Buddy Punch LLC Privacy Policy

 

Last Updated: May 24, 2018

Section 1

Protecting consumer privacy is important to Buddy Punch. This Privacy Policy explains how information about you is collected, used and disclosed by BuddyPunch.com, LLC (“Buddy Punch”, “we”, “us” or “our”). This Privacy Policy applies to information we collect when you use our websites, mobile applications, and other products and services (collectively, the “Services”) or when you otherwise interact with us whether in electronic, paper or verbal format. This Privacy Policy does not apply to any information we collect about industry professionals who may provide counseling services to users of our Services.

Buddy Punch is based in the United States and the information we collect is governed by United States (“US”) law. By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the US and other countries.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as by adding a statement to our websites or by sending you a notification). We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices and the ways you can help protect your privacy.

  • Buddy Punch (or “we”) values and respects the privacy of individuals and as a result we have updated our Privacy Policy to align with applicable data protection legislation (including the European General Data Protection Regulation (Regulation (EU) 2016/679) and the Privacy Act 2001 (Cth)) and any other legislation in force which applies relating to either or both privacy or the handling of personal data (the “Data Protection Legislation”).
  • This Privacy Policy aims to clearly outline our policies and procedures for collecting, using, storing and disclosing personal data of individuals. All of the different forms of data, content, and information described in this Privacy Policy are collectively referred to as “personal data”.
  • Buddy Punch’s service offering involves providing organizations and individuals within those organizations with access to and use of the Buddy Punch Applications (the “Services”) through their devices (any computer used to access the Buddy Punch Application, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each a “Device”)).
  • This Privacy Policy explains what we do with your personal data when:
    • your organization signs up to the Service and you access the Buddy Punch Application using a business account via our website (www.BuddyPunch.com), subdomain (*.BuddyPunch.com), through applications on devices, through APIs, or through third-parties (together, the “Application Users”);
    • you leave your organization and cease to access the Buddy Punch Application using a business account attached to your organization (“Former Application User”);
    • you visit our website (www.BuddyPunch.com) and subdomain (*.BuddyPunch.com) (the “Website”) while browsing the internet (together, the “Website Users”); and
    • you call or receive a call from our customer service team or sales team for any purpose (“Phone User”).
  • If you are an Application User, our primary purpose for using your personal data is to provide the Service to your organization. When we use your personal data to allow you to access and use the Buddy Punch Application, we do so on the instructions of your organization and on behalf of your organization. This makes us a “data processor” for the purposes of the Data Protection Legislation. However, there may be certain circumstances under which we use your personal data for purposes that are not on behalf of your organization or in accordance with instructions of your organization, for example, where we need to use it for our own purposes. Under these circumstances, we are a “data controller” for the purposes of the Data Protection Legislation. Please see section 4 for more information.
  • If you are a Former Application User, we may retain your personal data to maintain a limited version of your business account profile and for our own purposes, for example, where we wish to offer you services which we think you may be interested in. This makes us a “data controller” for the purposes of the Data Protection Legislation. Please see section 4 for more information.
  • If you are a Website User, we use your information for our own purposes. This makes us a “data controller” for the purposes of the Data Protection Legislation. Please see section 4 for more information.
  • If you are a Phone User, we may record your call for our own purposes. This makes us a “data controller” for the purposes of the Data Protection Legislation. Please see section 4 for more information.

Section 2: What kind of information do we collect?

Application Users:

  • We need to use personal data about you in the course of providing the Service to your organization and for ancillary purposes set out in this Privacy Policy. Depending on the relevant circumstances and requirements, we may collect some or all of the personal data listed below to help us with this:
    • Name
    • Phone number
    • Date of Birth
    • Credit card details or other billing information
    • Email address
    • Home and business physical addresses
    • Photos for profile and Facial Recognition use
    • Social networking information (if we are provided with access)
    • Any further personal data contained in any files that you upload, download, or create (“Files”) within the Buddy Punch Application
    • Log data from your Device, its software, and your activity using the Buddy Punch Application including the Device’s Internet Protocol (“IP”) address, browser type, locale preferences, geo-Location Information, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Buddy Punch Application.

Former Application Users:

  • We will retain the following personal data listed below:
  • Name
  • Phone number
  • Date of Birth
  • Credit card details or other billing information (if you were the primary account holder in relation to your business account)
  • Email address
  • Home and business physical addresses
  • Photos for profile and Facial Recognition use
  • Any further personal data contained in any files that you uploaded, downloaded, or created (“Files”) within the Buddy Punch Application
  • Log data from your Device, its software, and your activity when you used the Buddy Punch Application including the Device’s Internet Protocol (“IP”) address, browser type, locale preferences, geo-Location Information, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Buddy Punch Application.

Website Users:

  • We collect a limited amount of personal data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes log data such as your Device’s Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information and other interactions with the Website. If you contact us via the website (including via any chat widget), we will collect any information that you provide to us, for example your name and contact details.

Phone Users:

  • We do not record phone calls. During the course of the phone call we will collect limited categories of personal data including name, phone number, and email address to assist us in confirming the identity of the caller.

Section 3: How do we collect your personal data?

Application Users:

  • We collect your personal data in three primary ways:
  1. Personal data that you provide to us;
  2. Personal data that we receive from your organization and other sources; and/or
  3. Personal data that we collect automatically.

Personal data you give to us

  • Where you provide personal data to us when you use the Buddy Punch Application;
  • Where you contact us via the Buddy Punch Application; and/or
  • Where you upload, download, or create Files within the Buddy Punch Application

Personal data we receive from your organization and other sources

  • Where we receive personal data about you from your organization; and/or
  • Where we receive personal data (for example, your email address) through other Application Users, if they have invited you to their Buddy Punch account Personal data that we collect automatically
  • When you use the Application, where we automatically record personal data in the form of log data from your Device, its software, and your activity using the Buddy Punch Application; and/or
  • Where we collect your personal data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see section 11.

Former Application Users:

  • We will have collected your personal data during the period that you were an Application User in the manner described above.

Website Users:

  • When you visit our Website there is certain personal data in the form of log data that we may automatically collect, whether or not you use the Buddy Punch Application.
  • We also collect some limited personal data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see section 11.

Phone Users:

  • As set out in section 2 above, we collect a limited amount of personal data by calling. We do not record phone conversations.

Section 4: How do we use your personal data?

Application Users:

  • Our primary purpose for using your personal data is to provide the Service to your organization. When we use your personal data to allow you to access and use the Buddy Punch Application, we do so on the instructions of your organization and on the behalf of your organization. This makes us a “data processor” for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:
    • Allowing you to access and use the Buddy Punch Application
    • Providing you with assistance (including technical assistance) in relation to your use of the Buddy Punch Application;
    • Personalizing and optimizing your experience of the Buddy Punch Application and providing you with software updates; and
  • Ensuring compliance with the terms of our agreement with your organization.
  • However, there may be certain circumstances under which we use your personal data for purposes that are not on behalf of your organization or in accordance with instructions of your organization. Under these circumstances, we are a “data controller” for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:
  • Making announcements to you regarding our products and service offerings (see section 5 below);
  • Providing you with any service offering outside of the Buddy Punch Application directly;
  • Ensuring compliance with our own obligations under applicable law and regulations;
  • Using your personal data to help us to establish, exercise or defend legal claims; and
  • Analyzing log data/user statistics with the aim of improving the Buddy Punch Application for all Application Users. We may use your personal data for these purposes if we have a legal basis for doing so. If you would like to know more about what this means, please see section 12. If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in section 9.

Former Application Users:

  • If we retain your personal data once you have left your organization and cease to use your Buddy Punch Account for our own purposes, we are a “data controller” for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:
  • Making announcements to you regarding our products and service offerings (see section 5 below);
  • Providing you with any service offering outside of the Buddy Punch Application directly;
  • Ensuring compliance with our own obligations under applicable law and regulations; and
  • Using your personal data to help us to establish, exercise or defend legal claims.
  • We may use your personal data for these purposes if we have a legal basis for doing so. If you would like to know more about what this means, please see section 12. If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in section 9.

Website Users:

  • We use your personal data to help us to improve your experience of using our website. This makes us a “data controller” for the purposes of the Data Protection Legislation.

Phone Users:

  • We use your personal data to help assist with questions about the Buddy Punch application. This makes us a “data controller” for the purposes of the Data Protection Legislation.


Section 5: Marketing

  • If you are an Application User or a Former Application User, we may wish to use your personal data in order to let you know about, and invite you to participate in, our products and service offerings.
  • We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the delivery of direct marketing to you through digital channels) and, depending on the situation, we’ll ask for this via an opt-in or soft opt-in (which we explain further below).
  • Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example by signing up to the Buddy Punch Application or requesting more information about our service offerings), and we are marketing service offerings similar to those you have previously engaged with us above. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For other types of e-marketing, we are required to obtain your explicit consent.
  • We will not, as a matter of course, seek your consent when sending marketing materials to a corporate email address. If you are not happy about this, you have the right to opt out of receiving marketing materials from us and can find out more about how to do so in section 9 (“How can you access, amend or take back the personal data that we hold about you?”).
  • If you want to know more about how we obtain consent, please see section 12 (“Legal bases for us processing your personal data”). If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time and can find out more about how to do so in section 9.

Section 6: Information Sharing and Disclosure

  • Where appropriate and in accordance with applicable laws and requirements (and where we use your personal data as a data processor on behalf of and under the instructions of your organization in accordance with our obligations under our agreement with your organization), we may share your personal data in the following ways:
  • Your Use: We will display your personal data on your profile page and this may be accessed by other persons to whom you are connected within your organization depending on their access level.
  • Service Providers, Business Partners and third parties: We may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Buddy Punch Application (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improving the features of the Buddy Punch Application). These third parties may have access to your personal data only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.
  • Other Service Providers, Business Partners and third parties: We may share your personal data with our agents or third-party service providers (including professional advisers and telecommunication service providers) which require your personal data to provide their services to Buddy Punch. Such agents and third-party service providers will not be permitted to use your personal data for any other purpose.
  • Third-Party Applications: We may share your information with a third-party application with your consent, for example when you choose to access Buddy Punch through such an application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you before allowing this feature to be employed.
  • Compliance with Laws and Law Enforcement Requests: We may disclose to parties outside Buddy Punch, Files stored in your Buddy Punch Application and personal data about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; or (b) to protect Buddy Punch’s intellectual property rights. If we provide your Files to a law enforcement agency as set forth above, we will remove Buddy Punch’s encryption from the files before providing them to law enforcement.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction, but we will notify you and/or your organization (for example, via email and/or a prominent notice on our website) of any change in control or use of your personal data or Files, or if either become subject to a different Privacy Policy.
  • Non-private or Non-Personal data: We may disclose your non-private, aggregated, or otherwise non-personal data, such as usage statistics of the Buddy Punch Application.

Section 7: How do we safeguard your personal data?

  • We are committed to taking all reasonable and appropriate steps to protect the personal data that we hold from misuse, loss, destruction or unauthorized access. We do this by having in place a range of appropriate technical and organizational measures. These include measures to deal with any suspected data breach. If you enter payment details onto our payment pages, we encrypt the transmission of that information using secure socket layer technology (SSL) which is PCI DSS compliant.

Section 8: How long do we keep your personal data?

  • We will not keep your personal data for longer than we are permitted to do so under our agreement with your organization or as is necessary for the purposes for which we have collected it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.
  • When we are no longer permitted under our agreement with your organization or it is otherwise no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavor to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.

Section 9: How can you access, amend, or take back the personal data?

Buddy Punch recognizes that Customer Data may include the Personal Data of Authorized Users based in the European Union to which the Data Protection Legislation applies. The obligations under section 9 shall only apply to the parties where the Data Protection Legislation is engaged in respect of Buddy Punch’s processing of Personal Data of Authorized Users in the European Union.

  • You have various rights in relation to the personal data that we hold about you.
  • To get in touch about these rights, please contact us or your organization.
  • If you are an Application User and you wish to make a request in relation to our use of your personal data for the purposes of providing the Service to your organization (and in respect of which we are a data processor), please contact your organization in the first instance to handle your request. If you contact us, we will refer your request to your organization.
  • If you are an Application User and you wish to make a request in relation to our use of your personal data which is unconnected to your organization or you are a Former Application User or a Website User, please contact us and we will handle your request.
  • The Data Protection Legislation gives you the following rights in relation to your personal data:
    • Right to object: this right enables you to object to us processing your personal data
    • Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, sharing your information with a third party application), you may withdraw this consent at any time and we will cease to carry out that particular activity that you previously consented to unless we consider that there is an alternative legal basis to justify our continued processing of your personal data for this purpose, in which case we will inform you of this condition.
  • Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. You may also request a copy of the information we hold about you.
  • Right to erasure: You have the right to request that we “erase” your personal data in certain circumstances. We will try to delete your personal data quickly upon request and if desired make it available to you. While we will endeavor to permanently erase or return your personal data upon request, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this personal data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again. We may retain and use your personal data if we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements. If you are an Application User connected with an organization, we shall not delete or edit your personal data without the approval of your organization.
  • Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
  • Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you, including by means of providing a supplementary statement. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
  • Right of data portability: If you wish, you have the right to request that we transfer your personal data to another third party. To allow you to do so, we will provide you with your personal data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the personal data for you. This right of data portability only applies to certain types of personal data.
  • Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.


Section 10: How do we store and transfer your personal data?

  • In order for us to carry out the functions described in this Privacy Policy your personal data may be processed by us (or our third party service providers) outside of the the United States of America.
  • We want to make sure that your personal data is stored and transferred in a way which is secure. If you are based within the EU we will only process and/or transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your personal data.


Section 11: Cookies

  • We also use “cookies” to collect information and improve our Services. A cookie is a small data file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to the Service. We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic routing on the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Application.
  • Online Tracking: We may use internal and external analytic and product platforms to better understand usage patterns on our website so that we can improve the design and usability of our products. Some web browsers may transmit “do-no-track” signals to websites with which the browser communicates. Our website does not currently respond to these “do-not-track” signals.


Section 12: Legal basis for us processing your personal data.

Where we process your personal data as a data processor on behalf of and under the instructions of your organization, your organization is responsible for ensuring that there is a legal basis for us processing your personal data on their behalf.

Where we process your personal data as a data controller, we need to ensure that there is a legal basis to justify our processing of your personal data. There are a number of different ways that we are lawfully able to process your personal data. We have set these out below.

Where processing your personal data is necessary for us to carry out our obligations arising from any contracts entered into between you and us

  • We process certain personal data where it: “is necessary for the performance of a contract to which [you] are a party.”
  • If you enter into a contract with us in relation to any service offerings outside of the Buddy Punch Application, we may process certain personal data about you in order to perform our obligations under this contract.

Where processing your personal data is within our legitimate interests

  • We can process certain personal data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
  • We may process your personal data for the purposes of our legitimate interests to enforce the terms of our website and to analyze log data/user statistics to improve the Buddy Punch Application for all Authorized Users.

Where you give us your consent to process your personal data

  • In certain circumstances, we will seek to obtain your opt-in consent before we undertake certain processing activities with your personal data.
  • We will obtain your opt-in consent prior to sharing your personal data with third party applications and carrying out certain marketing activities.
  • As and when we introduce these particular processing activities, we will provide you with more information so that you can decide whether you want to opt-in.
  • You have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found above at section 9.

We do not think that any of the above activities prejudice you in any way. However, you do have the right to object to us processing your personal data in certain circumstances. If you would like to know more about these circumstances and how to object to our processing activities, please see section 9.

Section 13: Who is responsible for processing your personal data.

Contact Information

  • If you would like further information about how we handle your personal data, if you have any concerns regarding this Privacy Policy or if you wish to exercise your legal rights, please contact support@buddypunch.com. Please outline to us your concerns and our legal team or Buddy Punch representative will be in touch to discuss the matter.

Section 14: Your California Privacy Rights

California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please contact us. However, please note that under the law, Services such as ours that permit California residents to opt in to, or opt out of, this type of sharing are not required to provide such information upon receiving a request, but rather may respond by notifying the user of his or her right to prevent the disclosure. To opt out of having information about you shared with third parties for direct marketing purposes, please contact us.