Privacy Policy Statement

 

FogBugz, LLC (the “Company”, “we”, or “us”) respects your privacy. This Privacy Policy Statement (“Privacy Policy”) describes the ways we collect information from and about you, what we do with the information, and your privacy rights. By accessing our website, or purchasing our products or services, you agree to this Privacy Policy in addition to any other agreements we might have with you. In the event that such agreements contain terms that conflict with this Privacy Policy, the terms of those agreements will prevail.

Scope

This Privacy Policy includes the Company’s Privacy Policy Statement and the Privacy Shield Notice. It applies to personal data processed by us in our business, including on our websites, mobile applications, and other online or offline offerings (collectively, the “Services”).

Company’s Privacy Policy Statement

1.  Our Collection of your Information

Personal Data

The information we collect may include your personal data, such as your name, contact information, IP addresses, product and service selections and other data that may identify you.  We collect personal data about you at several different points, including but not limited to the following:

2. Information Collected Automatically or From Others

Automatic Data Collection.  We may collect certain information automatically when you use the Services.  This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services.  Information we collect may be associated with accounts and other devices. Our Services, such as those related to location data management, may collect precise geolocation information in accordance with applicable law.

In addition, we may automatically collect data regarding your use of our Services, such as the types of content you interact with and the frequency and duration of your activities.  Unless contrary to applicable law or contractual agreement, we may combine your information with information that other people provide when they use our Services, including, when the option is available, information about you when they tag you.

Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising technologies.  We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services.  Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.

Web Analytics Services. We use Google Analytics, a service for the marketing analysis of the site provided by Google, Inc. Google Analytics uses cookies to allow us to see how you use our site, so we can improve your experience. Google’s ability to use and share information collected by Google Analytics about your visits to the site is restricted by the Google Analytics Terms of Use available at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy available at http://www.google.com/policies/privacy/. You can prevent Google Analytics from recognizing you on return visits to the site by disabling cookies in your browser. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.


Information from Other Sources. 
We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you.  For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings.  Information we collect through these services may include your name, your user identification number, your user name, location, gender, birth date, email, profile picture, and your contacts stored in that service.  This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.

3.  Legal Basis for Processing your Personal Data (EEA, UK and Switzerland only)
With respect to personal data of individuals from the European Economic Area (“EEA”), the United Kingdom (“UK”) or Switzerland, our legal basis for collecting and using the personal data will depend on the personal data concerned and the specific context in which we collect it. Our Company will generally collect personal data from you or a third party only where: (a) we have your consent to do so, (b) where we need the personal data to perform a contract with you (e.g. to deliver the services you have requested), or (c) where the processing is in our or a third party’s legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms).

4.  Our Use of your Personal Data
Our Company may use information that we collect about you to:

Fulfil our contract with you and provide you with our Services, such as:

Analyze and improve our Services pursuant to our legitimate interest, such as:

Provide you with additional content and Services, such as:

Use De-identified and Aggregated Information.  We may use personal data and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create.

Share Content with Friends or Colleagues.  Our Services may offer various tools and functionalities.  For example, we may allow you to provide information about your friends or colleagues through our referral services.  Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.

Process Information on Behalf of Our Customers (as processors).   Our customers may choose to use our Services to process certain data of their own, which may contain personal data.  The data that we process through our Services is processed by us on behalf of our customer, and our privacy practices will be governed by the contracts that we have in place with our customers, not this Privacy Policy.

If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this data.  Our customers control the personal data in these cases and determine the security settings within the account, its access controls and credentials.  We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them.  For a list of our sub-processors, contact us as described below.

5.  Our Disclosure of your Personal Data to Third Parties
We may share your personal data with third parties only in the ways that are described in this Privacy Policy. Below is a list of categories of personal data (from the California Consumer Privacy Act) we have collected and disclosedabout consumers for a business purpose in the past 12 months:

We have not sold consumers’ personal information in the preceding 12 months.

Please note that these third parties may be in other countries where the laws on processing personal data may be less stringent than in your country.

Potential for Other Users to Contact You
To the extent that a given application supports personal messaging functionality between and among end users, you may receive personal messages from other end users.  You can disable this functionality by using the unsubscribe and other disabling instructions in the given application.

6.  Our Security Measures to Protect your Personal Data
Our Company uses industry-standard technologies when transferring and receiving data exchanged between our Company and other companies to help ensure its security. This site has security measures in place to help protect information under our control from the risk of accidental or unlawful destruction or accidental loss, alteration or unauthorized disclosure or access. However, “perfect security” does not exist on the Internet.  Also, if this website contains links to other sites, our Company is not responsible for the security practices or the content of such sites.

7.  Our Use of Automatic Collection Technologies

8. Limiting Use, Disclosure, Retention.
Whenever applicable, our Company identifies the purposes for which the information is being collected before or at the time of collection. The collection of your personal data will be limited to that which is needed for the purposes identified by our Company. Unless you consent, or we are required by law, we will only use the personal data for the purposes for which it was collected. If our Company will be processing your personal data for another purpose later on, our Company will seek your further legal permission or consent; except where the other purpose is compatible with the original purpose. We will keep your personal data only as long as required to serve those purposes. We will also retain and use your personal data for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements

9.  International Transfers of your Personal data
We are a global company. Information about you may be stored and processed in the European Economic Area, the United States or any other country in which our Company or agents or contractors maintain facilities, and by accessing our websites and using our mobile apps, software and services, you consent to the transfer of your information outside of your country. Such countries may have laws which are different, and potentially not as protective as the laws of your own country.

Whenever we share personal data originating in the EEA, the UK or Switzerland, we will rely on lawful measures to transfer that data, such as the Privacy Shield or the EU standard contractual clauses. If you reside in the EEA, UK or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal data to the United States and other jurisdictions in which we operate. By providing your personal data, you consent to any transfer and processing in accordance with this Policy.

10.  Accuracy of Personal data
We do our best to ensure that the personal data we hold and use is accurate. We rely on the customers we do business with to disclose to us all relevant information and to inform us of any changes.

11. Your Access to and Updating of your Personal data
Reasonable access to your personal data may be provided upon request made to our Company at the contact information provided below. If access cannot be provided within that time frame, our Company will provide the requesting party a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied. We may charge a reasonable fee in advance for copying and sending the information requested.

If you would like us to delete any personal data held about you, we will do so on request unless we need to hold the information as part of the provision of products and services to you.

12. Your Choices
We offer those who provide personal data a means to choose how we use the information provided. Where you have consented to the processing of your personal data, you may withdraw that consent at any time and prevent further processing by contacting us as described below.  Even if you opt out, we may still collect and use non- personal data regarding your activities on our Services and for other legal purposes as described above.

Marketing. You may manage your receipt of marketing and non- transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested.  We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms or this Privacy Policy).

We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.

Mobile Devices. We may send you push notifications through our mobile application.  You may at any time opt- out from receiving these types of communications by changing the settings on your mobile device.  We may also collect location-based information if you use our mobile applications.  You may opt-out of this collection by changing the settings on your mobile device.

“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers.  Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits.  The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs.  You can access these and learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/.  To separately make choices for mobile apps on a mobile device, you can download DAA’s AppChoices application from your device’s app store.  Alternatively, for some devices you may use your device’s platform controls in your settings to exercise choice.

Please note you must separately opt out in each browser and on each device.  Advertisements on third party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites.  These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.

13. Your Privacy Rights
Depending on where you reside, you may have the right to exercise additional rights available to you under applicable laws, including:

If you would like to exercise any of the above rights, please contact our support team or contact our Data Protection Officer (see our contact details in the “Contacting Us” Section below). We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

14.  Additional California Privacy Rights (United States only)
If you are a California resident, the California Consumer Privacy Act may entitle you to certain rights under Section 13 in addition to the disclosures about data collection, use and sharing contained herein. Also, California Civil Code Section 1798.83 permits you to request certain information regarding our disclosure of personal data to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us by sending an email to privacy@fogbugz.com.

Our site, products, and services are not intended to appeal to minors. However, if you are a California resident under the age of 18, and a registered user of our Site or Service, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to privacy@fogbugz.com. We will process your request in compliance with applicable law.

Under California law, California residents who have an established business relationship with us may opt-out of our disclosing personal data about them to third parties for their marketing purposes.

15. Notice to End Users
Most of our services are intended for use by organizations. Where the services are made available to you through an organization (e.g. your employer), that organization is the administrator of the services and is responsible for the accounts and/or service over which it has control. Please direct your data privacy questions to your administrator, as your use of the services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different from this policy.

Administrators may be able to:

Please contact your organization or refer to your administrator’s organizational policies for more information.

16.  Children’s Privacy
Because of the nature of our business, our services are not designed to appeal to minors. We do not knowingly attempt to solicit or receive any information from anyone under the age of 17 (or other age as required by local law).  If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us immediately. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.

17.  Changes to our Privacy Policy
Our Company may amend this Privacy Policy at any time by posting a new version. It is your responsibility to review this Privacy Policy periodically as your continued use of this website and our products and services represents your agreement with the then-current Privacy Policy.

18.  Contacting Us

FogBugz, LLC
Data Protection Officer
401 Congress Avenue, Suite 2650
Austin Texas 78701 USA
E-mail: privacy@fogbugz.com

For EEA, UK, and Swiss Individuals: Privacy Shield Notice for Personal Data Transfers to the United States

FogBugz, LLC (the “FogBugz U.S. Corporate Group”) comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Economic Area (“EEA”) member countries, the United Kingdom (“UK”) and Switzerland transferred to the United States pursuant to Privacy Shield.  The FogBugz U.S. Corporate Group has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

A) Definitions
“Personal Data” means information that (1) is transferred from the EEA, UK or Switzerland to the United States; (2) is recorded in any form; (3) is about or pertains to a specific individual; and (4) can be linked to that individual.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

B) Principles
The FogBugz U.S. Corporate Group may receive Personal Data from its own personnel as well as from its affiliates, resellers, customers, end-users and other parties located in the EEA, UK or Switzerland.

Such information may contain, but is not limited to name (first and last name), position,  address, email address, phone number, login credentials, human resources data and transaction information and may be about customers, clients of customers, business partners, acquisition targets, potential buyers consultants, employees, and candidates for employment and includes information recorded on various media as well as electronic data. In addition, the FogBugz U.S. Corporate Group might collect location and traffic data. Please refer to our main Privacy Policy Statement (above) for more information regarding our data handling practices.

The FogBugz U.S. Corporate Group is the controller of its own human resources data. In addition, the FogBugz U.S. Corporate Group acting as a data processor or sub-processor may receive Personal Data via its customers. The FogBugz U.S. Corporate Group executes data processing agreements with such customers which set out the parties’ obligations and responsibilities to comply with the Principles. The FogBugz U.S. Corporate Group will cooperate with its customers to enable them to comply with the Principles.

Whenever the FogBugz U.S. Corporate Group processes Personal Data, the FogBugz U.S. Corporate Group complies with the Principles (as each Principle is applicable to the FogBugz U.S. Corporate Group’s role):

1. Notice. Whenever the FogBugz U.S. Corporate Group collects Personal Data directly from individuals, it shall inform an individual of the purpose for which it collects and uses their Personal Data and the types of third parties to which the FogBugz U.S. Corporate Group discloses or may disclose that Personal Data. Please refer to our main Privacy Policy Statement for more information regarding our data handling practices.  The FogBugz U.S. Corporate Group shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to the FogBugz U.S. Corporate Group, or as soon as practicable thereafter, and in any event before the FogBugz U.S. Corporate Group uses or discloses the Personal Data for a purpose other than for which it was originally collected. The FogBugz U.S. Corporate Group may be required to disclose Personal Data in response to lawful request by public authorities, including to meet national security or law enforcement requirements.

2. Choice. Whenever the FogBugz U.S. Corporate Group collects Personal Data directly from individuals, those individuals have the opportunity to choose (opt out) whether their Personal Data is (1) to be disclosed to a non-agent third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual by contacting our Data Protection Officer via email at privacy@fogbugz.com. In some of these cases, opting out may require the FogBugz U.S. Corporate Group to cease providing part or all of the contracted services for which that Personal Data is needed. For Sensitive Personal Information, The FogBugz U.S. Corporate Group will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information to a non-Agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The FogBugz U.S. Corporate Group shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.  Agents, technology vendors and contractors of the FogBugz U.S. Corporate Group or affiliated companies may have access to an individual’s Personal Data on a need to know basis for the purpose of performing services on behalf of the FogBugz U.S. Corporate Group or providing or enabling elements of the services. All such agents, technology vendors and contractors who have access to such information are contractually required to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for the FogBugz U.S. Corporate Group or as otherwise required by law.

3. Accountability for Onward Transfer. Whenever the FogBugz U.S. Corporate Group collects Personal Data directly from individuals, prior to disclosing Personal Data to a third party, it shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. The FogBugz U.S. Corporate Group shall ensure that any third party to which Personal Data may be disclosed agrees in writing to provide the same level of privacy protection as set forth in this policy.

The FogBugz U.S. Corporate Group’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, FogBugz U.S. Corporate Group remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless FogBugz U.S. Corporate Group proves that it is not responsible for the event giving rise to the damage.

4. Data Security. The FogBugz U.S. Corporate Group shall take reasonable steps to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. The FogBugz U.S. Corporate Group has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Personal Data from loss, misuse, unauthorized access or disclosure, alteration or destruction. However, the FogBugz U.S. Corporate Group cannot guarantee the security of Personal Data on or transmitted via the Internet.

5. Data Integrity and Purpose Limitation. The FogBugz U.S. Corporate Group shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, the FogBugz U.S. Corporate Group shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.

6. Access. The FogBugz U.S. Corporate Group acknowledges the individual’s right to access their Personal Data. The FogBugz U.S. Corporate Group shall allow an individual access to their Personal Data and allow the individual the opportunity to correct, amend or delete information that is inaccurate or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may contact our Data Protection Officer via email at privacy@fogbugz.com to request to access, correct, amend, or delete the Personal Data FogBugz U.S. Corporate Group holds about you. In cases where the FogBugz U.S. Corporate Group is a Data Sub-Processor or Processor, individuals must contact the Data Processor or the Data Controller, as applicable.

7. Enforcement and Dispute Resolution. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, FogBugz U.S. Corporate Group is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the Privacy Shield Principles, the FogBugz U.S. Corporate Group commits to resolve complaints about your privacy and our collection or use of your Personal Data transferred to the United States pursuant to Privacy Shield. EEA, UK and Swiss individuals with Privacy Shield inquiries or complaints should first contact us at:

FogBugz, LLC
Data Protection Officer
401 Congress Avenue, Suite 2650
Austin Texas 78701 USA
E-mail: privacy@fogbugz.com

a. Human Resources DataIf your complaint involves human resources data transferred to the United States from the EEA, UK or Switzerland in the context of the employment relationship, and FogBugz U.S. Corporate Group does not address it satisfactorily, FogBugz U.S. Corporate Group commits to cooperate with the panel established by the data protection authorities (DPA Panel) and the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and Commissioner, as applicable with regard to such human resources data.  To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction.  Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

b. Non-Human Resources Data. FogBugz U.S. Corporate Group has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint was not resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

C) AmendmentsThis Privacy Statement may be amended from time to time consistent with the requirements of the Shield Frameworks. Any revised policy will be posted on this website.

D) Information Subject to Other Policies
The FogBugz U.S. Corporate Group is committed to following the Principles for all Personal Data within the scope of the Privacy Shield Frameworks. However, certain information is subject to policies of the FogBugz U.S. Corporate Group that may differ in some respects from the general policies set forth in this Privacy Statement.

 

Last Updated: June 16, 2020