Geckoboard - Privacy Policy

Datachoice Solutions Ltd t/a Geckoboard ("Geckoboard", "we", "us" or "our") is committed to respecting your privacy. Please read this privacy policy carefully to understand our practices regarding your personal data and how we will treat it.

ABOUT OUR PRIVACY POLICY

This privacy policy applies to your access to and use of:

  • the website geckoboard.com;
  • the web and mobile application called 'Geckoboard',

(together the "Platform") including all content, services and products available at or through the Platform.

This privacy policy, together with the terms and conditions for use of the Geckoboard web and mobile application (being either those set out here or as otherwise agreed between you and us) and Cookie Policy, sets out the basis on which any personal data we collect from you, or that you provide to us will be processed by us.

By accessing and/or using the Platform, you are accepting and consenting to the practices described in this policy.

  • In this Policy we will explain:
  • What types of personal information Geckoboard collects and how it is used.
  • How Geckoboard collects your personal information, including whether personal information is collected automatically.
  • How long Geckoboard retains your personal information.
  • How and when Geckoboard shares your personal information with others.
  • How Geckoboard protects your personal information.
  • What choices and rights are available to you regarding the use of your personal information, including how to access and update personal information.
  • How personal information submitted to our Services or collected through our Services on behalf of or at the direction of our subscribers is treated.
  • How to update your communication preferences.
  • Whether children under the age of 13 are permitted to use our Services.

Depending on the context of personal information you provide, Geckoboard may be the data controller ("controller") or data processor ("processor") of your personal information under this policy. Geckoboard is a processor of Client Data, personal information submitted to the Services or collected through the Services on behalf of or at the direction of subscribers.

CONTACT INFORMATION

For the purpose of the General Data Protection Regulations (the "GDPR"), the data controller is Datachoice Solutions Ltd whose registered office is at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom, ICO Reg. No. Z2476079.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@geckoboard.com.

If you are a Geckoboard user from the European Economic Area (“EEA”), you can also exercise any of the rights described in this privacy policy by submitting a request to our appointed representative in the EEA at https://gdpr-rep.eu/q/15268973 or at

GDPR-Rep.eu
Maetzler Rechtsanwalts GmbH & Co KG
Attorneys at Law
c/o Geckoboard
Schellinggasse 3/10, 1010 Vienna, Austria


Please add the following subject to all correspondence: GDPR-REP ID: 15268973

GECKOBOARD AS THE DATA CONTROLLER

INFORMATION WE MAY COLLECT

We may collect the following information:

  1. Information you give us (Client Supplied Data): You may give us information about you by filling in forms on the Platform, for example when you register as a user of the Platform, register your billing details to become a customer, open a support request, post on our blog, take part in competitions, prize draws or surveys, or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, e-mail address, employment details, phone number and billing address. When you submit such forms on the platform, we’ll gather internet protocol (IP) address data in addition to the information provided.
    • NOTE: When you purchase a paid Geckoboard subscription, your credit card data is not transmitted through nor stored on our systems. All of Geckoboard's credit card processing is handled securely by our third-party payment processors.
  2. Information we may automatically collect about you (Automatic Device Data): With regard to each of your visits to the Platform we may automatically collect the following information:
    • Visit information - including the full URL clickstream to, through and from the Platform (including date and time), page response times, errors, length of visits to certain pages, page interaction information, actions taken within the application and methods used to navigate away from the page;
    • Technical information - including the Internet Protocol address used to connect your device to the Internet, your login information, browser type and version, geographical location, browser plug-in types and versions and operation system.
  3. Information provided by the web and mobile application (Client Data): When using our services to connect to databases, including third party databases, we may pull data into the Platform which includes personal data. This is within your control, as we only pull data on your instruction.
  4. Information from other sources (Other Data): We are working closely with third parties (including, for example, business partners, sub-contractors in technical and payment services, intelligence providers and analytics providers) and may receive information about you from them.

The above types of information may not always contain personal data (i.e. data which identifies a person). Some of this information may instead contain non-personal data (i.e. data that does not identify you). As non-personal data is anonymous, this privacy policy does not restrict or limit our use and disclosure of non-personal data.

USE OF COOKIES

We use cookies in order to provide a better service or identify which pages on the Platform are of special interest. A cookie is a small piece of information which a website stores on your web browser and which can later be retrieved.

For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

HOW DO WE USE PERSONAL DATA?

We may process personal data in connection with the following purposes:

Client Supplied Data

  • to provide you with information and services that you request or subscribe to;
  • to bill and collect money owed to us by our Clients;
  • to update our records and generally maintain your account with us;
  • to provide you with special offers, promotions, surveys and other information about services we feel may interest you, where you consent to receiving such information;
  • to notify you about changes to this privacy policy and other terms that you have agreed to;
  • for research and development purposes to evaluate and enhance the Platform; and
  • to deal with your queries, complaints or concerns,

Automatic Device Data

  • to provide our service to you;
  • to present content from the Platform in an effective manner to you;
  • to administer the Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • as part of our efforts to keep the Platform safe and secure;
  • to enforce compliance with our Terms of Service and applicable law;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
  • to make suggestions and recommendations to you and other users of our site about services that may interest you or them,

Other Data

  • to evaluate our client relationships, or potential client relationships, and the benefit, or potential benefit, obtained from the Platform;
  • we may also combine this information with the above information and use this information for the purposes set out above.

We shall not process personal data for any other purpose, unless such purpose is expressly communicated to you at the point your personal data is being collected.

DIRECT MARKETING - HOW TO UNSUBSCRIBE

If you have consented to receive marketing communications from us via email you can change your mind and withdraw that consent. You can opt-out by clicking on the Unsubscribe link at the bottom of the email you've received or updating your user account settings. Alternatively, you can send an email to customer service at privacy@geckoboard.com.

The legal basis for which we act as Data Controller are as follows:

  1. GDPR Article 6(1)(b) - processing of your personal data is necessary for the performance of our contract with you, our customer
  2. GDPR Article 6(1)(c) - processing of your personal data is necessary for compliance with a legal obligation. Specifically, this relates to financial and accountability data
  3. GDPR Article 6(1)(f) - processing of your personal data is necessary for legitimate interests of both Geckoboard and you as our customer. Specifically:
    • Ensuring Geckoboard's systems are secure and for the purposes of performance and error monitoring and incident response
    • Improving the performance and user experience of the Geckoboard product

WHO PROCESSES YOUR INFORMATION?

We may disclose your personal data to the following persons: 1. Disclosure of information within Geckoboard: We limit access to your personal data to employees who reasonably need to process such information as described under this policy. In this situation we:

  • shall take commercially reasonable steps to ensure the reliability and appropriate training of any Authorized Employee.
  • shall ensure that all Authorized Employees are made aware of the confidential nature of Personal Data and have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement with Processor, any Personal Data except in accordance with their obligations in connection with the Services.
  • shall take commercially reasonable steps to limit access to Personal Data to only Authorized Individuals.

2. Disclosure of information to particular third parties: We may disclose your personal data to the following third parties:

  • Other members of our group (which means our subsidiaries, our parent company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) for the purposes outlined in this Privacy Policy
  • To contractors, service providers such as Recurly and Intercom, and other third-parties we use to support our business. These entities are bound by contractual obligations to keep personal information confidential and can use it only for the purposes for which we disclose the information to them.
  • When you create an account on our community forum. Please note that the information you share in public areas of our Websites may be viewed by any user of our Websites.

Geckoboard shall: a) notify the Client if it receives any complaint, notice or communication which relates directly to the processing of Personal Data, or to either party's compliance with Data Protection Laws, and shall fully co-operate and assist the Client in relation to any such complaint, notice, communication or non-compliance; and b) before disclosing Personal Data to any processor, enter into a contract with that processor under which the processor agrees to comply with obligations equivalent to those set out in these GDPR Terms; and c) before disclosing Personal Data to any of its employees and representatives, and the employees and representatives of each of its processors, in each case who have access to the Personal Data, ensure that those persons:

  1. have undergone appropriate training in data protection and the care and handling of Personal Data;
  2. are bound to hold the information in confidence to at least the same standard as required under this Agreement (whether under a written agreement or otherwise)

3. Disclosure of information in certain circumstances: We may also disclose your personal data:

  • in the event we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or asset;
  • if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligations, or in order to enforce or apply our terms for use of the Geckoboard web and mobile application and other agreements; or to protect the rights, property or safety of Datachoice Solutions Ltd, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Beyond this, we will not share your personal data with any other person without your consent.

WHAT DO WE DO TO SAFEGUARD PERSONAL DATA?

We have implemented safeguards and procedures to protect your personal data against loss or theft as well as unauthorised access and undue disclosure. You can find more information about these safeguards at: https://support.geckoboard.com/en/articles/6055694-geckoboard-security. We also use our best efforts to ensure that third parties who work with us agree to protect your personal data.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential.

The Platform may contain links to third party websites. However, we are not and shall not be held responsible for the content of such websites, or their privacy policies. If you visit another website, we advise you to review their privacy policy and other general terms of use.

DO NOT TRACK DISCLOSURE

"Do Not Track" is a standard that is currently under development. Because it is not yet finalised, Geckoboard adheres to the standards in this policy and does not monitor or follow any Do Not Track browser requests. That said, some of our features may have the ability to monitor or follow Do Not Track browser requests.

RIGHT OF ACCESS & RECTIFICATION

If Geckoboard processes your personal information on behalf of or at the direction of one of our subscribers, you should first look to that subscriber for assistance regarding the modification or correction of your personal information as described in the section titled "GECKOBOARD AS THE DATA PROCESSOR" of this Privacy Policy.

The GDPR gives you the right to access and request a correction of personal data held about you. Your right of access can be exercised in accordance with the GDPR. Some access requests may be subject to a reasonable fee to meet our costs in providing you with details of the personal data we hold about you.

You have the right to access and correct your personal information. If you want to review or correct your personal information, you can login to the application and visit your account profile page, typically designated as "My Account", or contact us at privacy@geckoboard.com.

RIGHT TO DELETE PERSONAL DATA

If Geckoboard processes your personal information on behalf of or at the direction of one of our subscribers, you should first look to that subscriber for assistance regarding the deletion of your personal information as described in the section titled "GECKOBOARD AS THE DATA PROCESSOR" of this Privacy Policy.

You have the right to request deletion of personal information we hold about you and we have the obligation to erase your personal information, where:

  • the personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
  • you withdraw consent on which the processing is based and where there is no other legal ground for the processing,
  • you object to the processing and there are no overriding legitimate grounds for the processing,
  • the personal information has been unlawfully processed, or
  • the personal information has to be erased for compliance with a legal obligation in the European Union or a Member State law to which Geckoboard is subject.

If you want to request removal of your personal information from our Websites or Services, you can login to the application or contact us at privacy@geckoboard.com. You can also request closure of your account. We will respond to your request within 30 days.

In some cases, we may not be able to remove your personal information, in which case we will let you know that we are unable to do so and why.

RIGHT TO DATA PORTABILITY

If Geckoboard processes your personal information on behalf of or at the direction of one of our subscribers, you should first look to that subscriber for assistance regarding the data portability of your personal information as described in the section titled "GECKOBOARD AS THE DATA PROCESSOR" of this Privacy Policy.

You have the right to receive or transfer a copy of your personal information, where:

  • we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for the processing, and
  • personal information is processed by automatic means.

This copy will be provided to you in a common machine-readable format. You may also require us to transmit it to another party where this is technically feasible.

If you want to request a copy of your personal information, you can contact us at privacy@geckoboard.com.

RIGHT TO RESTRICT PERSONAL INFORMATION PROCESSING

If Geckoboard processes your personal information on behalf of or at the direction of one of our subscribers, you should first look to that subscriber for assistance regarding the restriction of processing of your personal information as described in the section titled "GECKOBOARD AS THE DATA PROCESSOR" of this Privacy Policy.

You have the right to request the restriction of processing of your personal information, where:

  • you contest the accuracy of the personal information until we take sufficient steps to correct or verify its accuracy,
  • where the processing is unlawful but you do not want us to erase the personal information,
  • where we no longer need the personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims, or
  • where you have objected to processing justified on legitimate interest grounds (see below) pending verification as to whether Geckoboard has compelling legitimate grounds to continue processing.

Where personal information is subjected to restriction in this way we will only process it with your consent or for the establishment, exercise, or defence of legal claims. This right includes restricting the processing of your personal information to only include storage of your personal information (e.g. during the time when Geckoboard assesses whether you are entitled to have personal information erased).

If you want to request restriction of processing of your personal information, you can contact us at privacy@geckoboard.com.

RIGHT TO OBJECT TO PROCESSING JUSTIFIED ON LEGITIMATE INTEREST GROUNDS

If Geckoboard processes your personal information on behalf of or at the direction of one of our subscribers, you should first look to that subscriber for assistance regarding objections to processing your personal information as described in the section titled "GECKOBOARD AS THE DATA PROCESSOR" of this Privacy Policy.

Where we are relying upon legitimate interest to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the personal information for the establishment, exercise, or defence of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.

If you want to object to the processing of your personal information, you can contact us at privacy@geckoboard.com.

RIGHT TO BE INFORMED OF THE APPROPRIATE SAFEGUARDS WHERE PERSONAL INFORMATION ARE TRANSFERRED TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION

If Geckoboard processes your personal information on behalf of or at the direction of one of our subscribers, you should first look to that subscriber for assistance regarding safeguards when transferring your personal information to a third country as described in the section titled "GECKOBOARD AS THE DATA PROCESSOR" of this Privacy Policy.

Refer to the Terms of Service and this Privacy Policy for information on the safeguards that have been put in place to protect your personal information for transfer outside of the European Economic Area. For transfers to countries without an adequacy decision by the European Commission, Geckoboard puts appropriate safeguards through contractual obligations.

If Geckoboard processes your personal information on behalf of or at the direction of one of our subscribers, you should first look to that subscriber for assistance regarding withdrawing consent for processing your personal information as described in the section titled "GECKOBOARD AS THE DATA PROCESSOR" of this Privacy Policy.

Where you have provided us with your consent to process personal information, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can do this by:

  • using certain web browser and opt-out options discussed in this Privacy Policy to limit the personal information you provide to us or our third-party partners,
  • Contact us at privacy@geckoboard.com,
  • send us an email at the address noted in the Contact Information section above,
  • following the unsubscribe instructions included in emails,
  • by accessing the email preferences in your account settings page in the application

RIGHT TO SUBMIT COMPLAINTS OR REPORT ABUSE

You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, if you consider that the processing of your personal information infringes applicable laws.

If you need to report abuse, you can contact us at privacy@geckoboard.com.

CHILDREN UNDER THE AGE OF 13

Our Websites and Services are not intended for children under 13 years old. No one under age 13 years old may provide any personal information to or on the Websites and Services.

We do not knowingly collect personal information from children under 13 years old. If you are under 13 years old, do not use or provide any information on our Websites or Services including on or through any of their features, register on the Websites or Services, make any purchases through the Websites or Services, use any of the interactive or public comment features of our Websites or Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 years old, we will delete that information without undue delay.

If you believe we might have any information from or about a child under 13 years old, please contact us using the information in the "Contact Information" section above.

COMPLIANCE

Geckoboard will, upon the Client's reasonable written request, provide all information necessary to demonstrate compliance with these GDPR Terms, and allow Customer or an auditor appointed by Customer to carry out audits, including inspections of facilities, equipment, documents and electronic data, relating to the processing of Personal Data by Geckoboard or any processor, to verify compliance with these GDPR Terms.

GECKOBOARD AS THE DATA PROCESSOR

The data you connect to, transmit to and store in Geckoboard for the purposes of visualisation and data communication may contain personal data. In this case you are considered the data controller for any personal data you upload, transmit or connect - the natural person or persons to which this relates are your data subjects. In our Terms of Service and Privacy Policy, we refer to this data as Client Data.

Using Geckoboard to manage your data means that you have engaged Geckoboard as a data processor to carry out certain processing activities on your behalf.

Article 28 of the GDPR specifies that the relationship between the controller and the processor should be made in writing (electronic form is acceptable under subsection (9) of the same Article). Geckoboard's Terms of Service and Privacy Policy serve as your data processing agreement, setting out the instructions that you are giving to Geckoboard with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. Geckoboard will only process your Client Data based on your written instructions as the data controller unless required by law to act without such instructions.

Geckoboard is responsible for the processing of personal information it receives, and subsequently transfers to a third-party acting as an agent on its behalf in accordance with our subscription agreements. Geckoboard may use from time to time third-party service providers, contractors, and sub-processors to assist in providing the Services on our behalf. Geckoboard maintains contracts with these third-parties restricting their access, use, and disclosure of personal information.

You or other authorised users of Geckoboard may upload and transmit Client Data as part of the Service that contains personal data relating to you or other individuals. We do not view or control such Client Data and simply process the Client Data on behalf or you or the owner of the Application in accordance with our Terms of Service. You expressly acknowledge that you or the person uploading, connecting or transmitting the Client Data (as applicable) retain sole responsibility for the Client Data and for obtaining all relevant consents, from the individual to which any personal data contained within the Client Data relates, to the processing of that personal data as part of the Service, and that such personal data is not covered by this Privacy Policy. Client Data is processed in the EEA and in the US. It is the responsibility of the Client to ensure that it has a suitable privacy policy in place to cover the transmission and processing of the Client Data and any personal data that it contains.

A subset of authorised Geckoboard staff may, with the permission of an Authorised User, access your account in the course of diagnosing account issues or taking action on behalf of a Geckoboard Client or Authorised User. This process is restricted to a minimal set of Geckoboard staff members and only after receiving explicit, recorded consent from an Authorised User on the same account. All Client account access by Geckoboard staff is logged and monitored.

Client Data may be stored by us or cached for performance purposes. Client Data can be deleted by you at any time by deleting the Service Account associated with that data. Please note that data used to render a given widget may be shared with other widgets on your account for the purposes of performance improvements and reducing the number of API requests to the source of that data. To ensure Client Data has been deleted all Service from that source should be deleted. If you choose to use our Datasets API to transmit Client Data, data received will be stored until such time as you delete or override the data.

Where we don't store the underlying data, we may rely on an upstream service to provide a snapshot. The length of time we cache Client Data for depends on the refresh intervals of the particular widget created. Under these circumstances, newly retrieved Client Data overwrites the old Client Data and the old Client Data is deleted.

Geckoboard retains the personal information we process on behalf of our subscribers for as long as needed to provide the Services to our subscribers and in accordance with our subscription agreements. To the extent not deleted by our subscribers, Geckoboard may also retain and use certain personal information for a reasonable period of time thereafter as necessary to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements.

Geckoboard tools only use official APIs (application programming interfaces) for accessing data.

Data transfers are done using SSL encrypted HTTPS connections.

For logging into most of the data sources, our tools use OAuth. This is a secure authentication method, which means that you never have to type your password into our tools, as the authentication happens on a webpage hosted by the data source (eg. Google, Facebook or Microsoft).

With Google services, our tools will only have rights to access your Google Analytics/AdWords/YouTube/Google Drive data (depending on which service you are logging in to), nothing else on your Google account. You can revoke Geckoboard’s right to access your data at any point from your Google account control panel. For your reference, you should view the Terms of Service for Youtube, Google Analytics, and Google Drive, as well as Google’s Privacy Policy as you will be bound to these terms when you connect and fetch your data from these services. When you create a YouTube connection, the API Client uses YouTube API Services.

Most other services we connect to also work with OAuth, and provide their own interface for revoking access rights.

There are a few services that still require you to type your username and password, or API key, into our tools. Any tokens, keys or passwords are stored encrypted in our systems.

Our security is audited annually by an external third party.

CHANGES TO OUR PRIVACY POLICY

This Policy will be reviewed on annual basis and may updated from time to time to reflect changing legal, regulatory or operational requirements. We encourage you to periodically review this page for the latest information on our privacy practices.