Privacy policy

Last updated: May 2019

This Policy describes the following:

• What information we collect and how it is collected
• How we use the information
• With whom we may share information
• Legal basis for processing the information
• Your rights and choices
• Security and storage of the information
• Third party websites; and
• Changes to the Policy and Contact Information.

Throughout this document, we will define a few terms to describe various roles within Diggle. Diggle Users are people using the service we provide in some capacity. They may be further classified into three categories: Diggle Account Owners who legally pays for the services, Diggle Creators who create content on Diggle and host a session, and Diggle Participants who participate in sessions created by Diggle Creators. Every Account will have one Account Owner, but may have several Diggle Creators (as agreed upon with our representatives). Because Account Owners are also Diggle Creators within their respective accounts, everything in this document that applies to Diggle Creators also applies to Account Owners.

Privacy and GDPR

Your data is your data

At Diggle, we value your privacy and we will only collect information that we need to deliver the service to you, and continue to maintain and develop the service.The following is a list of data we collect, process or store, with the purpose and legal ground listed for each item through the General Data Protection Regulation – https://www.eugdpr.org/:

• User account information. Users that choose to register, will have to provide a valid email address and username. The information may be used for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. This is required to deliver the Service to you as user, by taking steps, at your request, to enter into such a contract (Terms of Service) cf. GDPR art. 6 (1) b.
• Transaction information. Customers that have purchased a paid version of the Services provide Diggle (and our payment processors) with billing details such as credit card information, billing email, banking information, location at the time of transaction and/or a billing address. The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions. This data may be used for the purpose of delivering the Services to you. Collecting this information is required for performing the contract we entered into with you, at your request (our Terms of Service) cf. GDPR art. 6 (1) b.Additionally, this information needs to be retained in order to comply with accounting and tax regulation cf. GDPR art. 6 (1) c.
• Technical log data. Like most digital services, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited within the Services, browser type and settings, the date and time the Services were used, information about browser configuration, plugins and language preferences.
• Device information. We may collect information about devices used to access the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information depends on the type of device used and its settings.
• The legal basis for this processing is our legitimate interests cf. GDPR art. 6 (1) f, namely using this data for the purpose of ensuring the proper administration of our website and business, analyzing the use of the website and services, monitoring and improving our website and services, improving the user experience, preventing abuse, and assisting users with support inquiries.
• Collecting this information it is required for performing the contract we entered into with you, at your request (our Terms of Service), as well as our legitimate interest of handling your requests cf. GDPR art. 6 (1) f.
• Service and transactional notifications. Sometimes we’ll send you emails about your account, service changes or new policies. You can’t opt out of this type of “service or transactional” emails (unless you delete your account). The legal grounds for collecting this information is that it is required for performing our commitment about communicating changes in plans and pricing to you in the contract we entered into with you, at your request (our Terms of Service) cf. GDPR art. 6 (1) b, and our legitimate interest of communicating important information about your account to you, cf. GDPR art. 6 (1) f.

Your responsibility

• If you, as an Account Owner or Diggle Creator, store any personal data in Diggle, for example as a result of creating a survey, you are seen as responsible for that data.
• With Diggle you have full control over your data. A common scenario is that you want to retain the aggregated responses for a session, while removing identifying data. We want to make this easy. You can download an excel report with the click of a button, then download displays for the sessions and you have all the data for the session. Then you can simply delete the session, and, except for our database backups and logs, we will have no records of the session ever occurring.

Database backups

• Our database is backed up daily and the backups are removed 120 days after the next backup is made.
• If you require information to be completely deleted from the system in a shorter time frame, you can send us an email and we will speed that up.
• You are responsible for managing the data provided by participants in your Diggle sessions and complying with GDPR and local law.
• You are free to distribute the images of the answer displays and excel reports generated from your Diggle sessions to anyone. By distributing such images or excel documents, you are responsible for complying with regulations and laws regarding distribution of personal data.
• If you decide to cancel your account subscription, Diggle will not delete your content, or account data. You can, however, request an account deletion. Diggle will then delete your account, and all its data and content from our servers. After 120 days, the data will also be automatically and permanently deleted from our backups.

Information You Provide Voluntarily

• Contact data. When you create an account on Diggle, you provide us with some information to contact you, such as an email address. In certain cases, you may also choose to share your phone number for support purposes. If you participate in a session, you may also need to provide an email address if you wish to receive your customized report at the end of the session (not yet available on publishing date).
• Content data. This includes any content that you create or upload on Diggle such as exercises (title, choices, url’s, pictures..), demographics and information. As a participant, this corresponds to the information you send such as your answers or inputs.
• Billing data. If you purchase a predefined subscription plan (not a custom made plan), our third-party payment processor (Stripe) will collect and store your billing address and credit card information. We do not store any parts of your credit card number, card type or expiration date on our servers. We may store your name, email and other data we may need in communication with you.
• Profile data. Diggle Users may give us permission to access their information in other services. For example, with your consent, you may want to get newsletters from Diggle to your email. As this process is partially handled using a third-party marketing and email managing tool (ActiveCampaign), the third party is given access to parts of your personal information, such as username, email, subscription plan and possibly more, depending on the situation. The information we get from those services help us manage our users and grow Diggle, effectively making it possible for us to provide and improve our services.

Information Collected Automatically

Like many websites, we and our service providers may use cookies, web beacons and other technologies to receive and store certain types of information when you interact with us through your computer or mobile device, subject to your opt-out preferences (see Your Rights and Choices section below). Using these technologies helps us customize your experience with our Services, improve your experience, and tailor marketing messages. Here are some of the types of information we collect:

• Log & Device data. When you use Diggle, our servers automatically record information (“log data”), including information that your browser sends whenever you visit our Website. This log data may include your web address you came from or are going to, your device model, operating system, browser type, unique device identifier, IP address, mobile network carrier, and time zone or location. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or a PC, or an iPhone or an Android phone. To learn more about what information your device makes available to us, please check the policies of your device manufacturer or software provider.

Cookies and Other Tracking Mechanisms

• Cookie data. Depending on how you’re accessing our products and subject to your opt-out preferences, we may use “cookies” (a small text file sent by your computer each time you visit our website, unique to your Diggle account or your browser) or similar technologies to record log data. When we use cookies, we may use “session” cookies (these last until you close your browser) or “persistent” cookies (these last until you or your browser delete them). For example, we may use cookies to keep you logged in to Diggle. Some of the cookies and locally stored data we use are associated with your Diggle account (including personal information about you, such as your account username). To help us make emails more useful and interesting, we often receive a confirmation when you open an email from Diggle if your computer supports such capabilities. You can opt out of receiving emails from us. Please see the Your Rights and Choices section below.
• Other Website Analytics Services. Subject to your opt-out preferences (see Your Rights and Choices below), we use third party service providers such as Active Campaign to provide certain analytics and user interactions services to Diggle in connection with our operation of our Platform, including the collection and tracking of certain data and information regarding the characteristics and activities of visitors. You may opt-out of third-party services using Opt-Out Features on their website.

How We Use Your Information

We may use the information that we collect about you, including personal information, to:

• Provide the Diggle Service. We will use your information to provide our Platform and services to you; to facilitate interactivity between Diggle Creators and Diggle Participants; to manage your account; to respond to your inquiries; and for other customer service and support purposes. We use the payment information you provide to us in order to alert you of past, current, and upcoming charges, to allow us to present the billing history to you on your account page in the platform, and to perform internal financial processes, such as looking at the status of a credit card charge. In the session of a credit card dispute, we also share account information with your bank to verify the legitimacy of a charge.
• Understand and improve our products. We will perform research and analysis about your use of, or interest in, our products, services or content, or products, services or content offered by others. We do this to help make our products better and to develop new products.
• Communicate with you.
• Service related communications. We may send you service and administrative emails to ensure the service is working properly. We may also email you if a session report becomes available. These messages are considered part of the service and you may not opt out of these messages.
• Promotional. Subject to your opt-out preferences, we may send you emails about new product features or other news about Diggle or on topics we think would be relevant to you. You may opt out of receiving these communications at any time. Please see the Your Rights and Choices section below.
• Responding to your requests. We will also use your information to respond to your questions or comments.
• Administrative. We may contact you to inform you about changes in our services, our service offering and other important service related notices, such as changes to the Policy or about security or fraud notices.
• Protecting Rights and Interests. We may use your information to protect our rights and interests as well as the rights and interests of our users and any other person, as well as to enforce this Policy or our Terms of Service.
• Legal Compliance. We may use your information to comply with applicable legal or regulatory obligations, including informal requests from law enforcement or other governmental authorities.
• Other. We also may use your information to manage our business or perform functions as otherwise described to you at the time of collection subject to your consent. Please read all online agreements carefully before accepting them.

With Whom We May Share Your Information

We do not share your personal information with others except as indicated within this Policy or when we inform you and give you an opportunity to opt out of having your personal information shared.

We will share information we collect about you, including personal information, in the following ways:

• With third party service providers, agents, or contractors. We use other companies, agents or contractors (“Service Providers”) to perform services on our behalf or to assist us with providing services to you. For example, we may engage Service Providers to process credit card transactions or other payment methods. Or, we may engage Service Providers to provide services such as marketing, advertising, communications, infrastructure and IT services, to provide customer service, to collect debts, and to analyze and enhance data (including data about users’ interactions with our service). These Service Providers may have access to your personal or other information in order to provide these functions. In addition, some of the information we request may be collected by third party providers on our behalf. We require our Service Providers to agree to take reasonable steps to keep the personal information that we provide to them secure. We do not authorize them to use or disclose your personal information except in connection with providing their services.
• Affiliates. We may disclose your information to current or future affiliates or subsidiaries for research, marketing, and other purposes consistent with this Privacy Policy.
• To comply with legal process or to protect Diggle and our users and members. We may share your data: if we believe that disclosure is reasonably necessary to comply with a law, regulation, legal or governmental request; to respond to a subpoena, court order, warrant, or other legal process; to enforce applicable terms of use or this Policy, including investigation of potential violations thereof; to protect the safety, rights, or property of the public, any person, or Diggle; to detect, prevent, or otherwise address, security, or technical issues or illegal or suspected illegal activities (including fraud); or as evidence in litigation in which we are involved, as part of a judicial or regulatory proceeding.
• Business Transfers. We may engage in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding that involves the transfer of the information described in this Policy. In such transactions, customer information is typically one of the business assets that is transferred or acquired by a third party. If we are acquired by or merged with another company, if we sell or transfer a business unit or assets to another company, in the unlikely session of a bankruptcy proceeding, or as part of any other similar business transfer, you acknowledge that such transfers may occur.
• Aggregate or De-identified Information. We may disclose aggregate, anonymous, or de-identified information about users for marketing, advertising, research, compliance, or other purposes.

Legal Basis for Processing Your Information

We rely on the following legal grounds to process your personal information:

• Consent. We may use your personal information as described in this Policy subject to your consent. To withdraw your consent, please contact us at: [email protected]. You may also refrain from providing, or withdraw, your consent for cookies. Please see Your Rights and Choices below for more information on opt-outs.
• Performance of a contract. We may need to collect and use the personal information of Diggle Users, as applicable, to perform our contractual obligations.
• Legitimate Interests. We may use your personal information for our legitimate interests to provide our Platform and services and to improve our services and the content on our Platform. We also process information to improve the user experience. We may use technical information as described in this Policy and use personal information for our marketing purposes consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable law.

Your Rights and Choices

• Account. In order to keep your personal information accurate and complete, you can log in to review your account information, including contact and subscription plan information, via your account settings page. You may also contact us to request information about the personal data we have collected from you and to request the correction, modification or deletion of such personal information. We will do our best to honor your requests subject to any legal and contractual obligations. If you would like to make a request, cancel your account or request we delete or no longer use your account information to provide you Services, contact us at: [email protected]. Subject to applicable law, we will retain and use your account information only as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
• E-mail. As described above, if you do not wish to receive promotional emails from us, you may opt out at any time by following the unsubscribe link contained in the email itself. Please note that it may take up to ten (10) days to process your request. Please also note that if you opt out of receiving marketing communications from us, we may continue to send to you service-related emails which are not available for opt-out. If you do not wish to receive any service-related emails from us, you have the option to deactivate your account.
• Cookies. You may also refrain from providing, or withdraw, your consent for cookies. Your browser’s help function should contain instructions on how to set your computer to accept all cookies, to notify you when a cookie is issued, or not to receive cookies at any time. Here, you may find instructions for your browser: https://cookies.insites.com/disable-cookies/.
• Third Party Analytics Services. Some of the services used provide the ability to opt-out. You may opt-out of Google Analytics, and promotional emails from us and our email marketing partner, ActiveCampaign.
• Google Analytics is only used on our landing page www.diggle.com/ and is provided by Google Inc. You can prevent Google Analytics from using your information for analytics purposes on their Opt-Out page at https://tools.google.com/dlpage/gaoptout/.
• Additional Rights. Subject to local law, you may have additional rights under the laws of your jurisdiction regarding your personal data, such as the right to complain to your local data protection authority.
• Do Not Track. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.

Our third-party sub-processors

We want you to know about the third-party sub-processors we use in our services. They may handle your data in different ways. In this table, we provide the entities legal names, the reason we have for using their services and collecting data through them, whether they follow the EU-US Privacy Shield agreement, the country of their servers and finally a link to their respective privacy policy. Where appropriate, we also link to their page Opt-Out options.

Security and Storage of Information

We have taken reasonable steps to help protect the personal information we collect such as using SSL encryption everywhere. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information in all circumstances.

You should take steps to protect against unauthorized access to your device and account by, among other things, choosing a robust password that nobody else knows or can easily guess and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

We retain the personal data we collect for so long as reasonably necessary to fulfill the purposes for which the data was collected, to perform our contractual and legal obligations, and for any applicable statute of limitations periods for the purposes of bringing and defending claims.

Third-Party Links

Our Platform may contain links to third-party websites and applications. Subject to your opt-out preferences (see Your Rights and Choices), we may also use third-party advertisers, ad networks, and other advertising, marketing, and promotional companies, to serve advertisements on our websites. Any access to and use of such linked websites and applications is not governed by this Policy but instead is governed by the privacy policies of those third parties. We do not endorse these parties, their content, or any products and services they offer, and we are not responsible for the information practices of such third-party websites or applications.

Changes to the Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, and if we do we’ll post any changes, including any material changes, on this page, so please be sure to check back periodically. If you continue to use Diggle after those changes are in effect, you agree to the revised Policy.

Contacting Us

If you have any questions or comments about this policy, please contact us at [email protected]. Our team can help with inquiries in Norwegian and English. A printed version of this policy, and any warning mention delivered in electronic form, will be accepted in any legal or administrative procedure resulting from, or related to this agreement, in the same way and under the same conditions as other documents and trade registers created and stored in written form.