Boardable Privacy Policy

Last Updated: May 18, 2020

1. CORPORATE COMMITMENT TO PRIVACY.Board Management Software, Inc. dba Boardable, an Indiana corporation (the “Company”, “our,” “we”, or “us”) is committed to respecting your privacy. This Privacy Policy describes how we collect, use, disclose, store and otherwise process information when you use our website(s), products and services. We urge you to read this Privacy Policy so that you understand our commitment to you and your privacy.

2. DEFINITIONS.

Non-Personal Information” means information that is related to you but that does not personally identify you, including information that could personally identify you in its original form, but that we have modified (for instance, by aggregating, anonymizing or de-identifying such information) in order to remove or conceal any Personal Information.

“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.Personal Information may include the following: name, address, date of birth, gender, contact data, title, employer or other organization (e.g., e-mail address, telephone number and employer name).

Technical Information” means automatically-collected information that does not, by itself, identify a specific individual but which could be used to indirectly identify you.

3. SCOPE AND CONSENT.

A. Scope.This Privacy Policy applies to Personal Information, Non-Personal Information, Technical Information from or about: (i) visitors to, or users of, the Company’s websites; (ii) prospective and current customers using the Company’s services; (iii) users of any mobile-device applications that the Company offers; (iv) the Company’s service providers and business partners; and (v) other third-parties that the Company interacts with.

B. Consent. The Company collects Personal Information about you in connection with our services. When working with or using the Company’s services, you may be prompted to make an account which may hold Personal Information such as your name, mailing address, email address, social media account information and/or credit card information. In addition, you may be providing Personal Information when: (i) communicating with the Company via phone calls, chats, emails, web forms, social media and other methods of communication; (ii) subscribing to any of the Company’s marketing materials; (iii) you interact with the Company in the Company’s provision of services to you. By providing your Personal Information to the Company in the ways described in this Privacy Policy, you agree that you are authorized to provide that information and are accepting this Privacy Policy and any supplementary privacy statement that may be relevant to you. If you do not agree to our practices, please do not register, subscribe, create an account, or otherwise use our services, the Company’s websites, or other applications.

4. TYPES OF INFORMATION COLLECTED.

A. Information Collected Automatically. The Company may also collect Technical Information about you when you visit our websites, which your web browser automatically sends whenever you visit a website on the Internet. Our servers automatically record Technical Information, which Technical Information may include your Internet Protocol (“IP”) address, browser type, browser language, and the date and time of your request. Gathering Technical Information helps us ensure our websites and other services work correctly and supports analytic efforts.

EXAMPLES

We use pixel tags and cookies in our marketing efforts so that we can track your interaction with our messages, such as when you open the email or click a URL link embedded within them. When recipients click on one of those URLs, they pass through a separate web server before arriving at the destination page on a Company website. We use tools like pixel tags and cookies so that we can determine interest in particular topics and measure and improve the effectiveness of our communications.

When you download or use our mobile-device applications, or access one of our mobile-optimized websites, we may receive Technical Information about your mobile device, including a unique identifier for your device.

We may collect Technical Information about your use of Company websites through cookies and similar technology. A “cookie” is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and recognize you as a return visitor to the websites. We may use these technologies to collect Technical Information about the ways visitors use our websites, to support the features and functionality of our services, and to personalize your experience when you use our websites.

B. Information Collected from Social Media. Our services include social media features, which features may collect Technical Information and/or Personal Information. Social media features are either hosted by a third party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the organization providing it. For example, if you create or log into your account through a third-party social networking site, we may have access to certain information from that site, such as your name, account information and friends, in accordance with the authorization procedures determined by such third-party social networking site.

C. Information Collected from Other Sources. The Company may also collect information about you from other sources to help the Company correct or supplement our records, improve the quality or personalization of our services, prevent or detect fraud, and to otherwise provide the Company’s services. We work closely with third parties (for example, business partners, service providers, subcontractors, advertising networks, analytics providers, search information providers, fraud protection services and payment processors) and may receive information about you from them.

EXAMPLES

In order to provide and improve the Company’s services, we may engage the services of third-party vendors. In the process of supplying services to the Company these third-party vendors may need to collect Personal Information about you.

The Company’s services may feature boards, blogs or forums. Any Personal Information that you choose to submit via such a forum may be read, collected, or used by others who visit such boards, blogs or forums.

5. USES OF COLLECTED PERSONAL INFORMATION.

A. Permitted Use of Personal Information. The Company uses your Personal Information to provide you with the Company’s products and services. We also use your Personal Information to support our business functions, such as fraud prevention, marketing, and legal functions. To do this, we combine Personal Information and Non-Personal Information, collected online and offline, including information from third party sources. For example, the Company may use Personal Information for the following: (i) to fulfill your requests for products and services and communicate with you about those requests; (ii) to better understand customer behavior so that we may improve our marketing and advertising efforts and to improve the distribution of our products and services; (iii) to help us personalize our service offerings, websites, mobile services, and advertising; (iv) to verify the identity of customers and to prevent fraudulent activities such as the fraudulent purchase of products/services; (v) credit card information may be used to check the financial qualifications or collect payment from customers regarding orders of products and services; (vi) to protect the security and integrity of our services; (vi) to comply with legal and/or regulatory requirements; (vii) to respond to reviews, comments, or other feedback you provide us

B. Permitted Use of Non-Personal Information. The Company uses Non-Personal Information, in addition to the ways identified in Section 4.A. above, for industry benchmarking and analysis consistent with the Company’s business purposes.

C. Promotional Messaging or Advertising. The Company uses your Personal Information to recommend products and services that might be of interest to you, to send you marketing and advertising messages such as newsletters, announcements, or offers for the Company’s services.

D. Ability to Opt-In to Promotional Messaging or Advertising. The Companyallows you to opt-in to receive advertisements based on your interests. The Company also allows you to opt-in to receive communications, such as mailings or text message marketing. To opt-out of advertisements, please contact the Company at info@boardable.com.

6. DISCLOSURE TO THIRD PARTIES. The Company will not rent or sell your Personal Information to others but may disclose Personal Information with third-party vendors and service providers. The Company will only share Personal Information to these vendors and service providers to help us provide our services. Examples of third parties with which the Company engages are servicers, information processors, payment processors, financial institutions, customer relationship management service providers, and electronic signature (“e-signature”) service providers. These third parties only have access to Personal Information necessary for them to complete their service.

A. Disclosure of Personal Information for Business Purposes. In the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, or general business transactions or proceedings, the Company may buy or sell/divest/transfer your Personal Information. In conjunction with any such transaction, the Company will notify you of the transfer of any Personal Information.

B. Disclosure of Personal Information for Legal and Safety Reasons. The Company may be required to disclose Personal Information to the government authorities or law enforcement agencies. We may disclose such information by law, litigation, or as a matter of national security to comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law. We may also need to disclose Personal Information in the event of an emergency that threatens an individual’s life, health, or security. The Company may disclose Personal Information to the extent permitted by applicable law in special cases in which we believe it is reasonably necessary to investigate, identify, or take preventive measures or bring legal action against someone who may commit or cause harm, fraud, abuse, or illegal conduct, such as a threat of harm to you or anyone else, interference with our rights or property, or interference with U.S. homeland or national security or public safety anywhere in the world.

C. Disclosure of Personal Information Via Links to Third-Party Websites, Services, and Applications.The Company’s website, applications and services may link to third party websites, services, and applications. The Company shall not be responsible for any Personal Information collected through these means. Any such collected information is governed through such third party’s Privacy Policy. Any interactions you have with such third parties, including, but not in any way limited to, the use of a third party for the provision of an e-signature, are beyond the Company’s control. The Company urges you to read the privacy and security policies of any third party websites, services and applications before providing any Personal Information to or through them.

D. Onward Transfer Liability. The Company’s accountability for Personal Information it receives pursuant to the EU-US Privacy Shield and subsequent transfer of that Personal Information to third parties is detailed in the Privacy Shield Principles. In cases of onward transfer to third parties of Personal Information of EU individuals received pursuant to the EU-US Privacy Shield, the Company is potentially liable. In particular, the Company remains responsible and liable under the Privacy Shield Principles for third-party agents that it engages to process Personal Information on its behalf do so in a manner inconsistent with the Principles, unless the Company can show that it is not responsible for the event giving rise to the damage.

E. Use of Cookies and Other Technologies.The Company uses cookies to operate and improve our services as well as to simplify the interaction with you. When you visit the Company’s websites, applications and services, our servers send a cookie to your computer or mobile device to help personalize your experience and advertisements. Cookies help us better understand user behavior and facilitate effectiveness of advertisements. Cookies only recognize your web browser but information collected from cookies is not personally identifiable. The Company may also use web beacons or other technologies in conjunction with cookies to gather information about your visit to the Company’s websites, applications and services and can allow servers to collect information related to your visit.

F. Ability to Disable Technologies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all features available through our services. Please note that if you disable your web browser’s cookies and other technologies, certain features of our services may be disabled.

7. PROTECTION OF PERSONAL INFORMATION.

A. Security Measures Taken to Protect Personal Information. The security of all information is of the utmost importance to the Company. The Company uses technical and physical safeguards to protect the security of Personal Information from unauthorized disclosure. The Company uses encrypted connections (HTTPS, SSL) to keep Personal Information secure. The Company also makes attempts to ensure that only necessary people and third parties have access to Personal Information. Nevertheless, such security measures cannot prevent all loss, misuse or alteration of Personal Information and the Company shall not be responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. Where required under law, we will notify you of any such loss, misuse or alteration of Personal Information that may affect you so that you can take the appropriate actions for the due protection of your rights.

B. Security Measures to Protect Personal Information by Third Parties. The Company requires that third party service providers agree to keep all Personal Information we share with them and to use such information only to perform their obligations in the agreements we have in place with them. These third party service providers are expected to maintain privacy and security protections that are consistent with the Company’s privacy and information security policies.

8. DATA RETENTION AND STORAGE. The Company retains your Personal Information for business purposes, for as long as your account is active, and/or as long as is reasonably necessary to provide you with our products and services. The Company will also retain your Personal Information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your Personal Information for a reasonable period of time. The Company cannot guarantee the security of any information provided to the Company. The Company will notify users of a data breach when the Company determines that is reasonably necessary in accordance with applicable law.

9. CHOICE. The Company provides some choices about the ways the Company collects, uses, and shares your Personal Information. You can contact the Company in order to delete or export Personal Information on an organizational level. If you choose not to provide certain details, some of your experiences with the services may be affected. If at any point in time you wish to know what Personal Information the Company has retained about you, or to delete or export Personal Information as mentioned above, then you can request the same by contacting info@boardable.com. The Company will respond to any such request within a reasonable amount of time.

10. COLLECTION OF INFORMATION FROM CHILDREN. The Company recognizes the importance of protecting the privacy and safety of children. The Company’s services are primarily directed towards the general audience and are not directed towards children. We do not knowingly collect information about children under the age of 13. A parent or guardian of a child may contact the Company at info@boardable.com to request that the Company deletes any information believed to be maintained by the Company with respect to such child.

11. QUESTIONS; UPDATES TO PRIVACY POLICY.

A. Inquiry, Compliant, and Dispute Process. In compliance with the EU-U.S. Privacy Shield Principles, the Company commits to resolve complaints about your privacy and our collection or use of your Personal Information.  European Union individuals with inquiries or complaints regarding this Privacy Policy should first contact the Company at info@boardable.com. The Company has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to the JAMS independent dispute recourse mechanism. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by the Company, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. For additional information about the arbitration process, please visit the Privacy Shield website: www.privacyshield.gov.

B. Changes to the Data Privacy Policy. The Company may review and update this Privacy Policy periodically. The Company will post a notice to its website and email you to inform you of any changes to our Privacy Policy and indicate when it was most recently updated. In the case of material changes that may adversely affect you, the Company may provide a more direct way of notifying you of changes to this Privacy Policy.

12. APPLICABLE REGULATIONS. European Union data subjects have the right to access Personal Information about them, and to limit use and disclosure of their Personal Information in certain circumstances. If you wish to request access, to limit use, or to limit disclosure, please email our privacy team at info@boardable.com. If at any time, your Personal Information changes or you change your mind about receiving information from the Company, send us a request specifying updated information or your new choice.

13. LOCATION OF DATA PROCESSING AND STORAGE. Any Personal Information collected about EU data subjects via our websites or through our services is processed in the United States by the Company or by a third party acting on the Company’s behalf. When you provide Personal Information to the Company you consent to the processing of your Personal Information in the United States. The Company’s websites are hosted in the United States.

14. VERIFICATION. The Company participates in a self-assessment program of this Privacy Policy pursuant to the EU-US Privacy Shield Principles.