TABLE OF CONTENTS
ASKCODY PRIVACY POLICY
Last modified 27.10.23
1. PURPOSE
The purpose of this privacy policy (this “Policy”) is to provide individuals with a description of the types of information we at AskCody [AskCody, Inc. and AskCody ApS] (“we”, “AskCody” or the “Company”), collect about individual persons through our products (the “AskCody services”).
Your privacy is important to us. When you use AskCody services, you trust us with your information. This Privacy Statement is meant to help you understand what data we collect, why we collect it, and what we do with it.
People have different privacy concerns. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. This is important; we hope you will take the time to read it carefully.
The following sections provide additional information relevant to the AskCody services and our Platform. This policy applies to the AskCody Platform, as well as other AskCody services that display this policy. References to AskCody services in this policy include AskCody websites, apps, add-ins, plugins, and software.
We will ask for your consent before using
In the event of a conflict between the AskCody privacy policy and the terms of any agreement(s) between a customer and AskCody, the terms of those agreement(s) will control.
2. PERSONAL DATA WE COLLECT
AskCody collects data to operate effectively and provide you with the best experiences with our services. You provide some of this data directly, such as when you create an AskCody account, submit a room search, order meeting room services, use our web portal, or contact us for support. We get some of it by recording how you interact with our services by, for example, using technologies like cookies, and receiving error reports or usage data from software running on your device. We also obtain data from third parties like Mixpanel. We also use services from other companies to help us determine a location based on your IP address to customize certain services to your location.
The data we collect depends on the services and features you use and includes the following.
- Name and contact data (If you have an AskCody account or is granted with an employer-account). We collect your first and last name, email address, phone number, and other similar contact data.
- Credentials. We collect login and passwords (for admin users) and similar security information used for authentication and account access.
- Demographic data. We collect data about you such as your country and preferred language.
- Billing data (For organizational accounts only). We collect data necessary to process your payment if you make purchases.
- Usage data. We collect data about how you and your device interact with our services. This includes data, such as the features you use, the items you purchase, the web pages you visit, and the room search terms and POIs you look for. This also includes data about your device and the network you use to connect to our services, regional and language settings. It includes information about the operating systems and other software installed on your device, including product keys. Moreover, it includes data about the performance of the services and any problems you experience with them.
- Location data. We collect data about your location. Location data includes, for example, a location derived from your IP address or data that indicates where you are located with less precision, such as at a city or postal code level.
- Content. We collect the content of your meetings and communications when necessary to provide you with the services you use. For example, if you find a room using Meeting Dashboards, order services for your meeting with Meeting Services, or invite guests to your meeting with Visitor Management, the content and data can include:
- Email of
current user - Email of organizer for the meeting
- Start/end time of a meeting
- Exchange ID of the meeting
- Email of
We also collect the content of the messages you send to us, such as feedback and product reviews you write, or questions and information you provide for customer support. When you contact us, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded.
You have choices about the data we collect. When you are asked to provide personal data, you may decline. However, if you choose not to provide data that is necessary to provide a service, you may not be able to use some features or services.
Service-specific sections below describe data collection practices applicable to the use of those services.
For further reference please see our Data Processing Agreement, that must be entered between AskCody an any customer before signing up on the AskCody Platform
3. HOW WE USE PERSONAL DATA; DISCLOSURE OF PERSONAL DATA
We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect AskCody and our users.
AskCody uses the data we collect for two basic purposes: (1) To operate our business and provide (including improving and personalizing) the services we offer to you, (2) to send communications, including promotional communications for other AskCody solutions, that will help you improve the utilization of the AskCody solution.
In carrying out these purposes, we combine data we collect through the various AskCody services you use to give you a more seamless, consistent and personalized experience.
- Providing and improving our services. We use data to provide and improve the services we offer and perform essential business operations. This includes operating the services, maintaining and improving the performance of the services, including developing new features, research, and providing customer support. Examples of such uses include the following.
-
- Providing
the Services . We use data to carry out your transactions with us and to provide our services to you. Often, those services include personalized features that enhance your productivity and enjoyment and tailor your service experiences based on your activities, interests, and location. - Customer support. We use data to diagnose service problems and provide other customer care and support services.
- Product Activation. We use data - including device and application type, location, and unique device, application, network, and subscription identifiers - to activate software and devices that require activation.
- Service Improvement. We use data to continually improve our services, including adding new features or capabilities.
- Security, Safety and Dispute Resolution. We use data to protect the security and safety of our services and our customers, to detect and prevent fraud, to confirm the validity of software licenses, to resolve disputes and enforce our agreements. Our communications and data syncing services systematically scan content in an automated manner to identify suspected spam, viruses, abusive actions, or URLs that have been flagged as fraud, phishing or malware links. We may block the delivery of
communication or remove content if it violates our terms. - Investigations of Questionable Activity. We disclose information that we, in good faith, believe is appropriate to cooperate in investigations of fraud or other illegal activity or to conduct investigations of violations of our user agreements. For example, this means that if we conduct a fraud investigation and conclude that one side has engaged in deceptive practices, we can give that person or entity’s contact information to victims who request it. Also, we reserve the right to disclose aggregate information and personally identifiable information to third parties as required or permitted by law and when we believe that disclosure is necessary to protect our rights.
- Business Operations. We use data to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
- Sale of Business. As with any other business, it is possible that in the future we could merge with or be acquired by another company. If such an acquisition occurs, the successor company would have access to the information maintained by us, including customer account information, but would continue to be bound by this Policy unless and until it is amended.
- Providing
- Providing and improving our services. We use data to provide and improve the services we offer and perform essential business operations. This includes operating the services, maintaining and improving the performance of the services, including developing new features, research, and providing customer support. Examples of such uses include the following.
- Communications. We use the data we collect to deliver and personalize our communications with you. For example, we may contact you by email or other means to inform you when a subscription is ending, let you know when security updates are available, update you or inquire about a service or repair request, or tell you that you need to take action to keep your account active. Additionally, you can sign up for email subscriptions and choose whether you wish to receive promotional communications from AskCody by email.
- Advertising. AskCody services are not supported by advertising. We don't use the data we collect to help select ads - whether on our services or services offered by third parties. We don't support advertisement based on your current location, search, or the content you are viewing. We don't target
adds based on your likely interests or other information that we learn about you over time using demographic data, search queries, usage data, and location data. AskCody does not use what you say in emails or chats, or your documents, or other files to target ads to you. AskCody does not do data sharing, either in terms of sharing reports about the data we have collected, or in terms of directly with service providers to permit them to provide services on our behalf or to a partner.
4. COOKIES AND SIMILAR TECHNOLOGIES
AskCody uses cookies (small text files placed on your device) and similar technologies to provide our services and to help collect data. Cookies allow us, among other things, to store your preferences and settings; enable you to sign-in; combat fraud, and analyze how our services are performing.
You have a variety of tools to control cookies, and similar technologies, including browser, controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons. Your browser and other choices may impact your experiences with our services. See our Cookie Policy here.
5. AN ASKCODY ACCOUNT
With an AskCody account, you can sign into AskCody services, as well as those of select AskCody partners. When you create your AskCody account or AskCody organization account, we refer to that account as a personal AskCody account. When your account is created and provided to you by your organization, such as your employer, we refer to that account as an employer-account with limited access to features and settings.
- Signing in. When you sign into your AskCody account, we create a record of your sign-in, which includes the date and time, information about the service you signed into, your sign-in name, the unique number assigned to your account, a unique identifier assigned to your device, your IP address, and your operating system and browser version.
- Creating and using your AskCody account. When you create an AskCody account, you will be asked for certain personal data, and we will assign a unique ID number to identify your account and associated information. While some services, such as those involving payment, require a real name, you can sign into and use some AskCody services without providing your real name. Some data you provide, such as your display name, email address and phone number, can be used to help others find and connect with you within AskCody services. For example, people who know your display name, email address or phone number can use it to enable notifications upon check-ins via Visitor Management.
- Signing into AskCody. Signing into your account enables improved personalization, provides seamless and consistent experiences across services, and allows you to access other enhanced features and settings. When you sign into your account, you will stay signed in until you sign out. When you are signed in, some services will display your name or username and your profile photo (if you have added one to your profile) as part of your use of AskCody services, including in your communications, social interactions and public posts.
- Using employer-accounts. You can sign into certain AskCody services with an AskCody employer-account. If you sign in to AskCody services with an employer-account, the owner of the domain associated with your email address may control and administer your account, and access and process your data, including the contents of your communications and files. Your use of the services may be subject to your organization's policies if any. AskCody is not responsible for the privacy or security practices of these organizations, which may differ from those of AskCody. If your organization is administering your use of the AskCody Services, please direct your privacy inquiries to your administrator.
6. RIGHT OF OPT-OUT, ACCESS AND CORRECTION
We provide individuals with the opportunity to “opt-out” of having their personally identifiable information collected by us. Also, European data protection legislation gives individuals the right to access personally identifiable information held about them. Individuals may ensure that such information is accurate and relevant for the purposes for which we collected it. Individuals may review their information and correct or remove any information that is incorrect, as permitted by applicable law. To request opt-out, review, modification or removal of personal data, you should submit a written request to us at privacy@askcody.com.
7. SECURITY OF PERSONAL DATA
AskCody is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. We follow commercially accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. While we strive to use commercially acceptable means to protect personal information, no method of transmission over the Internet, or method of electronic storage, is 100% secure and we cannot guarantee its absolute security. In the event of inadvertent disclosure of personal information, we will take all commercially reasonable steps to limit and remedy the disclosure as required by applicable law. If individuals have any questions about security regarding our Product, they can contact us at privacy@askcody.com.
8. WHERE WE STORE AND PROCESS PERSONAL DATA
AskCody is built on Microsoft Azure and data we collect is stored in the Azure platform. Azure is a cloud platform that enables us to quickly build, deploy and manage services and applications across a global network of Microsoft-managed datacenters. (You can learn more about Azure at azure.microsoft.com.) Personal data collected by AskCody may be stored and processed in your region (either Europe or the United States based on the location you sign up for when you create your AskCody Account). Microsoft (https://privacy.microsoft.com/en-us/privacystatement) takes steps to ensure that the data AskCody collect under this privacy policy is processed according to the provisions of this policy and the requirements of applicable law wherever the data is located.
Due to AskCody being built on Microsoft Azure, we leverage Microsoft's compliance program. Microsoft enterprise cloud services are independently validated through certifications and attestations, as well as third-party audits. In-scope services within the Microsoft Cloud meet key international and industry-specific compliance standards, such as ISO/IEC 27001 and ISO/IEC 27018, FedRAMP, and SOC 1 and SOC 2. They also meet regional and country-specific standards and contractual commitments, including the EU Model Clauses, UK G-Cloud, Singapore MTCS, and Australia CCSL (IRAP).
Learn more about AskCody on Azure
International transfers and the EU-US Data Privacy Framework
With the implementation of the EU-US Data Privacy Framework as of July 10th 2023, personal data transfers between the EU and US may now be done without Supplementary Measures. You can find AskCody's walkthrough of how this relates to our transfers of data here.
However, AskCody continues to have our previously mentioned Supplementary Measures implemented:
The European Data Protection Board has published updated guidance with recommendations on supplementary measure, to ensure compliance processing data following the ruling by the Court of Justice from the European Union. You can find AskCody’s response here, providing our customers confidence that your data is still safe with AskCody and that AskCody is still processing personal data complying with GDPR.
Since the ruling from the Court of Justice from the European Union (CJEU) on the EU-U.S. Privacy shield in July 2020 following the Schrems II, questions have been raised by the market on data protection and potential non-compliant transfer of data from the EU to third countries. Because of this, we have clarified and documented, even further, how we protect our customers, their users, and their data, to ensure that all contractual agreements between AskCody and customers are withheld and still comply with the EU GDPR requirements on data processing, based on the new ruling and the follow up guidance published in November 2020.
9. AGE LIMITATION
The AskCody services are not directed to a person under the age of 18. If you become aware that a child has provided us with personal information, please contact us at privacy@askcody.com. We do not knowingly collect or solicit information concerning persons under 18 years old. If we become aware that a person under 18 has provided us with personal information, we take steps to remove such information and terminate the person’s account.
10. CALIFORNIA PRIVACY RIGHTS (Applies only to Customers in California)
California Civil Code Section 1798.83 permits customers who are California residents and who have provided the Company with “personal information” (as that term is defined in Section 1798.83) to request certain information about the disclosure of that information to third parties for their direct marketing purposes. If you are a California resident with questions regarding this, please contact us at privacy@askcody.com.
11. DATA PRIVACY IN AN ASKCODY RECRUITMENT PROCESS
-
Who is the data controller and their contact details; We at AskCody act as Controller for any personal data you wish to provide us. You may contact us either at info@askcody.com or privacy@askcody.com.
-
The purpose of processing data; Purpose for processing any data that is transferred to us in a personnel recruitment process is to establish the identity of the individual and to establish and perform an eventual Employment Contract.
-
Legal basis for processing, as well as legitimate interests pursued by the company; Legal basis for processing may be:
-
Article 6(b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
-
Article 6(c) processing is necessary for compliance with a legal obligation to which the Controller is subject
-
In some specific cases, (where valid) for instance if an applicant’s information is asked to be kept in the case of an eventual later hiring process, Legal basis for transfer may rely on Article 6 (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
-
Any other recipients of data, including transfers to third countries: By providing AskCody with your personal information, you are consenting to having your personal data processed by:
-
Hubspot
-
Microsoft
-
Information regarding sub-processors and a Transfer Impact Assessment may be requested at privacy@askcody.com
-
Data retention period: Data is kept following guidelines from the Danish Data Protection Agency, and personal data obtained from subjects during a recruitment process are never kept for more than 3 years.
-
Compliance and any requests concerning:
-
the data subject's rights in relation to data (access, rectification, deletion, restricted processing, data portability and the right to complain to the Danish Data Protection Authority)
-
along with the right to revoke any consent given,
-
should be sent to privacy@askcody.com
If AskCody later wishes to process information for a purpose other than that disclosed to the data subject, the data subject will be informed of this before the new processing is initiated.
12. CHANGES TO THIS PRIVACY STATEMENT
Our Privacy Statement may change from time to time. We will not reduce your rights under this Privacy Statement without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.
We will update this privacy policy when necessary to reflect customer feedback and changes in our services. When we post changes to this policy, we will revise the "last updated" date at the top of the policy. If there are material changes to the policy or in how AskCody will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy policy to learn how AskCody is protecting your information.