1. Some key terms
When we refer to “BAO Systems,” “we,” or “us” in this policy, we mean BAO Systems, LLC, which controls the collected information. We own and operate a number of websites and offer related services, like support. We refer to all of these products, together with our other services and websites as “Services” in this policy.
If you want to know about what we do with information we collect for our own purposes, read on.
If you are a Customer or User in the European Economic Area, United Kingdom or Switzerland (the “EEA”) or if the GDPR is otherwise applicable to your personal data or the data you collect, please see our Data Processing Agreement to learn more about how we process such data.
At BAO Systems we respect your privacy. When it comes to your personal information, we believe in transparency, not surprises. That’s why we’ve set out here what personal information we collect, what we do with it and your choices and rights.
3. Personal information we collect
We collect various personal information regarding you or your device. This can include the following:
– Information you provide to create an Account, specifically email address, first name and last name. If you sign up for paid Services, we may receive a portion of your payment information from our payment processor (such as the last four digits, the country of issuance and the expiration date of the payment card).
– Your marketing preferences.
– The emails and other communications that you send us or otherwise contribute, such as customer support inquiries.
– Information you share with us in connection with surveys, events or promotions.
– Information from your use of the Services. This includes: preferences, web pages you visited prior to coming to our website, information about your browser, network or device (such as browser type and version, operating system, internet service provider, and other regional settings), and information about how you interact with the Services (such as problems you may encounter, for example loading errors). We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We may use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
– Information we get from our partners to support our marketing initiatives, improve our Services and better monitor, manage and measure our marketing campaigns.
– Other information you submit to us directly or through third-party services if you use a third-party service to create an account (based on your privacy settings with such third-party service).
4. How we collect personal information
We obtain personal information from various sources. We do this in three main ways:
– You provide some of it directly (such as by registering for an account on our Services).
– We record some of it automatically when you use our Services (including with technologies like cookies).
– We receive some of it from third parties (like when you make payments to us using our payment processor).
We’ve described this in more detail below.
a. Personal information you provide
When you use our Services, we collect information from you in a number of ways. For instance, we ask you to provide your name and email address to register and manage your account. We also maintain your marketing preferences and the emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our social media accounts. You might also provide us with information in other ways, including by responding to surveys, submitting a form or participating in BAO Systems events.
Sometimes we require you to provide us with information for contractual or legal reasons. We’ll normally let you know when information is required, and the consequences of failing to provide it. If you do not provide personal information when requested, you may not be able to use our Services if that information is necessary to provide Services to you or if we are legally required to collect it.
b. Personal information obtained from your use of our Services
When you use our Services, we collect information about your activity on and interaction with the Services, such as your device and browser type, the web page you visited before coming to our sites, what pages on our sites you visit and for how long and identifiers associated with your devices. If you’ve given us permission through your device settings, we may collect your location information in our mobile apps.
If you are a User, we also get information about your interactions with the Customer’s account, including their projects, though we use this in anonymous, aggregated or pseudonymized form which does not focus on you individually. We use this data to evaluate, provide, protect or improve our Services (including by developing new products and services).
c. Personal information obtained from other sources
Customers of our Services may provide information about you when they submit content through the Services. For example, we may receive your email address from another User when they provide it in order to invite you to the Services.
5. How we use your personal information
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. We may use the personal information we obtain about you to:
– Provision of the Services. Create and manage your account, provide and tailor our Services, process payments and respond to your inquiries.
– Communicating with you. Communicate with you, including by sending you emails about your transactions and Service-related announcements.
– Surveys. Administer surveys.
– Promotion. Promote our Services and send you tailored marketing communications about products, services, offers, programs and promotions of BAO Systems and measure the success of those campaigns. For example, we may send different marketing communications to you based on your subscription plan or what we think may interest you based on other information we hold about you.
– Advertising. Analyze your interactions with our Services and third parties’ online services so we can tailor our advertising to what we think will interest you. For example, we may decide not to advertise our Services to you on a social media site if you already signed up for Paid Services or we may choose to serve you a particular advertisement based on your subscription plan or what we think may interest you based on other information we hold about you.
– Improving our Services. We are always looking for ways to make our Services smarter, faster, more secure, integrated and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. In some cases, we apply these learnings across BAO Systems to improve and develop similar features or to better integrate the Services you and others use. We also test and analyze certain new features with some Customers before rolling out the feature to all Customers. We usually do this based on anonymous, pseudonymized or aggregated information which does not focus on you individually. For example, if we learn that most Customers of subscription services use a particular integration or feature, we might wish to expand on that integration or feature.
– Security. Ensure the security and integrity of our Services.
– Third-party relationships. Manage our vendor and partner relationships.
– Enforcement. Enforce our Terms and other legal terms and policies.
– Protection. Protect our and others’ interests, rights and property (e.g., to protect our Customers and their Users from abuse).
– Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts and law enforcement requests.
We process your personal information for the above purposes when:
Consent. You have consented to the use of your personal information in a particular way. When you consent, you can change your mind at any time. We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Performance of a contract. We need your personal information to provide you with the Services or to respond to your inquiries. In other words, so we can perform our contract with you or take steps at your request before entering into one. For example, we need your email address so you can sign into your BAO Systems account.
Legal obligation. We have a legal obligation to use your personal information, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.
Legitimate interests. We have a legitimate interest in using your personal information. In particular, we have a legitimate interest in the following cases:
– To operate the BAO Systems business and provide you with tailored communications to develop and promote our software-as-a-service.
– To analyze and improve the safety and security of our Services – we do this as it is necessary to pursue our legitimate interests in ensuring BAO Systems products and services are secure, such as by implementing and enhancing security measures and protections and protecting against abuse.
– To provide and improve the Services, including any personalized services – we do this as it is necessary to pursue our legitimate interests of providing an innovative and tailored offering to our Customers on a sustained basis.
– To share your personal information with other BAO Systems affiliated entities that help us provide and improve the Services.
– To anonymize and subsequently use anonymized information.
Legal bases for processing: If you are an individual in the EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your personal information only where:
– We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
– It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
– You give us consent to do so for a specific purpose; or
– We need to process your data to comply with a legal obligation.
6. How we share your personal information
We share personal information in the following ways:
– Customers. We share with our Customers data regarding usage by their Users. For example, we provide our Customers with information about how their Users interacted with our software, including project data entry components and related functionalities associated with the Customer’s account. This is so Customers can analyze the usage of their accounts.
– Service providers. We share personal information with our vendors, consultants, and other service providers who perform services on our behalf. For example, we may use third parties to help us provide customer support, send marketing and other communications on our behalf, or assist with data storage.
– Following the law or protecting rights and interests. We disclose your personal information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property or interests (such as enforcing our Terms or prevent abuse of BAO Systems or our Customers or Users). In particular, we may disclose your personal information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
– Business transfers. If we’re involved in a reorganization, merger, acquisition or sale of some or all of our assets, your personal information may be transferred as part of that deal.
7. Your rights and choices
Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change or delete personal information. In such cases, you can access, update, change or delete certain personal information (or that of your Users) either directly in your account or by contacting us at email@example.com to request the required changes. You can exercise your other rights (including deleting your account) by contacting us at the same email address.
You can also elect not to receive marketing communications by following the unsubscribe instruction in such communications.
Please note that, for technical reasons, there is likely to be a delay in deleting your personal information from our systems when you ask us to delete it. We also will retain personal information in order to comply with the law, protect our and others’ rights, resolve disputes or enforce our legal terms or policies, to the extent permitted under applicable law.
You may have the right to restrict or object to the processing of your personal information or to exercise a right to data portability under applicable law. You also may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law. If you are subject to the GDPR, we suggest you lodge any such complaints with your local data protection authority within the EEA.
Additionally, if we rely on consent for the processing of your personal information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal.
If you are a User or Subject of one of our Customer’s accounts, you should contact them to exercise your rights with respect to any information they hold about you.
8. How we protect your personal information
We use data hosting service providers in the EEA to host the information we process, and we use technical measures to secure your data. While no service is completely secure, we have a security team dedicated to keeping personal information safe. We maintain administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing of the personal information in our possession.
9. How we retain your personal information
The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your account is active, while the period for which we keep a support message is based on how long has passed since the last submission in the thread.
As Customers may have seasonal projects or come back to us after an account becomes inactive, we don’t immediately delete your personal information when your trial expires, or you cancel all paid or subscription Services. Instead, we keep your personal information for a reasonable period of time, so it will be there for you if you come back.
Please note that in the course of providing the Services, we collect and maintain aggregated, anonymized or de-personalized information which we may retain indefinitely.
10. Privacy Shield
In compliance with the Privacy Shield Principles, BAO Systems commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BAO Systems at firstname.lastname@example.org.
BAO Systems has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Individuals may have the possibility, under certain conditions, to invoke binding arbitration as indicated in Annex I of the Privacy Shield Framework. For further information, please see the Privacy Shield website at https://www.privacyshield.gov.
BAO Systems is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
11. Users’ personal information
Our Customers who have created an account on BAO Systems are responsible for what they and their Users do with the User information and Subject Data they collect. This section is directed to such Customers.
a. Your relationship with Users
If you’re one of our Customers, you will collect personal information about your Users. For example, name and email address so that you can add them to teams and projects.
You’re solely responsible for complying with any laws and regulations that apply to your collection and use of your Users’ information, including personal information you collect about them.
We’re not liable for your relationship with your Users or how you collect and use personal information about them and we won’t provide you with any legal advice regarding such matters.
b. Your relationship with Subjects
Where the Services are made available through a Customer, that Customer is responsible for the Users and Subjects over which it has control. All Subject Data at an individual level is controlled by the Customer. We are not responsible for the privacy or security practices of a Customer, which may be different from this policy.
12. Our policy towards children
14. How to contact us
Your information is processed by BAO Systems, LLC. If you have questions or concerns about how your information is handled, please direct your inquiry to BAO Systems, LLC, as set forth below or, if you are a resident of the EEA, please contact our EU Representative.
BAO Systems, LLC
2900 K Street, NW
Washington, DC 20007 USA
BAO Systems LLC – Sucursal em Portugal
Alameda dos Oceanos, 41O