Last Modified: May 20, 2018
INFORMATION WE COLLECT
There are three types of information we collect:
- Information from Organizations.
- Information you choose to give us.
- Information we get when you use our Services.
- Information we receive from other third parties.
Information from Organizations
Information You Choose to Give Us
When you use our Services, we collect the information you choose to share with us. For example:
- When you create an account you provide us with your name, your e-mail address, and a personal password.
- When you fill out forms, give us feedback about the Services, when you post reviews or provide testimonials or when you communicate with us through third party social media sites, or request customer support you are also sharing information with us.
- You may provide us with your date of birth, a photo, or credit card information or other Personal Data for authentication purposes.
- In addition, you may give us permission to use the information contained in your Merits so that you may receive advertisements or promotions related to your interests and Merits.
Information We Get When You Use Our Services
When you use our services, certain information is automatically generated and stored about your visits. The type of information gathered this way includes things like
- details about how you’ve used our services.
- device information, such as your web browser type and language.
- access times.
- pages viewed.
- IP address.
- identifiers associated with cookies or other technologies that may uniquely identify your device or browser.
- pages you visited before or after navigating to our website.
Location Based Services. The device you use to access the Service may provide your location to the Service. If you enable the location-based feature on your device, we will automatically receive information about your location when you use the Service. Your device may allow you to deactivate location-based services. If you deactivate location-based services, your device should no longer send information about your location to third parties, including Sigma; but be advised that if you turn off location-based services on your device, certain aspects of the Service may not be available to you.
Information We Received From Third Parties (other than Organizations).
If you log in to the Service using credentials associated with your account at third-party services such as Facebook, LinkedIn or Twitter (each, a “Third Party Service”), you allow Sigma to access certain information associated with your account with the Third Party Service. The information you allow us to access may vary according to the privacy settings you establish with the Third Party Service. We encourage you to review the privacy policies of any Third Party Services from which you access the Service.
HOW WE USE YOUR INFORMATION
Personal Data received from an Organization (“Organization Data”) will be used by Sigma in accordance with the Organization’s instructions and as required by applicable law. Sigma is a processor of Organization Data and the Organization is the controller. The Organization may, for example, use the Services to grant you a Merit, access, modify, export, share and remove Organization Data and otherwise apply its policies to the Services.
With your permission, Sigma uses information relating to Merits you have claimed and information we receive from you when you create an account and interact with the Service (“Your Sigma Data”) in order to provide you with an easily accessible place to track, access, and share documents relating to your Merits, to provide you with advertisements and other information which may be of interest to you and to offer you the most helpful Service. Sigma is a controller with regard to Your Sigma Data. Here are some of the ways we do that:
- Enabling You to Share Merits. We may use Your Sigma Data to confirm your identity so you are able to display a Merit to third parties.
- Sending You Communications. We may use e-mail to respond to support inquiries or to share information about our products and services and promotional offers or those of your third parties, including Organization that we think may be of interest to you. Please note: we do not share your e-mail with third parties. If you would like to modify your e-mail or other privacy settings, please click https://sig.ma/settings.
- Engaging In Transactions. If you are an Authorized User acting on behalf of your Organization, Sigma may use your Personal Data such as name, physical address, telephone number, e-mail address to engage in transactions with you, including contacting you about your account or transactions. We may also use your information to bill your Organization for the Service, and to process payments.
- Improving Our Site and Services. We may use your information, including the information gathered as a result of site navigation and electronic protocols and cookies (including third-party cookies), to enhance the safety and security of our Site and Services, prevent fraud or unauthorized usage, monitor and analyze trends and usage, improve the quality of the Site and the Service, to better serve you and enhance your experience with the Site and the Service, and to track marketing campaign responsiveness and evaluate page response rates.
- Billing, Account Management and other Administrative Matters. Sigma may need to contact you for invoicing (only if you are an Authorized User), account management and similar reasons. We use account data to administer accounts and keep track of each Organization’s billing and payments.
- Enforcing our Terms of Service and other Usage Policies.
- To investigate and help prevent security issues and abuse.
- As required by applicable law, legal process or regulation.
HOW WE SHARE YOUR INFORMATION
This section describes how Sigma may share and disclose information. Each Organization determines its own policies and practices for the sharing and disclosure of Organization Data and Sigma does not control how any Organization or third party chooses to share or disclose Organization Data.
- Organization’s Instructions. Sigma will solely share and disclose Organization Information in accordance with an Organization’s instructions, including any applicable terms in a Service Agreement, and in compliance with applicable law and legal process.
- To operate the Service. We may share your Personal Information with service providers who perform services on our behalf (such as providing hosting or maintenance services, managing databases, processing payments, or supporting/improving the features of the Site or the Service).
- Organization Access. Authorized Users and other Organization representatives and personnel may be able to access, modify or restrict access to Organization Data. For example, if you would like to modify, update, or delete a Merit, this will be the responsibility of your Organization.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Personal Data and support our business. These third parties may, for example, provide virtual computing and storage services. Additional information about the sub-processors we use to support delivery of our Services is set forth https://sig.ma/subpro.
- Third Party Services. An Organization may enable or permit you to enable Third Party Services. When enabled, Sigma may share your Personal Information with Third Party Services. Third Party Services are not owned or controlled by Sigma and third parties that have been granted access to your Personal Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
For Legal Reasons. We may share information about you if we reasonably believe that disclosing the information is
- respond to claims and/or legal process (including subpoenas);
- protect the rights, property, of safety of Sigma or any other person;
- to prevent or stop any illegal, unethical, or legally actionable activity;
- comply with applicable law or regulation;
- respond to any lawful request by public authorities, including, without limitation, to meet national security or law enforcement requirements;
- to investigate, remedy or enforce our potential Terms of Service violations.
- When Aggregated or Anonymized. We may share aggregated or anonymized information that does not directly identify you with our investors, partners, and other third parties for a variety of business purposes. Such aggregated information may include, among other things, number of users, countries of residence, average page views per session, and average length of time as a member.
- During a Change in our Business. If Sigma engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Sigma’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all of Your Sigma Data may be shared or transferred, subject to standard confidentiality arrangements.
- To Enforce our Rights, Prevent Fraud, and for Safety. To protect and defend the rights, property or safety of Sigma or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With your Consent, or at your Direction. We will share your information with your consent or at your direction, including if we notify you through the Service that the information you provide will be shared in a particular manner, and you choose to provide such information.
OUR DATA RETENTION POLICY
Sigma will retain Organization Data in accordance with an Organization’s instructions, and as required by applicable law. Please Note: If you or an Organization asks us to delete Organization Data that data will be deleted from the Sigma Service as well. For more detail about our process should you wish to delete Organization data please contact us at email@example.com. Unless requested by you to delete Sigma Data, Sigma will retain Sigma Data as long as you have an account with us. Once you have deactivated your account, we will only keep your data for the period of time needed for Sigma to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Account information. You can review, amend, correct, or delete your account information
- Updating your account will not update information contained within Merits. If you would like to change any information relating to your Merit, or remove a Merit from Sigma, you must contact your Organization directly. If you would like us to pass an e-mail message on to your Organization, we would be happy to do so. Please contact us at firstname.lastname@example.org and we will pass that request on to the relevant Organization via e-mail.
- If you ask an Organization to erase your Personal Data, the Personal Data we have received from that Organization will be erased from the Sigma Site as well. However, your Sigma account will still remain on the Site until you ask us to erase it.
The Service also provide tools for you to customize the information about yourself that is made accessible to others. Certain information about yourself, such as your full name, will always be visible to other users of the Service, and your decision to use the Service indicates your acceptance of these settings. You should review your privacy preferences regularly, to ensure that the settings match your preferences.
Promotional communications. You may opt out of receiving promotional communications from Sigma by following the instructions in those communications. If you opt out, we may still send you other kinds of communications, including those related to your current accounts or your use of the Service.
Advertisements. When you visit our Site, you may see advertisements which are relevant to your interests. If you do not wish to see any of these advertisements, please click here to adjust your privacy settings.
Sigma is committed to safeguarding the confidentiality of information that we collect about you. Please click here for more information about the precautions we take to protect your Personal Information.
YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83, if you are a California resident and your business relationship with Sigma is primarily for personal, family or household purposes, you may request certain data regarding Sigma's disclosure, if any, of Personal Information to third parties for the third parties' direct marketing purposes. To make such a request, please send an e-mail message to email@example.com with "Request for California Privacy Information" in the subject line of your email. You may make such a request up to once per calendar year. If applicable, we will provide you, by e-mail, a list of the categories of Personal Information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the third parties’ names and addresses. Please note that not all Personal Information sharing is covered by Section 1798.83’s requirements.
LINKS TO THIRD-PARTY SITES
NO USE BY MINORS
Our Service is intended for use by adults only. Sigma does not promote the Service to children, and does not intentionally collect any personally identifiable information from children under the age of thirteen (13). If you believe that a person under the age of thirteen (15) has disclosed personally identifiable information through the Service, please report this to us immediately by emailing us at firstname.lastname@example.org, with “Notice of Underage Person” in the subject line of your email, and we will remove such information from our files.
TRANSFER OF INFORMATION TO OTHER COUNTRIES
Sigma is based in the United States. Information that we have collected from or about you may be transferred to countries other than the one in which you reside, including the United States. By submitting your information to Sigma via the Service, you consent to such transfers and to the processing and storage of that information in various countries around the world, including countries other than the one in which you reside. If you are located outside of the United States and you choose to provide your information to us, you agree that we have the right to transfer your information to the United States, and process it there.
COMPLAINT, APPLICABLE LAW, and JURISDICTION
ADDITIONAL CLAUSES FOR USERS IN THE EUROPEAN UNION
If you’re a user in the European Union, you should know that Sigma is the controller of Your Sigma Data. Your country only allows us to use Personal Information contained in Your Sigma Data when certain conditions apply. These conditions are called “legal bases” and, at Sigma, we typically rely on one of three:
- Legitimate interest. One reason we might use your information is because we have—or a third party has—a legitimate interest in doing so. For example, we need to use your information to provide and improve our services, including protecting your account, collecting and sharing your Merits, providing customer support.
- Consent. In some cases we’ll ask for consent to use your information for specific purposes. If we do, we’ll make sure you can revoke your consent in our services or through your device permissions. Even if we’re not relying on consent to use your information, we may ask you for permission to access data like contacts and location.
- Legal obligation. We may be required to use your Personal Information to comply with the law, like when we respond to valid legal process or need to take action to protect our users.
Your right to object.
You have the right to object to our use of your information. With many types of data, we’ve provided you with the ability to simply delete it if you don’t want us processing it anymore. For other types of data, we’ve given you the ability to stop the use of your data by disabling the feature altogether. You can do these things through the Service. If there are other types of information you don’t agree with us processing, you can contact us at email@example.com.
We may collect your Personal Information from, transfer it to, and store and process it in the United States and other countries outside of where you live. Whenever we share information of EU users outside the EU we make sure an adequate transfer mechanism is in place.
EU-US AND SWISS-US PRIVACY SHIELD
Sigma complies with the EU-U.S. Privacy Shield Framework Principles and the Swiss-U.S. Privacy Shield Framework Principles for Personal Information transferred to the United States from users in the EU and Switzerland. Under these Frameworks, we are subject to the Federal Trade Commission’s enforcement powers. To learn more about Privacy Shield and to view our certification, please click here.
If you have any questions or complaints about how we are complying with the Privacy Shield principles, please contact us at firstname.lastname@example.org. If we are unable to resolve the issue, we have committed to refer unresolved Privacy Shield complaints from EU and/or Swiss individuals to the BBB EU Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please click here. The services of the BBB EU Privacy Shield are provided at no cost to you.
In certain situation, you may have the right to invoke binding arbitration before a Privacy Shield Panel. To learn more about binding arbitration, see Annex I to the EU-U.S. Privacy Shield and Annex I to the Swiss-U.S. Privacy Shield.
As our mentioned above, we may sometimes share your Personal Information with third parties for processing on our behalf. We are responsible for this third-party processing if it violates the Privacy Shield principles, unless we can show that we were not responsible for the violation.
Note that we may be required to release EU Data in response to requests from public authorities, including to meet national security and law enforcement requirements.
Complaints? If you’re based in the EU, you can always file a complaint with the supervisory authority in your Member State. For example, if you’re based in the UK you can file a complaint with the Information Commissioner’s Office.
ADDITIONAL CLAUSES FOR AUSTRALIAN USERS
If you would like to access or correct the Personal Information which we hold about you, or you have a question or complaint about our use of your Personal Information please contact us at email@example.com. When contacting us please provide as much detail as possible in relation to your question, comment or complaint.
We will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need. If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner.
DATA PROTECTION OFFICER
Our Data Protection Officer can be reached at firstname.lastname@example.org.