What this policy covers
In addition, a separate agreement governs delivery, access and use of the Services (the “Terms of Service”).
The organization (e.g., your employer or another entity or person) that initially created their instance of the Services (their “Internal Blog”) and entered into the Terms of Service (the “Customer”) controls all the information submitted to the Internal Blog, including account information, information stored in user profiles (the "Profile Information"), and posts, pages, comments, replies, images, uploaded documents and any other user-generated content (the "Content"). If you have any questions about specific Internal Blog settings and privacy practices, please contact the Customer whose Internal Blog you use. If you have an account, you can check the Users page for contact information of your Internal Blog owner(s) and administrator(s). If you have received an invitation to join an Internal Blog but have not yet created an account, you should request assistance from the Customer that sent the invitation.
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Customer is the controller and BlogIn is the processor of your data.
Information We Collect And Receive
What information we collect about you
We collect information about you when you provide it to us, when you use the Services, and when other sources provide it to us, as further described below.
Information You Provide to Us
We collect information that you provide directly to us. For example, we collect Profile Information that you provide when you create an account on the Services, typically your email address, username and a password. You also have the option of adding a name, profile photo, job title, phone number and other details to your profile information to be displayed on your profile page when using the Services. You can choose not to provide us with certain information, but then you may not be able to register with us or to take advantage of some of our features.
You can modify or remove your Profile Information at any time from the profile page of your Internal Blog. Internal Blog administrators can access, modify and delete any Profile Information of all non-administrator users. Internal Blog owner can modify or delete Profile Information of all users, including Internal Blog administrators.
We collect the information you provide while using the Service to create and publish Content on the Internal Blog. You can modify or remove any Content you created on the Internal Blog at any time. Internal Blog administrators can also modify or remove any Content you created on the Internal Blog at any time.
In order to provide you with the Services, we also receive and store any email addresses you choose to provide us with respect to the users you invite to the Internal Blog. Internal Blog administrators can remove any unused invitations containing email addresses of users invited to the Internal Blog.
Information we collect automatically when you use the Services and Websites
We collect information about you when you use our Services, including browsing the Websites and taking certain actions within the Services.
Services and Websites usage data. We keep track of certain information about you when you visit and interact with any of our Services and Websites, including the type of browser that you use; the time, duration and frequency of your access; pages viewed; your IP address; frequently used search terms.
Device Information. We collect information about the computer, tablet or mobile device that you use to access the Services, including the operating system and version.
Location Information. We receive information from you, your Customer and other third-parties that helps us approximate your location. We may, for example, use an IP address received from your browser or device to determine approximate location.
Most devices and web browsers are set to accept cookies by default. If you prefer, you may be able to remove or reject cookies. You can learn more about how to block cookies by visiting allaboutcookies.org. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
Information we receive from other sources
We receive information about you when you or your administrator enable or integrate a third-party service with our Services. For example, if you create an account or log into the Services using the external credentials provider, such as Google or Slack, we receive your name and email address as permitted by your external credentials provider settings to authenticate you. You or your administrator may also integrate our Services with other services you use, such as to allow you to access, store, share and edit certain content from a third party through our Services.
Use of Information
How we use the information we collect
How we use the information we collect depends in part on how you use the Services, and any preferences you have set in your account or communicated to us. BlogIn is a processor of the information and Customer is the controller. Below are the specific purposes for which we use the information we collect about you.
To provide the Services and enhance your experience. We use information about you to provide the Services to you, authenticate you when you log in, provide customer support, and operate and maintain the Services. For example, we use the name and picture you provide in your account to identify you to other Service users. Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to communicate effectively with others by automatically analyzing the activities of your team to provide search results, activity feeds and notifications that are most relevant for you and your team. For example, we use your email address to send you notifications when something new and relevant to you has been posted on the Internal Blog.
To communicate with you about the Services. We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions, and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We may send you email notifications when you or others interact with you on the Services, for example, when you are @mentioned in a post or when someone replies to your comment. We also send you communications as you onboard to the Service to help you become more proficient in using the Service. These communications are part of the Services, and in most cases, you can opt out of them. If an opt-out is available, you will find that option within the communication itself or in your profile settings.
For research and development. We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. For billing, account management, and other administrative matters. We may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
Customer support. We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services. For safety and security. We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity. To protect our legitimate business interests and legal rights. Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business. With your consent. We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Legal bases for processing (for EEA users):
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
Sharing Of Information
How we share and disclose the information we collect
We will not share or disclose any of your information (Profile Information or Content) with third parties except as described in this policy. We do not sell your information.
Your use of the Services. When you use the Services, Content you and other users created will be displayed back to you. Certain features of the Services, if enabled for your Internal Blog, allow you or Internal Blog administrator to make some of your Content accessible to people who are not registered users of the Internal Blog, in which case it will become accessible to anyone with a special unique public link. We urge you to consider the sensitivity of any data you input into the Services.
Access by the administrator. You should be aware that the administrator of your Internal Blog may be able to:
- access, modify or delete your Profile Information and the Content you created on the Internal Blog
- disclose, restrict, or access information that you have provided or that is made available to you on the Internal Blog
- control how your account may be accessed
- change your role on the Internal Blog which may prevent you from creating new Content
- delete or disable your account, effectively restricting your access to the Internal Blog, including the access to your Profile Information and the Content
Third-party Service Providers. We use service providers in connection with operating and improving the Services and Websites, which provide services such as hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, email transmission, analysis and other services required for the operation of the Services and Websites. These service providers may have access to or process your information for the purpose of providing those services for us.
BlogIn will only use Subprocessors that provide the adequate level of data protection within the meaning of applicable Data Protection Laws and/or provide appropriate safeguards for such data.
The list and description of BlogIn third party service providers and sub-processors can be found at: blogin.co/subprocessors
Testimonials. We may display personal testimonials of satisfied customers on the Websites. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.
To Comply with Laws. If we receive a request for information, we may disclose your information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
With Your Consent. We will share your information with third parties when we have your consent to do so.
How long we keep your information
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services.
For example, when your current subscription expires, your account will still be available for the next 60 days. If you do not reactivate your subscription during that time, then your account will be deactivated and archived for the next 90 days. If you do not contact us to re-activate your account, after the 90 days all your account information, including users' Profile Information and Content will be permanently deleted. Some of your information will still be present in our system until the complete data backups expire in the next 14 days.
So, after your subscription plan expires all your information will be completely removed from our system after 60 + 90 + 14 days. You can contact us and request immediate deletion of all your information, in which case we will delete all your information in the next 48 hours and all your information will be removed from our system after the backups expire after 14 days.
Some pieces of your Content get retained for some time after being deleted by you or by the blog administrator to prevent accidental deletion and data loss. For example, you can choose to restore and recover the post you deleted in the last 30 days. After 30 days, all deleted posts will be automatically permanently deleted and completely removed from the system after the data backups expire in 14 days.
We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, for statistical reasons and to continue to develop and improve our Services. Where we retain information for Service statistics, improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
How we keep your information secure
We employ significant technical and organizational measures designed to appropriately protect the information we collect and process on your behalf, both during transmission and once we receive it. We store all information that you provide to us on secure servers. We train employees regarding our data privacy policies and procedures, and permit authorized employees to access information on a need to know basis, as required for their role. We use firewalls designed to protect against intruders and test for network vulnerabilities.
The environment that hosts the BlogIn services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.
While we implement safeguards designed to protect your information, no security system is impenetrable, and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
Transfer Of Information
Where we transfer and store your information
We collect information globally and primarily use data centers located in the European Union (EU) to host the information we collect. We transfer, process and store your information outside of your country of residence, for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it.
If the transfer of Personal Data is to a Subprocessor in a Third Country, BlogIn will:
- if the transfer is to the US, ensure that the receiving party is certified to process such Personal Data under the EU-U.S. Privacy Shield framework
- or, ensure that the Subprocessor provides the adequate level of data protection within the meaning of applicable Data Protection Laws
Third-party Payment processor
Your Data Rights and Choices
How to access and control your information
Email communication. You can control email messages that you receive from BlogIn or other users while using the Services by selecting the unsubscribe link in the email message that you receive, or by adjusting the email notifications preferences in your profile settings. We will also send you a link to these settings when you first sign up and in subsequent messages. If you opt out, we may still send you non-promotional messages, such as those about your account or our ongoing business relations.
Profile information. You may at anytime correct, update, amend, or remove your Profile Information in your profile settings on the Services or by directing your query to your blog administrator. You or your blog administrator may be able to deactivate and remove your account from the Services. If you can deactivate your own account, you can most often do so in your profile settings. Otherwise, please contact your administrator. To deactivate an organization account, please contact the owner of your Internal Blog or BlogIn customer support.
Content. You can remove the Content using editing tools associated with that Content. In some cases, you may need to contact your blog administrator to request they remove the Content. If an administrator is deleting your account, that administrator may have control with regards to whether the Content you provided during your use of the Services should also be deleted.
Last updated: Dec 10, 2018