Effective date: May 24, 2018
The EU General Data Protection Regulation (GDPR), which was enforced on the 25th May 2018, provides new rights for the personal data of EU citizens and requires organizations to clearly and transparently state how and why they process personal data. GoalGorilla updated this Privacy Statement to take the new requirements into account.
GoalGorilla is committed to protecting your privacy online. This Policy discloses our privacy practices for our site, located at getopensocial.com (Website), our community platform Open Social, related applications, and various related services (collectively “Platform” and “Services”). This Policy is designed to help you understand which information we collect and how we collect, share, and use the information. The Policy applies to all of our Platform and Services visitors, registered users, and subscribers. By accessing or using our Platform and Services, you will be asked to provide consent to the collection, transfer, manipulation, storage, disclosure, and other uses of your information as described in this Policy. Any reference to “you”, “your”, or “user” in this Policy shall mean the end-user of our Platform.
Irrespective of which country you reside in or supply information from, if you have provided permission then you authorize us to use your information in The Netherlands and any other country where we may operate. We control and/or operate the Platform from offices in The Netherlands. We do not represent that materials on the Platform are appropriate or available for use in other locations. Persons who choose to access this Platform from other locations do so on their own initiative and at their own risk, and are responsible for compliance with local laws, if and to the extent local laws are applicable.
Open Social Subscription Services
Use by Customers
Our subscription Services (in the form of Basic, Premium, and Enterprise) allow any third-party organization or website that uses it to build their own community platform. The information added to the Service, either by community visitors or community members, is stored and managed on our service provider’s servers.
Use by Open Social
Which types of Personal Information do we collect?
If you provide your data and give us permission, the personal data we collect allows our users to set up a user account and profile that can be used to personalize their experience on the Platform. We collect the following types of information (all considered “Personal Information”) from our users.
Personal information that you provide to us:
We collect and store the following types of information on our servers only when you optionally choose to provide it to us by providing consent, filling out a form, or taking some other explicit action. You can choose to not provide us with any of the information below, but you may not be able to take advantage of certain features without providing the appropriate information.
- First and/or last name
- Email address
- Country of residence
- Username and password
- Phone number
We do not collect any special categories of personal data, as defined under the GDPR. Our products and services are not aimed at children.
Personal information collected automatically:
If you provide us with permission, then we will also receive, store, and log certain types of technical information whenever you interact with our Platform in order to understand how our Platform is being used and to make it better. Information of this sort includes:
- Technical information about your browser and (mobile) device.
- Usage information such as the pages users request, searches they conduct, emails they open, and features they interact with.
- IP address, tokens, cookies, and device identifiers.
- Crashes and error reports.
You can remove or block certain cookies using the settings in your browser but the Products and Services may cease to function properly if you do so.
Where do we collect your personal information?
We collect your information from the following locations:
- When you provide your contact details to us when requesting information about our products and services.
- When you sign up for our community guides.
- When you sign up for our email newsletters.
- When you sign up for a demo or trial request.
- Via openly public available resources (LinkedIn, other websites, etc.) if we ask for consent.
How do we use your information?
In addition to the specific uses discussed above, Personal Information you submit to us may be used in the following ways:
We may provide these Services ourselves or share the information with partners who will provide the services for us such as Intercom, Receptive, Jira, Amazon AWS, and Platform.sh. Find more information about this below. We may use aggregated and anonymized user data to market the Service or the Platform to others.
How do we share your Personal Information?
We will not disclose Personal Information of our users to any persons or entities outside of our company without legitimate reasoning, nor lease, license, rent, transfer, disclose, disseminate or otherwise grant access to such information unless:
- We believe in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- It is to any other third party with a user’s prior consent to do so;
- It is reasonably necessary to enforce our other Platform terms and conditions, this Policy, or any other legal agreements we enter with our users;
- It is required to detect, prevent, or otherwise address fraud, abuse, misuse, potential violations of law (or rule/regulation), and/or security or technical issues; or
- It is required or reasonably necessary to protect against imminent harm to the rights, property or safety of us, our users, employees, minors, members of the public and/or our Platform.
We have ensured and checked that all third party parties are GDPR compliant and secure. We may also disclose information about you to our auditors or legal advisors in conjunction with accessing our disclosure obligations and/or rights under this Policy.
Types and disclosures of aggregate information
We may share aggregated information concerning our users, without attribution of Personal Information, to other companies with whom we conduct business. In other words, we may combine your anonymized data with those of all or a particular group of our users to prepare collective profiles of our users and their activities for our internal use and can share the same with our partners. Such information allows us to continue to grow and provide you with quality information through higher quality product development, more relevant partnerships, and more accurate marketing and advertising of the Platform. For example, we may use and/or share the following:
- Tracked number of our users who view certain pages or use certain features.
- Tracked user behavior and page views.
What do we do to keep your Personal Information secure?
We take commercially reasonable security measures to protect against unauthorized access to, or unauthorized alteration, disclosure or destruction of your Personal Information that you share and we collect and store. These security measures include practices such as:
- Keeping sensitive or Personal Information in a secured server behind a firewall.
- Using secure socket layer (“SSL”) technology.
- Regular internal reviews of our data collection practices and platforms.
- Security practices such as regular code reviews and limited access to data.
For more information about our security practices, read our security overview.
Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this Platform cannot be guaranteed and you transmit such information at your own risk; and (c) any such information and data may be viewed or tampered with in transit by a third party.
Where do we store your data?
All data is hosted in secluded servers room in AWS data centers located in the U.S. (US-Amazon) and Europe (EU-1 Amazon). Your Personal Information is also stored with external services such as Intercom, Platform.sh, and Amazon AWS.
We will only retain personal data for as long as is necessary for the purposes we are using it for. How long we retain data will vary depending on the purposes it is used for.
What happens in case of a data breach?
If there is a data breach, then it will be reported to the appropriate authorities within 72 hours via email. We will also take appropriate measures and inform those that are affected within 72 hours of discovering the breach via email.
Data Protection Officer
We appointed our co-Founder Taco Potze as Data Protection Officer to carry out the following tasks on behalf of GoalGorilla:
- Inform and advise us or our Data Processors who carry out Processing activities of their obligations under the GDPR or particular jurisdiction data protection provisions.
- Monitor our compliance with the GDPR, or relevant data protection legislation which may apply to us and monitor our compliance with our policies or the policies of the Data Processors.
- Provide advice where requested with regards to the data protection impact assessment and monitor its performance.
- To cooperate with the supervisory authority and act as a contact point for the supervisory authority on issues relating to Processing.
This Data Protection Officer can be reached at any time via the following email: email@example.com.
What can you do to protect your Personal Information?
While we are committed to taking all reasonable precautions to protect your Personal Information, there are steps you can take as well when using online services, such as ours:
- Create strong passwords and use them wisely (e.g. don’t use the same password for us that you use for your bank, for example).
- Do not disclose passwords to the Platform or Account Information to any other person.
- If logins are required for site access, be sure to sign off when finished using a shared computer.
- Be careful about disclosing personal information such as name, address, or e-mail address in discussion forums or other public areas of the sites. Any information disclosed in public user communication can be collected and used by third parties and may result in unsolicited messages from third parties.
Your rights regarding your personal data
You have a number of rights under data protection law, which have been strengthened under the General Data Protection Regulation (GDPR):
- The right to access the personal data we may hold about you and the purposes for which we are using it.
- You also have the right to request that we amend any personal data that is incorrect or requires updating. We strongly encourage you to promptly update your Personal Information if it changes.
- You have the right to request that we delete any personal information pertaining to you.
- You have the right to data portability - this allows you to retain and reuse your personal data for your own purpose.
- You may also object to direct marketing messages and ads.
You may exercise any of these rights by:
- Logging in in accordance with instructions posted elsewhere on this Platform.
- Contacting us with a request to update, review, or delete Personal Information via the support email firstname.lastname@example.org.
We may decline requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, or are extremely impractical.
What can you do if you no longer want to receive communications from us?
You can opt out of any automated notifications or communications by:
- Following the instructions included in each email.
- Contact us with an unsubscribe request to our email address found at the end of this Policy; however our employees, contractors or agents may still need to contact users who opt out personally, for example, in response to a support inquiry or if that user is in violation of our website terms and conditions.
If we have provided any third party with your Personal Information (with your permission) and you subsequently opt-out, you will have to contact the third-party directly with your opt-out request(s).
Fair Information Practice Principles
The FTC created the Fair Information Practice Principles as a result of the Commission’s inquiry into the manner in which online entities collect and use personal information and safeguards to ensure that such practices are fair and provide adequate privacy protection. We take our own self-regulation very seriously and support your rights as a consumer to causes of action against disreputable and unprincipled data collectors and users. Consistent with the FTC’s Principles, and in the event of a data breach, we will do the following:
- Notify users by email within 3 business day(s)
- Notify users by posting a notice on our Platform within 5 business day(s)
Children’s Online Privacy Protection
Our Platform is not designed or intended for use by children under 13. If you are under 18, you should use the Platform and Services only with involvement of a parent or guardian. Children under 13 may not submit any personally identifiable information to us, and if we discover that we have inadvertently gathered any such information from a child under 13, we will take appropriate steps to delete it. If you are the parent or guardian of a person under the age of 13 who has provided personally identifiable information to us, please inform us by contacting us at email@example.com and we will remove such information from our database.
How we comply with the CAN-SPAM Act
The CAN-SPAM Act is US legislation that regulates commercial emails with strict penalties for those who send emails with materially false or misleading content or fail to provide recipients of commercial emails with an opportunity to decline them. We only collect your Personal Information for the purposes which we outlined in this Policy and we will do the following:
- NOT use false or misleading information in the subject line or body of our emails.
- Identify messages as advertisements by using the label “advertisement” in a conspicuous manner.
- Monitor third party email marketing services, if one is used.
- Label any adult content in the subject line of our emails as “ADULT”.
- Provide accurate “From” fields so that users know who is sending the email.
- Provide visible and operable unsubscribe mechanisms in all of our emails.
- Include our physical address in the body of our emails.
- Honor any opt-out requests to our emails within 10 business days.
- Refrain from using harvested email addresses.
You may contact us at the email below if you would like to unsubscribe from our marketing communications at any time.
What will happen if we change this Policy?
We may update this Policy from time to time. The use of information we collect now is subject to the Policy in effect at the time such information is used. This is how you will be notified if we make any material changes to our Policy:
- We will deliver an email announcement to the email address associated with each user account. It is each user’s responsibility to maintain a valid e-mail address as a registered user. If a user opts out of communications from us, they may not receive these notifications, however, the changes will still govern any use of the Service, and users are still responsible for checking for any changes.
- We will post a notice on this Platform prior to the change becoming effective.
- We will post an updated Policy with a more recent effective date in the header.
How can you contact us?