Purpose and effect
Your personal information
Prior to your use of the Service, we may request certain personal information about yourself, including, but not limited to, your: (i) first name and last name; (ii) email address; (iii) mailing address; (iv) telephone number(s); (v) organization information; and (vi) credit card information. Such personal information is considered “Personal Data,” which means information that can directly or indirectly identify you as a natural person. There are two types of Personal Data we may collect, including “regular data” and “special categories of personal data.” Regular data may include your name, address, email address, photo, IP address, geographical location data, online behavior (cookies), profiling and analytics data. Special categories of personal data would include race, religion, political opinions, trade union membership, sexual orientation, health information, biometric data, and genetic data. Not all such personal data is collected by us.
Additional information, which may not identify you (as described below) and other Personal Data may include: browser type and version, operating system, information about your visits to and use of the Service including the referral source, length of visit, page views, and website navigation paths; email address, profile information that you voluntarily provide to us, including, e.g. profile pictures, gender, birthday, relationship status, interests and hobbies, educational details, employment details, and credit card information. Information may also include your click history, the times and dates at which you access the Service, the particular portions of the Service you use, and the details of transactions you conduct using the Service.
Personal Data may be collected and/or used by us as a “Controller” as such term is defined in the European Union General Data Protection Regulation (“GDPR”), or our “Processor” designee, which is also defined within the GDPR. A “Controller” is a person or entity that determines the purposes and means of the processing of personal data. As such, we will endeavor to implement appropriate technical and organizational measures to ensure that such processing activities, if any, protect your privacy. A “Processor” stores or maintains data on behalf of a Controller, but does not decide which items of personal data are going to be stored, or how that data is used.
Whether as a Controller or Processor, we will adhere to the following data protection (privacy) principles. Personal Data will be processed lawfully, fairly and transparently. Upon request, we will be clear and transparent about how your personal data is going to be processed, by whom and why. Personal Data will be collected only for specific legitimate purposes, and it will be relevant and limited to that which is necessary. Provided that you communicate to us updated information, we will keep your Personal Data accurate and up to date. We will only store it for so long as is necessary, and we will ensure appropriate security, integrity and confidentiality against unauthorized processing and against accidental loss, destruction or damage.
In the event of any data breach, you will be notified without undue delay and, in no event, later than 72 hours of our discovery of any such breach, including whether we believe there is any risk to your rights and freedoms (e.g., identity theft and personal safety). There is an exception where the data breach is unlikely to result in any harm to you. In the event of a breach, you will be notified of: (1) a description of the data breach, including the number of data subjects affected and the categories of data affected; (2) the name and contact details of our privacy personnel; (3) the likely consequences of the data breach; and (4) any measures taken to remedy or mitigate the breach. We may be exempt if the risk of harm is remote because the affected data are protected (e.g., through strong encryption), we have taken measures to protect against the harm (e.g., suspending affected accounts), or the notification requires disproportionate effort (in which case a public notice of the breach is required). We will keep records of all data breaches, including the facts and effect of the breach and remedial action taken.Credit card information is used solely for billing purposes, and is encrypted and transmitted securely via HTTPS to Stripe (our payment processing provider) for processing. More information on Stripe security is available here. Your credit card information is never stored on the Service’s systems anywhere.
We may also record information about your use of the Service, such as your local internet address.
Your personal information remains your property at all times, subject to the permissive uses granted hereunder.
How we use your personal information
Personal information, i.e. Personal Data, submitted to us through our app or website will be used for the purposes specified in this policy. We may use your personal information for the following:
- administering our website, application and business;
- personalizing our website tools and/or databases for you;
- enabling your use of the Service;
- sending you software or software tools purchased through our app or website;
- supplying the Service to you;
- sending statements, invoices, and payment reminders to you, and collecting payments from you;
- sending you non-marketing communications;
- sending you email notifications that you have specifically requested;
- providing third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
- providing information to our Processor;
- dealing with inquiries and complaints made by or about you relating to the Service;
- keeping our app and website secure and to prevent fraud;
- verifying compliance with the terms and conditions governing the use of the Service; and other uses, which may be added hereto.
If you submit Personal Data for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
We will not, without your express consent, supply your Personal Data to any third party (other than our Processor) for their or any other third party’s direct marketing.
IN ACCORDANCE WITH THE ABOVE STATEMENT, YOU HEREBY ACKNOWLEDGE, UNDERSTAND AND AGREE THAT, BY REGISTERING AN ACCOUNT WITH THE SERVICE, YOU EXPRESSLY CONSENT TO THE USE OF YOUR PERSONAL DATA FOR THE PURPOSES DESCRIBED ABOVE.
Storage, Objection, Correction, Erasure, Information
Personal Data will be stored in the cloud by our Processor. Personal Data will be stored in a manner that ensures appropriate security, integrity and confidentiality and secured against unauthorized processing, accidental loss, destruction or damage. We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your Personal Data. We will store the Personal Data you provide on our secure (password and firewall-protected) servers. All electronic financial transactions entered into through our app or website will be protected by encryption technology. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping the password you use for accessing our app or website confidential; we will not ask you for your password (except when you log in to our website).
Personal Data will be stored in a format that allows for easy portability. Portability means the Personal Data will be stored in a manner that allows you to obtain and reuse your Personal Data for your own purpose by transferring it to a different environment. Upon your written request, you will be provided with the ability to access your Personal Data to verify its accuracy, download it in an easily-portable format or request a copy of your Personal Data being processed. Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
You further have the right to object in writing to the processing of your Personal Data. In such case, the Personal Data will not be processed, unless we demonstrate compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or we require the data to establish, exercise or defend legal rights. You further have the right to object to the processing of your Personal Data for the purpose of direct marketing, including profiling. Where Personal Data are processed for scientific and historical research purposes or statistical purposes, you have the right to object, unless the processing is necessaryf for the performance of a task carried out for reasons of public interest. If you object to the processing of your Personal Data, you agree to the termination of the Service in the event that we determine, in our sole discretion, that we are unable to perform the Service due to your objection to the processing of your Personal Data. This objection right is given free of charge, although we may charge a reasonable fee for repetitive requests, manifestly unfounded or excessive requests for additional copies of information you request. Upon termination of the Service for any reason, and upon your written request, your Personal Data may be erased. Additionally, you have the right at any time to demand that inaccurate or incomplete Personal Data are erased or rectified. You have the right of erasure if:
- data are no longer needed for the original purpose and no new purpose exists;
- the lawful basis for the processing is your consent, you withdraw that consent, and no other lawful ground exists;
- you exercise your right to object and we have no overriding grounds for continuing the processing;
- the data have been processed unlawfully; or
- erasure is necessary for compliance with EU law or the law of a country bound by the terms of the GDPR.
You have the right to obtain the following information:
- confirmation of whether, and where, we are processing your Personal Data;
- information about the purposes of the processing;
- information about the categories of data being processed;
- information about the categories of recipients with whom the data may be shared;
- information about the period for which the data will be stored (or the criteria used to determine that period);
- where the data were not collected from you, information as to the source of the data; and
- information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.
Upon your request for any of the above-referenced information, we will, within one month of receiving your written request, provide such requested information. In the event we fail to meet this deadline, you may complain to the governing Data Protection Authority and may seek a judicial remedy. In the event we receive a large number of requests, or complex requests, the time limit may be extended by a maximum of two additional months. You also have the right to bring a claim directly against the Processor, although the Processor is liable for the damage caused by its processing activities only where it has: (1) not complied with obligations under the GDPR that are specifically directed to processors; or (2) acted outside or contrary to lawful instructions of the Controller.
We will not refuse to give effect to your rights unless we cannot identify you through the use of reasonable efforts to verify your identity. Where we have reasonable doubts as to your identity, we may request the provision of additional information to confirm your identity.
You may restrict processing of your Personal Data, meaning the Data may only be held by us, and may only be used for limited purposes, if the accuracy of data is contested (and only for as long as it takes to verify accuracy), the processing is unlawful and you request restriction (as opposed to exercising the right to erasure), we no longer need the Data for their original purpose but the Data are still required by us to establish, exercise or defend legal rights; or verification of overriding grounds is pending in the context of an erasure request.
Disclosing your Personal Data
We may disclose your Personal Data to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors, subsidiaries or parent companies as reasonably necessary for the purposes set out in this Policy. We may disclose your personal information:
- to the extent that we are required to do so by law;
- in connection with any ongoing or prospective legal proceedings;
- to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personal Data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this Policy, we will not provide your Personal Data to third parties.
International data transfers
Information that we collect may be stored, processed in, and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy. Information that we collect may be transferred to the following countries, which do not have data protection laws equivalent to those in force in the European Economic Area: the United States of America. Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
You expressly agree to the transfers of personal information described in this Section.
How we use information that is not personally identifiable
We do collect IP addresses of devices accessing the Service in our server logs, as well as information like internet domains, the date and time of a visit, and the pages accessed on the Service. This information is used solely for diagnostic and analytical purposes in order to improve the Service.
As you browse fulcrumapp.com, cookies can be placed on your computer so that we can understand what you are interested in. Our display advertising partners, AdRoll and Google, then enable us to present you with retargeting advertising on other sites based on your previous interaction. The techniques our partners employ do not collect personal information such as your name, email address, postal address, or telephone number. You can visit this page to opt out of AdRoll’s and their partners’ targeted advertising.
To opt-out of all further contact initiated by us, and to forestall our further use or disclosure of your personal information, email us any time. Opting out of all communication in this manner means that you must discontinue all use of the Service.