Privacy Policy
Last revised on May 26, 2021
Introduction
Orgio, Inc. and its affiliates (the “Company”, “The Org”, “we”, “our”, or “us”) take privacy, transparency and security seriously. This privacy policy (“Privacy Policy”) outlines how we process the information we collect about you through the various products and services offered via our web sites, domains, information portals and registries (collectively, the “Website”) and when you otherwise interact with us, such as through our customer service channels.
Our Website is viewable and searchable by anyone around the world. This Privacy Policy applies when you use our Website. We offer our users choices about the data we collect, use and share as described in this Privacy Policy.
We strongly recommend that you read the Privacy Policy carefully.
By using or accessing the Website in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent to our collection, use, and sharing of your information in the following ways. Remember that your use of our Website is at all times subject to our terms of service, which incorporates this Privacy Policy.
Changes to this Privacy Policy
We may modify this Privacy Policy, and if we make material changes to it, we will provide notice on our Website, or by other means, to provide you the opportunity to review the changes before they become effective. If you object to any changes, you may close your account and discontinue accessing our Website or any materials obtained from it.
You acknowledge that your continued use of our Website after we publish or send a notice about our changes to this Privacy Policy means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy, as of its new effective date.
A. Types of Data We Collect and How We Collect It
We collect the following personal data you provide when you use our Website, including when you sign up for an account and use one of our products, or otherwise engage or communicate with us:
A.1 Data You Provide To Us
- Registration: To create an account you must provide data including your name, email address and a password. You also have the option to affiliate yourself with your employer, place yourself in your employer’s org chart and include a biography, photo and certain social media links.
- User activity: As you use our Website, we collect information about how you access and use it, including your activity on pages on the Website, photos or media you upload to the Website and other content you provide.
A.2 Data from Third Parties
- Data collection: Our active community of contributors may post content that includes information about you (as part of completing an org chart or other articles, posts or comments), including your name, email address, job title and affiliation to your employer. As part of our mission to make every org chart public, we may collect information about you, including your name, photo, job title, office location, employer, social media profile and professional biographies. Data on the Website comes variety of publicly available sources, including from webpages on the internet such as company websites, news articles, company team pages and various other sources.
- Third Party Services: If you link, connect, or log in to your Account with a third-party service (e.g., Google, Facebook), the third-party service may send us information such as your profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings on that service.
A.3 Data Collected Automatically
-
Usage data collected using cookies: We, and our third-party service providers, automatically collect certain types of usage information when you visit or use our Website, through the use of statistical and tracking cookies and similar technologies. We use such cookies to help customize your experience so that your use of our Website is as relevant and as valuable to you as possible, including by:
- saving your password so you don’t have to re-enter it each time you visit our Website;
- recognizing you to deliver content specific to your interests
- tracking the pages you’ve visited.
We use the following types of Cookies:
- Essential Cookies: Essential cookies are required in order to provide you with features or services that you have requested. For example, certain cookies enable you to log into member-only areas of our Website. Disabling these cookies may make certain features and services unavailable.
- Functional Cookies: Functional Cookies are used to record your choices and settings regarding our Website, maintain your preferences over time and recognize you when you return to our Website. These cookies help us to personalize our content for you and remember your preferences (for example, your choice of language or region).
- Performance/Analytical Cookies: Performance/analytical cookies allow us to understand how visitors use our Website such as by collecting information about the number of visitors to our Website, what pages visitors view on our Website and how long visitors are viewing pages on our Website. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Service’s content for those who engage with our advertising. For example, Google, Inc. (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Service is subject to the Google Analytics Terms of Service and the Google Privacy Policy. You have the option to opt-out of Google’s use of cookies by visiting the Google advertising opt-out page at https://policies.google.com/technologies/ads or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.”
You may modify your browser preferences relating to cookies. You have the choice to accept all cookies, to be notified when a cookie is set or to reject all cookies. If you choose to reject cookies, certain of the functions and conveniences of our Website may not work properly. We do not link non-personal data from cookies to personally identifiable information without your permission. To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find more information about cookies, including information about how to manage and delete cookies, please visit http://www.allaboutcookies.org/.
<li><u>Device and location information:</u> To help us protect against fraud, and improve the user experience on our Website, certain of our third-party service providers collect your location data, including current and historical information concerning your geographic location and IP addresses used in conjunction with our Website, information about the URL of both the site you came from and the one you go to and the time of your visit, your device and its software, such as browser type, Internet service provider, platform type, device type, operating system, a unique ID (that allows us to uniquely identify your browser, mobile device, or your account), and other similar information.</li>
A.4. Other Sources
- Future Uses: Our Website is dynamic, and we often introduce new products and features, which may require the collection of new information. If the type of personal data we collect changes materially, or we materially change how we collect, use or share your data, we will notify you and may also modify this Privacy Policy.
We do not collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
B. How We Use Your Data
We use and process the data we collect for purposes described in this Privacy Policy or as otherwise described to you on our Website or in connection with our Website.
We will only collect and process personal data about you where we have a legal basis for doing so. Legal bases include:
- consent (where you have given consent),
- contract (where processing is necessary for the performance of a contract with you (e.g., to allow you to access our Website if you create an account with us); and
- legitimate interests (e.g., our legitimate interests the legitimate interests of third parties such as your employer, provided that such processing shall not outweigh your rights and freedoms, which can include:
- enabling or administration of our business, such as for quality control, consolidated reporting, and customer service;
- enabling us to better understand and improve our business, user and partner relationships; and
- enabling us and our users and visitors to connect with each other, build partnerships, find jobs and economic opportunity and conduct business through leveraging our org charts).
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. See the section below entitled “Your Rights” detailing the specific rights that you have and can exercise at any time. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at contact@theorg.com.
For example, we use your information:
- To meet or fulfill the reason you provided the information to us.
- To communicate with you about the Website, including announcements, notifications, updates or offers.
- To operate, provide support and assistance for the Website.
- To create and manage your account or the accounts for other users.
- To personalize your experience, website content and communications based on your preferences.
- To respond to user inquiries and fulfill user requests.
- To market, improve, and develop the Website, including testing, research, analysis, and product development (including creation and enhancement of org charts and related products and services).
- To protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security and integrity of our Website.
- To comply with applicable laws and our legal or contractual obligations, resolve disputes, and enforce our terms of service.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
We will not collect additional categories of personal data or use the data we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you notifications and updates to org charts that you have decided to follow, newsletters and other content that may be of interest to you, or email you about your use of the Website. If you do not want to receive communications from us, contact us at contact@theorg.com.
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the personal data we collect. For further information on your choices regarding your personal data, see the “Your Rights” section below. We do not sell, lease or rent your personal data to third parties, aside from substantial corporate transactions (described below). We may share your personal data in the instances described below:
- Users of the Website: As part of our mission to make every org chart public, some of your personal data may be visible to other users of our Website and to the public (such as holding a certain position within an org chart, making a move to a new organization, taking up a new position within a team etc.).
- Authorized third-party vendors and service providers: We share personal data with certain authorized and vetted contractors, subcontractors, third-party vendors, and service providers who help us run and protect our business. The categories of service providers to whom we entrust personal data include service providers for: (i) our offering of the Website and the related products and services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities; and (vi) the provision of IT, web hosting and related services.
We use the following IT vendors: Chartio, Amplitude, Zapier, Customer.io, Retool, Geckoboard, Segment, AWS, Google Analytics, Bugsnag, Delighted, HubSpot, Copper. Please note that these third-party services have their own privacy policies, and we strongly recommend that you read their privacy policies as well as terms and conditions of use to understand how they collect, use, and share your information.
- Substantial corporate transactions: We may share personal data in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, reorganization, financing, change or control or acquisition of all or a portion of our business by another company or third party, asset sale, initial public offering, or in the unlikely event of bankruptcy or similar proceeding.
- Legal purposes: We disclose personal data to respond to subpoenas, court orders, legal process, law-enforcement requests, legal claims, or government inquiries and to protect and defend the rights, interests, safety, and security of The Org, our affiliates, users, or the public.
- With your consent: We share personal data for any other purposes disclosed to you with your consent. We may also share information with others in an aggregated or otherwise.
Our Website may also contain links to third-party web sites for your convenience. If you access those links, you will leave our Website. We do not control these third-party websites and cannot represent that their policies and practices will be consistent with this Privacy Policy. Therefore, you should use other web sites with caution, and you do so at your own risk. We encourage you to review the privacy policy of any web site before submitting personal data.
D. Your Rights
For personal data that we have about you, you have the right to access, correct, seek erasure and to restrict us from using your personal data. If you decide to exercise these rights, you can:
- Ask to access and/or obtain a copy of your data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form. You can also download your account data by clicking “Download Data” in the Account settings section of our Website.
- Ask us to amend or correct your data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- Ask us to delete your data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide services to you). You can also delete your position on your company’s org chart by clicking “Edit” on your position and clicking “Delete Position” on the bottom of the page.
- Ask us to limit or stop using your existing data: You can ask us to stop using all or some of your existing personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
If you have any questions about exercising your rights, or would like us to remove your information from the Website, please contact us at contact@theorg.com. Please include the following information if you submit a deletion request for your position on an org chart:
E. Data Security and Retention
Retention
We retain personal data about you for as long as you have an open account with us or as otherwise necessary to offer the products and services offered on our Website. In some cases we retain personal data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation.
Security Measures
We seek to protect your personal data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of personal data and how we are processing that data, including but not limited to:
- Our Website uses SSL (https).
- Account passwords are hashed when stored in our database.
- The authenticity of request methods are verified to prevent CSRF (cross-site request forgery) attacks.
- Access to AWS is limited on a need to know basis and requires Two-Factor Authentication (2FA).
- Employees must have a specific reason they need access to personal data and obtain access approval from someone with administrative access.
- Our data tools have encryption at rest functionality. Data is encrypted unless we need to see it directly for a specific purpose. When data travels between our various tools, it is secure and encrypted. It is only decrypted when we look at it for a specific reason.
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
By using our Website or providing personal data to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Website. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Website, by mail or by sending an email to you.
- Children’s Privacy: Our Website is not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us as set forth below. If we learn that we have collected a child’s personal data in violation of applicable law, we will promptly take steps to delete such information, stop processing the child’s information and terminate the child’s account.
- International Data Transfers: All information processed by us may be transferred, processed, and stored anywhere in the world (for instance, on servers or databases co-located with hosting providers), including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.
If you have any questions about our privacy practices or this Privacy Policy, would like to submit a complaint regarding this Privacy Policy or regarding our practice pertaining to your personal data, please contact us at:
The Org,
118 Spring Street,
New York, NY 10012, United States,
contact@theorg.com