* * *
There are hundreds of rules and regulations around the world that prescribe the minimum of what a company like ours must do when it collects certain personal information. And then there’s common sense. Our goal is to treat your information the same way we hope you would treat personal information about us. If you ever feel that’s not the case, please let us know.
1. OUR APPROACH TO PRIVACY
We’re asking permission to collect your information. Before you access our online platform, we ask you for your permission to collect information about you and use it in providing our service. You give us this consent by clicking on a button or other feature saying something to the effect of “I accept,” “I consent” or “I agree” to the Terms. By using the Thoughtexchange services you give us consent to collect your information in connection with your use of those services.
We also understand that, in order to effectively provide consent, you need to be aware of costs and risks associated with your use of the ThoughtExchange services.
Participation in an Exchange and the use of our website and resources is generally free. We only charge fees to leaders and customers purchasing subscriptions to multiple leader accounts.
Although we take great care to keep your thoughts and identity separate in an Exchange, there is a slight chance that you might be associated with a thought you provide that embarrasses you or leads to other negative consequences. However, you can eliminate that risk entirely by not submitting thoughts that you wouldn’t be comfortable sharing in person.
And although we have taken extensive measures to keep your information private and secure, there is no perfect system for doing so. The internet is not a 100% secure environment. There is always a risk that your information may become public. We feel that this risk is very small given the small amount and kind of information we collect and the measures we take to protect your information.
The main way we minimize the risk of accidental disclosure is by collecting no more personal information than we need in order for the ThoughtExchange services to perform as designed. The information that we do collect is not highly sensitive (such as financial or health information). The information collected by the platform mainly consists of your name, basic contact and demographic information (email address and/or phone number) and comments and opinions in the form of thoughts and ratings. Our website may also collect comments and basic contact and demographic information including your address, postal code and job title. In addition, should there be a security breach, we have procedures in place to promptly notify you and to mitigate potential negative consequences.
If you don’t feel comfortable with these risks or with the information we collect or how we use it or for any other reason, you should NOT give us your consent, agree to the Terms or use the ThoughtExchange services.
If you do give us your consent, then welcome, and thank you for using ThoughtExchange!
And we believe your personal information is important. We take a number of measures to limit access to your information and to keep it secure. You or your Exchange leader can ask us at any time to delete your data and we will comply. These measures are also described in greater detail below.
Having said that, as a participant you should be aware that where we have a separate contract with a customer for leading Exchanges, that contract provides the customer with choices and control over the data in that Exchange, including your personal information. For example, the customer may have given us your name and contact information in the first place. In addition, the customer can control access to Exchanges, remove thoughts from an Exchange, or use, delete or retain data from one or several Exchanges. These choices and instructions may result in the access, disclosure, modification or deletion of certain or all of your personal information.
2. WHAT INFORMATION DO WE COLLECT
In an Exchange there are 3 main types of information that our platform collects from participants, either directly or as a result of participation in the Exchange. There are other types of information collected, which we discuss closer to the end of this section, but we feel these are the 3 that are the most important – for us and for you as a participant.
- Your input. During an Exchange we ask participants to provide input. The main kinds of information that you provide as part of the Exchange itself are your written thoughts in response to open-ended questions, and ratings that you assign to your thoughts and the thoughts of others, according to how you value those thoughts. We may also ask you to provide other information, such as general demographic information (that is, information about you that normally can’t be used to specifically identify you) or an answer to a satisfaction question. This is also input.
- Your identity. This includes your name, email address, phone number or other contact information that specifically identifies you as a participant. We may have received this information directly from you when you registered to be part of an Exchange, or we may have received it from the leader to invite you into the Exchange. We realize that this may be the result of your input, but because it is information that can be used to identify you, we treat it more carefully.
- Association information that connects your input to your identity. This is anything that enables someone else to know that a specific thought, star or any other input came from you personally as a participant.
3. HOW DO WE USE YOUR INFORMATION
In an Exchange, your input (thoughts, stars) are shared with others, your identity is kept confidential and the association of your input to your identity (who shared which thought or assigned which stars) is kept completely private. Read on for details.
Things we need to do with your input. In order for an Exchange to work, we need to be able to share your input as a participant with the leader and with other participants. In general others are able to see any thoughts you enter and the cumulative effect of stars you assign. In addition, the leader may choose to make this input public or, if they are a public entity, they may be legally required to make your input public. We also need to compare your input to the input of others, aggregate your input with the input of others, and analyze and reach conclusions from all of that. We need to be able to mix, match or do whatever we can think of to everyone’s thoughts, ratings and other input in order to make your input as meaningful as possible, and we need to be able to do any and all of this in a way that shares those results with the leader, other participants, or even publicly if the leader has made the input public. We feel that's a good thing: it's why we are here and why you are participating -- provided we protect your privacy at the same time.
Having said that, it is important that you know we may decide NOT to publish your thoughts as part of an Exchange. An Exchange may be moderated – meaning your thoughts may be removed. This moderation may be done by us, or by the leader or may be done by the participants during the Exchange. A thought can be removed if it is rude or hurtful to a person or group, or if it does not answer the question asked. Even though those are the main reasons we would remove your input, we (here including the leader) reserve the right to remove a thought for other reasons if we see this to be in the best interest of the leader or other participants, or if we feel for some other reason that it is important to do so. It is solely our decision.
In addition, your thoughts, even if shared as part of an Exchange, will be accessible only for so long as the Exchange is accessible and will be deleted when the Exchange is deleted.
What we need to do with association information that connects your input to you. In order for an Exchange to work, we need to know that particular input has come from you, and we use that information as part of the Exchange.
For example, we have found it is important that participants know they can be identified as the source of a particular thought, because they will answer more carefully than they would if they were completely anonymous. We have also found it to be critical to be able to give you back your thoughts along with thoughts of others for assigning stars, in order to show that the group has heard and values the thoughts that come from you.
At the same time, we need completely candid responses -- even (and maybe especially) when they are controversial or uncomfortable. We want you to feel free to speak freely and honestly, without fear of being shamed or otherwise having to face negative repercussions for doing so.
Aside from the limited exceptions described in the paragraph below, association information isn’t shared with anyone else, including the leader. The leader doesn’t own, have access to or the right to use association information.
Association of your input as a participant with your identity is kept private between us (that is, you the participant and Fulcrum). We, Fulcrum, know it and use it, but unless you consent, we are compelled by law, or we feel morally obligated to do so we won’t share it with anybody else, including the leader.
Why are we talking about these three kinds of information? How we need to use these three main types of information is different for each, and we feel those differences are important enough to highlight. The rest of this section describes how we use additional information that we may need to collect in order to make an exchange work or in connection with your use of our websites and resources.
How do we use information collected from leaders. This information is shared to participants as part of the Exchange. We have no obligation with respect to how this is further shared by you or your participants. That said, we will keep this information confidential, and we won’t share it with others.
As between us and you as an Exchange leader, you own all data that you create or provide to us. We agree that, except as required by law, we will not disclose your confidential information to any third person without prior written approval and will protect your confidential information with at least the same degree of care that it uses to protect our own confidential and proprietary information.
Specifically, we agree that we will not use email addresses that you provide to us for anything other than directly providing the ThoughtExchange services, unless, and only to the extent you ask us to or grant us permission to do so. If you do grant us permission to use information publicly, you agree this information may be used by us for all business purposes, without any accounting or any payment to you, unless otherwise arranged at the time permission was given.
If you are a leader, you agree that we may publish or disclose your name (or, if you are a company or agency, the name of your company or agency) as a customer on our website or in written or verbal communications to other existing or prospective customers. No other information will be disclosed. If you do not want your name published or disclosed, you may notify us at firstname.lastname@example.org and we will agree to keep this information confidential.
We also collect the following additional information:
- Information collected from leaders. If you are a leader, then in creating an Exchange you provide us with your identity and textual information to describe the process (e.g., a title and background text) as well as attachments such as images or documents or videos that provide background for participants as well as comments you may enter for specific participant thoughts in the Discover step. We may also gain access to certain confidential information, including, but not limited to, the names and email addresses of your participants, access to personal information or data contained in your exchange and information about your organization not directly related to your exchange.
- Information imported from CSV files. We provide leaders with the option to upload simple text files that are used to store tabular data and are known as “CSV files” to the ThoughtExchange services. Uploaded information is then imported into the ThoughtExchange services and can be used by leaders to facilitate the Exchange creation process. The leader defines the fields in each CSV file and controls the information that is imported into the ThoughtExchange services. Our customers are responsible for obtaining all required consents from each individual to transfer any personal information to us. We place contractual restrictions on the type of information that our customers can upload to the ThoughtExchange services, but, ultimately, we have no control over and are not responsible for any personal information that leaders may improperly upload to the ThoughtExchange services. If you believe that your personal information has been provided to us improperly, please contact us by using the information in the “concerns and how to contact us” section below, and we will take steps to delete the information from our systems. Provided we do so, we will have no further obligations to you with respect to such information.
- Information automatically collected by our software. When you visit, use or leave our services by clicking links or buttons or other user interface affordances we automatically receive information through our software and other software that we use to host and manage your Exchange.
This kind of information includes:
- the internet protocol (IP) address of your computer or the proxy server that you use to access the web; and
- the actions you took in our application so that we can see which features are being used and in what ways.
- Customized Experience and Service Development. We may also gather information about you and other participants collectively, such as which of our services are used most. The data aggregated for these purposes does not contain any identity information, or uses a token to anonymize the data.
As part of your use of our website and resources, you may have provided us with the following information:
- Name and job title;
- Contact information including email address;
- Demographic information such as postcode, preferences and interests;
- Your comments if you are using any commenting features on our website; and
- Other information relevant to customer surveys and/or offers.
How do we use information automatically collected by our software. Information collected automatically by our software that can be used to identify you we treat the same as any other identifying information. The details are explained above, but our essential obligation is to keep it confidential, and to keep private any association of this information with any other input you provide.
How do we use aggregated information. We customize your experience and the experiences of participants in order to provide you and other participants with better questions and choices for prioritizing thoughts and a more intuitive experience. The data aggregated for these purposes does not contain any identity information, or else uses a token to anonymize the data. We also use information and content that you and other participants provide to us to conduct research and development for the improvement of our services.
How do we use information collected through our website? We require the information we collect through our website to understand your needs and provide you with a better service, and in particular for the following reasons:
- internal record keeping;
- improvement of our products and services;
- sending promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided; and
- from time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customize the website according to your interests.
Our website may allow you to post comments. If you choose to post a comment we may at our sole discretion allow your comment to be seen by others or not allow this. If you post a comment you grant us the right to display your comment on our website. We may also use your comment, along with your name and other personal information to identify you, in other content including websites and documents with no compensation due to you and with no further requirement for us to seek your permission for such usage.
4. WHO CONTROLS AND HAS ACCESS TO YOUR INFORMATION
From time to time, our personnel may access your information in order to provide you with technical and administrative support and suggestions on how to improve your experience using the ThoughtExchange services. You may request that your information remain private from our support personnel by contacting email@example.com. Note that we are not able to keep your de-identified and aggregated usage data private.
We at Fulcrum don’t share your information, but leaders and other participants who have access to your information could decide to share it, and we have no responsibility for their actions. In general, public entities (such as school districts) have a legal obligation to share much of their information, while private entities do not have the same obligation and generally do not share their information publicly. As a result, your input into different Exchanges may be shared differently. The important thing is that it is the leader and other participants, and not us, who decide this.
External Processing. We may engage third parties as service providers to process your information and support the delivery of the ThoughtExchange platform to our customers. Additional information about our subprocessors can be found at thoughtexchange.com/subprocessors/.
Compliance with Legal Process and Other Disclosure. It is possible that we may need to disclose your identity information, including information that connects you to your input, when required by law, subpoena, or other legal process, whether in the United States, Canada, or other jurisdictions. We may also disclose this information if we have a good faith belief that disclosure is reasonably necessary to: (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce this agreement, investigate and defend ourselves against any third-party claims or allegations, or protect the security or integrity of our services; (3) exercise or protect the rights, property, or safety of our employees, personnel, other participants or members of the public; or (4) address a concern which we feel we have a strong moral obligation to address. We attempt to notify participants about legal demands for their personal information when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not commit to challenge every demand.
We will not use or share your Information for direct marketing. We do not share any personal information with third parties for their direct marketing purposes. We can’t control what your leader does with information that they control. Your leader may or may not choose to share your information with third parties.
5. YOUR RIGHTS
Because you own your information, you retain control over it. Among other things, you can:
- Withdraw your consent to our collection and use of your information at any time.
- Access your information and, if you wish, obtain a copy of your information.
- Correct any of your information that is not correct. However, changing your mind on how you express a thought or rated another thought in an Exchange is not a correction. We consider it to be correct at the time you entered it.
- Have your information erased from our service. However, you acknowledge that a leader may provide us with information about you in connection with a future Exchange.
Over time you may be able do some of these things in the ThoughtExchange application itself. If you want to take any of the above actions, you can contact our customer service team with your request, and they will show you how to do it, or will make sure that it gets done for you. If we have to do this manually, our goal is to have it done within 30 days.
6. WHERE IS YOUR DATA STORED
If the leader has notified us that it is a Canadian public entity subject to a Canadian Freedom of Information and Protection of Privacy Act, we store and access information from their participants in Canada in accordance with that Act. Otherwise, we may host your information in either Canada or the United States at our discretion as permitted by law.
7. HOW DO WE KEEP YOUR INFORMATION SECURE
We have implemented security safeguards designed to protect the personal information that we collect in accordance with applicable law, industry standards and the golden rule. To protect information stored on our servers, we also regularly monitor our system for possible vulnerabilities and attacks, and we use a secured-access data center. However, since the Internet is not a 100% secure environment, we cannot ensure or warrant the security of any information that you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. To learn more, please visit thoughtexchange.com/security/.
8. HOW LONG DO WE RETAIN YOUR INFORMATION
9. EU PRIVACY RIGHTS
Additional privacy rights. If you are a resident of or are located in Europe, you may have additional rights under the General Data Protection Regulation (“GDPR”) in addition to those described above. These rights may include:
- In certain cases, you may request that we restrict our use of your information.
- Where we rely on our legitimate interests to collect information, you may have the right to object to the use of your information.
- If you believe we have infringed your rights under the GDPR, you have the right to lodge a complaint with a supervisory authority.
To learn more about your rights and to locate contact details for EU data protection authorities please see ec.europa.eu/justice/data-protection/bodies/authorities/.
Legal bases for collecting information. We rely on the following legal bases for collecting and using your information that is subject to the GDPR:
- We have your consent to do so (for example, by clicking “I accept” or any similar phrase to our Terms).
- We have a legitimate interest to collect your information that is not overridden by your privacy rights (for example, to provide the ThoughtExchange services to you, to improve the ThoughtExchange services or to communicate with you about the ThoughtExchange services).
- We need your information to perform a contract with you (for example, we may need information about users to perform our obligations under a contract for the ThoughtExchange services).
- We have a legal obligation to collect your information (for example, to prevent or investigate illegal behaviour in connection with the use of the ThoughtExchange services).
International Transfers. Under the GDPR, we may only transfer your information out of the European Economic Area and Switzerland to other regions if certain protections are in place. The protections we rely on include transferring your information to a country that the European Commission considers to have adequate privacy protections in place (such as Canada), registration in the EU-US Privacy Shield and Swiss-US Privacy Shield (in the case of third-party providers in the US) and standard contractual clauses in our agreements with third-party providers.
10. CALIFORNIA PRIVACY RIGHTS
Additional privacy rights. If you are a resident of or are located in California, you may have additional rights under the California Consumer Privacy Act (“CCPA”) in addition to those set out in Section 5 above. These rights may include:
- The right to request details of the categories of personal information that we collect.
- The right to request that we delete your personal information.
- The right not to be discriminated against for exercising your rights under the CCPA.
To exercise these rights, please contact our Data Privacy Officer at firstname.lastname@example.org.
No sale of information. We do not sell your personal information.
11. CONCERNS AND HOW TO CONTACT US
If there is a security incident we will immediately take steps to notify you and to mitigate potential negative consequences.
Concerns about privacy. Like any good relationship, if you have a concern about how we are treating you (and your information), we ask that you talk to us. We suggest that you start with contacting us at email@example.com or at
Suite E, 1990 Columbia Avenue, Rossland, BC, V0G 1Y0.
You’ll be communicating with a living person, and we’re pretty certain that every member of our support team has been genetically programmed to help you with whatever questions you have.
If you have a concern about your personal information specifically and want to go directly to the top, you can reach out to firstname.lastname@example.org. This address will always go directly to our head Data Privacy Officer.
If you have a concern or question arising from the use of ThoughtExchange that you feel may not be ethical, please contact us at email@example.com.
You can also always reach out to us by physical mail to the addresses above.
If for some reason you don’t feel we can talk it over, you have the right to file a complaint with Data Privacy Authorities in Canada, the US, the EU or other applicable jurisdiction.