(Last updated and effective: 7/27/2020)
Shiny Inc. provides a collaboration platform via:
The Rock website (the "Site").
The Rock mobile and desktop application(s) (collectively, the "App").
Other related internet services (collectively, the "Service(s)").
Shiny Inc. (the "Company", "we" or "us") operates the Service for users of the Service or the organization you represent ("you").
Information we collect
When you use our Services, we may collect information from you as described as below:
Information you provide
We collect information from you when you voluntarily provide information, for example when you register for access to the Services or use certain Services. Information we collect may include (but is not limited to) username, email address, and any messages, images, or other content you share through a space, tasks, notes, files or other parts of the Service.
Data we collect automatically
When you interact with us through the Services, we receive and store information such as a device ID, IP address, and other information gathered commonly made available through your browser, mobile devices, servers you use. We may store such information or such information might be included in databases owned and maintained affiliates, agents or service providers. The Services may use such information or this information might be combined with other information to track specific indicators relevant to the operation of the site. For example, to track the total number of visitors to the Site or App as well as the number of tasks or notes users have sent.
To better understand and support the users of the Service, we may conduct research on our customer demographics, interests and behavior based on the information collected. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics to other third parties for other lawful purposes or in order to describe our service to current and prospective business partners.
Information through third parties
You may give us permission to collect your information in other services such as federated authentication service providers such as Google, Microsoft or Facebook. For example, you may connect your Google or Microsoft to your Rock account. When you do this, it allows us to obtain information from those accounts including but not limited to your email address, profile image, contacts and other information you explicitly grant us access to.
If someone has referred any of our products or services to you through any of our referral programs, that person might have provided us your name, email address and other potentially personal information. You may contact us at email@example.com to request that we remove your information from our database. Any information you provide for this purpose will only be used for the specific reason for which it was provided.
When you interact or engage with us on social media sites (Facebook, LinkedIn, and others) we may collect such publicly accessible information, including profile information, to allow us to connect with you, improve our product, or better understand user reactions and issues. Once collected this information may remain with us even if you delete it from social media sites. We may also add and update information about you from other publicly available sources.
We may use other third party web analytics tools like Google Analytics on our website and app that might employ cookies to collect specific information regarding your use of our Service. At any time you can disable cookies in your browser settings.
Where information is processed
Shiny Inc is based in the United States. Independent of where you are located, you consent to the processing and transferring of your information in and to the U.S. and other countries. The laws of the United States and other countries governing data collection and use may not be as protective and comprehensive as the laws of the country where you live.
Use of your information
Legal bases for handling your information
Some jurisdictions require companies to tell you about the legal basis a company relies on to use or disclose your personal data. To the extent this is applicable to you, our legal grounds are as follows:
To honor our commitments to you
A majority of our processing of personal data is to enable the Service we provide to our users as a result of acceptance (or expected acceptance) of our terms of service. For instance, we handle personal data on this basis to provide our Service and create your account.
In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that do not override interests of fundamental rights and freedoms of affected individuals. This includes (but are not limited to): customer service, providing a safe and exemplary user experience, marketing (e.g. emails to inform you about new features), customer service, safeguarding our users/employees/property, improving and analyzing our business, managing legal issues, consent (i.e. handling personal data on the basis of your express or implied consent), legal compliance (i.e. fulfilling our legal obligations) or processing job applications.
Sharing your information
We do not sell your information. The trust you have placed in us by sharing your information with us is something we appreciate and consider this to be an important part of our relationship with you. In certain circumstances, we might however share your information with certain third parties:
As our business matures, we might sell or buy businesses or assets. In the event of a corporate sales/merger/reorganization/bankruptcy, dissolution or similar event, your information may be part of any transferred assets.
We may transfer your information with your implied or explicit consent.
Employees and independent contractors
If required to do so by law or in the good belief that such an action is necessary, we may disclose your information if such an action is necessary to (a) comply with a legal obligation, (b) protect and defend the rights or property of the Company or any subsidiaries or agents (c) protect the personal safety of users of the Services or the public, or (d) protect against legal liability.
Aggregated or Non-identifiable Data
Non-personally identifiable or aggregated data may be shared with our partners or others for business purposes.
Ideas for new products, features or improvements to existing products might be provided by you through unsolicited submissions ("Unsolicited Information"). All Unsolicited Information shall be deemed non-confidential and we shall be free to reproduce, use, disclose and distribute such Unsolicited Information to others with limitation or attribution.
Our services are for users age 16 and over and we do not knowingly collect personal information from children under the age of 16. If you are a parent of guardian of a child under the age of 16 and believe he, she or they has disclosed personal information to us please contact us at firstname.lastname@example.org. For residents of the European Economic Area (EAA), where processing of personal data is based on consent, Shiny Inc will not knowingly engage in processing for users under the age of consent established by applicable data protection law. If we learn that we are processing data from such users, we will halt processing and will take reasonable measures to promptly remove application information from our records.
Third party websites
We take reasonable steps to ensure that information provided via the Services are protected from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no internet or email transmission is ever fully secure or error free.
Your data rights and choices
Individuals in the European Economic Area (EEA), California, Canada, Costa Rica and some other jurisdictions outside of the United States have certain legal rights to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them, and to obtain its correction, update, amendment or deletion in specific circumstances. They may also object to our uses or disclosures of personal data, to request a restriction on its processing or withdraw any consent even though most of these actions will not apply retroactively. These rights will also not affect our ability to continue processing data for lawful purposes.
How can I access personal data you have about me?
If you would like to submit a data access request, send an email to email@example.com with "Personal Data Request" in the subject title. After verification of your identity, we will then follow up with details around how to start the process and access the personal data we have on you within 45 days. If we require more time (up to 90 days), we will inform you in writing. We cannot respond to your request, if we cannot verify your identity or if your request lacks enough details to help us handle this request.
How do I correct, update, amend or delete the personal data you have about me?
If you would like to submit a data access request, send an email to firstname.lastname@example.org with "Personal Data Request" in the subject title along with an explanation of what data subject right you are seeking to exercise. After verification of your identity, we will then follow up with details around how to start the process and access the personal data we have on you within 45 days. If we require more time (up to 90 days), we will inform you in writing. We cannot respond to your request, if we cannot verify your identity or if your request lacks enough details to help us handle this request.
How do I object or restrict the manner in which Shiny Inc processes my personal data?
You have a right to ask us to stop using or limit our use of your personal data in specific circumstances, for instance if your personal data is inaccurate or if we have no lawful basis to keep using your data. We also offer constituents of the EEA the right to opt out of all our processing of their personal data for direct marketing purposes. To exercise this right click the "Unsubscribe" link in any of our marketing emails or through the email subscription page on our website.
California Privacy Rights
If you are a consumer residing in California you are afforded additional rights with respect to your personal information through the California Consumer Privacy Act ("CCPA") and the "Shine the Light" law.
Our collection and Use of Personal Information
The following categories of personal information are collected as part of running the Service: identifiers (such as username, the email address you used to sign up, your phone number if you provided this), commercial information (a record of what you have bought from or subscribed to), financial data (payment information if you bought anything from Shiny Inc.), internet or other network or computer/device information (how you interact with the Service), location information (based on IP address which may indicate approximate location, inference data about you, and other information that identifies or reasonably associated with you. We collect personal data for business and commercial purposes as described in "Use of your information" section above. For examples of data points we collect and the sources of such collection please refer to the "Information we collect" section above.
Disclosure of Personal Information
Your personal information may be shared with third parties as described in our "Sharing your information" section in this document. We disclose the categories of personal information mentioned above for business or commercial purposes.
No sale of Personal Information
We do not sell personal information of our users. As a result, certain obligations as laid out in the California Consumer Privacy Act are not relevant to our business.
Exercising Your Consumer Rights
If you are a California resident, you have the right to request (a) more information about the categories and specific pieces of personal information we have collected and disclosed for a business purpose in the last 12 months (b) deletion of your personal information (c) opt out of sales of your personal information, if applicable. These requests can be made as detailed in "Your data rights and choices" section above. We will not discriminate against you if you exercise your rights under the California Consumer Privacy Act.