Effective date: August 3, 2020
Thanks for entrusting A Serious Business, Inc. with your company discussions and your personal information. Holding on to your private information is a serious responsibility, and we want you to know how we're handling it.
The short version
We only collect the information you choose to give us, and we process it with your consent, or on another legal basis; we only require the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties; and we only use it as this Privacy Statement describes. If you're visiting us from the European Union (EU), European Economic Area (EEA), Switzerland, or the United Kingdom (UK), please see our global privacy practices: we are compliant with the General Data Protection Regulation (GDPR). No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to all our users around the world, regardless of their country of origin or location.
Of course, the short version doesn't tell you everything, so please read on for more details!
|Section||What can you find there?|
|What information A Serious Business, Inc. collects and why||A Serious Business, Inc. collects basic information from visitors to our website, and some personal information from our users. We only require the minimum amount of personal information necessary from you. This section gives details.|
|What information A Serious Business, Inc. does not collect||We don’t collect information from children under 13, and we don’t collect sensitive data.|
|How we share the information we collect||We share information to provide the service to you, to comply with your requests, or with our vendors. We do not host advertising on A Serious Business, Inc. and we do not sell your personal information. You can see a list of the vendors that access your personal information.|
|How you can access and control the information we collect||We provide ways for you to access, alter, or delete your profile information. You can also contact Support for more help.|
|How A Serious Business, Inc. secures your information||We take all measures reasonably necessary to protect the confidentiality, integrity, and availability of your personal information on A Serious Business, Inc. and to protect the resiliance of our servers as they host your information.|
|A Serious Business, Inc.'s global privacy practices||A Serious Business, Inc. complies with the General Data Protection Regulation. Please see this section for more specific information.|
|How we respond to compelled disclosure||We may share your information in response to a warrant, subpoena, or other court action, or if disclosure is necessary to protect our rights or the rights of the public at large. We strive for transparency, and will notify you when possible.|
|How we, and others, communicate with you||We communicate with you by email. You can control the way we contact you in your account settings.|
|Resolving complaints||In the unlikely event that we are unable to resolve a privacy concern quickly and thoroughly, we provide a path of dispute resolution through external arbiters.|
|Changes to our Privacy Statement||We will notify you of material changes to this Privacy Statement 30 days in advance of any such changes becoming effective.|
|Contacting A Serious Business, Inc.||Please feel free to contact us if you have questions about our Privacy Statement.|
A Serious Business, Inc. Privacy Statement
What information A Serious Business, Inc. collects and why
Categories of personal information
"User Personal Information" is any personal information about one of our users which could, alone or together with other information, personally identify them. Information such as a user name and password, an email address, a real name, and a photograph are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.
"Technical Information" may include information we collect from website browsers, such as web server logs, or other log information, such as User session or activity logs. Technical Information may be connected to User Personal Information such as a username or an email address, or to other potentially personally-identifying information like Internet Protocol (IP) addresses.
User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, analyze, improve, and optimize our website and service.
Information from users with accounts
If you create an account, we require some basic information at the time of account creation. You will create your own user name and password, and we will ask you for a valid email address. You also have the option to give us more information if you want to, and this may include "User Personal Information."
Information from website browsers
If you're just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs, to collect Technical Information. This is stuff we collect from everybody, whether they have an account or not.
The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.
Why we collect this information
- We need your User Personal Information to create your account, and to provide the services you request, including to provide the A Serious Business, Inc. service, the Marketplace service, the Sponsors Program, or to respond to support requests.
- We use your User Personal Information, specifically your user name, to identify you on A Serious Business, Inc..
- We use it to fill out your profile and share that profile with other members of your board if you ask us to.
- We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. Please see our section on email communication for more information.
- We collect Technical Information to better understand how our website visitors use A Serious Business, Inc., and to monitor and protect the security of the website.
- We collect personal information from third parties for the purposes for which it was authorized to be collected. For example, you may authorize A Serious Business, Inc. to contact you for marketing purposes via a third party's platform. If we need to use your personal information for other purposes, we will ask your permission first.
- We use your User Personal Information and Technical Information for internal purposes, such as to maintain logs for security reasons, for training purposes, and for legal documentation and compliance.
- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.
Our legal basis for processing information
Under certain international laws (including GDPR), A Serious Business, Inc. is required to notify you about the legal basis on which we process User Personal Information. A Serious Business, Inc. processes User Personal Information on the following legal bases:
- Contract Performance:
- When you create an account on Abbot, you provide your user name and an email address or a user authorization token from a chat service like Slack, Discord, or Microsoft Teams. We require those data elements for you to enter into the Terms of Service agreement with us, and we process those elements on the basis of performing that contract. We also process your user name and email address on other bases.
- If you purchase a paid account with us, there will be other data elements we must collect and process on the basis of performing that contract. A Serious Business, Inc. does not collect or process a credit card number, but our third-party payment processor does.
- As a user, your user profile information is filled out every time you authenticate to the service using the information provided by your authentication provider (such as Google G-Suite). You can fill out addition information in your user profile such as your phone number. If you decide to participate in a A Serious Business, Inc. research project or survey, you may choose to provide User Personal Information or other personal information to us for limited purposes. We process this information on the basis of consent. All of this information is entirely optional, and you have the ability to access, modify, and delete it at any time.
- Legitimate Interests:
- Generally, the remainder of the processing of personal information we perform is necessary for the purposes of our legitimate interests. For example, for legal compliance purposes or to maintain ongoing confidentiality, integrity, availability and resilience of A Serious Business, Inc.'s systems, website, and service, we must keep logs of Technical Information; and, in order to respond to legal process, we are required to keep records of users who have sent and received DMCA takedown notices.
- If you would like to request erasure of data we process on the basis of consent or object to our processing of personal information, please email firstname.lastname@example.org.
What information A Serious Business, Inc. does not collect
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although A Serious Business, Inc. does not request or intentionally collect any other sensitive personal information, we realize that you might store this kind of information in your account, such as in a repository or in your public profile. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.
If you're a child under the age of 13, you may not have an account on Abbot. A Serious Business, Inc. does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will have to close your account. Please see our Terms of Service for information about account termination. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use Abbot without obtaining your parents' or legal guardians' consent.
We do not intentionally collect User Personal Information that is stored in your boards or other free-form content inputs. Information in your board belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. Any personal information within a user's repository is the responsibility of the repository owner.
How we share the information we collect
We do share User Personal Information with your permission, so we can perform services you have requested or communicate on your behalf. For example, you may indicate, through your actions on Abbot, that you are willing to share your User Personal Information.
We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes.
We do not host advertising on Abbot. We may occasionally embed content from third party sites, such as YouTube, and that content may include ads. While we try to minimize the amount of ads our embedded content contains, we can't always control what third parties show.
We do not disclose User Personal Information outside Abbot, except in the situations listed in this section or in the section below on Compelled Disclosure.
We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use Abbot. For example, we may compile general usage statistics of Abbot. However, we do not sell this information to advertisers or marketers.
We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement by signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services. When we transfer your data to our vendors, we remain responsible for it. While A Serious Business, Inc. processes all User Personal Information in the United States, our third party vendors may process data outside of the United States or the European Union. If you would like to know who our third party vendors are, please see our page on Subprocessors.
We do share aggregated, non-personally identifying information with third parties. For example, we share the number of stars on a repository, or in the event of a security incident, we may share the number of times a particular file was accessed.
We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in our Privacy Statement or in our Terms of Service.
Public information on Abbot
Abbot is intended for private communications among the members of a company or organization or similar entity. User Personal information and the User Generated Content is not accessible to anyone outside of the user's team.
Third parties may not access to any User Personal Information nor any content you post on Abbot.
Teams and Groups
You may indicate, through your actions on Abbot, that you are willing to share your User Personal Information. Account owners of any teams or groups you are a member of may receive your User Personal Information.
If you collaborate on or become a member of an Account that has agreed to the Corporate Terms of Service and a Data Protection Addendum ("DPA") to this Privacy Statement, then that DPA will govern any conflicts between this Privacy Statement and the DPA with respect to your activity in the Account.
Please contact the Account owners for more information about how they process your User Personal Information and the ways for you to access, update, alter, or delete the User Personal Information stored in that account.
How you can access and control the information we collect
If you're already an Abbot user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting email@example.com. You can control the information we collect about you by limiting what information is in your profile, by updating out of date information, or by contacting firstname.lastname@example.org.
If A Serious Business, Inc. processes information about you and you do not have an account, such as information A Serious Business, Inc. receives from third parties, then you may access, update, alter, delete, or object to the processing of your personal information by contacting email@example.com.
As an A Serious Business, Inc. User, you can always take your data with you. You can visit your personal data settings and download all the data we have about you. Depending on the settings and policies put in place by the Account owners, you may also be able to download the content you've posted.
Data retention and deletion of data
Generally, A Serious Business, Inc. will retain User Personal Information for as long as your account is active or as needed to provide you services.
We may retain certain User Personal Information indefinitely, unless you delete it or request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.
If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days. You may contact firstname.lastname@example.org to request the erasure of the data we process on the basis of consent within 30 days.
After an account has been deleted, certain data, such as posts to a board and comments in others' posts, will remain. However, we will delete or deidentify your personal information, including your user name and email address, from the author field of posts and comments by associating them with an anonymous user.
We provide a web page on cookies and tracking that describes the cookies we set, the needs we have for those cookies, and the types of cookies they are (temporary or permanent). It also lists our third party analytics providers and details exactly which parts of our website we permit them to track.
Tracking and analytics
We use a number of third party analytics and service providers to help us evaluate our users' use of Abbot; compile statistical reports on activity; and improve our content and website performance. We only use these third party analytics providers on certain areas of our website, and all of them have signed data protection agreements with us that limit the type of personal information they can collect and the purpose for which they can process the information. In addition, we use our own internal analytics software to provide features and improve our content and performance.
Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Abbot responds to browser DNT signals and follows the W3C standard for responding to DNT signals. If you have not enabled DNT on a browser that supports it, cookies on some parts of our website will track your online browsing activity on other online services over time, though we do not permit third parties other than our analytics and service providers to track Abbot users' activity over time on Abbot.
How A Serious Business, Inc. secures your information
A Serious Business, Inc. takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.
A Serious Business, Inc. enforces a written security information program. Our program:
- aligns with industry recognized frameworks;
- includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our users' data;
- is appropriate to the nature, size, and complexity of A Serious Business, Inc.’s business operations;
- includes incident response and data breach notification processes; and
- complies with applicable information security related laws and regulations in the geographic regions where A Serious Business, Inc. does business.
In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.
Transmission of data on A Serious Business, Inc. is encrypted using SSH, HTTPS, and SSL/TLS. Data is stored on Microsoft Azure.
No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
A Serious Business, Inc.'s global privacy practices
We store and process the information that we collect in the United States in accordance with this Privacy Statement (our subprocessors may store and process data outside the United States). However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs even when the United States does not have the same privacy framework as other countries'.
We provide a high standard of privacy protection — as described in this Privacy Statement — to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to User Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.
- A Serious Business, Inc. provides clear methods of unambiguous, informed consent at the time of data collection, when we do collect your personal information using consent as a basis.
- We collect only the minimum amount of personal information necessary for our purposes, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
- We offer you simple methods of accessing, correcting, or deleting the User Personal Information we have collected.
- We provide our users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users a method of recourse and enforcement. These are the Privacy Shield Principles, but they are also just good practices.
How we respond to compelled disclosure
A Serious Business, Inc. may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order.
In complying with court orders and similar legal processes, A Serious Business, Inc. strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
How we, and others, communicate with you
We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our Support team with a request, we will respond to you via email. You have a lot of control over how your email address is used and shared on and through A Serious Business, Inc.. You may manage your communication preferences in your user profile.
Depending on your email settings, A Serious Business, Inc. may occasionally send notification emails about changes in a board you’re watching, new features, requests for feedback, important policy changes, or offer customer support. Please note that you can not opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile.
Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.
If you have concerns about the way A Serious Business, Inc. is handling your User Personal Information, please let us know immediately. We want to help. You may contact us via email at email@example.com with the subject line "Privacy Concerns." We will respond promptly — within 45 days at the latest.
Dispute resolution process
In the unlikely event that a dispute arises between you and A Serious Business, Inc. regarding our handling of your User Personal Information, we will do our best to resolve it.
If you are a resident of an EU member state, you have the right to file a complaint with your local supervisory authority.
Changes to our Privacy Statement
Although most changes are likely to be minor, A Serious Business, Inc. may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your A Serious Business, Inc. account.
This Privacy Statement is licensed under this Creative Commons Zero license.
Contacting A Serious Business, Inc.
Questions regarding A Serious Business, Inc.'s Privacy Statement or information practices should be directed to firstname.lastname@example.org.