Privacy Policy
Inspire & Diversify., Echo., Echoyourbiz.com and any if
its subsidiaries and affiliates (individually or collectively, “Provider”,
“we”, or “us”) knows that you value your privacy. This privacy policy explains
the information we collect through the websites available via echoyourbiz.com and
their subdomains as well as through other Provider-managed websites or pages
where this privacy policy is posted or linked (collectively, the “Sites”). This
policy also describes the information collected from or on behalf of end users
of our software-as-a-service or other service offering selected by Customer
from any Provider website (the “Services”). This policy is governed by the
Terms of Service and describes how the above information is collected, used,
shared, and secured, as well as your related choices regarding use, access and
correction.
This policy does not apply to the information Provider
receives from the third-party websites, mobile apps and other digital products
that use the Services. When our franchisee customers use the Services on their
own websites and products, they remain responsible for their own privacy and
security practices, which may differ from ours. You should consult the relevant
privacy policies on our franchisee customers’ websites and products to find out
more about their privacy practices and your related choices.
1. Information We Collect
We collect the following categories of information, which
may be considered personal information when maintained in identifiable form:
first name and surname, username and password, email
address, contact information, country of residence, job title, and other
information you provide us when you create an account on the Sites or Services,
sign-up to receive communications or materials from us, or otherwise submit a
form to us;
Transaction and payment information you provide when
purchasing a product or service from us, whether on our Sites or elsewhere.
This information may include the information listed above as well as payment
information;
Content and information that you submit when using the Sites
or the Services; this information includes, for example, information you
provide in any blogs or forums on the Sites, comments you add on the Services,
information you provide when you participate in any interactive features or
surveys, and information you submit when filing a support ticket;
Usage, viewing, logs, metrics and other device and technical
data collected when you visit our Sites, use the Services as an end user, or
open or reply to emails we send. This may include information such as your web
request, Internet Protocol (“IP”) address, device identifiers, device
information (such as OS type or browser type), cookie IDs, referring / exit
pages and URLs, interaction information (such as clickstream data), domain
names, pages viewed, crash data, and other similar technical data;
Information about you and your company collected from third
party or public sources or that we receive from companies that partner with us
to provide products and services; this may include information about you and
your company we receive from our advertising and market research partners, who
may provide us with information about your interest in and engagement with our
online advertisements; and
Location information when you visit our Sites or use the
Services, including location information either provided by a mobile device
interacting with one of our sites or applications or associated with your IP
address.
We may also collect non-personally identifiable information.
We may use both personal information and non-personally identifiable
information to create aggregate information.
2. How We Collect Information From You
We collect information from you when you submit it to us,
for example, when you request products, services, or information from us,
register for an account, register to participate in a conference on our Site,
participate in public forums on the Site, or respond to our customer surveys.
We may also:
automatically collect usage, analytics, viewing, logs,
metrics and other device and technical data when you access our Sites or use
the Services as an end user. For example, when you access our Sites or log into
the Services, our servers will automatically record certain information about
your device and browser, and we may collect usage, clickstream, event data,
crash data, and other technical data. We, our advertising partners and our
service providers may also use technologies such as cookies, beacons, tags,
Local Storage Objects (LSOs) (such as HTML5 and Flash LSOs) and scripts to
collect this information.
obtain information about you from our franchisee, resellers
or other third-party partners, for example, if you purchase access to the
Services through one of these partners;
acquire information from public sources or from third-party
sources, such as our advertising and market research partners, including to
update or enhance the other information collected about you. Local law may
require that you authorize the third party to share your information with us
before we can acquire it; and
automatically acquire information when you reply to or
interact with an email we send, such as to track your engagement with our
messages or when your replies to our messages contain additional email
addresses.
3. How We Use Information
We may use the information collected to:
process your orders and requests and respond to your
questions and concerns; for example, if you inquire about our services or
submit an application for Services to us, we may use your data to respond to
and process these requests;
provide you with products and services, and personalize your
experience; for example, we may use information on your prior activities or job
function to tailor the features and content on the Services or Sites, or we may
use technical data to remember your preferences;
communicate with you about your account or transactions, and
provide you with product-related communications, such as information about new
features and policy updates;
operate, maintain, analyze, develop, update and improve our
Sites, the Services, and other products and services we offer. For example, we
may administer and track users’ activities on our Sites and the Services to
determine how to improve our content and features, or we may analyze trends and
gather demographic information about our user base to better tailor our
marketing efforts;
detect, investigate and prevent activities that may violate
our policies, including our Inspire & Diversify Terms of Service or
applicable laws (such as fraud detection and prevention) or that may threaten
the security, integrity or availability of our or another party’s products,
systems and services;
send you news, updates, promotions, product information,
event announcements, and other marketing communications. Please see the section
entitled “Your Controls and Choices” for an explanation of your choices
relating to these communications;
provide you with and target advertising based on your
activity and interests, both on our own Sites and applications and on
third-party sites and applications;
act pursuant to your consent for a specific purpose not
listed in this policy. For example, with your consent, we may post your
testimonial along with your name on our Sites. If you wish to update or delete
your testimonial, please contact us as explained below; and
We also use aggregated information, such as usage data, for
other lawful purposes, such as to create blog posts and content that others may
find useful.
4. Sharing Information with Others
We do not share your personal information to third parties
except in certain circumstances, including:
When you allow us to share the information, such as when
you:
Elect to share your personal information with third party
partners and providers listed on our Sites, so they can send you information,
offers and promotions about their products and services;
Choose to share your personal information with third parties
or their sites or platforms, such as when you share one of our blog posts to
your social media feed;
Publish information publicly on our Site or the Services.
Any such personal information shared by you will be available to others who may
collect or use it;
Use third-party features on our Site or the Services, such
as commenting features run by third-parties.
Please note that once personal information is shared with
another company, the information received by the other company becomes subject
to its privacy policies and practices.
When we cooperate with other companies, such as our
partners, to offer joint products and services to you in connection with the
Services, or when such partners sponsor or participate in our events and
conferences;
When our service providers are providing services on our
behalf. For example, we may use an outside platform to host portions of our
Sites or to provide certain features on the Services, or we may use a credit
card processing company to bill you for services you purchase. Unless otherwise
expressly noted, when acting as Provider’s agents, these services providers are
prohibited from using the personal information we have shared with them for purposes
other than those requested by us or required by law;
To enforce our terms, agreements, policies or rules, to help
protect the security, integrity and availability of our or another party’s
products, systems and services; to exercise or protect the rights, property
(including intellectual property), or safety of Provider, our users, or others;
to comply with legal requirements; or in other cases if we believe in good
faith that disclosure is required by law (including in response to a lawful
subpoena or other law enforcement request); and
In connection with a sale, divesture, or transfer of our
company (including any shares in the company) or any combination of its
products, services, assets, affiliates, and/or businesses. Your personal
information (such as customer names and email addresses, and user information
related to the Services) may be among the items sold or otherwise acquired in
these types of transactions. We may also sell, assign or otherwise transfer
such information in the course of corporate divestitures, mergers,
acquisitions, bankruptcies, dissolutions, reorganizations, liquidations,
similar transactions or proceedings involving all or a portion of the company.
You will be notified via email and/or a prominent notice on our Site of any change
in ownership or uses of your personal information, as well as any choices you
may have regarding your personal information.
We may also share aggregated information (such as usage
data, referring/exit pages and URLs, platform types, number of clicks, etc.)
for other business purposes. For instance, we may share aggregate reports with
interested third parties to help them understand the usage patterns for certain
Services or for our Sites or those of our partners.
5. Your Controls and Choices
We provide you with certain controls and choices regarding
the use of your personal information, which may include:
Correcting and Updating Account Information. By logging into
your account on our Site and/or the Services, you may be able to change certain
account information. Your account settings may also permit you to opt-out of
some types of notification messages. To protect your privacy and security, we
require your username and password in order to verify your identity before
granting you account access or making changes.
Changing your choices for marketing communications. You can
opt-out of the marketing communications we send by clicking the unsubscribe
link in the applicable email. Please note that, even after you opt out from
receiving marketing messages from us, you may continue to receive transactional
and product-related messages.
Cookies and Other Technologies. You may be able to opt-out
of certain cookies, targeted advertising and other technologies.
In many circumstances, you can exercise these choices
yourself using the tools described above. If you cannot do so, please contact
us as indicated in the “Contact Us” section below to discuss your options. We
will respond to your request within 30 days. Please be aware that, if you do
not allow us to collect personal information from you, we may not be able to
deliver certain products, features and services to you, and some of our
products and services may not work appropriately or be able to take account of
your interests and preferences.
6. Children’s Privacy
Protecting the privacy of young children is especially
important. For that reason, Provider does not knowingly collect or solicit
personal information from anyone under the age of 13. In the event that we
learn that we have collected personal information from a child under age 13, we
will delete the information we have stored as quickly as possible. If you
believe that we might have any information from or about a child under 13,
please contact us as indicated in the “Contact Us” section below.
7. Storage and Processing
Your information may be stored and processed in – and we may
transfer information to – the U.S. and other countries where Provider
(including its subsidiaries and affiliates) and our advertising partners and
service providers maintain systems and facilities. In addition, information
that we collect about you (including personal information) may be transferred
to our affiliated entities and/or to other third parties across borders and/or
from your country to other countries around the world.
You acknowledge that we may transfer information to the
U.S., to any country in which Provider, its advertising partners, and its
service providers maintain systems or facilities, and to other countries
globally.
If you are located in the European Union or other regions
with laws governing data collection and use that may differ from U.S. law, you
acknowledge that we may transfer information, including personal information,
to a country and jurisdiction that does not have the same data protection laws
as your jurisdiction, consistent with our legal obligations governing the
transfer of such data.
8. Data Security and Integrity
Provider is concerned about the security of your data. We
have implemented technical and organizational security measures that are
designed to help protect your information from unauthorized access, disclosure,
use and modification. From time-to-time, we review our security procedures to
consider appropriate new technologies and methods.
Please be aware, though, that despite our efforts, no
security measures are perfect or impenetrable. We cannot ensure, and do not
warrant or guarantee, that the information you transmit to Provider will remain
secure, nor do we guarantee that this information will not be accessed,
disclosed, altered, destroyed or used in an unauthorized manner.
If we learn of a security breach, we may attempt to notify
you electronically so that you can take appropriate protective steps. We may
also post a notice on the Site or Services if a security breach occurs.
Depending on where you live, you may have a legal right to receive a notice of
a security breach in writing. If you have any questions about the security of
your personal information, please contact us as indicated in the ‘Contact Us’
section below.
9. Data Retention
How long we keep the personal information we collect depends
on the type of information, the purpose for which it is used, how sensitive it
is, and similar factors. In general, we will retain your personal information
for the length of time reasonably needed to fulfill the purposes outlined in
this privacy policy (including for as long as need to provide you or our
customer with products and services), unless a longer retention period is
required or permitted by law. We will also retain and use your information for
as long as necessary to resolve disputes and/or enforce our rights and
agreements. We retain your account information for the Services for as long as
your employer’s account is active and thereafter unless your employer requests
deletion. Aggregated information may be stored indefinitely.
10. Third Party Sites, Services and Applications
In General. We are not responsible for the practices
employed by websites, applications, or services linked to or from the Services
or Sites, including the information or content contained there. Please remember
that your browsing and interaction on any third-party website, service or
application, including those that have a link or advertisement on our Site, are
subject to that third party’s own rules, policies, and practices, and not our
privacy policy.
Partner Pages. Some of our partner pages may have the look
and feel of being on optimizely.com; however some information collected on
those pages may be collected by, or sent to, our partners. Information
collected by, or sent to, our partners is subject to their respective privacy
policies.
Social Media and Commenting Features. Our Site may include
social media and commenting features provided by third parties. These features
may collect your IP address and which page you are visiting on our Site, and
may set a cookie to allow the feature to function properly. Your interactions
with these features are governed by the privacy policy of the organization
providing it.
Notice to End Users of the Services. The Services can be
used by organizations. Where the Services are made available to you through an
organization, that organization is responsible for administering the accounts
over which it has control. If this is the case, please direct your data privacy
questions and requests to your administrator. We are not responsible for the
privacy or security practices of your administrator’s organization, which may
be different than this policy.
Notice to Users of our Customers’ Websites and Digital
Product. As noted above, when Provider’s customers use the Services as part of
their own websites, apps, and digital products, they may collect information
from you using our services, but they remain responsible for their own privacy
and security practices. We are not responsible for our customers’ privacy and
security practices, which may differ from ours. If you have used one of our
customers’ sites or products, and you would like to access, correct or delete
the personal data collected through that product, you should direct your request
to the applicable customer.
11. Regional Notices
Privacy Shield:
Provider participates in and has certified its compliance
with the EU – U.S. Privacy Shield and Swiss – U.S. Privacy Shield Frameworks.
Provider is committed to subjecting all personal data received from European
Union (EU) member countries and Switzerland, respectively, in reliance on each
Privacy Shield Framework, to the Framework’s applicable Principles. However,
for data transfers outside of the EEA, please see the specific clause below
regarding the personal data of EEA Data Subjects. To learn more about each
Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy
Shield List.
With respect to personal data received pursuant to the
Privacy Shield Frameworks, Provider is subject to the investigatory and
enforcement powers of the U.S. Federal Trade Commission. In certain situations,
Provider may be required to disclose personal data in response to lawful
requests by public authorities, including to meet national security or law
enforcement requirements.
If you have an unresolved privacy or data use concern that
we have not addressed satisfactorily, please contact our U.S.-based third party
dispute resolution provider (free of charge) at
https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the
Privacy Shield website, you may be entitled to invoke binding arbitration when
other dispute resolution procedures have been exhausted.
In compliance with the Privacy Shield Principles, Provider
commits to resolve complaints about our collection or use of your personal
information. EU and Swiss individuals with inquiries or complaints regarding
our Privacy Shield policy should first contact the Privacy Team at
privacy@optimizely.com.
Provider has further committed to refer unresolved Privacy
Shield complaints to our designated independent dispute resolution mechanism,
the International Centre for Dispute Resolution (“ICDR”), operated by the
American Arbitration Association (“AAA”), an alternative dispute resolution
provider located in the United States. If you do not receive timely
acknowledgment of your complaint from us, or if we have not addressed your
complaint to your satisfaction, please visit the website
https://go.adr.org/privacyshield.html for more information or to file a
complaint. The services are provided at no cost to you.
In the context of an onward transfer Provider has
responsibility for the processing of personal information it receives under the
Privacy Shield and subsequently transfers to a third party acting as an agent
on its behalf. Provider shall remain liable under the Principles if its agent
processes such personal information in a manner inconsistent with the
Principles, unless the organization proves that it is not responsible for the
event giving rise to the damage.
EEA Data Subjects & Transfers Outside the EEA:
If you are an individual in the European Economic Area
(EEA), we collect and process information about you only where we have legal
bases for doing so under applicable EU laws.
Third parties to whom we provide your data may be located
outside the European Economic Area (“EEA”) or they may use servers that are
located outside the EEA. In that event we will ensure that adequate protection
of your data is provided as required by applicable law, for instance by
concluding Standard Contractual Clauses issued by the European Commission.
The legal bases depend on the Sites and Services you use and
how you use them. This means we collect and use your information only where:
We need it to provide or operate the Sites and Services,
including to provide customer support and process your orders, requests,
questions and concerns;
It satisfies another legitimate interest that is not
overridden by your data protection interests, including our interest in:
collecting product usage, analytics and performance data
relating to our Sites and the Services, in order to maintain, analyze, develop,
update, and improve our products and services;
maintaining records of bugs, customer support requests and
similar requests you file, and our response to these requests;
using information to personalize content and features on our
Sites and the Services;
detecting, investigating and preventing activities that may
violate our policies or applicable laws (such as fraud detection and
prevention);
maintaining corporate or business records consistent with
our retention policies and applicable laws;
protecting against activities that may threaten the
security, integrity, or availability of our or another party’s products,
systems, and services; and
for marketing and selling our products and services,
consistent with applicable laws.
We are processing your information to protect our legal
rights;
You give us consent to process your personal data;
We need to process your data to comply with a legal
obligation, such as a lawful subpoena or law-enforcement request or to fulfill
the lawful instructions of our customers (when they are acting as the
controller); and/or
We have another lawful basis for processing in accordance
with applicable EU laws.
If an individual in the EEA has consented to our use of
their personal information, and our processing is based on that consent, that
individual has the right to withdraw their consent in accordance with the
General Data Protection Regulation (“GDPR”), but this will not affect any
processing that has already taken place. If you object to or restrict
processing, you may not be able to use the Sites and Services or certain
features any longer.
Where we are using your information because we or a third
party have a legitimate interest to do so, individuals in the EEA have the
right to object to that use as specified in Article 21 of the GDPR, though, in
some cases, this may mean no longer using the Sites or Services. Provider
further acknowledges that EEA data subjects have certain other rights under the
GDPR, including the right to lodge a complaint with a supervisory authority and
to request from the controller access to, and rectification or erasure of,
personal data, restriction of processing concerning the data subject, and data
portability (in each case, as specified under the GDPR).
Where Provider is acting as a controller, you can initiate a
request by contacting us as specified in the “Contacting Us” section below.
Please note that these requests apply only to information that Provider holds
as a “controller.” If your request relates to the personal data collected
through a customer’s websites or digital products, you should direct your
request to the owner of that website or product. Please note that you must
verify your identity and request before Provider will process your request. You
may be required to provide email confirmation or other information in order for
us to verify your identity.
Finally, EEA and Swiss data subjects can contact Provider’s
data protection officer by emailing support@echoyourbiz.com
California Resident Notices
California Consumer Privacy Act
Effective January 1, 2020, the California Consumer Privacy
Act of 2018 (the “CCPA”) allows consumers who are California residents, upon a
verifiable consumer request, to request from a business:
Delete any personal information about the consumer which the
business has collected from the consumer;
Disclose to the consumer certain information about the
personal information that the business collects from the consumer; and
Direct a business that sells personal information about the
consumer to third parties not to sell the consumer’s personal information
Provider does not sell any consumer personal information to
third parties. To submit a data access or data deletion request, please contact
us at support@echoyourbiz.com. Please note that these requests apply only to
information that Provider holds as a “controller.” If your request relates to
the personal data collected through a customer’s websites or digital products,
you should direct your request to the owner of that website or product. Please
note that you must verify your identity and request before Provider will
process your request. You may be required to provide email confirmation or
other information in order for us to verify your identity. Consistent with
California law, if you choose to exercise your rights, you will not receive
discriminatory treatment by Provider.
Under certain circumstances, you may designate an authorized
agent to make a request on your behalf. In order to designate an authorized
agent to make a request on your behalf, you must provide a valid power of
attorney, your valid government issued identification, and the authorized
agent’s valid government issued identification to allow Provider to verify that
the agent is authorized to make the request on your behalf.
If you have any questions about Provider’s privacy policies
and practices, please contact us at support@echoyourbiz.com.
California’s Shine the Light Law
CA Civil Code § 1798.83 permits California residents to
request and obtain from Provider once a year, free of charge, a list of the
third parties to whom Provider may have disclosed their personal information
(if any) for their direct marketing purposes in the prior calendar year, as
well as the type of personal information disclosed to those third parties. As a
general policy, Provider does not share personal information with third parties
for their own direct marketing purposes without your prior consent.
Accordingly, you can prevent disclosure of your personal information to third
parties for their direct marketing purposes by withholding consent. Please
contact us at privacy@optimizely.com if you would like to make such a request.
Do Not Track and Cross-Site Tracking
Do Not Track is a privacy preference that users can set in
their web browsers. When a user turns on the Do Not Track signal, the browser
sends a message to websites requesting them not to track the user. At this
time, we do not respond to Do Not Track browser settings or signals. In
addition, some of our advertising partners, and other third-party services and
tools on our Site and/or the Services, may use standard technologies, such as
cookies, pixel tags, and web beacons, to collect information about your
internet activities across websites. You may be able to disable certain
third-party cross-site tracking as described in the “Your Choices” section
above.
13. Changes to Our Privacy Policy; Notices
From time-to-time, we may change this privacy policy to
accommodate changes to our products, services and companies, new technologies
or industry practices, updated regulatory requirements, or for other purposes.
We will provide notice to you (as described below) if these changes are
material.
Notices may be by email to the last email address you
provided us, by posting notice of such change on our Site or the Services, or
by other communication channels. You consent to receiving notices in these
ways. We reserve the right to determine the form and means of providing
notifications to you, consistent with applicable law.
14. Contacting Us
If you have any questions about this Privacy Policy or our
privacy practices, please contact us at support@echoyourbiz.com