Privacy policy

Last updated: May 2021

This Policy describes the following:

  • What information we collect and how it is collected
  • How we use the information
  • With whom we may share information
  • Legal basis for processing the information
  • Your rights and choices
  • Security and storage of the information
  • Third party websites; and
  • Changes to the Policy and Contact Information.

We will now define a few terms to describe the terms used in this document.

Throughout the document we will refer to The Landing Page as content accessible from the internet domains diggle.com and www.diggle.com. We will refer to The App as content accessible from the internet domains app.diggle.com, godiggle.com, mydiggle.com, diggleit.com and any subdomain of diggle.com not mentioned.

The Platform encompasses The Landing Page and The App. The Service encompasses The Platform and support from Diggle employees.

A Supporting Service is defined as one of the sub-processor’s for The Service.

Diggle Users are people using The App in some capacity. They may be further classified into three categories:

  • Account Owner: Person or company that legally pays to use The App.
  • Creators: Person or company who creates content on The App and hosts sessions.
  • Participant: Person who participates in sessions created by Diggle Creators.

Every Account will have one Account Owner, but may have several Diggle Creators (as agreed upon with our representatives). Because Account Owners are also Diggle Creators within their respective accounts, everything in this document that applies to Diggle Creators also applies to Account Owners.

Account: Data stored in The App for an Account Owner.

Privacy and GDPR

 

Your data is your data

At Diggle, we value your privacy and we will only collect information that we need to deliver The Service to you, and continue to maintain and develop The Service. The following is a list of data we collect, process or store, with the purpose and legal ground listed for each item through the General Data Protection Regulation – https://www.eugdpr.org/:

  • User account information. Users that choose to register, will have to provide a valid email address and username. The information may be used for the purposes of operating The Service and to ensure the security and integrity of The Service, maintaining back-ups of our databases and communicating with you. This is required to deliver The Service to you as user, by taking steps, at your request, to enter into such a contract (Terms of Service) cf. GDPR art. 6 (1) b.
  • Transaction information. Customers that have purchased a paid version of The Service (and our payment processors) with billing details such as credit card information, billing email, banking information, location at the time of transaction and/or a billing address. The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions. This data may be used for the purpose of delivering The Service. Collecting this information is required for performing the contract we entered into with you, at your request (our Terms of Service) cf. GDPR art. 6 (1) b.Additionally, this information needs to be retained in order to comply with accounting and tax regulation cf. GDPR art. 6 (1) c.
  • Technical log data. Like most digital services, our servers automatically collect information when you access or use The Platform and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited within The Service, browser type and settings, the date and time The Service was used, information about browser configuration, plugins and language preferences.
  • Device information. We may collect information about devices used to access The Service, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information depends on the type of device used and its settings.
  • The legal basis for this processing is our legitimate interests cf. GDPR art. 6 (1) f, namely using this data for the purpose of ensuring the proper administration of The Service and our business, analyzing the use of The Service and Supporting Services, monitoring and improving The Service, improving the user experience, preventing abuse, and assisting users with support inquiries.
  • Collecting this information is required for performing the contract we entered into with you, at your request (our Terms of Service), as well as our legitimate interest of handling your requests cf. GDPR art. 6 (1) f.
  • Service and transactional notifications. Sometimes we’ll send you emails about your account, service changes or new policies. You can’t opt out of this type of “service or transactional” emails (unless you delete your account). The legal grounds for this communication is that it is required for performing our commitment about communicating changes in plans and pricing to you in the contract we entered into with you, at your request (our Terms of Service) cf. GDPR art. 6 (1) b, and our legitimate interest of communicating important information about your account to you, cf. GDPR art. 6 (1) f.

Your responsibility

  • If you, as an Account Owner or Diggle Creator, store any personal data in Diggle, for example as a result of creating a survey, you are the data controller for that data.
  • You are responsible for managing the data provided by participants in your Diggle sessions and complying with GDPR and local law.

Database backups

  • The data is backed up hourly and backups are retained for up to 21 days.
  • If you require information to be completely deleted from the system in a shorter time frame, you can send us an email and we will speed that up.
  • You are free to distribute the images of the answer displays and excel reports generated from your Diggle sessions to anyone. By distributing such images or excel documents, you are responsible for complying with regulations and laws regarding distribution of personal data. 
  • If you decide to cancel your account subscription, your account will be changed into a trial account and your content and account data will remain. You can, however, request an account deletion to [email protected] Diggle will then delete your account, and all its data and content from our servers. The data will remain in our backups until they are deleted.

Information You Provide Voluntarily

  • Contact data. When you create an account on Diggle, you provide us with information needed to communicate with you, such as an email address and your name. In certain cases, you may also choose to share your phone number for support purposes.
  • Content data. This includes any content that you create or upload on Diggle such as exercises (title, choices, url’s, pictures..), demographics and information. As a participant, this corresponds to the information you send such as your answers or inputs.
  • Billing data. If you purchase a predefined subscription plan (not a custom made plan), our third-party payment processor (Stripe) will collect and store your billing address and credit card information. We do not store any parts of your credit card number, card type or expiration date on our servers.
  • Profile data. Diggle Users may give us permission to access their information in other services. For example, with your consent, you may want to get newsletters from Diggle to your email. As this process is partially handled using a third-party marketing and email managing tool (ActiveCampaign), the third party is given access to parts of your personal information, such as username, email, subscription plan and possibly more, depending on the situation. The information we get from those services help us manage our users and grow Diggle, effectively making it possible for us to provide and improve our services.

Information Collected Automatically

Like many websites, we and our service providers may use cookies, web beacons and other technologies to receive and store certain types of information when you interact with us through your computer or mobile device, subject to your opt-out preferences (see Your Rights and Choices section below). Using these technologies helps us customize your experience with our Services, improve your experience, and tailor marketing messages. Here are some of the types of information we collect:

  • Log & Device data. When you access The Platform, our servers automatically record information (“log data”). This log data may include your web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, mobile network carrier, and time zone or location. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or a PC, or an iPhone or an Android phone. To learn more about what information your device makes available to us, please check the policies of your device manufacturer or software provider.

Cookies and Other Tracking Mechanisms

  • Cookie data. Depending on how you’re accessing our products and subject to your opt-out preferences, we may use “cookies” (a small text file sent by your computer each time you use The Platform, unique to your Diggle account or your browser) or similar technologies to record log data. When we use cookies, we may use “session” cookies (these last until you close your browser) or “persistent” cookies (these last until you or your browser deletes them). For example, we may use cookies to keep you logged in to Diggle. Some of the cookies and locally stored data we use are associated with your Diggle account (including personal information about you, such as your account username). To help us make emails more useful and interesting, we often receive a confirmation when you open an email from Diggle if your computer supports such capabilities. You can opt out of receiving marketing emails from us, but you can not opt out from transactional emails. Please see the Your Rights and Choices section below.
  • Other Website Analytics Services. Subject to your opt-out preferences (see Your Rights and Choices below), we use third party service providers such as Google Analytics to provide certain analytics and user interactions services to Diggle in connection with our operation of our Platform, including the collection and tracking of certain data and information regarding the characteristics and activities of visitors. You may opt-out of third-party services using Opt-Out Features on their website or in the case of Google Analytics by rejecting cookies on The Landing Page.

How We Use Your Information

We may use the information that we collect about you, including personal information, to:

  • Provide the Diggle Service. We will use your information to provide our Platform and services to you; to facilitate interactivity between Diggle Creators and Diggle Participants; to manage your account; to respond to your inquiries; and for other customer service and support purposes. We use the payment information you provide to us in order to alert you of past, current, and upcoming charges, to allow us to present the billing history to you on your account page in the platform, and to perform internal financial processes, such as looking at the status of a credit card charge. In the session of a credit card dispute, we also share account information with your bank to verify the legitimacy of a charge.
  • Understand and improve our products. We will perform research and analysis about your use of, or interest in, our products, services or content, or products, services or content offered by others. We do this to help make our products better and to develop new products.
  • Communicate with you.
  • Service related communications. We may send you service and administrative emails to ensure The Service is working properly. We may also email you if a session report becomes available. Being able to deliver these messages constitute a legitimate interest, so you may not opt out of these messages.
  • Promotional. Subject to your opt-out preferences, we may send you emails about new product features or other news about Diggle or on topics we think would be relevant to you. You may opt out of receiving these communications at any time. Please see the Your Rights and Choices section below.
  • Responding to your requests. We will also use your information to respond to your questions or comments.
  • Administrative. We may contact you to inform you about changes in our services, our service offering and other important service related notices, such as changes to the Policy or about security or fraud notices.
  • Protecting Rights and Interests. We may use your information to protect our rights and interests as well as the rights and interests of our users and any other person, as well as to enforce this Policy or our Terms of Service.
  • Legal Compliance. We may use your information to comply with applicable legal or regulatory obligations, including informal requests from law enforcement or other governmental authorities.
  • Other. We also may use your information to manage our business or perform functions as otherwise described to you at the time of collection subject to your consent. Please read all online agreements carefully before accepting them.

With Whom We May Share Your Information

We do not share your personal information with others except as indicated within this Policy or when we inform you and give you an opportunity to opt out of having your personal information shared.

We will share information we collect about you, including personal information, in the following ways:

  • With sub processors as defined in paragraph 9: Our third party sub-processors.
  • Subcontractors. We may share your personal information with EEA based subcontractors for the purpose of improving The Service.
  • To comply with legal process or to protect Diggle and our users and members. We may share your data: if we believe that disclosure is reasonably necessary to comply with a law, regulation, legal or governmental request; to respond to a subpoena, court order, warrant, or other legal process; to enforce applicable terms of use or this Policy, including investigation of potential violations thereof; to protect the safety, rights, or property of the public, any person, or Diggle; to detect, prevent, or otherwise address, security, or technical issues or illegal or suspected illegal activities (including fraud); or as evidence in litigation in which we are involved, as part of a judicial or regulatory proceeding.
  • Business Transfers. We may engage in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding that involves the transfer of the information described in this Policy. In such transactions, customer information is typically one of the business assets that is transferred or acquired by a third party. If we are acquired by or merged with another company, if we sell or transfer a business unit or assets to another company, in the unlikely session of a bankruptcy proceeding, or as part of any other similar business transfer, you acknowledge that such transfers may occur.
  • Aggregate or De-identified Information. We may disclose aggregate, anonymous, or de-identified information about users for marketing, advertising, research, compliance, or other purposes.
  • Account Owner access. If you use an email address to access the Services and that email address was provided by an organization, that organization can request information about your Account as well as, if that organization is an Account Owner, request us to move your Account to that organization’s Team Workspace in which case you will become a Team Member. The organization may then apply its own policies to your use of The App and control, administer, suspend and delete access to, as well as downgrade your Account. If you would like to be sure to avoid this type of disclosure you should register an Account with your own private email address.

Legal Basis for Processing Your Information

We rely on the following legal grounds to process your personal information:

  • Consent. We may use your personal information as described in this Policy subject to your consent. To withdraw your consent, please contact us at [email protected]. You may also refrain from providing, or withdraw, your consent for cookies. Please see Your Rights and Choices below for more information on opt-outs.
  • Performance of a contract. We may need to collect and use the personal information of Diggle Users, as applicable, to perform our contractual obligations.
  • Legitimate Interests. We may use your personal information for our legitimate interests to provide our Platform and services and to improve our services and the content on our Platform. We also process information to improve the user experience. We may use technical information as described in this Policy and use personal information for our marketing purposes consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable law.

Your Rights and Choices

  • In order to keep your personal information accurate and complete, you can log in to review your account information, including contact and subscription plan information, via your account settings page. You may also contact us to request information about the personal data we have collected from you and to request the correction, modification or deletion of such personal information. We will do our best to honor your requests subject to any legal and contractual obligations. If you would like to make a request, cancel your account or request we delete or no longer use your account information to provide you Services, contact us at [email protected]. Subject to applicable law, we will retain and use your account information only as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
  • E-mail. As described above, if you do not wish to receive promotional emails from us, you may opt out at any time by following the unsubscribe link contained in the email itself. Please note that it may take up to ten (10) days to process your request. Please also note that if you opt out of receiving marketing communications from us, we may continue to send to you service-related emails which are not available for opt-out. If you do not wish to receive any service-related emails from us, you have the option to deactivate your account.
  • Cookies. You may also refrain from providing, or withdraw, your consent for cookies. Your browser’s help function should contain instructions on how to set your computer to accept all cookies, to notify you when a cookie is issued, or not to receive cookies at any time. Here, you may find instructions for your browser: https://cookies.insites.com/disable-cookies/.
  • Third Party Analytics Services. Some of the services used provide the ability to opt-out. You may opt-out of Google Analytics, and promotional emails from us and our email marketing partner, ActiveCampaign.
  • Google Analytics is only used on The Landing Page and is provided by Google Inc. You can prevent Google Analytics from using your information for analytics purposes on their Opt-Out page at https://tools.google.com/dlpage/gaoptout/.
  • Additional Rights. Subject to local law, you may have additional rights under the laws of your jurisdiction regarding your personal data, such as the right to complain to your local data protection authority.
  • Do Not Track. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.

International transfers

We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps, including preventive measures, to make sure your data is always safe.

For all international transfers through our sub-processors, we ensure that the recipient of your Personal Information offers an adequate level of protection by entering into appropriate back-to-back agreements with our sub-processors. All international transfers are made on the basis of the EU Commission approved standard contractual clauses (“SCCs”).

Please also refer to our DPA.

Our third-party sub-processors

See our list of sub processors.

Security and Storage of Information

We have taken reasonable steps to help protect the personal information we collect such as using SSL encryption everywhere. Unfortunately, no measures can be guaranteed to provide 100% security. 

You should take steps to protect against unauthorized access to your device and account by, among other things, choosing a robust password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

We retain the personal data we collect for so long as reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual and legal obligations, and for any applicable statute of limitations periods for the purposes of bringing and defending claims.

Changes to the Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, and if we do we’ll post any changes, including any material changes, on this page, so please be sure to check back periodically. If you continue to use Diggle after those changes are in effect, you agree to the revised Policy.

Contacting Us

If you have any questions or comments about this policy, please contact us at [email protected] in English or Norwegian.