Last Updated: May 25, 2018
Touchpoint complies with the General Data Protection Regulation (“GDPR”). More information about your rights under GDPR can be found below.
When providing our Service, our clients (usually a conference or program organizer) choose the types of personal information we process and the purposes of the processing. As a result, Touchpoint encourages consumers to first address any inquiries or complaints to the conference or program organizer. We welcome any unresolved questions or issues at email@example.com. If Touchpoint cannot resolve the complaint, Touchpoint is committed to:
1. Use the International Centre for Dispute Resolution (ICDR), a division of the American Arbitration Association (AAA), to resolve disputes (information about ICDR can be found at https://www.icdr.org/privacyshield )
2. Cooperate and comply with the EU Data Protection Authorities (DPAs) to investigate unresolved complaints.
- The EU DPAs may be contacted directly via the information provided at https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.
- The FDPIC may be contacted directly via the information provided at http://www.edoeb.admin.ch/index.html?lang=en
Information we collect about you
We obtain and process personal information in different capacities:
- As a data controller, we collect and process personal information directly from individuals, either via our publicly available website, www.gatherdigital.com, or in connection with our client, partner, and vendor relationships.
- As an agent (as that term is used in the EU-U.S. Privacy Shield Principles) and data processor (as that term is used under GDPR), we obtain and process personal information on behalf of and under the instructions of our clients in connection with the provision of our Service. In that context, clients are the data controllers or agents and the roles and responsibilities of the parties for the processing of personal information are defined in our agreements with clients.
In General. We may collect personal information that can identify you, such as your name and e-mail address and other information that you or our client provides to us. We may also collect information that does not identify you. When you provide personal information through our Service or through our website, the information may be sent to servers located in the United States and other countries around the world. We collect information and retain data about you solely for the purpose of enabling your use of the Service and for enabling our client to provide you with offers and capabilities relevant to your use of the Service.
- Information you provide. We may collect and store any personal information you enter on our Service or website or provide to us in some other manner, including through our clients. This includes identifying information, such as your name, e-mail address and image. We, directly or through our clients, also may request information about your interests and activities, your location (such as ZIP code and/or country), and other demographic or profile information and we may ask you to complete a survey. We may also collect information that you proactively provide as part of our Service, such as a photo attributable to you as the photographer that you have taken and proactively submitted for display to other end users of the Service.
- Information from other sources. We may also periodically obtain both personal and non-personal information about you from our clients, business partners, contractors, and other third parties and add it to our account information or other information we have collected. Examples of information that we may receive include: updated delivery and address information, your place of work, your professional title and additional demographic information.
- Editing your information or opting out of its display. You have a right to access your personal data. In some cases our clients will provide you with the ability to edit the information displayed about you directly in the Service. In other cases they will provide you with a contact with whom to communicate to edit the information on your behalf. You may opt out of the display of your information by communicating with our client or directly in the Service. You may also opt out of participation in attendee to attendee messaging.
- Opting in to the use of any sensitive information. Where such use or transfer of your personal data involves sensitive information as explained in the Principles of the EU-U.S. Privacy Shield Framework, you will have the right to opt-in before such use or transfer. When we are acting as the data controller, we will provide you with that opt-in. When we are acting as the agent, we advise our clients to provide you with that opt-in.
- Information collected automatically. We automatically collect information from your mobile browser and device when you visit our Service. This information may include a unique identifier for your device, your device type, browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us, and any referring website address. We may also collect information about the location of your device and provide that information to our client, for the purpose of enabling certain capabilities such as localized offers through our service and to enable our client to improve its service. You may choose not to allow location-based services when you access our Service and may turn off location-based services at any time under settings on your device. If you do not allow or turn off location-based services, please note that you may not be able to use some of the features of our Service.
- Cookies. When you visit our Service, we may assign your mobile device one or more cookies to facilitate access to our Service and to personalize your experience. Through the use of a cookie, we also may automatically collect information about your activity on our Service, such as the pages you visit, the links you click, and the activities you conduct on our Service. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies. If you choose to decline cookies, please note that you may not be able to use some of the features offered on our Service.
- Information collected by third parties. We may allow third parties, including our clients, conference sponsors and exhibitors and advertising companies to display advertisements on our Service. These companies may use tracking technologies, such as cookies, to collect information about users who view or interact with their advertisements. Our client may also offer exhibitors at their event the ability to scan a QR code located on the physical name tag badge you may be wearing or may have in our Service with your permission. The QR Code may contain identifying information about you, such as name, organization and email address. You may choose to not allow the scanning of any QR code identifying you.
- If you have enabled notification in the Service, we will push notifications through a push notification provider, such as Apple Push Notification Service or Google Cloud Messaging. You can manage your push notification preferences or deactivate these notifications by turning off notifications in the application or device settings.
How we use the information we collect
In general. We may use information that we collect about you to:
- operate the Service, such as display the conference, reunion, event or gathering information to you in a format appropriate for your specific mobile device;
- to deliver other products and services that you have requested;
- share information you have voluntarily provided about yourself with other registered attendees, sponsors and exhibitors who are attending the same conference, reunion, event or gathering;
- reflect choices you have made and make accessible information that you have provided in the Service, such as notes that you may take, on any device from which you may access our Service;
- provide you with customer support;
- perform research and analysis about your use of, or interest in, parts of our Service, content, or products, and services or content offered by others;
- communicate with you or allow our conference-planning clients, other attendees or sponsors or exhibitors to communicate with you by e-mail and/or mobile devices about products or services related to the specific conference, reunion, event or gathering that may be of interest to you;
- develop and display content and advertising tailored to your interests on our Service, such as the event sessions that you would like to attend;
- enforce our Terms of Service;
- manage our business; and
- perform functions as otherwise described to you at the time of collection.
With whom we share your information
We want you to understand when and with whom we may share personal or other information we have collected about you or your activities on our web site, while using our Service or through our conference-planning clients.
Personal information. We do not share your personal information with others except as indicated below or when we inform you and give you an opportunity to opt out of having your personal information shared. We may share personal information with:
- Our clients. For the purpose of understanding usage of our Service, interest level in certain aspects of the conference, reunion, event or gathering, and for other purposes, we may share personal information with our clients to offer you products, services, promotions, surveys and additional functionality on our Service.
- Our cloud services hosting providers and technology partners. To operate our Service, we may share personal information about you with our cloud services hosting providers and other technology providers in order to allow you access to the Service and use of certain capabilities in the Service, such as the ability to post a photo and view photos posted by others. Our cloud services hosting providers have certified to comply with the principles of the EU-U.S. Data Privacy Shield. Any technology providers with whom we might work who have not certified under the EU-U.S. Data Privacy Shield have signed contracts with us or have terms of service that explicitly protect the data privacy and security of any personal information that may be shared with them, and they agree to use that personal information solely for the purpose of delivering their service to us in order to enable our Service to our clients and you.
Other Situations. We also may disclose your information:
- In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
- When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our website terms and conditions or other agreements or policies.
- In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
Aggregated and non-personal information. We may share aggregated and non-personal information we collect under any of the above circumstances. We may also share it with third parties to develop and deliver targeted advertising on our Service. We may combine non-personal information we collect with additional non-personal information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis. For example, we may tell our clients the number of visitors to our Service and the most popular features or services accessed. This information does not contain any personal information and may be used to develop Service content and features that we hope you and other users will find of interest and to target content and advertising.
Your Profile Information
You have the right to access your personal information. If you have not been asked by us or our clients to fill out an information profile nor have you expressed permission to include personal information on the Service, there will either be no personal information about you displayed or the personal information about you that will be viewable by other users, attendees, sponsors and exhibitors will typically be limited to your name, professional affiliation and title, and if the conference is a reunion, your class year, and/or other defining group chosen by our conference-planning clients. We will not publish your email address or other specific contact information on the Service without your consent, which may be obtained directly by us or through our conference-planning clients. If you have been asked to fill out a profile and you have elected to provide personal information, you will be given contact and other information at that time as to how you may change any profile information or opt-out of providing profile information. You can also opt out of the display of information about you directly in our Service. You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our Service.
How we protect your personal information
We take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal information from unauthorized access and disclosure. For example, only authorized employees are permitted to access personal information, and they may do so only for permitted business functions. In addition, we use encryption in the transmission of your sensitive personal information between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your personal information.
We want you to feel confident using our Service. However, no system can be completely secure. Therefore, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information, searches, or other communications will always remain secure. Users should also take care with how they handle and disclose their personal information and should avoid sending personal information through insecure e-mail. Please refer to the Federal Trade Commission’s website for information about how to protect yourself against identity theft.
There are risks associated with providing and posting personal information and communications
We may provide areas on our Service where you can post information about yourself and others and communicate with others or upload content (e.g., pictures). Such postings are governed by our Terms of Service. You should be aware that whenever you voluntarily disclose personal information on a publicly-viewable service, that information will be publicly available and can be collected and used by others. For example, if you post your e-mail address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information.
Our website is a general audience site, and we do not knowingly collect personal information from children under the age of 13.
Visiting our Service from outside the United States
Your EU Privacy Rights
If you are visiting the Site from the EU or where applicable EU data protection laws so provide, subject to certain limitation and exceptions, you may exercise the following rights regarding your personal data:
Access You have the right to obtain from us confirmation if your personal data is being processed and certain information in this regard.
Rectification You have the right the request the rectification of inaccurate personal data and to have incomplete data completed.
Objection You have the right to object to the use of your personal data in certain circumstances, such as the use of your personal data for direct marketing.
Portability You have the right to transfer your personal data to a third party in a structured, commonly used and machine-readable format, in circumstances where the personal data is processed with your consent or by automated means.
Restriction You may request to restrict processing of your personal data if (i) you contest the accuracy of it; (ii) the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) you object to processing based on public or legitimate interest. Please be aware that we may need a period of time to verify your request and determine if we have overriding legitimate grounds to use it.
Erasure You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
Right to lodge a complaint You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, or the location where the issue that is the subject of the complaint occurred.
Right to refuse or withdraw consent Please note that in the case where we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences, except that you may no longer be able to use some or all of the features of the Service. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
If you have questions about exercising any of those rights or their applicability to any of our particular processing activities or have questions about any data transfer mechanism or want a copy thereof, you may contact us at firstname.lastname@example.org or at the address provided in the Contact Us section below.
Your California Privacy Rights
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits California residents to request and obtain once a year, free of charge, information about the personal information (if any) that Touchpoint disclosed to third parties for the third parties’ direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please email your request to email@example.com.
No Rights of Third Parties
Our Commitment to the Privacy Shield Principles
- Choice When providing our Service, our clients choose the types of personal information we process and the purposes of the processing. Accordingly, our clients are responsible for providing notice to individuals. In the event personal information is (i) to be used for a purpose that is materially different from the purposes for which the personal information was originally collected or subsequently authorized, or (ii) transferred to a third party acting as a data controller, individuals will be given, where practical and appropriate, an opportunity to opt out of having their personal information so used or transferred where it involves non-sensitive information. Where such use or transfer involves sensitive information, individuals must opt-in before such use or transfer.
We take reasonable steps to limit the collection and usage of personal information to that which is relevant for the purposes for which it was collected, and to ensure that such personal information is reliable, accurate, complete and current. Individuals are encouraged to keep their personal information with our client and with Touchpoint up to date and may contact Touchpoint as indicated below to request that their personal information be updated or corrected.
When providing our Service, we process and retain personal information as necessary to provide our Service as permitted in our agreement with clients, or as required or permitted under applicable law.
We remain responsible for the processing of personal information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent processes such personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
- Security Touchpoint takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the personal information, to help protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Access Where appropriate, individuals have reasonable access to their personal information and may request corrections, deletions, or additions where the personal information is inaccurate or has been processed in violation of the Principles. We may limit or deny access to personal information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles. You may request access to your personal information by contacting us as described below.
When providing our Service, we only process and disclose the personal information as specified in our agreements with clients. Our client controls how personal information is disclosed to us and processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your personal information, please contact the company to which you submitted your personal information and that uses our Service. If you contact us with the name of our client to which you provided your personal information, we will refer your request to that client and support them in responding to your request.
Recourse, Enforcement and Liability Touchpoint has established procedures to periodically verify implementation of and compliance with the Principles. Touchpoint conducts an annual self-assessment of its practices regarding personal information, regularly engages in external verification of its data security, and also undertakes a SOC 2 audit, all intended to verify that the assertions Touchpoint makes about its practices are true and that such practices have been implemented as represented.
In case of disputes, individuals are able to seek resolution of their questions or complaints regarding the processing of their personal information in accordance with the Principles. If an individual feels that Touchpoint is not abiding by this Notice or is not in compliance with the Principles, he or she should first contact Touchpoint at the contact information provided below.
If an issue cannot be resolved through Touchpoint’s internal dispute resolution mechanism, you may submit a complaint to the International Centre for Dispute Resolution (ICDR), a division of the American Arbitration Association (AAA). (Information about ICDR can be found at (https://www.icdr.org/icdr/faces/icdrservices/safeharbor), which provides an independent third-party dispute resolution option based in the U.S. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.
Touchpoint is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
How to contact us