Platform Privacy Policy
LAST MODIFIED: July 21, 2022
Fishbowl Inc., which trades under Personica (together, “Personica,” “we,” “us,” or “our”) provides a variety of online, subscription services and in-person services in the digital marketing, customer relationship management, and brand and business analytics tools to commercial enterprises mostly focused on the hospitality industry.
This Platform Privacy Policy (“Platform Policy”) describes how we receive, store, transfer, and process Personal Data on behalf of our customers and their users of our mobile, desktop, and web applications (each an “App” and, collectively, the “Apps”), which are available from the Site. The Apps and the Site together are the “Services.” This Platform Policy does not apply to any information or data collected by Personica as a controller for other purposes, such as information collected on our websites or through other channels for marketing purposes. Please find our Privacy Policy that covers this information or data by clicking here. Capitalized words used but not defined in this Platform Policy have the meanings provided in our Terms of Service (the “Terms”). In the event of a conflict between this Platform Policy and the Terms, the Terms will prevail.
OUR ROLE
We process our Customer’s Content, along with any Personal Data they include with such content, under the direction of our Customers. We have no direct control or ownership of such Customer Content or Personal Data; rather, our Customers are responsible for complying with any Data Protection Laws, including such that require providing notice, disclosure, or obtaining consent prior to transferring the Personal Data to us for processing purposes.
OUR CUSTOMERS USE OF THE SERVICES
Platforms and Other Online, Subscription Based Services. Our Platforms allow users to create and share a variety of content, including marketing, sales and customer service, and analytics content. Certain Platforms can also be used to help organize, analyze, and track sales data about a company’s sales pipeline (e.g., leads, customers). Any Customer Content added to a Platform, either by visitors to Customer-branded websites providing their contact information or when a User adds the information, is stored and managed on our service providers’ servers. Customers use the Platforms may collect Personal Data such as first and last name, email address, physical address, or phone number. We do not determine the content of these webpages or the types of Personal Data that our Customers may choose to collect or manage using the Platforms; those decisions are made by our Customers who control how such Personal Data is collected, used, disclosed, and protected in accordance with their privacy policies.
Our processing of our Customer Content is directed by our Customers as detailed in any agreement we may have with such Customers. These agreements prohibit us from using Customer Content, except as necessary to provide and improve the Services (in accordance with this Platform Policy and as permitted by applicable law).
We have no direct relationship with individuals who provide Personal Data to our Customers, and any request to correct, delete, access, transfer, or update such information through our Services should be directed to such Customer. However, to the extent requested and consistent with applicable law, we may assist our Customers in responding to such requests.
HOW WE SHARE CUSTOMER CONTENT
Service Providers. We employ other third-party service providers to provide services on our behalf to visitors to our websites, our customers, and Users of the Service. Under certain circumstances, we may need to share your Personal Data with them to provide our Services or otherwise fulfill our contractual obligations. For example, we may analyze data or perform statistical analysis, provide marketing assistance, supplement the information you provide us in order to provide you with better service, and providing customer service or support. Our service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. Examples of these third-party service providers can be found in our Data Processing Agreement (available here).
Corporate Events. If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Personica on the websites and through Services. In this event, you will be notified of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.
Compelled Disclosure. We may use or disclose your Personal Data if required by applicable law or legal process, or if we believe that such use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
PLATFORM SPECIFIC DISCLOSURES
Third Parties. We may provide links within our Sites, Apps, or Services to third-party websites. We are not responsible for any such third-party’s collection, use, monitoring, storage, or sharing of any Personal Data, and we encourage you to review those third parties’ privacy notices and ask them questions about their privacy practices as they relate to you.
Application Integrations. You may choose to connect any number of applications, interfaces, plug-ins, extensions, or integrations, including certain applications recommended by us, in your use of the Services (each a Third-Party Application). If you give an integration provider access to your account, then your use of these Third-Party Applications is subject to the service terms and privacy terms made available by that integrator. Personica is not responsible for the privacy, security, or integrity of Customer Content or Personal Data collected or processed by these Third-Party Applications through the Services, nor are such integration providers our sub-processors.
Social Media Integrations.
Posts & Content. If you choose to connect or manage your social media accounts to the Services, as part of posting to an applicable social media platform through the Services, we may store your posts, tweets, or other content and publish them as selected by you. The Services may also add tracking code to any such posts generated through the Services for the purpose of tracking clicks and other reporting metrics you designate using the Services.
Ad Placement. As part of the integration, the Services may receive user token with permissions or pixel/tag identification on such ad accounts and pages, and such social media platform may share with the Services certain information, such as settings details (e.g., name, budget, bid strategy, creative) and performance metrics (impressions, clicks, etc.) for all campaigns, ad sets, and ads in the ad accounts that you have “connected” to the Services. The Services may be configured for you to place any pixel/tag on the website pages where tracking code is present, so you may track information about your website visitors back to the network, enabling conversion tracking, and website audience creation. If you choose to sync leads, the Services may receive webhook updates when a new lead form submission occurs on a webpage “connected” the Services, then the Services may pull and log all such lead submissions.
Data Practices and Usage Data. We automatically collect metrics and information about how Users interact with and use the Services. We use this information to develop and improve the Services, and to inform our sales and marketing strategies. We may share or publish these data with third parties in an aggregated and anonymized manner, but we will not include any Customer Content or identify Users.
We use Customer Content in an anonymized manner for machine learning that supports certain features and functionality within the Platforms. We also automatically collect log files, which contain information about a User’s IT system, a User’s IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. We use this information to ensure the optimal operation of the Platforms and for customer service, security and fraud prevention purposes. We may link log files to Personal Data such as name, email address, address, and phone number for these purposes.
You can log in to the Services using a Single Sign-on (SSO) service like your Google account. This service will authenticate your identity and provide you the option to share certain Personal Data with us such as your name.
COOKIES.
As described in our Cookie Policy, we use cookies and similar technologies to recognize you and/or your device(s) and provide a more personal and seamless experience when interacting with the Services. For general information about what cookies are and how they work, please visit here.
DATA SUBJECT REQUESTS
If you are a Customer, prospective customer, or otherwise interact with one of our Customers and would no longer like to be contacted by one of our Customers that use our Services, please contact the Customer that you interact with directly. If you want to access, correct, amend, or delete Personal Data controlled by a Personica Customer, you should direct your query to the Customer (as the data controller). We will assist our Customers to respond to data subject requests as outlined in our Data Protection Agreement (available here). We will reply to your inquiry promptly (no later than required by applicable law).
If you are seeking to exercise your data subject access rights for the Personal Data that Personica processes as a controller, please see our Privacy Policy here.
We are committed to reaching a fair resolution of any complaint or concern about privacy; however, if you believe that we have not been able to assist you with your complaint or concern and you live in the EEA or the UK, you have the right to lodge a complaint with the competent supervisory authority or the Information Commissioner’s Office (UK).
DATA RETENTION
Customer Content collected during your use of the Services is retained in accordance with the provisions of the Data Protection Agreement and the Terms. Your Customer Content is retained for as long as you are an active Customer in good standing in your account and may be deleted upon your written request or after an established period following the termination of all Customer agreements.
HOW WE TRANSFER DATA WE COLLECT INTERNATIONALLY
International Transfers within Personica Affiliates. To facilitate our global operations, we transfer information to the United States and allow access to that information from countries in which our affiliates have operations for the purposes described in this policy. This Platform Policy will apply even if we transfer Personal Data to other countries.
We have taken appropriate safeguards to require that your Personal Data will remain protected. When we share information about you within and among our affiliates, we make use of standard contractual data protection clauses, which have been approved by the European Commission or similar mechanisms approved by the applicable data protection authority. We have also certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to help safeguard the transfer of information we collect from the European Economic Area (EEA), the United Kingdom, and Switzerland. Please see our Privacy Shield notice by searching for “Fishbowl” here.
International Transfers to Third Parties. Certain third parties described in this Platform Policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of Customers located in such jurisdictions, we make use of the legal mechanisms approved by the applicable data protection authority. For example, for Customers located in the European Economic Area or Switzerland, we make use a variety of legal mechanisms to safeguard the transfer, including the European Commission-approved standard contractual data protection clauses or other appropriate legal mechanisms. For transfers to or from the United Kingdom, we make use of the standard contractual clauses. Please contact us if you need more information about the legal mechanisms that we rely on to transfer Personal Information outside the EEA, Switzerland, and the United Kingdom.
Privacy Shield Notice. Fishbowl, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. Personica is committed to the Frameworks’ applicable principles regarding transfers of Personal Data received from the European Economic Area (EEA), the United Kingdom, and Switzerland, in reliance on each Privacy Shield Framework. To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov. Personica is responsible for the processing of Personal Data it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Data from the EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions. With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Personica is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. You may direct any inquiries or complaints related to our Privacy Shield compliance here. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) here. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
CHANGES TO THE PLATFORM POLICY
We regularly review this Platform Policy, which was last updated on the date noted above. Please contact us to obtain prior versions of our Policy.
CONTACT DETAILS
If you have any questions or concerns about this Platform Policy or our privacy practices, please contact our Data Privacy Officer, (“DPO”):
By Post.
If sending via U.S. Mail, please use: Fishbowl, Inc., dba Personica
2000 Duke Street, Suite 300
Alexandria, VA 22314
Attn: Data Privacy Officer
By Email. Please send all Platform Policy inquiries to privacy@personica.com and for general inquiries please email clientsupport@personica.com.
By Telephone. Within the United States, please call 1.800.883.1984.