Your privacy is important to us. It is our approach to respect your privacy regarding any information and personal data we may collect from you across Around, and other sites we own and operate.
Identifying the Data Controller
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of personal data. The data controller is generally the person who, alone or jointly with others, determines why and how personal data is processed.
When providing Around, we act as the data controller. For content and data that you upload to or make available through Around (the User Content), you are responsible for ensuring this User Content complies with our Terms and Conditions (the Terms).
If you have any questions or complaints, or would like to exercise your rights with regard to your personal data, please contact us at email@example.com.
The types of personal data we collect
Your personal data is provided by you, obtained from third parties, or created by us when you use Around.
We may collect personal data in a number of ways:
User Content. We collect User Content when you submit or upload it to Around, such as when you create a room name. We use this in order to operating Around and providing our services, ensuring the security of Around, our website and services, maintaining back-ups of our databases, and communicating with you.
User Account Information. When you register with Around, you provide us with an email address and, if you choose, a display name and/or profile picture that is used to represent you in conversations. If you choose to sign up with an external authentication service, e.g. Google Sign-In, we will fetch and store email address, name and profile image URL from this service.
Billing Information. If you subscribe to a paid version of Around, you will need to provide us with billing details such as credit card information, billing address and email address, banking information and location at the time of transaction. We process this information in order to process payments and keep a proper record of these transactions.
Log Data. When you use Around or visit our website, our servers may automatically log the standard data provided by your web browser. This may include your IP address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details. We may use your IP address to determine your approximate location, and use this to optimize latency and service.
Meeting Data. We may generate and/or collect metadata about your meeting, such as the time the meeting started and ended, the team ID, channel ID, and user ID. If you choose to record your meeting, we will also generate and collect the recording.
Device Data. We may also collect data about the device you are using to access Around. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us. We may also collect area information from devices in accordance with the consent process provided by your device.
How we use personal data
We use User Content, User Account Information and Billing Information in order to provide Around and in line with the Terms (i.e. in order to perform a contract with you).
For the rest of the information we process about you, we use this for the purposes of our legitimate interests in operating Around and our websites. In particular, we use this information:
To provide, update, maintain and protect Around, our websites and business, including to prevent or address service errors, security or technical issues, and to analyze and monitor usage, trends and other activities.
To improve the user experience.
To comply with applicable law, legal process or regulation.
To support and communicate with you by responding to your requests, comments and questions.
To send emails and other communications, such as important service-related communications like security and fraud notices, or – if you have opted in – marketing communications.
To investigate and help prevent security issues and abuse.
If information is aggregated or de-identified to the extent it can no longer be associated with an identified or identifiable natural person, we may use it for any business purpose.
We do not keep personal data for longer than necessary. While we retain this information, we will protect it using commercially acceptable methods to prevent loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
We store your personal data for 3 years after the end of our contractual relationship (unless otherwise provided).
If we process your personal data for the purposes of defending legal claims in judicial (or similar) proceedings, we will keep it for 15 years after the end of our contractual relationship, which represents the longest limitation period set out by law.
If we process your personal data for the purposes of complying with our obligations under accounting, tax or other similar requirements, we will keep it for the amount of time prescribed by the relevant regulation.
How we share and disclose personal data
We may share and disclose the data described above in certain circumstances. Where necessary, we may only share personal data with third parties where we have obtained consent to do so.
We may share personal data as follows:
Operating the service. When a user uploads User Content to Around, this may be displayed to other users in the same room or meeting (such as your name).
Subcontractors. We may engage third-party companies or individuals to process personal data on our behalf. These third parties may provide virtual computing and storage services, or we may share business information to develop strategic partnerships.
Partners. We may share personal data with developers, partners and others we engage to create applications and/or features.
Corporate Affiliates. We may share personal data with our corporate affiliates, parents and/or subsidiaries for business continuity purposes.
During a change to our business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all personal data may be shared or transferred, subject to standard confidentiality arrangements.
To comply with laws. If we receive a request for personal data, we may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process.
To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Around, its users, or third parties, including enforcing its contracts or policies, or in connection with investigating and preventing illegal activity, fraud, or security issues, including to prevent death or imminent bodily harm.
The personal data we collect is stored and processed in the United States, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal data, you consent to the disclosure to these overseas third parties.
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
We take the security of personal data very seriously and strive to protect all personal data from loss, misuse, and unauthorized access or disclosure. In an effort to maximize the security of your personal data, we are taking the appropriate technical, physical, legal and organizational measures in accordance with applicable laws on privacy and data security.
However, no method of transmission over the internet or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. We encourage you to use precautions such as two-factor authentication for any Around account or service that stores sensitive information.
If you have any reason to believe that your communications with us are no longer secure (for example, if you feel that the security of any personal data you have entrusted to us has been compromised), please notify us immediately via the contact details listed above.
Our responsibility for third party links
Around may contain links or connections to third party websites or services that are not owned or controlled by us. When you access third party websites or use third party services, you accept that there are risks in doing so, and that we are not responsible for such risks.
Your interactions with organizations and/or individuals found on or through Around, including payment and delivery of goods or services, and any other terms, conditions, warranties or representations associated with such dealings, are solely between you and such organizations and/or individuals. You should make whatever investigation you feel necessary or appropriate before proceeding with any online or offline transaction with any of these third parties. You agree that we shall not be responsible or liable for any loss or damage of any sort incurred as the result of any such dealings.
10.1 European Union
If you are based in the European Union, the following provisions also apply:
GDPR means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Member State means a member state of the European Union.
If we share your personal data with our group company(ies) or third parties located outside the European Economic Area, we take steps to ensure that appropriate safeguards are in place to guarantee the continued protection of your personal data, such as by entering into the Standard Contractual Clauses adopted by the European Commission (article 46(2)(c) GDPR), which are available here.
Where we are the controller of your personal data, the GDPR data protection rights set out below apply to you. Most of these rights are not absolute and are subject to exemptions under applicable law. We will respond to any request to exercise your rights within one month, but have the right to extend this period in certain circumstances. If we extend the response period, we will let you know within one month from your request. If your request is clearly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to comply with it. To exercise these rights, please submit a request to us by sending an email to firstname.lastname@example.org.
Access your personal data. You are entitled to ask us if we are processing your personal data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you.
Request the transfer of your personal data. We will provide your personal data to you or a third party you have chosen in a structured, commonly used, machine-readable format. Please note that this right applies only to personal data you have provided to us, and only if we process your personal data on the basis of consent, or where we process your personal data in order to perform a contract with you.
Request erasure (deletion) of your personal data. You are entitled to ask us to delete or remove personal data in certain circumstances. There are certain exemptions where we may refuse a request for erasure. For example, where the personal data is required for compliance with law or in connection with legal claims. Where we rely on an exemption, we will inform you about this.
Request the correction or updating of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected.
Request the restriction of our processing of your personal data in some situations. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place.
Object to our processing of your personal data where we are relying on legitimate interests. You also have a right to object where we are processing your personal data for the purposes of direct marketing or profiling. You can object at any time and we shall stop processing the information you have objected to, unless we can show compelling legitimate grounds to continue that processing.
Withdraw your consent. Where you have provided your consent to our processing of your personal data, you can withdraw your consent at any time. If you do withdraw consent, it will not affect the lawfulness of what we have done with your personal data before you withdrew consent.
Lodge a complaint at a supervisory authority. We will do our best to resolve any complaints you may have. However, if you feel we have not resolved your complaint, you have a right to lodge a complaint with a supervisory authority in the country where you live, where you work, or where an alleged infringement of the applicable data protection law took place. A list of EU supervisory authorities and their contact details is available here.
If you exercise the rights above and there is any question about who you are, we may require you to provide information in order to satisfy ourselves as to your identity.
10.2 United Kingdom
If you are based in the United Kingdom, the following provisions apply:
UK GDPR means the Retained Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
If we share your personal data with our group company(ies) or third parties located outside the United Kingdom, we take steps to ensure that appropriate safeguards are in place to guarantee the continued protection of your personal data, such as by entering into the international data transfer addendum to the European Commission’s Standard Contractual Clauses, adopted by the UK Government under section 119A of the Data Protection Act 2018.
In relation to your data subject rights, paragraph 10.1 above applies, except that references to the "GDPR" will be read as references to the "UK GDPR", and in case wish to lodge a complaint with a supervisory authority, you may direct your complaint to the UK supervisory authority, the Information Commissioner’s Office.
10.3 United States
If you are based in California, the following provisions apply:
California Data Protection Laws means the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020, as each may be amended or replaced from time to time, and any regulations implementing the foregoing.
Under the California Data Protection Laws you have the following rights:
Right to Know about Personal Information Collected, Disclosed or Sold. You have the right to request that we disclose certain information to you about our collection, use, disclosure or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), and subject to certain limitations that we describe below, we will disclose such information. You have the right to request any or all of the following:
The categories of personal information we collected about you.
The categories of sources from which the personal information is collected.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
Notice of Sale. We do not sell the personal information of California residents. We also do not have any actual knowledge of selling the personal information of any California resident who is 16 years or younger.
Right to Request Deletion. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records. However, we may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under the California Data Protection Laws, such as detecting security incidents and protecting against fraudulent or illegal activity.
Exercising Access and Deletion Rights. To exercise the access and deletion rights described above, please submit a request to us by sending an email to email@example.com. Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. You may also make a request on behalf of your minor child. The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide adequate information that we can reasonably verify that you are the person about whom we collected the personal information (including information that enables us to verify the identifying information we possibly maintain about you).
We will respond to consumer requests in a reasonably timely manner. If we require extra time to respond, we will inform you of the reason and extension period in writing. In order to protect the security of your personal information, we will not honour a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.
Non-Discrimination. We will not discriminate against you for exercising any of your CCPA based on the California Data Protection Laws, including, but not limited to, by:
Denying you goods or services.
Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Providing you a different level or quality of goods or services.
Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.