Dated August 30, 2018.
1. INFORMATION WE COLLECT AND HOW WE USE IT
We may collect and store information about you when you use the Service. We use the information to fulfill your requests, provide the Service’s functionality, improve the Service’s quality, personalize your experience, track usage of the Service, provide feedback to third party businesses that are listed on the Service, market the Service, provide customer support, message you, back up our systems and allow for disaster recovery, enhance the security of the Service, and comply with legal obligations.
Among the information we collect, please note:
Account Information: If you create an account on TellMyBoss, we may store and use your name, email address and other information you may provide with your account. You can modify some of the information associated with your account by contacting us at firstname.lastname@example.org.
Public Content: The information that you contribute through the Service is intended for public consumption, including your reviews, tips, photos, videos, check-ins, comments, likes, posts, bookmarks, friends, lists, compliments, and account profile. We may display this information through the Service, share it with businesses, and further distribute it to a wider audience through third party sites and services.
Activity: We may store information about your use of the Service, such as your search activity, the pages you view, the date and time of your visit, and reservations and purchases you make through the Service. We also may store information that your computer or mobile device provides to us in connection with your use of the Service, such as your browser type, type of computer or mobile device, browser language, IP address, mobile carrier, phone number, unique device identifier, advertising identifier, location (including geolocation, beacon based location, and GPS location), and requested and referring URLs. You may be able to disallow our use of certain location data through your device or browser settings, for example by disabling “Location Services” for the TellMyBoss application in iOS privacy settings.
Intended to make the Service work in the way you expect. For example, we use a Cookie that tells us whether you have already signed up for an account.
Authentication, Security, and Compliance
Intended to remember information about how you prefer the Service to behave and look. For example, we use a Cookie that tells us whether you have declined to allow us to use your phone’s geolocation data.
Intended to allow or prevent notices of information or options that we think could improve your use of the Service. For example, we use a Cookie that stops us from showing you the signup notification if you have already seen it.
Intended to help us understand how visitors use the Service. For example, we use a Cookie that tells us how our search suggestions correlate to your interactions with the search page.
Managing Cookies: It may be possible to disable some (but not all) Cookies through your device or browser settings, but doing so may affect the functionality of the Service. The method for disabling Cookies may vary by device and browser, but can usually be found in preferences or security settings. For example, iOS and Android devices each have settings which are designed to limit forms of ad tracking. For flash cookies, you can manage your privacy settings by clicking here. [LINK TO http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html]
3. THIRD PARTIES
Third parties may receive information about you as follows:
Service Providers: We may rely on third party providers to support or provide some of the services that are available through the Service. We may also rely on third party providers to perform certain services for us in connection with your use of the Service, such as communications and hosting services, network security, technical and customer support, tracking and reporting functions, quality assurance testing, payment processing, our own marketing of the Service, and other functions. We may share information from or about you with these third party providers so that they can perform their services or complete your requests. These third party providers may share information with us that they obtain from or about you in connection with providing their services or completing your requests. Third party providers may also share this information with their subsidiaries, joint ventures, or other companies under common control. Some of our web pages utilize framing techniques to serve content to you from our third party providers, while preserving the look and feel of the Service. In such cases, please note that the information you provide is being provided to the third party.
Aggregate Information: We may share user information in the aggregate with third parties.
Businesses on TellMyBoss: We may share information from or about you (such as your age and gender), your submissions to the Service, your devices, and your use of the Service with businesses listed on TellMyBoss.
Investigations: We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure (a) is reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) is helpful to prevent, investigate, or identify possible wrongdoing in connection with the Service; or (c) protects our rights, reputation, property, or that of our users, affiliates, or the public. If you flag or otherwise complain to TellMyBoss about content through the Service, we may share the substance of your complaint with the contributor of that content in order to provide an opportunity for the contributor to respond.
Links: The Service may contain links to unaffiliated third party services. Except as set forth herein, we do not share your personal information with them, and are not responsible for their privacy practices. We suggest you read the privacy policies on or applicable to all such third party services.
Facebook and Twitter: If you sign up for TellMyBoss using your Facebook account or link your TellMyBoss account to your account with a third party service like Facebook or Twitter, we may receive information about you from such third party service. We may use this information to help you create your account on TellMyBoss and connect and share public content with your friends and followers. You can manage how you link your TellMyBoss account to third party services here. Please note that if you interact with Facebook, Twitter, or other third party icons through the Service, including “Like,” “Share,” or similar buttons, those companies may collect information about you, such as your device’s IP address. Your interactions with these and other third parties are governed by the third parties’ privacy policies.
4. DATA RETENTION AND ACCOUNT TERMINATION
The Service is intended for general audiences and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information without parental consent, please contact us here. If we become aware that a child under 13 has provided us with personal information without parental consent, we take steps to remove such information and terminate the child’s account.
We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet or via mobile device, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
8. CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
TellMyBoss does not disclose your personal information to third parties for the purpose of directly marketing their services to you unless you first agree to such disclosure. If you have any questions regarding this policy, or would like to change your preferences, you may contact us at support@TellMyBoss.com.
9. GDPR COMPLIANCE
1) In effect from 25 May 2018, TellMyBoss will Process Personal Data in accordance with GDPR (General Data Protection Regulation) requirements. https://www.eugdpr.org/
2) TellMyBoss is a “processor” by definition of the GDPR.
Definition: A processor is a natural or legal person or agency that processes data on behalf of a controller. “Processing” is defined very broadly in the Directive to include collection, use, storage, manipulation, disclosure, disposal, and virtually any other action with personal data.
TellMyBoss processes data as delegated by the “controller”.
Definition: A controller is as the natural or legal person or public agency that “alone or jointly with others” determines “the purposes and means of processing” personal data.
The GDPR defines the data controller as the principal party for responsibilities such as collecting consent, managing consent-revoking and enabling right to access. A data subject who wishes to revoke consent for his or her personal data therefore will contact the data controller to initiate the request.
3) Data Protection Impact Assessment. In effect from 25 May 2018, upon Customer’s request, TellMyBoss (processor) shall provide Customer with reasonable cooperation and assistance needed to fulfill Customer’s obligation under the GDPR to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to TellMyBoss.
4) TellMyBoss shall return Customer Data to Customer and, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified by the GDPR.
5) Notification of Sub-processors and Objection Right for New Sub-processors. Customer acknowledges and expressly agrees that TellMyBoss does engage with Sub-processors and that TellMyBoss may engage in new Sub-processors at any time. All current Sub-processors have expressed their intention to be GDPR compliant by May 25th. List of current Sub-processors: SendGrid for Email delivery, Twilio for SMS delivery, Amazon AWS for data storage, Paypal Pro for payment processing, Campaign Monitor for Welcome and Marketing emails.
6) TellMyBoss maintains security incident management policies and procedures and shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by TellMyBoss or its Subprocessors of which TellMyBoss becomes aware (a “Customer Data Incident”).
TellMyBoss shall make reasonable endeavors to identify the cause of such Customer Data Incident and take those steps as TellMyBoss deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within TellMyBoss’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.
7) Information collected by Account Owners and Users. Account owners and Users can store data that may contain Personal information in “Customer Notes”, “JobID”, “ExtraField” and “CustomField”. TellMyBoss has no direct relationship with the individuals whose Personal Data it hosts as part of those entry fields. Each Account owner is responsible for providing notice to its customers and third persons concerning the purpose for which the Personal Data is stored and how this Personal Data is processed.
8) Information collected by TellMyBoss. TellMyBoss collects the name, email address, mailing address, mobile phone number, and credit card information upon signup. TellMyBoss uses this information for administrative purposes and billing. TellMyBoss may also use the information to understand and analyze usage and preferences in order to improve the product and functionality. Data is only used in anonymized or aggregated form.