Privacy Policy
Privacy Policy Overview
When you use and interact with our websites, services, or communicate with us, we may collect, use and process information relating to you and your company (“your data”). This Privacy Policy summarizes our practices and your related rights with respect to your data. The term “our company” in this document refers to OrgChart Hosting Pty Ltd
We may transfer your data if we are acquired by or merged with another company. In this event, we will notify you before information about you is transferred and becomes subject to a different privacy policy.
- Web sites & applications covered – Our applications and web sites may contain links to other web sites. The information practices or the content of such other web sites is governed by the privacy statements or policy of such other web sites. Our company encourages you to review the privacy statements/policy of other web sites to understand their information practices.
- Information collected – When expressing an interest in obtaining additional information about our services or registering to use our services, we may require you to provide contact information, such as your name, your company name, a phone number, or email address. When purchasing our services, we may require you to provide our company with billing information, such as a billing address, credit card number, or the number of employees within your organization (“Billing Information”). We may also ask you to provide additional information to help us determine which product or service is appropriate for your use case.As you navigate our company’s web sites and applications, we may also collect information through the use of commonly used information-gathering tools, such as cookies and web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on our company’s web sites (such as the web pages viewed and the links clicked).
- Use of information collected – Our company uses your data to provide you with requested services. For example, if you fill out a “Contact Me” web form, our company will use the information provided to contact you about your interest in our services. Our company may also use your data for marketing purposes. For example, our company may your data to inform you about available products and services.We use credit card information solely to collect payment from prospective customers. We use Web Site Navigational Information to operate and improve our company’s web sites.
- Web Site Navigational Information – Cookies, Web Beacons and IP AddressesWe use commonly used information-gathering tools, such as cookies and web beacons, to collect information as you navigate our company’s web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information used on our company’s web sites and how this information may be used.CookiesWe use cookies to make interactions with our company’s web sites easy and meaningful. Unless you choose to identify yourself to us, either by responding to a promotional offer, opening an account, or filling out a web form (such as a “Contact Me” or a “Free Trial” web form), you remain anonymous to our company. Our accounts use persistent cookies (cookies that remain on your computer after you close your browser or turn off your computer) to store some user preferences. Persistent cookies do not personally identify you.Web Beacons. We use web beacons alone or in conjunction with cookies to compile information about customers and visitors’ usage of our company’s web sites and interaction with emails from our company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular web site tied to the web beacon, and a description of a web site tied to the web beacon. For example, we may place web beacons in marketing emails that notify our company when you click on a link in the email that directs you to one of our company’s web sites. We use web beacons to operate and improve our company’s web sites and email communications.IP AddressesWhen you visit our web sites or applications, our company collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, we use IP addresses to monitor the regions from which customers and visitors navigate our company’s web sites.
- Public forums, refer a friend, and customer testimonials – We may provide bulletin boards, blogs, or chat rooms on our company’s web sites. Any personal or corporate information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.Customers and visitors may elect to use our company’s referral program to inform friends about our company’s web sites. When using the referral program, our company requests the friend’s name and email address. We may send the friend a one-time email inviting them to visit our company’s web sites.We may post a list of customers and testimonials on our company’s web sites that contain information such as customer names and titles. We will obtain the consent of each customer prior to posting any information on such a list or posting testimonials.
- Sharing of information collected – Service ProvidersWe may share data about customers with our company’s contracted service providers so that these service providers can provide services on our behalf. We may also share data about customers with our company’s service providers to ensure the quality of information provided. Unless described in this Privacy Policy, we do not share, sell, rent, or trade any information with third parties for their promotional purposes. All service providers privacy policies must meet or exceed our stated privacy requirements.BillingWe may use a third-party service providers to manage credit card processing. These service providers are not permitted to store, retain, or use billing information except for the sole purpose of credit card processing on our company’s behalf. Compelled DisclosureWe reserve the right to use or disclose information provided if required by law or if our company reasonably believes that use or disclosure is necessary to protect our company’s rights and/or to comply with a judicial proceeding, court order, or legal process.
- International transfer of information collected – All data currently stored on our servers is subject to any applicable laws/regulations within the region where the server is hosted. Please contact support@orgcharthosting.com with any data residency specific requirements. Data loaded into our services will not be transferred to another region without your permission.
- Communications preferences – You may send a request to opt out of receiving any marketing and/or sales communications to support@orgcharthosting.com. Customers cannot opt out of receiving transactional emails related to subscribed services.
- Correcting and updating your information – To update billing or other customer Information or to have information deleted, please email support@orgcharthosting.com. To discontinue your account and to have information you maintained in the Services returned to you, please email support@orgcharthosting.com. Requests to access, change, or delete your information will be handled within 30 days of written request.
- Customer Data – Customers may electronically submit data or information to the services for hosting and processing purposes (“Customer Data”). We will not review, share, distribute, or reference any such customer data except as required by law. We may access customer data only for the purpose of providing the services, preventing or addressing service or technical problems, at a customer’s request in connection with customer support matters, or as may be required by law.
- Security – We use robust security measures to protect customer data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of customer data. We host our web sites and applications in a secure server environments that uses firewalls, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders. Customers are responsible for maintaining the security and confidentiality of their usernames and passwords. All passwords are encrypted using one way encryption mechanisms and are encrypted both while in transit and at rest.
- Data Storage – We use certified third hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run our services. Although we own the code, databases, and all rights to our applications, you retain all rights to your data. Our primary hosting partner is AWS (Amazon Web Services). We do an annual audit of AWS to ensure compliance with standards/regulations including GDPR, SOC 2 and ISO 27001. See https://aws.amazon.com/compliance/programs/ for additional information. We also geolocate data within AWS to ensure compliance with GDPR (e.g., EU customers are hosted within EU data center facilities).
- Google Integration – The Google Slides export feature requires permissions to view and manage Google Drive files and folders that you have opened or created using our services. By utilizing this service, you agree to allow our services access to your Google Drive directories to create, manage, and upload files created by our services. We adhere to Google API Services User Data Policy, including the Limited Use requirements.
- Changes to this Privacy Policy – We reserve the right to change this Privacy Policy. We will provide notification of the material changes to this Privacy Policy through our company’s web sites at least thirty (30) business days prior to the change taking effect.
- GDPR – The General Data Protection Regulation (GDPR) is a set of laws enacted in the EU in 2018. GDPR has specific requirements regarding data processing and transfer of data outside of the EU. Our company has a consistent level of data protection and security across our organization which we have extended to ensure GDPR compliancy. A complete GDPR statement can be obtained by emailing support@orgcharthosting.com.
- Data Protection Framework – OrgChart, LLC (Product Vendor) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. OrgChart, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. OrgChart, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. OrgChart is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. OrgChart complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.The Federal Trade Commission has jurisdiction over OrgChart’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, OrgChart may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, OrgChart commits to refer unresolved complaints concerning our handling of Non-HR personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. For clarity, Non-HR data includes all personal data processed by OrgChart on behalf of its customers. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you.Further, OrgChart commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.
- Contacting us – Questions regarding this Privacy Policy or the information practices of our company’s web sites should be directed to support@orgcharthosting.com.
Last Updated January 3, 2024 (Revision 2.2.0)