Last Updated 02/01/2024.
- We act as a “controller” (as that term is commonly understood under applicable privacy laws) of our business contacts and prospects’ personal data;
If we are processing your personal data on behalf of one of our customers (e.g., your employer), please contact the business with whom you have the primary relationship to make any requests regarding your personal data and we will provide assistance to that customer.
Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it.
What we collect & how
In connection with your access to our Site and/or use of our Service, we collect and store certain information about you. Some of this information can be used on its own or in combination with other information to identify you individually. We collect information directly from you, from other persons, and automatically. This includes:
• Contact Information. When you contact us, including if you sign up to learn more about our Services, request a demo, or otherwise contactus, we collect your name, email address, phone number, the nature of yourinquiry, and any other information you so choose to provide. We may collect information related to your job title, company name, business email, and business phone number.
• Account Information. When you register for an account with us on behalf of your employer, we collect your name, email address, password, and any other information used in connection with accessing your account.
• Purchases and Payments. If you make purchases through our Services, we collect certain payment information via our payment gateway.
• Communications and Interactions. When you email, call, or otherwise communicate with us and with members of our team, we collect and maintain a record of your contact details, communications, and our responses.
• Responses and Feedback. If you participate in our surveys or questionnaires, we collect your responses and feedback, such as user satisfaction or other information related to your use of our Services, and any other information you so choose to provide.
• Marketing and Promotions. If you agree to receive marketing communications from us, we collect your email, name, phone number, preferences, and if relevant, information about your account and the Services and features you use. If you participate in promotions we offer, we collect your name and other information related to the activities available through our Services.
• Events and Other Requests. We also collect personal data related to your participation in our events as well as other requests that you submit to us related to our Services. For example, if you register for or attend an event or webinar that we host or sponsor, we may collect information related to your registration for and participation in such event.
• Preferences. We also may collect information about your preferences, including communications preferences, preferences related to your use of Sources, and any other preferences or requests you provide when interacting with us.
• Business Development Information. To assess and pursue potential business opportunities, we may collect and receive personal data about current, former, and prospective vendors, business partners, and agents, including name, company information, contact details, and communications records.
Information We Collect from Other Persons: we may collect your contact information from your employer, third parties that your employer has authorized to transmit your information and our referral partners.
Automatically Collected Information: We also automatically collect certain usage information when you access the Site or use the Service, such as your device identifier (if using a mobile device), Internet Protocol (IP) address (if using a browser), operating system, browser type, the address of a referring site, and the length of time that you are on a particular page on our Site. We also automatically collect certain usage information through cookies and related technologies, as described below.
What we do with personal data
We collect, use, disclose and otherwise process the personal data we collect about you for thefollowing purposes:
• Services and Support. To allow you to maintain your account with us, provide and operate our Services, communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries, communicate with you about the Services,and to otherwise run our day-to-day operations.
• Analytics and Improvement. To better understand how users access and use the Services and our product and service offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop our Services and its features, and for internal quality control and training purposes.
• Communicate With You. To respond to your inquiries, send you requested materials and newsletters, as well as information and materials regarding our Services and offerings.
• Marketing and Promotions. For marketing and promotional purposes. For example, to send you information about our Services, such as newsletters and other marketing content.
• Research and Surveys. To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
• Planning and Managing Events. For event and webinar planning, and other management-related purposes, such as registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.
• Compliance and Legal Process. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
• Auditing, Reporting, and Other Internal Operations. To conduct financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions, and to maintain appropriate business records and enforce company policies and procedures.
• General Business and Operational Support. To assess and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and to administer our business, accounting, auditing, compliance, recordkeeping, and legal functions.
• Aggregate and Deidentified Information. Not withstanding anything else in this Policy, we may use, disclose, and otherwise process aggregate and deidentified information related to our business and the Services with third parties for quality control, analytics, research, development, and other purposes.
Disclosure of data
We may disclose your information, including personal data, as follows:
- Service Providers, Business Providers and Others: PerformYard may employ other companies and individuals to facilitate our service, to provide the service on our behalf, to perform related services (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, customer relationship management, customer service, and improvement of the Site’s features) or to assist us in analyzing how our Site and services are used.
- Affiliates, Subsidiaries, and Business Partners. We may disclose the personal data we collect to our corporate affiliates and subsidiaries. We may also partner with other businesses to offer our products and services, and we may disclose personal data to those business partners
- Compliance with Laws and Law Enforcement/Protecting our Rights: PerformYard may preserve and has the right to disclose any information about you or your use of our Site or Services without your prior permission if we have a good faith belief that such action is necessary to: 1) protect and defend the rights, property or safety of PerformYard or its employees, affiliates, other users of the site, or the public; or 2) enforce the MSA for the site. We may also disclose information we deem necessary to satisfy any applicable law, regulation, legal process, court order, subpoena or a law enforcement agency or other governmental request.
- Business Transfers: PerformYard may transfer or otherwise share some or all of its assets, including your personal data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
PerformYard does not sell personal data for monetary compensation to non-affiliated third parties for a third party’s own use.
Cookies and other tracking mechanisms
Cookies. “Cookies” are alphanumeric identifiers we transfer to your device’s hard drive through your web browser for tracking purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process, support the security and performance of the Services, or allow us to track activity and usage data within the Services.
Pixel Tags. Pixel tags (sometimes called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content.We may use these, in connection with our Services to, among other things, track the activities of users, and help us manage content and compile usage statistics. We may also use these in our emails to let us know when they have been opened or forwarded, so we can track response rates and gauge the effectiveness of our communications.
Cross-Device Tracking. We and our providers may use the information we collect about you within our Services and on other third-party websites and services to help us and these third parties identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.) to interact or engage with us or the Services.
DoNot Track.Currently, our Site and Services do not recognize “Do-Not-Track” requests. You may, however, disable certain tracking as discussed below (e.g., by disabling cookies).
Your privacy choices
We make available several ways for you to manage choices about your personal data, including preferences regarding cookies, advertising, whether you want to receive marketing and promotional emails from us, and choices regarding your account and profile information.
Cookie Settings. To prevent cookies from tracking your activity on our Site or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Site who disable cookies will be able to browse the Site, but some features may not function.
Industry Ad ChoicePrograms. You can also control how participating third-party ad companies use the information that they collect about your visits to our Site, and those of third parties, in order to display more relevant targeted advertising to you. If you are in the U.S., you can obtain more information and opt out of receiving targeted ads from participating third-party ad networks ataboutads.info/choices (Digital Advertising Alliance). Opting out of participating third party ad networks does not opt you out of being served advertising. You may continue to receive generic or “contextual” ads on our Site. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.
MarketingCommunications. You can opt out of receiving marketing emails from us by using the unsubscribe feature in any such email we send you. You can also log in to your account and change your marketing/communications preferences.
Account and ProfileInformation. If you have an account with us, you may access, review, and update your account and profile information, such as your name, email address, contact information, preferences, and other profile information by logging in and accessing the information directly within your account.
PerformYard does not knowingly collect personal data from anyone we know to be under 13 years of age. Please contact us if you believe a child may have provided us personal data for prompt resolution.
We have implemented safeguards that are intended to protect the personal data that we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.
Depending on where you live or are located, you may have certain rights relating to your personal data. These rights may include the right to:
- Access your personal data held by us;
- Know more about how we processed your personal data;
- Rectify inaccurate personal data and, taking into account the purpose of processing the personal data, ensure it is complete;
- Erase or delete your personal data to the extent permitted by applicable data protection laws;
- Transfer your personal data to another controller, to the extent possible (right to data portability);
- Not be discriminated against for exercising your rights described above; and
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our Website or in our services.
To exercise your rights, please contact us by using the information outlined below. We will contact you if we need additional information from you in order to honor your request.
Some users may update their user settings, profiles, and organization settings by logging into their accounts and editing their settings or profiles. If you are an employee of a PerformYard customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.
PerformYard Services are hosted and operated in the United States (“U.S.”). Laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any personal data about you, regardless of whether provided by you or obtained from a third party, is being provided to PerformYard in the U.S. and will be hosted on U.S. servers, and you authorize PerformYard to transfer, store and process your information to and in the U.S.
PerformYard complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework(“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively, the “Frameworks”). PerformYard has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) regarding the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom and Gibraltar in reliance on the UK Extension to the EU-U.S. DPF. PerformYard has certified to the U.S.Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the relevant principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
We commit to process the personal data we receive under the Frameworks in accordance with the EU-U.S. DPF Principles or the Swiss-U.S. DPF Principles, as applicable.
Your Choices. Pursuant to the Frameworks, EU, UK, and Swiss individuals (“you”) have the right to obtain confirmation of whether we maintain your personal data in the United States. Upon request, we will provide you with access to the personal data that we hold about you. You may also request that we correct, amend, or delete the personal data we hold about you. To request access to, or correction, amendment, or deletion of your personal data that we have transferred to the United States under the Frameworks, please contact us at firstname.lastname@example.org.
You may also opt out of our disclosure of your personal data to a third-party, or use of your personal data for a purpose that is materially different from the purpose(s) for which the personal data was originally collected or subsequently authorized by you. To do so, please contact us at email@example.com.
Sensitive Personal Data. To the extent we collect any sensitive personal data about you (i.e., personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), we will obtain affirmative express consent (i.e., opt in) from you if such data will be (i)disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by you. In addition, we will treat as sensitive any personal data received from a third party where the third party identifies and treats it as sensitive.
Transfers to Third Parties. We transfer personal data to third parties such as service providers (e.g., to process your transactions), non-affiliated third parties (e.g., for joint marketing purposes), to other customers or third parties using our service (e.g., to assist in carrying out transactions) and to appropriate vendors (e.g., to investigate suspected fraud, verifying identity, potential threats to safety, illegal activities, violations of Terms & Conditions). We contractually require third parties to whom we transfer personal data to provide the same level of protections as those found in this statement.
Complaints and Dispute Resolution. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PerformYard commits to resolve complaints about our collection and use of your personal data that we receive pursuant to the Frameworks. EU, UK, and Swiss individuals with inquiries or complaints relating to our handling of personal data received in reliance on the Frameworks should first contact us as described in more detail in the Contact section below. We will work to resolve your issue as quickly as possible, but in any event, we will respond no later than 45 days of receipt.
HR Data. PerformYard commits to cooperate and comply with the advice of the panel established by the EU data protection authorities, the UK Information Commissioner’s Office, the Gibraltar Regulatory Authority, and the Swiss Federal Data Protection and Information Commissioner, as applicable, with regard to unresolved complaints concerning our handling of human resources personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPFin the context of the employment relationship.
Binding Arbitration. If your complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Principles Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
FTCEnforcement. The U.S. Federal Trade Commission has jurisdiction over PerformYard’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Law Enforcement or Public Authority Requests. In accordance with our legal obligations, we may be obligated to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Liability for Onward Transfers.PerformYard remains responsible and liable under the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for any onward transfers of your personal data to third-parties.