Effective: November 25, 2019
1. Important Information
Fishbowl, Inc. is the controller and responsible for your Personal Information submitted through www.fishbowl.com (the “Site”).
This Policy does not apply to the extent we process Personal Information in the role of a processor on behalf of our clients, including where we offer our customers various online, cloud-based products and services (our “Services”) through which our clients create and implement their own marketing solutions or receive analytics on their business performance and customer base using our Services, send electronic or text communications to you or other individuals, or otherwise collect, use, share or process Personal Information through their use of our Services, and where our Services contain links to third-party websites and features (e.g., links in blog posts). Please reach out to the respective client or third party directly if you have questions or concerns regarding our clients’ use of your Personal Information through our Services or a third party referenced on our Site.
2. Processing Purposes.
Our Policy applies to the processing of Personal Information collected by us when you or your authorized users: visit our Site or other websites that display or link to this Policy, visit our branded social media pages, receive communications from us, when you request marketing materials or demonstrations of our Services, and place such information into our Services. If you have any questions about this Policy or our privacy practices, please contact our data protection officer (“DPO”).
We may process your Personal Information to:
- Provide or improve our Site and Services. We may process your Personal Information to operate, administer, or provide you with content you access and request through our Site or Services, and to analyze trends and to track your usage of and interactions with our Site and Services in assessing, developing, and improving our Site and Services.
- Promote the security of our Site and Services. We process your Personal Information by tracking use of or Site and Services to the extent this is necessary for our legitimate interest in promoting the safety and security of the Services or Site, and in protecting our rights and the rights of others.
- Managing user registrations. If you are an authorized user of our Services, we process your Personal Information in the management of your user account, including handling contact and user support requests.
- Managing payments. We process your Personal Information to verify financial or billing information and complete financial transactions initiated by you to collect payments to us or our clients.
- Sending marketing communications. We will process your Personal Information to send you marketing information and other non-transactional communications about us that you request, including information about our Services.
- Complying with legal obligations. We process your Personal Information when cooperating with public and government authorities, courts, or regulators in accordance with our legal obligations under applicable laws.
If you fail to provide Personal Information. Where we need to collect Personal Information by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you which may require us to cancel the service you have with or are seeking from us.
3. Personal Information we may collect.
“Personal Information” is any information about an individual (or in some circumstances an individual’s household) from which one can identify that person (or where appropriate their household). It does not include aggregated, anonymous, or non-Personal Information.
We may collect, use, store, and transfer various kinds of Personal Information about you which we receive directly from you or your internet browser, such as:
- Identity Data, if you register, use, or interact with our Services, or request marketing materials as to our Services, you may submit certain Personal Information such as first name, last name, username or similar identifier, company name, title, postal address, phone number, and email address.
- Financial Data, if you make a purchase through our Services, you may choose to submit Personal Information such as financial and billing information.
We also collect information about you from third parties, publicly available sources, and social networking sites, which we may combine with other information (including Personal Information) to help us update, expand, and analyze our records and create more tailored services for our clients:
- Third parties or publicly available sources. We may receive data about you from various third parties and public sources, such as advertising networks and analytics or search information providers such as Google Analytics and Hubspot.
- Information from social networking sites. Our Site or Services may use social media features (e.g., Facebook “like” button), or allow you to link your social media accounts to create or post content on such social media sites through our Services. Through your use of these social media features you may post or permit Personal Information about you to be shared with us (such as, allowing our log-in forms to pre-populate).
Special categories of Personal Information. We do not collect your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data, nor do we collect any information about criminal convictions and offenses. We ask that you not send us, and you not disclose, any such Personal Information on or through our Site, Services, or in any other manner.
Client Content. Personal Information and other data submitted by or on behalf of a client to the Services is considered by us to be Client Content. We do not process Client Content except as provided in our Terms of Service, including any applicable Order Forms, with the client. While our template Terms of Service and Data Processing Addendum are publicly available here and here, our terms with the client through whom you are provided access to the Services may differ from these templates and a client may configure the Services differently as provided to the client’s end users, affecting the data accessed or obtained. Please contact the client through whom you are provided access to the Services for more information about its practices and how Client Content is processed. We are not responsible for the privacy or data security practices of our clients, which may differ from those set forth in this Policy.
Data about other individuals. If you provide Personal Information about other individuals to us, then our clients or you, and not us, are responsible for providing notice and obtaining consent as may be required by law. We shall consider any such data submitted to be Client Content.
- Essential Cookies. These cookies are necessary to provide Site functionality and you with our Services (e.g., authentication cookies and security cookies). Without these cookies, you could not access or use our Site or our Services.
- Functionality Cookies. Functional cookies enable a more personalized experience when using our Site or Services through enhancing certain functions and features (e.g., pre-filling a form from data from previous sign ups).
- Social Media Cookies. These cookies will record the linking of your account or other engagement with our content on or through a social networking website such as Facebook, Twitter or Google+.
- Pixel Tags. We may embed pixel tags (which are also known as web beacons and clear GIFs) on webpages to track the actions of users of our Services and aggregate this data to enable us to manage our content more effectively.
By using our Site, online or mobile services, you agree that we can place these types of cookies on your device. You can learn more about cookies by visiting visit www.allaboutcookies.org and www.youronlinechoices.com.uk, including how to manage cookies via your internet browser settings.
5. Notices on behavioral advertising and opt-out for Site visitors.
We or third parties may place or recognize a unique cookie on your browser when you visit our Site for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
To manage the use of targeting and advertising cookies on this Site, consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies, click here. Various browsers may also offer their own management tools for removing HTML5 local storage.
6. Opt-Out from the setting of cookies on your individual browser.
You may opt-out from the collection of non-essential device and usage data on your web browser by managing your cookies at the individual browser level, or if you wish to opt-out of interest-based advertising please click here (or, if located in the European Union, click here). Please note, however, that by blocking or deleting cookies and similar technologies used on our Site, you may not be able to take full advantage of the Site.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our Site. We take privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
7. Sharing your Personal Information.
Fishbowl does not sell, trade, exchange, or reveal Personal Information to any third parties other than as described below:
- With our contracted service providers, to the extent such sharing of data is necessary to fulfill a request you have submitted to us or to otherwise enable the provision of services to us (e.g., IT and system administration and hosting, credit card processing, research, and analytics).
- With your consent, or to verify an account and account activity, investigate suspicious activity, or enforce our terms and policies regarding the use of our Site or, to the extent one of our clients has provided you with access to our Services.
- If we are involved in a merger, reorganization, dissolution, or other fundamental corporate change, or sell a Site or business unit, or if a third party acquires all or a portion of our business, assets, or stock.
- Our Site and Services may include links to third-party websites, plug-ins, and applications, and by clicking on those links or enabling those connections you may allow third parties to collect or share data about you, including companies we may use to provide services to us.
For further information on the recipients of your Personal Information, please contact us.
8. Aggregated, anonymous, and non-personal information.
We may generate aggregated, anonymous, or non-personal information derived, in whole or in part, from Personal Information submitted to our Site or through our Services, which we may share (with our service providers or others).
9. International transfers.
We may collect, transfer, and store your Personal Information in or to the United States from your home jurisdiction. Any such transfer will be done in accordance with the instructions we receive from the client responsible for your Personal Information, and pursuant to our commitment to the EU-U.S., EU-UK, and U.S.-Swiss Privacy Shield Framework. For further details about the Privacy Shield Framework, please visit here or view our Privacy Shield Statement here. In some instances, we may agree to follow the requirements set forth in the standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
10. Data security.
We take appropriate organizational, technical, and physical measures in safeguarding and handling of Personal Information against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to Personal Information we process or use, which include the use of encryption of Personal Information, firewall protection, and overwriting or physical destruction of tangible media. For more information, please see our Security Statement. You understand that even those these measures are undertaken by us that no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to (and securing) your devices, and signing out of websites after your sessions. If you have any questions about the security of our Site or Services, please contact us.
11. Data retention.
We will only retain your Personal Information for as long as reasonably necessary to fulfill our contractual or other legitimate business purposes, including satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we believe there is a prospect of litigation in respect to our relationship with you. After expiry of the applicable retention periods, we delete your Personal Information. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.
12. Your legal rights.
You have certain rights relating to your Personal Information, and depending on the applicable laws, these rights may include:
- To access your Personal Information held by us (right to access).
- To rectify inaccurate Personal Information and, considering the purpose of processing the Personal Information, ensure it is complete (right to rectification).
- To erase/delete your Personal Information, to the extent permitted by applicable data protection laws (right to erasure or “right to be forgotten”).
- To restrict our processing of your Personal Information, to the extent permitted by law (right to restriction of processing).
- To transfer your Personal Information to another controller, to the extent possible (right to data portability).
- To object to any processing of your Personal Information based on our legitimate interests (right to object). Where we process your Personal Information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”). Automated Decision-Making currently does not take place on our Sites or in our Services.
- To the extent we base the collection, processing, and sharing of your Personal Information on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
How to exercise your legal rights. Our clients are responsible for determining the nature and use of any Personal Information submitted through our Services and our processing of such Personal Information is in accordance with their explicit instructions. If you wish to exercise any rights you may have to Personal Information submitted to us by one of our clients, please inquire with the applicable client directly. If you wish to make your request directly to us, you may contact us. Please be aware we may only access a client’s account upon instruction from that client, so you must provide to us the name of the client in your request. We will refer your request to that client and offer assistance as needed. We try to respond to all legitimate requests within thirty (30) days; however, considering the complexity and number of requests we receive, it may take us longer to respond.
Commitment to minors. We do not direct or market our Site or Services for use by children under 16, nor do we knowingly collect any information relating to such children. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, upon request, we delete such information from our files as reasonably practicable from the request date.
Your preferences for marketing and other communications.
- Client Marketing Messaging. Fishbowl does not contact consumers in its clients’ databases for any purpose; however, you may receive SMS, e-mail, or other communications sent through our Services by the business or businesses to which you provided your personal information (e.g., loyalty club sign-up). Fishbowl is not responsible for any communications sent to you from one of our clients using our Services.
- Email. For email communications in the United States, by requesting, joining, agreeing to, enrolling in, signing up for, acknowledging, or otherwise consenting to receive one or more email communications as part of a Fishbowl client’s marketing program in which that client (business) sends (or indicates that it may send, or receives a request that it send) one or more email communications (“Email Program”) using or through our Services, you consent to the handling of your personal information as described in this Policy. To revoke permissions that you may have given under an Email Program, please follow the unsubscribe instructions contained at the bottom of any email communication.
- Fishbowl Marketing Messaging. Fishbowl only engages in business-to-business marketing messaging and does not send marketing messages to consumers promoting, marketing, or soliciting its platforms or services. If you receive a marketing message from Fishbowl it is because you or your employer requested such message be sent to you. If you wish to manage your receipt of our marketing and non-transactional communications you may do so by following the unsubscribe or opt-out method contained in the communication sent to you. Please note that opting out of marketing communications may not opt you out of receiving important business communications related to your current relationship with us. If you want your phone number to be added to our internal Do-Not-Call telemarketing register, please contact us by using the information in the “Contact details“ section and include your first name, last name, company, and the phone number you wish to add to our Do-Not-Call register.
Changes to the Policy and your duty to inform us of changes: We regularly review our Policy, which was last updated on the date noted above. Please contact us to obtain prior versions of our Policy.
Contact details: If you have any questions or concerns about this Policy or our privacy practices, please contact our DPO in the following ways:
44 Canal Center Plaza, Suite 500 Alexandria, VA 22314
Attn: Data Privacy Officer
U.K. or EEA Post
Fishbowl Marketing, Ltd.
11 Leadenhall Street, Fifth Floor
London, EC3V 1LP
Attn: Data Privacy Officer
U.K. or EEA
0808-189-1495 Opt 1
We will reply to your complaint as soon as we can and in any event, within 45 days.
We are committed to working with you to reach a fair resolution of any complaint or concern about privacy; however, if you believe that we have not been able to assist you with your complaint or concern, and you live in the EEA or the UK, you have the right to lodge a complaint with the competent supervisory authority or the Information Commissioner’s Office (UK).