accordance with applicable law, information covered by this Policy may be transferred to, and processed in, the United States or any other country in which Permission or its affiliates, subsidiaries or service providers maintain facilities, even if the level of data privacy required in that country is less than that required by the European Union or other jurisdictions. By accessing our Websites or submitting your personal data to us, you consent to such transfers and to the worldwide processing of your personal data.
Permission will not use or share your personal information in ways unrelated to those described above without first notifying you and offering you a choice as to whether or not we may use your personal data in a different manner. We do not use automatic decision-making or profiling, and will not sell your personal data for any purpose.
When do we share your information?
We try not to share your personal information that you’ve shared with us, but it may be necessary to disclose it in certain situations, such as with your consent. We will not sell individual information and will share it only as outlined in this Policy.
To obey the law or protect rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies or fraudulent activities, or when we believe in good faith that disclosure is necessary to protect our rights, property, and safety, we may share your information as permitted or required by any applicable law, rule or regulation, including exchanging information with other entities for fraud protection and credit risk reduction. Where applicable, we will make our best effort to notify you of such compliance with local law.
To support necessary business activities
We may share your information with advertisers and investors for the purpose of conducting general business analysis. Additionally, we may share your personal with third parties necessary to provide you with services you have requested such as our hosting, email service, analytics, customer service, parcel delivery service, event or campaign management providers. These parties are authorized to use your personal data only as necessary to provide these services to us or on our behalf, and it is up to you whether or not you choose to provide it. We may also share your information with such third parties for marketing or remarketing purposes, as permitted by applicable law, rule or regulation. Where possible, we attempt to anonymize or pseudonymize your personal data to limit any potential for direct disclosure.
We will only share your personal information if you have agreed to allow us to share your information with third parties. Sharing permissions are controlled by the user within their profile and settings. You have the opportunity to not receive such marketing materials from third parties by updating your subscription preferences.
If you choose to share it
Our Websites offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at dpo (at) permission.io.
Additionally, certain features on our Websites, specifically those for applying to a job opening at Permission, you may use sign-in services such as LinkedIn or other OpenID providers. These services will authenticate your identity, provide you with the option to share certain personal information (such as your name and email address) with us, and to pre-populate our application form. Services like LinkedIn often give you the option to post information about your activities on our Websites to your profile page to share with others within your network.
We may also partner with other companies that offer products or services related to ours or that host or sponsor related events. In such instances, we may share your information with these business partners if you express interest in such products, services or events if you provide your personal information to event sponsors at their booths or presentations.
Note: In some cases, we may not be able to guarantee the removal of your personal data, in which case we will let you know if we are unable to do so and why.
If you leave the Websites to a third party
It’s worth noting that we have no authority to manage or control third party solicitations, and are not responsible for the content or actions of third parties with whom you share personal or sensitive data. If you no longer wish to receive correspondence, emails or other communications from any third parties, you are responsible for contacting such third parties directly.
In the event of a merger or acquisition
What are my rights with personal data?
We recognize, under the EU-US and Swiss-US Privacy Shield and the General Data Protection Regulation, that you have certain rights in regards to your personal data. We feel that your privacy and ability to preserve and exercise your rights is very important. You are encouraged to review and understand these rights as they pertain to you and your personal data. These rights include, but are not limited to:
- Right to be Informed
- Right of Access
- Right to Rectification
- Right to be Forgotten
- Right to Restriction of Processing
- Right to Data Portability
- Right to Object
- Right to Withdraw Consent
In support of these rights, upon request Permission will provide you with information about whether we hold any of your personal data. You may update, correct or delete information about you at any time logging into your account and updating your preferences. If you wish to delete or suspend your account, please do so under your account settings page, but note that we may retain certain information as required by law or for legitimate business purposes. If you have become aware that an account has been created about you without your knowledge or consent, you may contact us at dpo (at) permission.io to request deletion of that account.
For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. Please allow us a reasonable amount of time to respond to your request.
Note: We will retain and use your information, including cached or archived copies, as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
How do you protect my information?
Permission takes reasonable administrative, technical and physical security measures to help protect your personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received, taking into account the nature of such data and the risks involved in processing, and comply with applicable laws and regulations.
While we have taken reasonable steps to secure the personal data you provide to us, please be aware that despite our best efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal data via our Websites.
If you have any questions about security or any reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us at security (at) permission.io.
Where can I get more information?
Policy For Minors
We do not knowingly solicit information from or market to children under the age of eighteen (18). By using the Websites, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Websites. If we learn that personal information from users less than 19 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us with the information below.
Our Websites and products are not intended for, nor designed to attract individuals under the age of eighteen (18). Permission does not knowingly collect personally identifiable information from any person under the age of eighteen.
California Privacy Rights
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
Notice to All Non-US Residents
Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. Except in the case of data transfers under the EU-US Privacy Shield, the Swiss-US Privacy Shield, and the General Data Protection Regulation (GDPR), your decision to provide such data to us, or allow us to collect such data through our Websites, constitutes your consent to this data transfer.
Notice for Residents of the European and Swiss Economic Areas
Permission is committed to subjecting all personal data received from European Union (“EU”) member countries and Switzerland, in reliance on the Privacy Shield Framework (“Privacy Shield”), to the Privacy Shield’s applicable Principles. To learn more about the Privacy Shield Framework, and to view our certification page, please visit: https://www.privacyshield.gov
Permission is responsible for the processing of personal data we receive, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on our behalf. Permission complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including, unless we prove that we are not responsible for the event giving rise to the damage, the onward transfer of liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Permission is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Permission may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If these processes do not result in a resolution, you may then contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance. Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted and upon written notice to Permission at dpo (at) permission.io.
All trademarks, service marks and logos on the Permission Services are the property of their respective owners. Unauthorized use of any Permission (or of any third-party) trademark, service mark, or logo may violate Permission’s or a third party’s legal rights. You must obtain our written permission prior to using any trademark or service mark of Permission.
Permission and its licensors own all intellectual property rights in the Permission Services, including designs, text, graphics, pictures, information, content, software, and other files, and their selection and arrangement (collectively, the “Materials”), except for certain third party content on the Permission Services and as otherwise expressly indicated. The Permission Services and all Materials therein are protected by United States and international copyright laws. Any unauthorized use of the Materials may violate copyright laws, laws of privacy and publicity, and other laws and regulations. In exercising any permitted use of the Materials, you agree to leave all copyright, trademark and other proprietary notices intact.
Digital Millennium Copyright Act (DMCA) Policy
We respect the intellectual property rights of others. If you believe that any content or other content available through the Permission Services infringes your copyright, pursuant to Section 512(c)(3) of the Digital Millennium Copyright Act, please provide us with the following information: (1) a physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed; (2) an identification of copyrighted work claimed to have been infringed, or if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site; (3) a detailed description of the material that you claim is infringing and information reasonably sufficient to permit us to locate the material ; (4) ) information sufficient to permit us to contact the complaining party, including your address, telephone number, and email address; (5) a statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner , its agent, or the law; and (6) a statement, made under penalty of perjury, that the above information is accurate and that the complaining party is the owner or is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Our designated copyright agent for notice of alleged copyright infringement appearing on the Websites can be reached here: dmca (at) permission.io
Upon receipt of a Notification of Copyright Infringement containing the required information as described in (1) through (6) above, we reserve the right to (i) notify the user, if known, of the alleged infringement, and (ii) remove or disable access to the material that is alleged to be infringing if hosted on one of our Permission Services. No personal user information is shared with the copyright owner unless required by law. Permission reserves the right to terminate the accounts of users based on receiving one or more Notice of Copyright Infringement.
DMCA Counter-Claim Procedure
If we remove or disable access to your material and you believe that a copyright holder has accused you in error, you may file a DMCA Counter-Claim with our designated copyright agent. You must provide us with the following information: (1) a physical or electronic signature of the user; (2) identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access to it was disabled; (3) a statement under penalty of perjury that the user has a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled; (4) the user’s name, address and telephone number, and a statement that the subscriber consents to the jurisdiction of Federal District Court for the judicial district in which the address is located, or if the user’s address is outside of the United States, for any judicial district in which the service provider may be found, and that the user will accept service of process from the person who provided notification or an agent of such person;
Upon receipt of a DMCA Counter-Claim, we will provide the complaining party with a copy of the DMCA Counter-Claim. When we receive a Counter-Claim that meets the requirements of the DMCA, we will process the Counter-Claim in accordance with the requirements of the DMCA.
Changes to This Policy
How Can You Contact Us About This Policy
If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO) at dpo (at) permission.io.