We always seek to improve our Services to you, and that requires that we process information about you and your usage preferences. As we do so, we are absolutely committed to protecting your privacy and the security of your personal information.
The term “Data” does not apply to de-identified, anonymized, and aggregated data that may be derived from Data, including traffic patterns, search activity, and other information that cannot be reasonably connected with any individual (“De-identified Data”). We may use De-identified Data for our own purposes in any manner and without attribution or compensation to any person.
Roster is a set of tools and services designed to help our brand clients build and manage relationships with their customers who may become advocates and ambassadors for our clients (“Ambassadors”).
When you enter into an agreement with us, either by accessing the Services, by executing an agreement in hard copy or by clicking “I Accept” or similar language online, we will process your Data for the purposes of fulfilling the terms of our contract with you. In that case, our processing of your Data is based on the contract, so your withdrawal of consent will only be effective after the purposes for processing that Data have been fulfilled and after we no longer have a legal obligation to keep that Data.
In all cases, we will comply with applicable law and we will cease processing your Data after the legal right, obligation, or other lawful basis expires.
The Services are directed solely to persons 18 years of age or older or of children under 18 who are supervised by a parent, guardian, or other caregiver. Other than for Data collected for the specific purpose of providing the Services to users, we do not knowingly collect Data from users who are under 13. If we become aware that we have gathered Data from a person under 13, except to provide the Services to such person, and except to the extent allowed or required by law, then we will attempt to delete such Data as soon as possible, subject to our obligations under applicable law. If you believe that we have gathered Data from a person under 13 in contravention of this policy, please contact us at email@example.com.
Listed below are the categories of Data we process when you use our Services. We never sell your Data, and we always have a lawful basis for processing the Data, but that lawful basis might be different for different categories, and we describe those uses below. Regardless, we never process the Data for any purpose other than the purpose for which we processed the Data in the first place, unless we get your prior explicit consent.
A. Registration Data
2. Lawful Basis for Processing: Our lawful basis for processing Registration Data is (1) our contract with you or your employer, (2) our legitimate interest in providing the Services to you or your employer, and/or (3) your consent. We can only provide certain of the Services to you if we have the Registration Data, so we need to process that Registration Data during the term of our contract. Even when the Registration Data is not critically necessary to the provision of the Services, we may still process that Registration Data to facilitate our contractual interactions with you.
3. How We Use It and Who We Share It With: Registration Data is accessible only to us and to you. We use it only to provide the Services to you. At times, we will share the Registration Data with other third parties at your request or to fulfill requests that you make of us. We may also process your Registration Data to offer our own goods or services to you, either directly through e-mails or through third party platforms, but you may opt out of those officers at any time. We will never share your username or password with any third party.
B. Engagement Data
1. Data Description: Engagement Data consists of all the information you input or record using the Services, except as otherwise stated in this policy. It also includes all information that is proprietary to you regarding your use of the Services (other than the data that qualifies as “Usage Data” below) that is processed by the Services. For example, Engagement Data includes information about the relationships between our brand clients and Ambassadors, including commissions, payments, and communications among them, as well as personal information about you and internal company communications that occur using the Services.
2. Lawful Basis for Processing: Our lawful basis for processing Engagement Data is (1) our contract with you or your employer, (2) our legitimate interest in providing the Services for your employer, and/or (3) your consent.
3. How We Use It and Who We Share It With: Your Engagement Data is accessible only to us, to you, and where it relates directly to a party who either provides services to you or receives services from you (such as to your Ambassadors, if you are a brand client, or to the applicable brand client, if you are an Ambassador, but only insofar as is necessary to fulfill the purposes of our agreement with you and for no other purpose), to that party, in which case that party will be obligated to protect the confidentiality of your Engagement Data. We do not share Engagement Data with other third parties, except at your specific request. Both during the term of our agreement and thereafter, we may also convert Engagement Data to De-Identified Data, and that De-Identified Data belongs solely to us to use in our sole discretion (including to sell De-Identified Data, which is not Data). To the extent we are required to delete any Engagement Data about you, we may still retain De-Identified Data that may have originated as your Engagement Data.
C. Usage Data
1. Data Description: Usage Data consists of the following and similar information:
• Information about your interactions with the Services, most commonly our website, which includes the date and time of any requests you make. This also may include details of your use of Third-Party Applications and any advertising you receive via the Services.
• Adjustments you make to the default state of the Services, such as custom categories or settings.
• The timing of the information you post to the Services including messages you send and/or receive via the Services and your interactions with our customer service team, but not including the content of those interactions and messages, which would be included as Engagement Data.
• Technical data which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the Services, unique device IDs, device attributes, network connection type (e.g. WiFi, 4G, LTE, Bluetooth) and provider, network and device performance, browser type, language, information enabling digital, mouse movements (including scrolling data). Please note, however, that if you disable certain functions, your use of the Services may be limited.
• Rights management, operating system, and application version.
2. Lawful Basis for Processing: Our lawful basis for processing Usage Data is (1) our contract with you or your employer, (2) our legitimate interest in providing the Services to your or your employer, and/or (3) your consent.
3. How We Use It and Who We Share It With: Usage Data is accessible to us and to you. We do not share it with third parties, except at your specific request, but we may use Usage Data to make improvements to the Services. Both during the term of our agreement and thereafter, we may also convert Usage Data to De-Identified Data, and that De-Identified Data belongs solely to us to use in our sole discretion (including to sell De-Identified Data, which is not Data). To the extent we are required to delete any Usage Data about you, we may still retain De-Identified Data that may have originated as your Usage Data.
D. Payment Data
1. Data Description: Payment Data is only processed when (1) your use of the Services is subject to the payment of a fee or other charge or (2) your use of the Services involves an integration with a payment gateway (e.g., Paypal) or other similar service that allows us to make or receive payments on your behalf under your account. Payment Data is the information necessary for us to process your payments for Services. Payment Data will vary depending on the payment method you use (e.g. direct via your mobile phone carrier or by invoice) but may include information such as:
• Certain credit card information used to reference a credit card; (Please note that we use a third-party provider to process credit card information. The third party’s processing tool is layered over our shopping cart, so your credit card information never hits our system at all.)
• Address and postal code;
• Mobile phone number;
• Email address or username for payment gateway; and
• API credentials and any other information necessary for the integration of payment gateway.
2. Lawful Basis for Processing: Our lawful basis for processing Payment Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Payment Data we receive from you.
3. How We Use It and Who We Share It With: We only process Payment Data to facilitate payment, and we only communicate it to those parties who are strictly necessary for that purpose.
E. Social Data
1. Data Description: The Services may include publicly available social information including without limitation social media handle, profile information, content, content data, and website URLs (“Social Media Data“). This data may be processed directly from you by using the Services or when people publicly tag our clients on social networks.
2. Lawful Basis for Processing: Our lawful basis for processing Social Media Data is (1) our contract with you, (2) our legitimate interest in providing our Services, or (3) your consent by using the Services.
3. How We Use It and Who We Share It With: We process Social Media Data for the purposes set forth in the Data Description section to provide insights for you and our clients who engage with Ambassadors, influencers, fans, and advocates of the brand. Social Media Data may be provided from or through sub-processors, social networks, or other public sources.
F. Acquired Data
We may acquire data for sales and marketing purposes from third parties, such as data brokers, and we have done so in the last twelve months. In the last twelve months, we have acquired data from the following categories of providers: Sales Prospecting Tools.
Except where a specific limitation is noted above, we may share your Data as follows:
1. At Your Instruction. If you request us to make your Data available to a third party, and such request furthers the purposes of our Services, we will do so.
2. Service Providers. We may sometimes use a third party to provide specific Services on our behalf, including sending e-mails to our members, conducting member surveys, processing transactions or performing statistical analysis of our Services. In these cases, we may provide certain Data necessary for the service to be provided. However, these third parties are required to maintain the confidentiality of this information and are prohibited from retaining, sharing, storing or using this information for any other purposes.
3. Business Transitions. In the event that we go through a business transition, such as a merger, acquisition, liquidation or sale of all or a portion of our assets, the information we have about you will, in most instances, be part of the assets transferred. We reserve the right to transfer that information in connection with such transactions without notice to you. We will not be required to obtain your consent for such a transfer.
4. Legal Disclosure. We may disclose your Data if required to do so by law or in the good faith belief that such action is necessary to conform to applicable law, comply with a judicial proceeding, court order or legal process served on us, protect and defend our rights or property, or investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of service.
If we ever plan to process any Data in the future for any other purposes not identified above and we do not have a separate lawful basis for that new purpose for processing, we will only do so after obtaining your specific consent.
The technologies we use for automatic Data processing may include the following:
• Web Beacons. Pages of the Services and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
• Other Technologies. We may also use device identifiers, local storage, html modifiers, and different types of caching to help us understand the devices and users who access the Services. Those methods include device identifiers that are either hardware-based or software-based, persistent or non-persistent, and which may identify either a device or a software module within a device (such as a web browser).
“Do Not Track” Options. Your web browser(s) may offer a “Do Not Track” option, which allows the individual to signal to operators of websites and web applications and services (including behavioral advertising services) that he or she does not wish such operators to track certain of his or her online activities over time and across different websites. We do our best to support Do Not Track requests but cannot guarantee full support based on the variety of internet browsers and technologies which means that we may process information about your online activity both while you are using the Services and after your use of the Services.
Under applicable data protection, privacy, and other laws, you may have certain rights related to your access and control of your Data. Such rights may include the following:
1.The right to access, correct, update, or request deletion of your Data.
2. The right to object to processing or restrict the processing of your Data (Please note that if you exercise this right, it may limit or eliminate our ability to provide you the Services).
3. The right to request portability of your Data.
4. The right to opt-out of marketing communications we send you. You can exercise this right by clicking the “Unsubscribe” or “Opt-Out” link found in these communications.
5. The right to not be subject to a decision based solely on automated processing, including profiling, known as Automatic Decision Making.
6. The right to submit a complaint to any applicable regulatory authority about our processing activities.
7. The right to opt-out of us sharing (as defined in the CPRA) your Data, including for direct marketing purposes, subject to certain legal exceptions.
8. The right to limit use, disclosure, and restrict sensitive personal information (as defined in the CPRA).
We may use additional processes to verify your identity before we reveal or delete any of your Data, including two-factor or two-step authentication measures to ensure we can identify you.
Further, although we currently do not process Data without consent, if we at any time in the future process Data without your express consent, you may opt-out or withdraw consent at any time.
Please note that exercising any of the above rights may limit or eliminate our ability to provide you the Services. If so, we may terminate the Services due to such requests.
We will try to comply with your request(s) as soon as reasonably practicable and at the very least as required under applicable law. Upon receipt of your written request, we will provide you with a copy of your information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request.
Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages while continuing to use the Services.
Further, you may opt-out or disable certain functions on your particular device, preventing us from processing Data. For example, you may disable geolocation or GPS functionality on your mobile device or disable push notifications. If you disable such features, your ability to use and access the Services may be limited.
To exercise any of these rights, or if you have any questions about our processing of your Data, please contact us at firstname.lastname@example.org or at our number: 801.210.1992.
A. Privacy for EU/UK Residents
We are based in the United States. By accessing or using the Services or otherwise providing information to us, you understand that your information will be subject to processing and transfer in and to the United States.
Due to the nature of our Services, we typically act as a “Processor” as defined under the GDPR. If you believe that this role should be defined differently, please contact us at email@example.com.
Pursuant to the GDPR, residents of the EU (and the EEA, as applicable) have the right to obtain our confirmation of whether we maintain personal information relating to them in the United States. If you are a resident of Europe, upon request from you, we will provide you with access to the Data that we hold about you. Please contact us if you have any questions.
Further, if you are a resident of the United Kingdom (“UK”), to the extent the GDPR as incorporated into UK law pursuant to s.3 of the European Union (Withdrawal Act) 2018 (as amended, the “UK GDPR”) is different than the GDPR, we will follow all supplemental requirements under the UK GDPR and you have all rights as a UK citizen under the UK GDPR.
B. Privacy for California Residents
California adopted the California Consumer Privacy Act (“CCPA”), which took effect at the beginning of 2020 and has now adopted the California Privacy Rights Act (“CPRA“), portions of which took effect January 1, 2022. We comply with the requirements of the CCPA and CPRA to the extent they apply to us.
If you are a California resident, you may request to exercise your rights for any Data we have processed in the 12 months prior to your request. Such request covers any categories, sources, purposes, and, if applicable, third parties to whom we share the Data. Further, you can exercise any of your rights free of discrimination, for example, we cannot increase the price of the Services or decrease the quality of the Services because you exercise your rights.
Due to the nature of our Services, we typically act as a “service provider” as defined under the CCPA and CPRA. If you believe that this role should be defined differently, please contact us at firstname.lastname@example.org or at our number: 801.210.1992.
For more information, please direct your questions to us at email@example.com or at our number: 801.210.1992.
C. Privacy for Other Jurisdictions
The security of your Data is important to us. We use commercially reasonable efforts to store and maintain your Data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Data that you provide to us. We have implemented procedures designed to limit the dissemination of your Data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
You can help by keeping us informed of any changes such as a change of your personal contact information. If you would like to access your Data, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at firstname.lastname@example.org. If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures.