1. Introduction
This Privacy Notice applies across all sites and services provided by CARIBSOC. For the purposes of this notice, we’ll refer to them as our ‘services‘.
When we say ‘personal data’ we mean identifiable information about you, like your name, email, address, telephone number, bank account details, payment information, support queries, community comments and so on. If you can’t be identified (for example, when personal data has been aggregated and anonymised) then this notice doesn’t apply. Please see our Terms of Service for more information on how we treat other data.
We may need to update this notice from time to time. Where a change is significant, we’ll make sure we let you know – usually by sending you an email.
Here is a summary of some of the key changes we have made on the 20th of May 2018:
- Navigation: We have reorganized the Privacy Notice sections to make it easier to understand and to find the information you need.
- Principles: We’ve introduced our key privacy principles that guide our approach to data protection: Security, Stewardship and Transparency.
- Collection and Use: We’ve provided more information about the ways we collect personal data about you, and how we intend to use it.
- Cookies: We’ve introduced a new Cookie Notice to provide detail about the cookies that we use, why, and how they are used by our services.
- Your Rights: We’ve set out your rights and how those rights can be exercised.
2. Who are we?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means CARIBSOC. Our headquarters are in St. Kitts & Nevis and our physical address details and contact details are available on our Contact Us page.
We provide online brainstorming, collaboration and group decision making tools. Our software make meetings more effective, engaging and action-focused. If you want to find out more about what we do, please see the CARIBSOC website.
3. Our principles of data protection
Our approach to data protection and privacy is based on three key principles. They are at the heart of what we do and the decisions we make relating to your personal data:
- Security: We remain vigilant and diligent with the way we collect and store personal data entrusted to us.
- Stewardship: We accept the responsibility that comes with processing personal data.
- Transparency: We take a human approach to how we process personal data by being open, honest and transparent.
4. How we collect data
When you visit our services, we will collect information about you. The ways we collect it can be broadly categorised into the following:
Information you provide to us directly
When you use our services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up for a free trial, respond to a job application, subscribe to our use our services, take part in training and events, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but may mean you can’t use some of our services.
Information we collect automatically
We collect some non-identifying information about you automatically when you use our services, like your IP address and device type. We also collect information when you interact with our services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our services so that we can continue to provide the best experience possible (e.g. by improving the way people brainstorm and prioritise ideas).
Information we get from third parties
The majority of information we collect, we collect directly from you. Sometimes we may collect personal data about you from other sources, such as publicly available materials or trusted third parties like your employer for login validation and authentication. We use this information to supplement the personal data we already hold about you, in order to better inform, personalise and improve our services, and to validate the personal data you provide.
Where we collect personal data, we will only process in one or more of these cases:
- to perform a contract with you or the company you work for
- we have legitimate interests to process the personal data (and they’re not overridden by your rights)
- in accordance with a legal obligation
- we have your consent
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features may not be available to you.
If you are someone who does not have a relationship with us but believe that another subscriber has entered your personal data into our websites or services, you’ll need to contact that subscriber for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).
5. How we use your data
We use your personal data to provide you the services you’ve requested and to manage our relationship with you. We may also use your personal data for other purposes, such as:
To communicate with you. This may include:
- providing you with information you’ve requested from us (like notifications when there are updates to your meetings by other people you have invited to participate) or information we are required to send to you.
- operational communications, like changes to our services and security updates.
- marketing communications and product feature updates, in accordance with your email preferences.
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with), in accordance with your email preferences.
To support you: This may include assisting with the resolution of technical support issues or other issues relating to our services, whether by email, in-app support or otherwise.
To enhance our services and develop new ones: For example, by tracking and monitoring your use of our services so we can keep improving, or by carrying out technical analysis of our services so that we can optimise your user experience and provide you with more efficient tools.
To protect: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our services fairly and in accordance with our terms of use, including the use of multiple logins by the same account.
To market to you: In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our services or through third party websites and their platforms.
To analyse, aggregate and report: We may use the personal data we collect about you and other users of our services (whether obtained directly or from third parties) to produce aggregated and anonymised analytics and reports
6. When we share your data
There may be times when we need to share your personal data with third-party organizations. We will only share your personal data with:
- third-party sub-processors who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on our services.
- regulators, law enforcement bodies, government agencies, courts or other third parties where it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure.
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business.
- others with your explicit consent.
7. International data transfers
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
For individuals in the European Economic Area (EEA), this means that your data may be transferred outside of the EEA. Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data (like the United States or Australia), or to a third party where we have approved transfer mechanisms in place to protect your personal data – eg, by entering into the European Commission’s Standard Contractual Clauses, or by ensuring the entity is Privacy Shield certified.
8. Cookies
We use cookies to remember your preferences and provide our services. For this reason, it is necessary that you enable cookies in your browser in order to access our services. You will be asked to acknowledge the use of cookies when you make use of our services. If you want to find out more about the types of cookies we use, why, and how you can control them, please refer to our Cookie Notice.
9. Security
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens. For more information about security, check out our Security FAQ page.
Your data is stored in a top-tier, third-party data hosting provider (Amazon Web Services) with servers located in the U.S. For more information about AWA’s approach to compliance with the GDRP, see https://aws.amazon.com/compliance/gdpr-center/. For clients who have specifically requested, GroupMap will store data on European Servers on a separate instance.
If you are located in the European Union, please note that Amazon Web Services, Inc., which provides our hosting and information storage services, is fully-compliant with the European Union’s Data Protection Directive as a result of being a participant in the Safe Harbor program developed by the U.S. Department of Commerce and the European Union. For more information, please visit https://aws.amazon.com/privacy/.
10. Retention
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
11. Your rights
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or submit your request via the Privacy Center.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- log into your account to view and edit your account details.
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time via our Privacy Center. When you make changes to your personal data via our services, the changes will generally happen immediately. Any web browser or device cache may need to be refreshed by you to view the updated changes.
If you’re not happy with how we are processing your personal data, please our Data Protection Officer via our Privacy Center. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
12. General Data Protection Regulation (GDPR)
As part of Europe’s reformed data protection laws, we have updated our privacy policies, internal processes and relationships with key third-party vendors to better manage the way your data is protected. We have verified our data protection procedures conform to regulations and are embedded into our systems and product development lifecycles.
13. How to contact us
We are always keen to hear from you. You can contact us via our Privacy Center or email us at privacy@caribsoc.com.