Effective: September 15, 2019
When we talk about “Baily Labs,” “we,” “our,” or “us” in this Privacy Statement, we are referring to ACN Digital Holdings Ltd (Irish company number 526761), the company that provides the Services. When we talk about the “Services” in this Privacy Statement, we are referring to our online tools, platform and other consulting services. The Services are currently available over the web, for use via a web browser or applications specific to your desktop or mobile device.
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of personal data. In general, the Customer is the controller of Customer Data (as defined below). In general, we are the processor of Customer Data and the controller of Other Information (as defined below).
If you join an organisation and create a user account, you are a “user,” as further described in the User Terms of Service.
Content and information submitted by users to the Services is referred to in this Privacy Statement as “Customer Data”. Customer Data is controlled by the organisation or other third party that created the account (the “Customer”). Where we collect or process Customer Data, we do so on behalf of the Customer as their processor. Some examples of Customer Data include calldock account information and minimum viable products information. The Customer or user may also choose to enter personal data into their profile, such as first and last name, job, a photo and a phone number.
If you are using the Services by invitation of the Customer, whether the Customer is your employer, another organisation, or an individual, the Customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Customer Data which may apply to your use of the Services. Please check with the Customer about the policies and settings it has in place regarding your Customer Data which should be set out in their own privacy statement.
We may also collect and receive the following information (“Other Information”):
Users’ personal data such as an email address and password to create an account;
When the Customer creates an account using the Services, we collect an email address, a company name, domain details, and password;
For Customers that purchase a paid version of the Services, our corporate affiliates and our third party payment processors may collect and store billing address and credit card information on our behalf or we may do this ourselves;
This is information about how you are accessing and using the Services, which may include administrative and support communications with us and information about the teams, people, features, content, and links you interact with, and what third party integrations you use (if any);
When you use the Services our servers automatically record information, including information that your browser sends whenever you visit a website or your mobile app sends when you are using it. This log data may include your Internet Protocol address, the address of the web page you visited before using the Services, your browser type and settings, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, and cookie data;
We may collect information about the device you are using the Services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings;
Precise GPS location from mobile devices is collected only with your permission. WiFi and IP addresses received from your browser or device may be used to determine approximate location;
If, when using the Services, you integrate with a third party service, we will connect that service to ours. The third party provider of the integration may share certain information about your account with us. However, we do not receive or store your passwords for any of these third party services; and
We may also receive information from affiliates in our corporate group, our partners, or others that we use to make our own information better or more useful. This might be aggregate level information, such as which IP addresses go with which Eircodes (Irish postcodes), or it might be more specific information, such as about how well an online marketing or email campaign performed.
We are committed to keeping your email address confidential. We do not sell, rent, or lease our subscription lists to third parties, and will not disclose your email address to any third parties except as allowed in the section titled Disclosure of Your Information.
We will maintain the personal data you send to us via email in accordance with applicable Irish law.
[In compliance with the CAN-SPAM Act] All emails sent from us will clearly state who the email is from and provide clear information on how to contact the sender. In addition, all email messages will also contain concise information on how to remove yourself from our mailing list so that you receive no further email communication from us.
Our emails provide users the opportunity to opt-out of receiving communications from us and our partners by following the unsubscribe instructions located at the bottom of any email they receive from us at any time.
Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking on the unsubscribe link in the email.
We use your Other Information to provide and improve the Services. We carry out research and analyse trends to better understand how users are using the Services and improve them. In particular, we use your Other Information for the following purposes:
To communicate with you by:
- responding to your requests. If you contact us with a problem or question, we will use your information to respond;
- sending emails. We may send you Service and administrative emails. We may also contact you to inform you about changes in our Services, our Service offerings, and important Service related notices, such as security and fraud notices. These emails and messages are considered part of the Services and you may not opt-out of them.
- direct marketing emails: we may also use your contact information for our own marketing or advertising purposes such as by sending emails about new product features or other news about us. You can opt out of these at any time we sometimes;
- billing and account management. We use account data to administer accounts and keep track of billing and payments;
- communicating with you. We often need to contact you for invoicing, account management and similar reasons; and
- investigating and preventing bad stuff from happening. We work hard to keep the Services secure and to prevent abuse and fraud.
To the extent that our processing of your Personal Data is subject to the General Data Protection Regulation (the GDPR), we rely on our legitimate interests, in managing our business (for administration, to keep our records updated and to study how users use our Services), to process your personal data provided such interests are not overridden by your interests and rights. We may also process your Personal Data for direct marketing purposes and you have a right to object to our use of your Personal Data for this purpose at any time.
There are times when information described in this Privacy Statement may be shared by us. This section discusses only how we may share such information. Customers determine their own policies for the sharing and disclosure of Customer Data. We do not control how Customers or their third parties choose to share or disclose Customer Data.
We may share Other Information about you:
- with the Customer: there may be times when you contact us to help resolve an issue specific to a product of which you are a user. In order to help resolve the issue and given our relationship with our Customer, we may share your concern with our Customer;
- with a third party service providers and agents: we may engage third party companies or individuals, such as third party payment processors, to process information on our behalf;
- with affiliates: we may engage affiliates in our corporate group to process other information.
- during changes to our business structure: if we engage in a merger, acquisition, bankruptcy, dissolution, reorganisation, sale of some or all of our assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence);
- to comply with laws: An Garda Síochána (namely, the Irish police authorities), local authorities, the Revenue Commissioners, the courts, legal process and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime or to comply with legal or regulatory requirements and to respond to lawful requests; and
- to enforce our rights, prevent fraud and for safety: to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
This Privacy Statement is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable user or Customer of the Services (i.e. anonymised) and falls outside the GDPR. We may disclose or use such information for any purpose. For example, we may share anonymised information with our partners or others for business or research purposes like telling a prospective Customer the average number of calls logged within a calldock account or partnering with research firms or academics to explore interesting questions about innovation practices.
Your personal data may be stored and transferred within the EEA or transferred to, and stored in, countries outside the EEA. Those countries may not provide an adequate level of protection in relation to processing your personal data. Where it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under GDPR Article 46.2 or an adequacy decision under GDPR Article 45. Please contact us via email at email@example.com if you wish to obtain information concerning such safeguards.
We will only store your personal data for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) the length of time we provide our Services; (ii) where we are subject to a legal requirement; and (iii) whether the retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
We take security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Other Information, please see our Security Practices; we keep that document updated as these practices evolve over time.
Our Services are not directed to children under 16. If you learn that a child under 16 has provided us with personal data without consent, please contact us.
Individuals located in, or citizens of, certain countries, including the European Economic Area have certain statutory rights in relation to their personal data. Subject to any limitations and restrictions provided by applicable law, you have the right to:
- access a copy of the personal data we hold about you;
- have us correct any inaccurate personal data about you and complete any personal data that is incomplete;
- erasure of your personal data. Please note, this right does not apply for example, where the processing is necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims;
- request a copy of your personal data in a portable format.
- request a restriction of the processing of your personal data;
- withdraw your consent. If we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time. However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent;
- object to the processing of your personal data where we are processing your personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.
If you wish to exercise any of these rights, please contact us (see ‘Contact Us’ below). We may request proof of identification to verify your request.
You also have the right to make a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The Irish Data Protection Authority (the Data Protection Commission) contact details are:
Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
Questions, comments, requests and complaints regarding this Privacy Statement and your personal data are welcome and should be addressed to our Data Protection Officer at firstname.lastname@example.org or at our mailing address: Baily Labs, Suite 61, 20 Harcourt Street, Dublin D02H364, Ireland.