Last updated: 20 September 2017
The purpose of this privacy statement is to explain, as transparently as possible, how Diligent Corporation and its affiliates (collectively ‘Diligent’ or ‘us’) collect, use, disclose and secure the information we collect via our Services. We pride ourselves on providing award-winning customer service but, in order to do that, we need to be able to transfer names and contact information about our users globally. This allows us to identify callers to our support line easily so that we can provide the round-the-clock, 24/7/365 service that our customers have come to expect. Although we are required to provide the following legal disclosures, please note that all of our customer support staff are Diligent employees and that we never use subcontractors to provide customer support. This privacy statement describes your choices regarding the use, access and correction of your personal information. Also, this privacy statement does not apply to the contents of board materials that we store on behalf of our clients. Those materials are protected in accordance with our security policies and are hosted only in our dedicated hosting facilities in the United States, Canada and Germany. European clients may choose to have their Diligent Boards sites hosted solely in Germany. Due to the stringent and proprietary nature of our security systems, the details of the security policies that protect clients’ documents are provided only to our customers. Please contact your customer success team if you would like more documentation about our security protocols for protecting clients’ documents, or if you would like to speak to a member of our security team.
For the purposes of this privacy statement, ‘Services’ includes: www.diligent.com and go.boardbooks.com contact information associated with our board portal service (‘Diligent Boards’) and all associated services and applications to the Website and Diligent Boards such as our iPad application, Windows application and desktop smart client. This privacy statement does not apply to our practices on other websites or offline.
Registration information. You or your company must have a current subscription to register for and access our Services. We will collect your name, company name, email address and other contact information, as well as a login that we will generate for you when you register to access our Services. We may also collect other optional information.
Services. We use the information we collect to provide our Services, respond to user requests, provide technical and customer support, administer our business, improve the Services and comply with legal obligations.
Website. When you browse our Website or use the Services, we may collect technical information such as your IP address, clickstream information and log files (as noted below) automatically. To use our Services, you will be required to register as a user.
Marketing. We may also send marketing emails and newsletters to you from time to time unless you have opted out. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, or you can contact us here.
Application users. When using one of our applications, we may collect your device ID; IP Address and language information; device name and model; operating system type, name and version; and certain other information. We do not track location-based information from your device.
Passive collection. Like most websites, we gather certain information automatically. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g. HTML pages, graphics, etc.), operating system, date/time stamp and/or clickstream data to analyse trends in the aggregate and administer the site.
Sensitive personal data. We neither require nor ask for sensitive personal data such as medical information, race/ethnicity, political opinions or sexuality.
Sharing with third parties
Except where expressly permitted by our service agreement with you, we will never provide confidential material stored within our Boards or Teams app to any third party. Furthermore, we will never sell your personal contact information to third parties for any reason. We will transmit personal contact information to third parties only in the ways that are described in this privacy statement.
We may transmit your personal and contact information to companies that provide services to help us with our business activities such as offering customer service. These companies are not authorised to use your personal information except to help Diligent provide these services to our customers.
We may also disclose your personal information:
- to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this privacy statement;
- as required by law, such as to comply with a subpoena (summons), similar legal process or as requested by courts and law enforcement agencies with jurisdiction over Diligent;
- when we believe in good faith that disclosure is necessary to protect our rights, as evidence in litigation in which we are involved, to protect your safety or the safety of others, investigate fraud or respond to a government request;
- to any other third party with your prior written consent to do so;
User Data Supplementation
We may receive information about you from other sources, including publicly available databases or third parties from which we have purchased data and combine this data with information we have about you already. This helps us to update, expand and analyse our records, identify new customers and provide products and services that may be of interest to you. If you provide us with personal information about others, or if others give us your information, we will use that information only for the specific reason for which it was provided to us.
Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we have about you already may include:
- Address information about you from third-party sources such as the US Postal Service to verify your address so we can ship your order to you properly and to prevent fraud; and
- Purchased marketing data about our customers from third parties that is combined with information we have about you already, to create more tailored advertising and products.
Data collected from or for our Clients
Diligent collects information under the direction of those entities with which it has entered into a contractual relationship for the provision of Diligent Boards (its ‘Clients’) and has no direct relationship with the individuals whose personal data it processes on behalf of its Clients. We will process such data as directed by our Clients; our Clients’ use and disclosure of the personal data they submit to us and these Services are not subject to this privacy statement. If you are using Diligent Boards on behalf of one of our Clients and would no longer like to be contacted by the Client that uses our service, please contact the Client with which you interact directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are controlled by confidentiality obligations that are similar to those in the service agreements with our Clients.
Diligent acknowledges that you have the right to access your personal information. As noted, Diligent has no direct relationship with the individuals whose personal data it processes on behalf of its Clients. An individual who seeks access or who seeks to correct, amend or delete inaccurate data should direct their query to Diligent’s Client (the data controller). If a Client requests Diligent to amend or remove the data, we comply with such requests in accordance with the contractual relationship we have with the relevant Client and we will respond to their request within 30 days.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. Diligent will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
We partner with a third party either to display advertising on our website or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based on your browsing activities and interests. If you wish not to have this information used for the purpose of serving you interest-based ads, you may opt out by clicking here (or, if located in the European Union, click here ). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Personal information (such as names, email addresses and phone numbers) collected through the Services may be transferred to and processed by Diligent and its affiliates, business partners and service providers located in other countries including the United States, United Kingdom, Germany, New Zealand, Canada, Australia, Hong Kong and Singapore, some of which may not offer the same or equivalent legal protection for your personal data as your home country.
We will always strive to adopt appropriate standards of privacy protection, wherever your information is located, and adopt appropriate measures (consistent with locally applicable privacy laws) to secure an adequate level of privacy protection.
EU-US Privacy Shield and Swiss-US Privacy Shield
Diligent and its subsidiary company(ies) participate in and have certified their compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. Diligent is committed to subjecting all personal data received from European Union (EU) Member States and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework and to view our certification, visit the US Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list
Diligent is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Diligent complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred under the Privacy Shield Frameworks, Diligent is subject to the regulatory enforcement powers of the US Federal Trade Commission. In certain situations, Diligent may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed to your satisfaction, please contact our US-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, described in more detail on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Links to other sites
Diligent is not responsible for the privacy practices or the content of any sites to which our Website or the Services may provide links.
Social Media Widgets
Our website includes Social Media Features, such as the Facebook Like button, and Widgets, such as the Share This button or interactive mini-programs that run on our website. These Features may collect your internet protocol address, which page you are visiting on our website and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.
Access to personal information
On request, Diligent will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information, please email us at firstname.lastname@example.org.
If your personal information changes, or if you no longer wish to use our Services, you may correct, update, amend, delete/remove, ask to have it removed from a testimonial or deactivate much of your information by making the change on our member information page or by contacting us by telephone, email or postal mail using the contact information listed below. We will respond to your request for access within 30 days.
We will retain your information for as long as your account is active or as needed to provide you Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
We post customer testimonials/comments/reviews on our Website which may contain personal information. We do obtain the customer’s written consent before posting the testimonial to post their name along with their testimonial. If you post a comment or other content to a public area of our Website or Services, that comment may be viewed by other users as well as visitors to our Website and we cannot prevent that content from being used in a manner that violates this privacy statement.
The security of your personal information and our Clients’ information is important to us. When you enter sensitive information (such as login credentials for users of Diligent Boards), we encrypt the transmission of that information using secure socket layer technology (SSL)/transport layer security technology (TLS). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we have received it. No method of transmission over the internet or method of electronic storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Website or Services, our staff can put you in contact with our Security Department.
Revisions to this statement
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this Website before the change becomes effective. We encourage you to review this page periodically for the latest information about our privacy practices.
If you have any questions about this privacy and security statement, the practices of this Website or your dealings with this Website, please contact us via email or write to us at Contracts Department, Diligent Corporation, 1385 Broadway, 19th Floor, New York, NY 10018.