This policy informs you about:
- General aspects such as the data controller and general principles of the collection and use of your personal data by Contribly
- Personal data we collect and use when you visit our website
- What happens when end users use applications with content published through the Contribly Platform
- Your rights
- Changes to this policy
The Data Controller for the purpose of data protection law is Contribly Data Controller, 20-22 Wenlock Road, London N1 7GU. Please email any questions or concerns you may have regarding data privacy to: firstname.lastname@example.org
What information does Contribly collect when you visit contribly.co.uk?
We may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation.
What information does Contribly collect when you are a Contribly client?
(c) As a Contribly client we hold your personal details for the purpose of providing the Contribly service you have purchased to you (access to the Contribly moderation tool, and the Contribly APIs) and for the purposes of formally contracting with your organisation, for billing and for providing ongoing training and support.
(d) When you request a ‘demo’ account we collect your name and email in order to set up a new account and provide the trial service
(e) when you join our mailing list by explicitly consenting via our website, we collect your name, company details and email. Contribly uses mailout services from Mailchimp for the purposes of providing the email communication to you. Your details are not shared with anyone else. You can request removal of your personal information by emailing us at email@example.com or using the ‘unsubscribe’ option.
How does Contribly use your personal information?
We will not provide your personal information to any third parties for the purpose of direct marketing.
We use your personal information as follows: to provide you with the services that you request from us, for example, your demo account; or your Contribly service; to send you general (non-marketing) commercial communications, for example to notify you about changes to our products or services; to send statements and invoices to you, and collect payments from you; to carry out our obligations and enforce our rights arising from any contracts entered into between you and us; to send you email notifications which you have specifically requested.
When you sign up to receive our news and marketing information via our website we collect your name and email address, company details and telephone number. Contribly uses mailout services from Mailchimp for the purposes of providing the communication to you. Your details are not shared with anyone else. You can request removal of your personal information by emailing us at firstname.lastname@example.org or using the ‘unsubscribe’ option.
Does Contribly share my personal information with others?
Your personal details are not shared with third parties without your express consent except in the cases described below:
We may use contractually hired third parties and external service providers in order to provide our services, for instance regarding accounts processing (Xero, Dropbox, Google Apps), hosting or other software services (eg Fastly, Amazon Web Services). All client content is stored on AWS held within the EU.
In these cases we share information with such companies or individuals to enable them to carry out their tasks. Such external service providers are carefully selected in order to ensure your privacy. Service providers may only use the data for the purposes specified and are contractually and / or legally obliged to process data strictly in compliance with data privacy laws.
To comply with any court order, law or legal process, investigate fraud, including responding to any government or regulatory request, lawful requests by public authorities, or to meet national security or law enforcement requirements.
To enforce or apply our terms of service and other agreements, including for billing and collection purposes.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Contribly, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
How long does Contribly retain my information?
When your contract terminates, your personal data will be deleted from our databases.
For demo accounts, your personal data will be deleted after three months, unless you specifically request that this period is extended and Contribly confirms this to you be email.
Specifically, the following happens when an account is deleted:
- All user contributions are removed Published assets hosted on cloud providers (ie. Amazon S3) are deleted by issuing delete API calls for each published file. Previously published assets may persist in CDN caches for up to serveral hours after deletion as caches expire.
Original submission media files are deleted from cloud storage by issuing delete API calls for each file. These original files are inaccessible and non recoverable to Contribly as soon as these delete calls complete.
The contributions are deleted from the Contribly database. These records are physically deleted from the database and its replicias (as opposed to being marked as non visible). As the Contribly database is a shared system processing a large volume of writes, deletes from the live databases cannot be recovered.
User profiles are removed Each user profile attributed to your account is deleted from the Contribly database.
Assignments and applications are removed Your assignments and applications are deleted from the Contribly database.
Client access credentials are deleted Credentials used to access client systems (such as client API or social media access tokens) will be deleted from live systems. Clients should also revoke these credentials on their side.
Backups are expired after 7 days Contribly retains encrypted off-site backups of the live system for 7 calendar days. After 7 days these all backup data relating to your account will have been deleted.
If the deletion of your account results in the disposal of equipment then that equipment is subject to the secure disposal policy.
What happens when end users use the Contribly Platform
As a Contribly client, you are able to integrate the content that has been uploaded via the Contribly platform by your end users into your web and mobile applications. This happens through a Contribly application programming interface (API) that delivers content stored on Contribly’s servers into these web and mobile applications. The application programming interfaces (APIs) we provide are embedded in such applications and solely facilitate developers to request and work with content from Contribly’s servers. The APIs are not collecting any personal data of end users (e.g. tracking users on customer website or profile information). Contribly logs the originating IP address of an end user to avoid fraudulent use (e.g. denial of service attack).
The Contribly platform will potentially process personal data on behalf of you, the client, in order to provide the service to you. In this context, you are the data controller and Contribly is the data processor.
How do I find out what personal information Contribly holds about me?
You are entitled, upon request, to disclosure regarding your personal data held by us. You are also entitled to have any incorrect data corrected and rights to blocking or deletion.
Please address any requests to email@example.com. We’ll acknowledge receipt and respond to your request within 30 days.
Changes to this Policy
Last updated July 2020