Policies: Acceptable Use, Privacy, Data Request, Security Practices

by | Sep 20, 2017 | Legal

ACCEPTABLE USE POLICY

Last Updated: September 19, 2017

This acceptable use policy (“Acceptable Use Policy”) sets out a list of acceptable and unacceptable conduct for our Services.  If Service Provider believes a violation of the policy is deliberate, repeated or presents a credible risk of harm to Authorized Users or other Subscribers, the Services or any third parties, we may suspend or terminate your access.  This policy may change as Service Provider grows and evolves, so please check back regularly for updates and changes.  Capitalized terms used below but not defined in this policy have the meaning set forth in the Master Software As A Service Agreement applicable to each Subscriber (“Agreement”). These guidelines may change as Service Provider grows and evolves, so please check back regularly for updates and changes.

 

Do:

  • comply with the Agreement, including the terms of this Acceptable Use Policy and other policies and our brand guidelines ( https://www.sameworks.com/certification-brand-guidelines/);
  • comply with all applicable laws and governmental regulations, including, but not limited to, all intellectual property, data, privacy, and export control laws, and regulations promulgated by any government agencies;
  • upload and disseminate only Subscriber Data and PII, if applicable, to which Subscriber owns all required rights under law and under contractual and fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements) and do so only consistent with applicable law;
  • use commercially reasonable efforts to prevent unauthorized access to or use of the Services;
  • keep passwords and all other login information confidential;
  • monitor and control all activity conducted through your account in connection with the Services;
  • promptly notify us if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your accounts or teams, including any loss, theft, or unauthorized disclosure or use of a username, password, or account; and
  • comply in all respects with all applicable terms of the third party applications, including any that Subscriber elects to integrate with the Services that Subscriber accesses or subscribes to in connection with the Services.

 

Do Not:

  • permit any third party that is not an Authorized User to access or use a username or password for the Services;
  • share, transfer or otherwise provide access to an account designated for you to another person;
  • use the Services to store or transmit any Subscriber data that may infringe upon or misappropriate someone else’s trademark, copyright, or other intellectual property, or that may be tortious or unlawful;
  • upload to, or transmit from, the Services any data, file, software, or link that contains or redirects to a virus, Trojan horse, worm, or other harmful component or a technology that unlawfully accesses or downloads content or information stored within the Services or any third party;
  • attempt to reverse engineer, decompile, hack, disable, interfere with, disassemble, modify, copy, translate, or disrupt the features, functionality, integrity, or performance of the Services (including any mechanism used to restrict or control the functionality of the Services), any third party use of the Services, or any third party data contained therein (except to the extent such restrictions are prohibited by applicable law);
  • attempt to gain unauthorized access to the Services or related systems or networks or to defeat, avoid, bypass, remove, deactivate, or otherwise circumvent any software protection or monitoring mechanisms of the Services;
  • access the Services in order to build a similar or competitive product or service or copy any ideas, features, functions, or graphics of the Services;
  • use the Services in any manner that may harm minors or that interacts with or targets people under the age of thirteen;
  • impersonate any person or entity, including, but not limited to, an employee of ours, an administrator, Subscriber or any other Authorized User, or falsely state or otherwise misrepresent your affiliation with a person, organization or entity;
  • use the Services to provide material support or resources (or to conceal or disguise the nature, location, source, or ownership of material support or resources) to any organization(s) designated by the United States government as a foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act or other laws and regulations concerning national security, defense or terrorism;
  • access, search, or create accounts for the Services by any means other than our publicly supported interfaces (for example, “scraping” or creating accounts in bulk);
  • send unsolicited communications, promotions or advertisements, or spam;
  • place any advertisements within any Subscriber accounts;
  • send altered, deceptive or false source-identifying information, including “spoofing” or “phishing”;
  • sublicense, resell, time share or similarly exploit the Services;
  • use the Services for consumer purposes, as Service Provider’s Services are intended for use by businesses and organizations;
  • use contact or other user information obtained from the Services (including email addresses) to contact Authorized Users outside of the Services without their express permission or authority or to create or distribute mailing lists or other collections of contact or user profile information for Authorized Users for use outside of the Services;
  • disparage or have any of Subscriber’s agents disparage Service Provider while certified or in addition to other legal and equitable remedies available to Service Provider Subscriber risks revocation of certification from Service Provider’s certification program;
  • use Service Provider’s brand together with any other third party or service that does not directly pertain to Subscriber’s core business; or
  • authorize, permit, enable, induce or encourage any third party to do any of the above.

Contacting Service Provider:

Please also feel free to contact us if you have any questions about Service Provider’s Acceptable Use Policy.  You may contact us at support@sameworks.com.

 

PRIVACY POLICY

Effective: September 19, 2017

Introduction

Our privacy policy will help you understand what information we collect at Service Provider, how Service Provider uses it, and what choices you have.

When we talk about “Service Provider,” “we,” “our,” or “us” in this policy, we are referring to Same Role Same Pay, Inc., dba Sameworks, the company which provides the Services.  When we talk about the “Services” in this policy, we are referring to our equal pay regardless of gender technology platform. Our Services are currently available for use via a web browser or applications specific to your desktop or mobile device. These guidelines may change as Service Provider grows and evolves, so please check back regularly for updates and changes.

Information we collect and receive

  1. Subscriber Data

Content and information submitted by users to the Services is referred to in this policy as “Subscriber Data.”  As further explained below, Subscriber Data is controlled by the organization or other third party that created the Authorized User account (“Subscriber”).  Where Service Provider collects or processes Subscriber Data, it does so on behalf of the Subscriber. Here are some examples of Subscriber Data (but keep in mind they are only examples and there may be others): messages (including those in channels and direct messages), gender, payroll data, employment agreements, edits to messages or deleted messages, and other types of files. An Authorized User may also choose to enter information into their profile, such as first and last name, job, a photo and a phone number.

If you join a Subscriber account and create an Authorized User account, you are an “Authorized User,” as further described in the Master Software As A Service Agreement. If you are using the Services by invitation of a Subscriber, whether that Subscriber is your employer, another organization, or an individual, that Subscriber determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Subscriber Data which may apply to your use of the Services. Please check with the Subscriber about the policies and settings it has in place.

  1. Other information

Service Provider may also collect and receive the following information:

  • Account creation information. Authorized Users provide information such as an email address and password to create an account.
  • Authorized Users Team setup information. When a Subscriber creates a team of Authorized Users using the Services, we collect an email address, a team name, domain details, user name for the individual setting up the team, and password.
  • Billing and other information. For Subscribers that purchase a paid version of the Services, our corporate affiliates and our third party payment processors may collect and store billing address and credit card information on our behalf or we may do this ourselves.
  • Services usage information. This is information about how you are accessing and using the Services, which may include administrative and support communications with us and information about the teams, channels, people, features, content, and links you interact with, and what third party integrations you use (if any).
  • Contact information. With your permission, any contact information you choose to import is collected (such as an address book from a device) when using the Services.
  • Log data. When you use the Services our servers automatically record information, including information that your browser sends whenever you visit a website or your mobile app sends when you are using it. This log data may include your Internet Protocol address, the address of the web page you visited before using the Services, your browser type and settings, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, and cookie data.
  • Device information. We may collect information about the device you are using the Services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings.
  • Geo-location information. Precise GPS location from mobile devices is collected only with your permission. WiFi and IP addresses received from your browser or device may be used to determine approximate location.
  • Services integrations. If, when using the Services, you integrate with a third party service, we will connect that service to ours. The third party provider of the integration may share certain information about your account with Service Provider. However, we do not receive or store your passwords for any of these third party services.
  • Third party data. Service Provider may also receive information from affiliates in our corporate group, our partners, or others that we use to make our own information better or more useful. This might be aggregate level information, such as which IP addresses go with which zip codes, or it might be more specific information, such as about how well an online marketing or email campaign performed.

 

Our Cookie Policy

Service Provider uses cookies and similar technologies like single-pixel gifs and web beacons, to record log data. We use both session-based and persistent cookies.

Cookies are small text files sent by us to your computer and from your computer or mobile device to us each time you visit our website or use our desktop application.  They are unique to your account or your browser.  Session-based cookies last only while your browser is open and are automatically deleted when you close your browser.  Persistent cookies last until you or your browser delete them or until they expire.

Some cookies are associated with your account and personal information in order to remember that you are logged in and which teams you are logged into.  Other cookies are not tied to your account but are unique and allow us to carry out site analytics and customization, among other similar things.  If you access the Services through your browser, you can manage your cookie settings there but if you disable some or all cookies you may not be able to use the Services.

Service Provider sets and accesses our own cookies on the domains operated by Service Provider and its corporate affiliates. In addition, we use third parties like Google Analytics for website analytics. You may opt-out of third party cookies from Google Analytics on its website. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.

How we use your information

We use your information to provide and improve the Services.

  1. Subscriber Data

Service Provider may access and use Subscriber Data as reasonably necessary and in accordance with Subscriber’s instructions to (a) provide, maintain and improve the Services; (b) to prevent or address service, security, technical issues or at a Subscriber’s request in connection with Subscriber support matters; (c) as required by law or as permitted by the Data Request Policy; (d) aggregating, collecting and analyzing Subscriber Data for research and analytical purposes but at a level of analysis in which any personally identifiable information for any Subscriber employees or Subscriber is removed; and (d) as set forth in our Agreement with the Subscriber or as expressly permitted in writing by the Subscriber. Additional information about Service Provider’s confidentiality and security practices with respect to Subscriber Data is available by reviewing our Security Practices Policy.

  1. Other information

We use other kinds of information in providing the Services.  Specifically:

  • To understand and improve our Services. We carry out research and analyze trends to better understand how users are using the Services and improve them.
  • To communicate with you by:
  • Responding to your requests. If you contact us with a problem or question, we will use your information to respond.
  • Sending emails and Service Provider messages. We may send you Service and administrative emails and messages. We may also contact you to inform you about changes in our Services, our Service offerings, and important Service related notices, such as security and fraud notices. These emails and messages are considered part of the Services and you may not opt-out of them. In addition, we sometimes send emails about new Service features or other news about Service Provider. You can opt out of these at any time.
  • Billing and account management. We use account data to administer accounts and keep track of billing and payments.
  • Communicating with you and marketing. We often need to contact you for invoicing, account management and similar reasons. We may also use your contact information for our own marketing or advertising purposes. You can opt out of these at any time.
  • Investigating and preventing bad stuff from happening. We work hard to keep the Services secure and to prevent abuse and fraud.

This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable user or Subscriber of the Services.

Your choices

  1. Subscriber Data

Subscriber provides us with instructions on what to do with Subscriber Data. A Subscriber has many choices and control over Subscriber Data. For example, Subscriber may provision or deprovision access to the Services, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, share channels, or consolidate teams or channels with other teams or channels. Since these choices and instructions may result in the access, use, disclosure, modification or deletion of certain or all Subscriber Data, please be careful about your choices and never hesitate to contact us.

  1. Other information

If you have any questions about your information, our use of this information, or your rights when it comes to any of the foregoing, contact us at support@sameworks.com.

Other Choices

In addition, the browser you use may provide you with the ability to control cookies or other types of local data storage. Your mobile device may provide you with choices around how and whether location or other data is collected and shared. Service Provider does not control these choices, or default settings, which are offered by makers of your browser or mobile device operating system.

Sharing and Disclosure

There are times when information described in this privacy policy may be shared by Service Provider. This section discusses only how Service Provider may share such information. Subscribers determine their own policies for the sharing and disclosure of Subscriber Data. Service Provider does not control how Subscribers or their third parties choose to share or disclose Subscriber Data.

  1. Subscriber Data

Service Provider may share Subscriber Data in accordance with our agreement with the Subscriber and the Subscriber’s instructions, including:

  • With third party service providers and agents. We may engage third party companies or individuals to process Subscriber Data.
  • With affiliates. We may engage affiliates in our corporate group to process Subscriber Data.
  • With third party integrations. Service Provider may, acting on our Subscriber’s behalf, share Subscriber Data with the provider of an integration added by Subscriber. Service Provider is not responsible for how the provider of an integration may collect, use, and share Subscriber Data.
  1. Other information

Service Provider may share other information as follows:

  • About you with the Subscriber. There may be times when you contact Service Provider to help resolve an issue specific to a team of which you are a member. In order to help resolve the issue and given our relationship with our Subscriber, we may share your concern with our Subscriber.
  • With third party service providers and agents. We may engage third party companies or individuals, such as third party payment processors, to process information on our behalf.
  • With affiliates. We may engage affiliates in our corporate group to process other information.
  1. Other types of disclosure

Service Provider may share or disclose Subscriber Data and other information as follows:

  • During changes to our business structure. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Service Provider’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
  • To comply with laws. To comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
  • To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

We may disclose or use aggregate or de-identified information for any purpose. For example, we may share aggregated or de-identified information with our partners or others for business or research purposes like telling a prospective Service Provider Subscriber the average number of messages sent within a Service Provider team in a day or partnering with research firm or academics to explore interesting questions about same role same pay compensation issues.

Security

Service Provider takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.

To learn more about current practices and policies regarding security and confidentiality of Subscriber Data and other information, please see our Security Practices  located at https://www.sameworks.com/security/ ; we keep that document updated as these practices evolve over time.

Children’s information

Our Services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.

Changes to this Privacy Policy

We may change this policy from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy.

Contacting Service Provider

Please also feel free to contact us if you have any questions about Service Provider’s Privacy Policy or practices. You may contact us at support@sameworks.com.

 

DATA REQUEST POLICY

Effective: September 19, 2017

Service Provider receives requests from users and government agencies to disclose data other than in the ordinary operation and provision of the Services. This Data Request Policy outlines Service Provider’s policies and procedures for responding to such requests for Subscriber Data.  Any capitalized terms used in this Data Request Policy that are not defined will have the meaning set forth in the Subscriber Terms of Service Agreement applicable to each Subscriber.  In the event of any inconsistency between the provisions of this Data Request Policy and the Subscriber Terms of Service Agreement with Subscriber, as the case may be, the Subscriber Terms of Service Agreement will control. These guidelines may change as Service Provider grows and evolves, so please check back regularly for updates and changes.

Requests for Subscriber Data by Individuals

Third parties seeking access to Subscriber Data should contact the Subscriber regarding such requests. The Subscriber controls the Subscriber Data and generally gets to decide what to do with all Subscriber Data.

Requests for Subscriber Data by Legal Authority

Except as expressly permitted by the Subscriber Terms of Service Agreement or in cases of emergency to avoid death or physical harm to individuals, Service Provider will only disclose Subscriber Data in response to valid and binding compulsory legal process. Service Provider requires a search warrant issued by a court of competent jurisdiction (a federal court or a court of general criminal jurisdiction of a State authorized by the law of that State to issue search warrants) to disclose Subscriber Data.

All requests by courts, government agencies, or parties involved in litigation for Subscriber Data disclosures should be sent to support@sameworks.com and include the following information: (a) the requesting party, (b) the relevant criminal or civil matter, and (c) a description of the specific Subscriber Data being requested, including the relevant Subscriber’s name and relevant Authorized User’s name (if applicable) and type of data sought.

Requests should be prepared and served in accordance with applicable law. All requests should be narrow and focused on the specific Subscriber Data sought. All requests will be construed narrowly by Service Provider, so please do not submit unnecessarily broad requests. If legally permitted, Subscriber will be responsible for any costs arising from Service Provider’s response to such requests.

Service Provider is committed to the importance of trust and transparency for the benefit of our Subscribers and does not voluntarily provide governments with access to any data about users for surveillance purposes.

Subscriber Notice

Service Provider will notify Subscriber before disclosing any of Subscriber’s Subscriber Data so that the Subscriber may seek protection from such disclosure, unless Service Provider is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm to people or property associated with the use of such Subscriber Data. If Service Provider is legally prohibited from notifying Subscriber prior to disclosure, Service Provider will take reasonable steps to notify Subscriber of the demand after the nondisclosure requirement expires. In addition, if Service Provider receives a National Security Letter with an indefinite non-disclosure requirement, Service Provider will initiate procedures for judicial review pursuant to 18 U.S.C. § 3511.

Domestication and International Requests

Service Provider requires that any individual issuing legal process or legal information requests (e.g., discovery requests, warrants, or subpoenas) to Service Provider properly domesticate the process or request and serve Service Provider in a jurisdiction where it is resident or has a registered agent to accept service on its behalf.  Service Provider does not accept legal process or requests directly from law enforcement entities outside the U.S. Foreign law enforcement agencies should proceed through a Mutual Legal Assistance Treaty or other diplomatic or legal means to obtain data through a court where Service Provider is located.

SECURITIES PRACTICES POLICY

Effective: September 19, 2017

We take the security of your data very seriously.  As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security.  Please visit https://www.sameworks.com/security/ to learn more. These guidelines may change as Service Provider grows and evolves, so please check back regularly for updates and changes.

If you have additional questions regarding security, we are happy to answer them. Please write to support@sameworks.com and we will respond as quickly as we can.