the website geckoboard.com;
the web and mobile application called ‘Geckoboard’,
(together the ”Platform“) including all content, services and products available at or through the Platform.
By accessing and/or using the Platform, you are accepting and consenting to the practices described in this policy.
In this Policy we will explain:
What types of personal information Geckoboard collects and how it is used.
How Geckoboard collects your personal information, including whether personal information is collected automatically.
How long Geckoboard retains your personal information.
How and when Geckoboard shares your personal information with others.
How Geckoboard protects your personal information.
What choices and rights are available to you regarding the use of your personal information, including how to access and update personal information.
How personal information submitted to our Services or collected through our Services on behalf of or at the direction of our subscribers is treated.
How to update your communication preferences.
Whether children under the age of 13 are permitted to use our Services.
Depending on the context of personal information you provide, Geckoboard may be the data controller ("controller”) or data processor (“processor”) of your personal information under this policy. Geckoboard is a processor of Client Data, personal information submitted to the Services or collected through the Services on behalf of or at the direction of subscribers.
For the purpose of the General Data Protection Regulations (the “ GDPR”), the data controller is Datachoice Solutions Ltd whose registered office is at 60 Worship Street, 3rd Floor, London, EC2a 2EZ, United Kingdom, ICO Reg. No. Z2476079.
GECKOBOARD AS THE DATA CONTROLLER
INFORMATION WE MAY COLLECT
We may collect the following information:
1. Information you give us (Client Supplied Data): You may give us information about you by filling in forms on the Platform, for example when you register as a user of the Platform, register your billing details to become a customer, open a support request, post on our blog, take part in competitions, prize draws or surveys, or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, e-mail address, employment details, phone number and billing address.
NOTE: When you purchase a paid Geckoboard subscription, your credit card data is not transmitted through nor stored on our systems. All of Geckoboard’s credit card processing is handled securely by our third party payment processors.
2. Information we may automatically collect about you (Automatic Device Data): With regard to each of your visits to the Platform we may automatically collect the following information:
Visit information - including the full URL clickstream to, through and from the Platform (including date and time), page response times, errors, length of visits to certain pages, page interaction information, actions taken within the application and methods used to navigate away from the page;
Technical information - including the Internet Protocol address used to connect your device to the Internet, your login information, browser type and version, geographical location, browser plug-in types and versions and operation system.
3. Information provided by the web and mobile application (Client Data): When using our services to connect to databases, including third party databases, we may pull data into the Platform which includes personal data. This is within your control, as we only pull data on your instruction.
4. Information from other sources (Other Data): We are working closely with third parties (including, for example, business partners, sub-contractors in technical and payment services, intelligence providers and analytics providers) and may receive information about you from them.
HOW DO WE USE PERSONAL DATA?
We may process personal data in connection with the following purposes:
Client Supplied Data
to provide you with information and services that you request or subscribe to;
to bill and collect money owed to us by our Clients;
to update our records and generally maintain your account with us;
to provide you with special offers, promotions, surveys and other information about services we feel may interest you, where you consent to receiving such information;
for research and development purposes to evaluate and enhance the Platform; and
to deal with your queries, complaints or concerns,
Automatic Device Data
to provide our service to you;
to present content from the Platform in an effective manner to you;
to administer the Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
as part of our efforts to keep the Platform safe and secure;
to enforce compliance with our Terms of Service and applicable law;
to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
to make suggestions and recommendations to you and other users of our site about services that may interest you or them,
to evaluate our client relationships, or potential client relationships, and the benefit, or potential benefit, obtained from the Platform;
we may also combine this information with the above information and use this information for the purposes set out above.
We shall not process personal data for any other purpose, unless such purpose is expressly communicated to you at the point your personal data is being collected.
DIRECT MARKETING - HOW TO UNSUBSCRIBE
If you have consented to receive marketing communications from us via email you can change your mind and withdraw that consent. You can opt-out by clicking on the Unsubscribe link at the bottom of the email you’ve received or updating your user account settings. Alternatively, you can send an email to customer service at firstname.lastname@example.org.
The legal basis for which we act as Data Controller are as follows:
GDPR Article 6(1)(b) - processing of your personal data is necessary for the performance of our contract with you, our customer
GDPR Article 6(1)(c) - processing of your personal data is necessary for compliance with a legal obligation. Specifically, this relates to financial and accountability data
GDPR Article 6(1)(f) - processing of your personal data is necessary for legitimate interests of both Geckoboard and you as our customer. Specifically:
a. Ensuing Geckoboard’s systems are secure and for the purposes of performance and error monitoring and incident response
b. Improving the performance and user experience of the Geckoboard product
WHO PROCESSES YOUR INFORMATION?
We may disclose your personal data to the following persons:
1. Disclosure of information within Geckoboard: We limit access to your personal data to employees who reasonably need to process such information as described under this policy. In this situation we:
shall take commercially reasonable steps to ensure the reliability and appropriate training of any Authorized Employee.
shall ensure that all Authorized Employees are made aware of the confidential nature of Personal Data and have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement with Processor, any Personal Data except in accordance with their obligations in connection with the Services.
shall take commercially reasonable steps to limit access to Personal Data to only Authorized Individuals.
2. Disclosure of information to particular third parties: We may disclose your personal data to the following third parties:
To contractors, service providers such as Recurly and Intercom, and other third-parties we use to support our business. These entities are bound by contractual obligations to keep personal information confidential and can use it only for the purposes for which we disclose the information to them.
When you create an account on our community forum. Please note that the information you share in public areas of our Websites may be viewed by any user of our Websites.
a) notify the Client if it receives any complaint, notice or communication which relates directly to the processing of Personal Data, or to either party’s compliance with Data Protection Laws, and shall fully co-operate and assist the Client in relation to any such complaint, notice, communication or non-compliance; and
b) save for those processors detailed here, not engage another processor without prior specific or general written authorisation of the Client and in the case of general written authorisation, inform the Client of any intended changes concerning the addition or replacement of other processors, thereby giving the Client the opportunity to object to such changes
c) before disclosing Personal Data to any processor, enter into a contract with that processor under which the processor agrees to comply with obligations equivalent to those set out in these GDPR Terms; and
d) before disclosing Personal Data to any of its employees and representatives, and the employees and representatives of each of its processors, in each case who have access to the Personal Data, ensure that those persons:
(i) have undergone appropriate training in data protection and the care and handling of Personal Data;
(ii) are bound to hold the information in confidence to at least the same standard as required under this Agreement (whether under a written agreement or otherwise)
3. Disclosure of information in certain circumstances: We may also disclose your personal data:
in the event we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or asset;
if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
if we are under a duty to disclose or share your personal data in order to comply with any legal obligations, or in order to enforce or apply our terms for use of the Geckoboard web and mobile application and other agreements; or to protect the rights, property or safety of Datachoice Solutions Ltd, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Beyond this, we will not share your personal data with any other person without your consent.
WHAT DO WE DO TO SAFEGUARD PERSONAL DATA?
We have implemented safeguards and procedures to protect your personal data against loss or theft as well as unauthorised access and undue disclosure. You can find more information about these safeguards at: https://support.geckoboard.com/hc/en-us/articles/203759278-Geckoboard-Security. We also use our best efforts to ensure that third parties who work with us agree to protect your personal data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential.
LINKS TO OTHER WEBSITES
DO NOT TRACK DISCLOSURE
“Do Not Track” is a standard that is currently under development. Because it is not yet finalised, Geckoboard adheres to the standards in this policy and does not monitor or follow any Do Not Track browser requests. That said, some of our features may have the ability to monitor or follow Do Not Track browser requests.
RIGHT OF ACCESS & RECTIFICATION
The GDPR gives you the right to access and request a correction of personal data held about you. Your right of access can be exercised in accordance with the GDPR. Some access requests may be subject to a reasonable fee to meet our costs in providing you with details of the personal data we hold about you.
You have the right to access and correct your personal information. If you want to review or correct your personal information, you can login to the application and visit your account profile page, typically designated as “My Account”, or contact us through the Help Center, or you may send us an email at the address noted above.
RIGHT TO DELETE PERSONAL DATA
You have the right to request deletion of personal information we hold about you and we have the obligation to erase your personal information, where:
the personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
you withdraw consent on which the processing is based and where there is no other legal ground for the processing,
you object to the processing and there are no overriding legitimate grounds for the processing,
the personal information has been unlawfully processed, or
the personal information has to be erased for compliance with a legal obligation in the European Union or a Member State law to which Geckoboard is subject.
If you want to request removal of your personal information from our Websites or Services, you can login to the application or contact us through the Help Center, or you may send us an email at the address noted in the Contact Information section above. You can also request closure of your account. We will respond to your request within 30 days.
In some cases, we may not be able to remove your personal information, in which case we will let you know that we are unable to do so and why.
RIGHT TO DATA PORTABILITY
You have the right to receive or transfer a copy of your personal information, where:
we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for the processing, and
personal information is processed by automatic means.
This copy will be provided to you in a common machine-readable format. You may also require us to transmit it to another party where this is technically feasible.
If you want to request a copy of your personal information, you can contact us through the Help Center, or you may send us an email at the address noted in the Contact Information section above.
RIGHT TO RESTRICT PERSONAL INFORMATION PROCESSING
You have the right to request the restriction of processing of your personal information, where:
you contest the accuracy of the personal information until we take sufficient steps to correct or verify its accuracy,
where the processing is unlawful but you do not want us to erase the personal information,
where we no longer need the personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims, or
where you have objected to processing justified on legitimate interest grounds (see below) pending verification as to whether Geckoboard has compelling legitimate grounds to continue processing.
Where personal information is subjected to restriction in this way we will only process it with your consent or for the establishment, exercise, or defence of legal claims. This right includes restricting the processing of your personal information to only include storage of your personal information (e.g. during the time when Geckoboard assesses whether you are entitled to have personal information erased).
If you want to request restriction of processing of your personal information, you can contact us through the Help Center, or you may send us an email at the address noted in the Contact Information section above.
RIGHT TO OBJECT TO PROCESSING JUSTIFIED ON LEGITIMATE INTEREST GROUNDS
Where we are relying upon legitimate interest to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the personal information for the establishment, exercise, or defence of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
If you want to object to the processing of your personal information, you can contact us through the Help Center, or you may send us an email at the address noted in the Contact Information section above.
RIGHT TO BE INFORMED OF THE APPROPRIATE SAFEGUARDS WHERE PERSONAL INFORMATION ARE TRANSFERRED TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION
RIGHT TO WITHDRAW CONSENT
Where you have provided us with your consent to process personal information, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You can do this by:
Contact us through the Help Center,
send us an email at the address noted in the Contact Information section above,
following the unsubscribe instructions included in emails,
by accessing the email preferences in your account settings page in the application
RIGHT TO SUBMIT COMPLAINTS OR REPORT ABUSE
You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the processing of your personal information infringes applicable laws.
If you need to report abuse, you can contact us through the Support Center, or you may send us an email at the address noted in the Contact Information section above.
CHILDREN UNDER THE AGE OF 13
Our Websites and Services are not intended for children under 13 years old. No one under age 13 years old may provide any personal information to or on the Websites and Services.
We do not knowingly collect personal information from children under 13 years old. If you are under 13 years old, do not use or provide any information on our Websites or Services including on or through any of their features, register on the Websites or Services, make any purchases through the Websites or Services, use any of the interactive or public comment features of our Websites or Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 years old, we will delete that information without undue delay.
If you believe we might have any information from or about a child under 13 years old, please contact us using the information in the “Contact Information” section above.
Geckoboard will, upon the Client’s reasonable written request, provide all information necessary to demonstrate compliance with these GDPR Terms, and allow Customer or an auditor appointed by Customer to carry out audits, including inspections of facilities, equipment, documents and electronic data, relating to the processing of Personal Data by Geckoboard or any processor, to verify compliance with these GDPR Terms.
GECKOBOARD AS THE DATA PROCESSOR
Using Geckoboard to manage your data means that you have engaged Geckoboard as a data processor to carry out certain processing activities on your behalf.
Geckoboard is responsible for the processing of personal information it receives, and subsequently transfers to a third-party acting as an agent on its behalf in accordance with our subscription agreements. Geckoboard may use from time to time third-party service providers, contractors, and sub-processors to assist in providing the Services on our behalf. Geckoboard maintains contracts with these third-parties restricting their access, use, and disclosure of personal information.
A subset of authorised Geckoboard staff may, with the permission of an Authorised User, access your account in the course of diagnosing account issues or taking action on behalf of a Geckoboard Client or Authorised User. This process is restricted to a minimal set of Geckoboard staff members and only after receiving explicit, recorded consent from an Authorised User on the same account. All Client account access by Geckoboard staff is logged and monitored.
Client Data may be stored by us or cached for performance purposes. Client Data can be deleted by you at any time by deleting the Service Account associated with that data. Please note that data used to render a given widget may be shared with other widgets on your account for the purposes of performance improvements and reducing the number of API requests to the source of that data. To ensure Client Data has been deleted all Service from that source should be deleted. If you choose to use our Datasets API to transmit Client Data, data received will be stored until such time as you delete or override the data.
Where we don’t store the underlying data we may rely on an upstream service to provide a snapshot. The length of time we cache Client Data for depends on the refresh intervals of the particular widget created. Under these circumstances, newly retrieved Client Data overwrites the old Client Data and the old Client Data is deleted.
Geckoboard retains the personal information we process on behalf of our subscribers for as long as needed to provide the Services to our subscribers and in accordance with our subscription agreements. To the extent not deleted by our subscribers, Geckoboard may also retain and use certain personal information for a reasonable period of time thereafter as necessary to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements.
If we want to make material changes to the way we use your personal data, we will ask for your consent before we do so.