Users and Customers from the EU/EEA
All EU-based individuals, irrespective of their nationality, have certain individual rights under the GDPR, these include:
- The right to be informed about the collection and use of their personal data.
- The right of access to find out that is stored about them.
- The right to rectification of their personal data if it is inaccurate or incomplete.
- The right to erasure to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
- The right to restrict processing to 'block' or suppress processing of personal data.
- The right to data portability allowing individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object to the processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing and/or for purposes of scientific/historical research and statistics.
- Various rights in relation to automated decision making (making a decision solely by automated means without any human involvement) and profiling (automated processing of personal data to evaluate certain things about an individual).
Data Collection and Publishing
When you visit the Site or use the Services we may collect information from you such as your name, email address and phone number (from prospective and existing Customers) and information regarding your social media accounts, uploads and posts (from end users who upload user-generated content to Customer digital properties or use Customer hashtags on their social media posts). We collect this information in order to provide end users and Customers with access to our Services and our Platform, in order for prospective and existing Customers to download information such as whitepapers, and in order for anyone to contact us with questions regarding our Site or Services. You can connect your social media accounts, such as Facebook, to your Platform account. The social media services will authenticate your identity and provide you the option to (i) include Platform elements on Facebook Fan Pages, (ii) follow, like, or comment on others’ social profiles from within your Platform account.
As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. Candid does not collect IP addresses of end users on behalf of Customers. We may combine automatically collected log information with other information we collect about end users.
Use of Personal Information
If you upload user-generated content to your social media accounts which you tag with our Customers’ brand hashtags, Candid may collect that content on behalf of our Customers, including your photo, social media username, caption information (if any) and location information (if any). If you upload user-generated content directly to a Candid Customer digital property, Candid may collect your email address, prior to the upload, as well as your photo. Generally, the information Candid collects from end users helps us and our Customers to communicate with end users regarding content that they have submitted through the Candid Services. For instance, we may use your email address to provide you with an email confirmation of your registration or to notify you of the status of the content you have submitted. Furthermore, our Customers to whom you have submitted content through the Candid Services or whose brand hashtags you have included in your social media posts may use your username or email address to communicate with you.
If you are a prospective or existing Candid Customer, we use the personal information we have collected from you to provide you with information about and access to our Services.
We use the information we collect automatically from end users of our Site and Services to improve the Services we offer to our Customers, and to improve marketing, analytics and the functionality of the Services.
Transfer of Personal Information
Candid may transfer personal information to those Customers on whose behalf we have collected it and to companies that help us provide our Services. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and our service agreements with our Customers.
Choice and Access to Personal Information
If your personally identifiable information changes, or if you no longer desire to receive communications from us, you may correct, update, delete or deactivate your information from our records by (for Customers) logging into your account and making the appropriate changes or (for non-Customers) contacting us at firstname.lastname@example.org. We will respond to your request to access within 30 days.
If you are an end user of a Customer site or have posted user-generated content with a Customer’s brand hashtags and would no longer like to be contacted by that Customer, please contact that Customer directly. If the Customer requests that Candid remove the information from our records, we will respond to its request within 30 business days.
We also use "cookie" technology and similar technologies in analyzing trends, administering the Candid Website and Services, tracking users’ movements around the Candid Website and Services, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We use Local Storage (LS) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on our Candid Website and Services or to display advertising based upon your web browsing activity use LS such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LS.
We partner with third parties to manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this Candid Website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
IP Address and Clickstream Data
Our server may collect the Internet Protocol address, or IP Address number that is automatically assigned to your computer by your Internet service provider. When you request pages from our Candid Website, our servers may log your IP Address and sometimes your domain name. Your IP Address is used to help identify you and to gather demographic information about our customers as a whole, but does not include personally identifiable information. Our server may also record the referring page that linked you to us (e.g., another Web site or a search engine); the pages you visit on this Candid Website; the Web site you visit after this Site; the ads you see and/or click on; other information about the type of Web browser, computer, platform, related software and settings you are using; any search terms you have entered on this Site or a referral site; and other Web usage activity and data logged by our Web servers. We use this information for internal system administration, to help diagnose problems with our server, and to administer the Candid Website. Such information may also be used to gather demographic information, such as country of origin and Internet Service Provider. We may link this information with your personal information.
Any or all of these activities with regard to Candid Website usage information may be performed on our behalf by our service providers, including, for example, our analytics vendor(s) and our e-mail management partner(s).
Additional Information for California Visitors, Account Users for Limiting Use and Disclosure of Your Data
If our collection of personal information about you for our business purposes is covered by the California Consumer Privacy Act you have the have certain rights under that law.
You may request disclosure of the following specific information:
- the categories of personal information as well as the specific pieces of personal information that we have collected about you for our business purposes over the prior 12 months,
- the categories of sources from which we have collected that personal information,
- our purpose(s) for collecting that personal information,
- the categories of third parties with whom we have shared the personal information, such as our service providers, and
- whether we have sold the personal information to third parties or disclosed the information to third parties for a business purpose, and if so the categories of personal information and third parties.
In addition, you have the right to ask us to delete your personal information. We will comply with your deletion request and require our service providers to do the same, unless we plan to retain the personal information on a legally permitted basis and we give you notice of this fact and the legal basis on which we rely.
You may make a request by calling our toll-free number +1 866-810-0030 or by sending an email or physical mail request to the addresses above.
Before responding to your request we may ask you to provide information needed to verify that you are the consumer (or have authorization from the consumer) whose personal information is covered by the request.
We may not discriminate against you because you make a request described in this Section by denying you our services or providing a different quality or price for our services, unless the different service or price is reasonably related to the value provided to you by your data.
We may use "clear GIFs" (aka “Web beacons” or “pixel tags”) or similar technologies, in the Candid Website and/or in our communications with you to enable us to evaluate Candid Website usage information about visitors to the Site, target campaigns, upgrade visitor information, and know whether you have visited a Web page or received a message. A clear GIF is typically a one-pixel, transparent image (although it can be a visible image as well), located on a Web page or in an e-mail or other type of message, which is retrieved from a remote site on the Internet enabling the verification of an individual’s viewing or receipt of a Web page or message. A clear GIF may enable us to relate your viewing or receipt of a Web page or message to other information about you, including your personal information.
Data Release Policy
Our policy is to only release the data we collect in the following circumstances:
- To our customers to whose digital properties you have directly uploaded content or whose brand hashtags you have included in your social media.
- As required by law.
- To designated third parties to resolve or investigate abuse complaints.
- When the information is related to spiders or bots, usually when investigating technical issues.
- For abusive users, we may release information to assist in attempting to block the abusive user or to complain to that user's Internet Service Provider.
- If necessary to defend against legal claims.
- When we deem it necessary to protect the property or rights of the user community, or this Site
We may use third party partners to help operate the Site and deliver our features and Services, and may share your information with our affiliates, service providers and other third parties that provide products or Services for or through this Site or for our business (such as Web site or database hosting companies, address list hosting companies, e-mail service providers, analytics companies, distribution companies, fulfillment companies, and other similar service providers that use such information on our behalf).
Each of these companies commits in its contract with us to use the personal data only according to our contract with them or our other instructions as necessary to support our business. They are not authorized to use your personal data for any other purpose. They are not authorized to disclose your personal data to others except with our permission, and only if they require the others to comply with the same restrictions that apply to them.
- Sendgrid - outgoing email
- Amazon AWS – Infrastructure provider, applications
- Microsoft Azure – Infrastructure provider, applications
- Freshdesk - incoming email, support
- Stripe, Quickbooks - invoice, payment processing
- Google - organization email and documents management provider
- Google Analytics - analytics
- StreakCRM – customer relationship management
No Selling of Information
We have not sold or leased personal data, and will not sell or lease your personal data unless you give us your consent to do so. The California Consumer Privacy Act includes a definition of "sale" that may include permitting third party advertisers to collect data about our Site visitor for use as part of their advertising services generally. During the prior 12 months we have permitted Google Analytics and Facebook to collect data on our site by means of advertising cookies.
Securing Your Information
Candid cannot guarantee the security of information provided over the Internet and will not be responsible for breaches of security beyond our reasonable control.
When you use some our Site or Services, or post on a Candid forum or social networking service, the personally identifiable information you share is visible to other users and can be read, collected, or used by them. You are responsible for the personally identifiable information you choose to submit in these instances.
If you contact us by e-mail or a “contact us” or similar feature on the Site, you should be aware that your transmission might not be secure. A third party could view information you send by these methods in transit.
We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal data to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, consistent with (i) the needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Do not provide any sensitive information (including your password or credit card information) via e-mail or to a Web site that does not seem to be affiliated with Candid, or that otherwise seems suspicious to you, without first reporting such request to us at email@example.com and confirming that it is a valid request from us.
Third Party Links
Our Site or Services may contain links to third party websites not operated or controlled by Candid. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data, including location data or your contact information, or solicit personally identifiable information from you. We advise that you learn about the privacy practices of these third parties.
Our Policy Towards Minors
We do not knowingly collect personal information from children under 18 unless they have obtained parental or guardian consent. If we learn that we have collected the personal information of a child under 18 without such consent, we will delete the information as soon as possible.
If a parent or guardian becomes aware that his/her child has provided us with personally identifiable information without their consent, he/she should contact us at firstname.lastname@example.org.