Effective Date: November 16, 2018
Get Things Done, Inc. complies with the EU Data Protection Directive through Privacy Shield certification and the Swiss Federal Act on Data Protection through the US-Swiss Safe Harbor Framework.
WHO WE ARE AND WHAT THIS IS
Get Things Done, Inc. (“Get Things Done”) is the producer and owner of Get Things Done (collectively referred to here as the/our "Software" or the/our "Services"), which are productivity web and mobile based applications that help teams and individuals prioritize and get work done.
We take the private nature of your personal information very seriously, and are committed to protecting it. To do that, we've set up procedures to ensure that your information is handled responsibly and in accordance with applicable data protection and privacy laws. We're grateful for your trust, and we'll act that way.
PRIVACY SHIELD AND US-SWISS SAFE HARBOR OVERVIEW
For more information about the EU-U.S. Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website at https://www.commerce.gov/privacyshield.
Get Things Done, Inc. also complies with the US-Swiss Safe Harbor Framework developed by the U.S. Department of Commerce in consultation with the Federal Data Protection and Information Commissioner of Switzerland and has certified that it adheres to the Safe Harbor Privacy Principles. More information about the principles that make up the Framework, as well as other frequently asked questions relating to Safe Harbor, can be found at: http://www.export.gov/welcome.
TYPES OF INFORMATION
"Personal information" is any information that we could use to identify an individual. It does not include personal information that is encoded or anonymized, or publicly available information that has not been combined with non-public information.
"Sensitive personal information" is information that meets the "personal information" criteria and also a.) reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or b.) concerns health or sex life, information about Social Security benefits, or information on criminal or administrative proceedings other than in the context of pending legal proceedings.
HOW WE COLLECT INFORMATION
We collect information two ways: Information we get from your use of our Services, and information you provide to us directly.
Information we get from your use of the Services is primarily non-personally-identifying information of the sort that web browsers, servers, and services like Google Analytics* typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes how you use the Service (e.g. search queries), your approximate location, cookies, etc.
We collect this non-personally-identifying information in order to better understand how visitors use the Services and, where possible, to improve their experience. For instance, we log the time it takes to run database queries so that we can improve performance. In some cases, we may publicly display information that is not personally identifying in the aggregate, (e.g., by publishing a report on trends in the usage of our Services) or may provide the aggregate data to third parties.
When you use the Services, we also collect potentially personally identifying information in the form of Internet Protocol (IP) addresses, the Uniform Resource Locator (URL) accessed (which may reference the name of a Workspace, card, username, or team), and the unique identification number associated with the account. We don't use that information to identify you, with one exception: we may discover, by reviewing log files, that a particular account is using the Services in a way that is degrading the experience for all the Services’ users. If this is discovered, we may look up personally identifiable information associated with that account in order to contact the account owner. We handle and disclose this information in the same way we handle other potentially personally identifying information as described below.
Information you provide to us directly. Certain visitors to our Services choose to interact with them in ways that may require them to provide us with personally identifying information. The amount and type of information that is provided depends on the nature of the interaction. For example, we ask visitors who sign up for our Services to provide a real name, and email address. Organizations and individuals who engage in financial transactions to purchase paid services are asked to provide additional information, such as the personal and financial information required to process those transactions. In each case, we only collect as much information as is necessary or appropriate given the type of interaction. We do not disclose personally identifying information other than as described below. And you can always refuse to supply personally identifying information, with the caveat that it may prevent you from engaging in certain activities.
If you send us a request, such as emailing us for support, we reserve the right to publish it (absent any personally identifying information) in order to help us clarify or respond to your request or help other users.
In the process of supporting our Services, we may discover personally identifiable information associated with your account. The only personally identifiable information we may discover during the support process without your consent includes your email address and the names of any organizations to which you belong. Any further information will not be discovered without your consent.
In the process of supporting our Services, we may need to investigate the data within your account, including data you have entered into private workspaces. If this occurs, we will always request your explicit permission before looking at the data in your account.
If you are outside the United States, you should know that any personally identifiable information you enter into the Services will be transferred out of your country and into the United States, and possibly to other countries. By using the Services, you consent to such transfer and are representing that you have the right to transfer such information outside your country.
We do not collect any personally identifiable information from children under the age of 13. If you believe that a child has provided us with personally identifiable information without the consent of his or her parent or guardian, please contact us at email@example.com. If we become aware that a child under age 13 has provided us with personally identifiable information, we'll delete it.
INFORMATION YOU CHOOSE TO DISPLAY PUBLICLY ON OUR SERVICES
Some users may elect to publicly post personally identifying or sensitive information about themselves in their normal use of our Services. This could occur through use of optional profile fields, in interactions on public workspaces, wikis, cases and forums, or if a previously private interaction is made public. Information like that, which is voluntarily posted in publicly visible parts of our Services, is considered to be public, even if it would otherwise be considered to be personally identifying or sensitive. As such, it is not subject to the protocols listed below, because we don't control it; you do. Additionally, voluntarily publicizing such information means that you lose any privacy rights you might normally have with regards to that information. It may also increase your chances of receiving unwanted communications, like spam.
Please also remember that if you choose to provide personally identifiable information using certain public features of the Services, individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in content that you create or information that you submit through our Services.
INFORMATION YOU GIVE TO OTHER PEOPLE
This Policy only applies to information collected by Get Things Done Inc. It does not apply to the practices of companies that we don't own or control, or employees that we don't manage. Information on our Services’ workspaces and forums may contain links to third party websites, and any information you provide to those sites will be covered by any privacy policies they may have. Please be sure to read the privacy policies of any third-party sites you visit. It is those sites' responsibility to protect any information you give them, so we can't be held liable for their wrongful use of your personally identifying information.
HOW WE USE INFORMATION WE COLLECT
Notice will be provided in clear and conspicuous language when you are first asked to provide us with personal information, or as soon as practicable thereafter, and we'll notify you before we use the information for something other than the purpose for which it was originally collected. If anything in this policy seems unclear, please don't hesitate to contact us at firstname.lastname@example.org, so we can address your question and possibly clarify this document.
Here are some of the ways we may use personal information you provide us:
- to allow you to register for our Services and to administer and process the registration;
- to communicate with you about our products, services and related issues
- to evaluate the quality of our products and services, and to enhance your experience on our web sites;
- to maintain and administer our web sites and comply with our legal or internal obligations and policies;
- to transfer information to others as described in this policy or to satisfy our legal, regulatory, compliance, or auditing requirements, including to disclose information to law enforcement authorities upon validly served legal process or a valid judicial instruction (for example, pursuant to a court order);
- to charge you any fees and provide you with a receipt or resolve billing issues associated with your account;
- in the case of accounts created using business email domains, to provide your contact information to an administrator of the business email domain to facilitate the provision of additional products and/or services.
- Choice — Choice is all about making sure you have the ability to control how we share your personal information with others. We never share any of your personal information with non-agent third parties.
- we won't share your personal information with non-agent third parties unless we are required to do so by law, or if we believe in good faith that disclosure is reasonably necessary to protect our property, rights or those of third parties or the public at large. It is possible that we may, on occasion, buy or sell assets from or to other companies. If that should occur, user information is typically one of the assets that gets transferred. Similarly, if Get Things Done Inc. or most of its assets were acquired, or in the unlikely event that we go out of business or enter bankruptcy, user information could be transferred or acquired. You should be aware that such events can occur, and that if it does, the buyer may continue to use your personal and non-personal information, but only as set forth in this policy. Other than in these rare circumstances, Get Things Done Inc. will not rent or sell potentially personally identifying information to anyone.
- We may from time to time request some of your financial information for the purposes of completing transactions you have initiated through the Services, enrolling you in discount, rebate, and other programs in which you elect to participate, protecting against or identify possible fraudulent transactions, and otherwise as needed to manage our business.
It's hard to imagine that we would ever consider collecting, let alone sharing, sensitive information with a non-agent third party, but if such a day should come, we will first give you the opportunity to explicitly consent (opt-in) to such disclosure or to any use of the information for a purpose other than the one for which it was originally collected or previously authorized.
If you are a registered user of our Services and have supplied your email address, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with the Services. We generally use our Services to communicate this type of information, so we expect to keep this type of communication to a minimum. If we do send you information that you did not expressly request, we will provide you with a way to request that you don't get any similar notices (opt-out, unsubscribe, etc.).
Onward Transfer — Prior to providing agents with any personal information, we will obtain assurances that they will safeguard it in accordance with this policy. Examples of assurances that may be provided include:
A commitment that they will handle the information in accordance with this policy, or will provide the same level of protection, as required by the Privacy Shield Principles, subject to EU Directive 95/46/EC ("the EU Data Protection Directive");
Privacy Shield certification by the agent, or being subject to another European Commission adequacy finding.
In the unlikely event that we should discover that an agent is using personal information in a way that conflicts with this policy, we will take all reasonable steps to stop it immediately.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Get Things Done Inc. will remain liable.
Security — All records containing personal or financial information are considered to be our property and are afforded confidential treatment at all times. We work hard to protect against the unauthorized access, use, alteration or destruction of personal or financial information. All such electronic information is stored on restricted database servers, and is generally kept until such time as you may ask us to edit or delete it, as described below. We only disclose such information to our employees, contractors or affiliates that a) need to know that information in order to process it for us or to provide other services, and b) have agreed not to disclose it to others.
All interactions with our Services use the Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol. We use a third-party, industry-accepted Payment Gateway to securely process credit card transactions.
Data Integrity — In addition to assuring you that we will protect your personal information, we also want to make sure that it is reliable, accurate, and up-to-date. In order to do that, we provide:
Access — Upon request, we will provide you with reasonable access to the personal information we collect about you. Because personal information—for example, your email address—is required to use the Services, we retain personal information as long as your account is active. You will have the opportunity to correct, update, modify or delete this information updating your information in The Services. Please note that some information may remain in our records even after you request deletion of your information, to the extent permitted by the Privacy Shield Principles. Additionally, there may be limits to the amount of information we can practically provide. For example, we may limit an individual's access to personal information where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy or where doing so would violate others' rights.
If you have any concerns or complaints about how you think we've handled your personal information, please contact email@example.com or our Data Protection Officer at the address below. We will work hard to investigate and resolve any complaints you might have.
GET THINGS DONE AND INFORMATION COLLECTED FROM CHILDREN
Get Things Done Inc. does not knowingly collect personal information from children without parental consent. If we learn that we have inadvertently obtained information in violation of applicable laws, we will promptly delete the information. For more information on Get Things Done's approach to children's use of Get Things Done (including our compliance with the U.S. Children's Online Privacy Protection Act ("COPPA"), please see the section of our Terms of Service called "Kids Under 13 and Get Things Done."
HOW TO CONTACT US
If you have any questions about this policy or our site in general, please contact us at firstname.lastname@example.org
Written Inquiries can be sent to:
Get Things Done Inc.
13355 Noel Road
Dallas TX 75240
*Google Analytics is a registered trademark of Google, Inc.