WHO WE ARE AND WHAT THIS IS
Fog Creek Software, Inc. (“Fog Creek” or “Fog Creek Software”) is the producer and owner of FogBugz On Demand (“FogBugz”) and Kiln On Demand (“Kiln”) (collectively referred to here as the/our "Software" or the/our "Services"), which are collaborative web and mobile based applications that help teams and individuals stay organized and communicate.
We take the private nature of your personal information very seriously, and are committed to protecting it. To do that, we've set up procedures to ensure that your information is handled responsibly and in accordance with applicable data protection and privacy laws. We're grateful for your trust, and we'll act that way.
PRIVACY SHIELD OVERVIEW
TYPES OF INFORMATION
"Personal information" is any information that we could use to identify an individual. It does not include personal information that is encoded or anonymized, or publicly available information that has not been combined with non-public information.
"Sensitive personal information" is information that meets the "personal information" criteria and also a.) reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or b.) concerns health or sex life, information about Social Security benefits, or information on criminal or administrative proceedings other than in the context of pending legal proceedings.
HOW WE COLLECT INFORMATION
We collect information two ways: Information we get from your use of our Services, and information you provide to us directly.
Information we get from your use of the Services is primarily non-personally-identifying information of the sort that web browsers, servers, and services like Google Analytics* typically make available, such as the browser type, language preference, referring site, and the time of each visit. Other non-identifying information that we might have access to includes how you use the Service (e.g. search queries), your approximate location, cookies, etc.
We collect this non-personally-identifying information in order to better understand how visitors use the Services and, where possible, to improve their experience. For instance, we log the time it takes to run database queries so that we can improve performance. In some cases, we may publicly display information that is not personally identifying in the aggregate, (e.g., by publishing a report on trends in the usage of our Services) or may provide the aggregate data to third parties.
When you use the Services, we also collect potentially personally identifying information in the form of Internet Protocol (IP) addresses, the Uniform Resource Locator (URL) accessed (which may reference the name of a board, card, case, wiki, or organization), and the unique identification number associated with the account. We don't use that information to identify you, with one exception: we may discover, by reviewing log files, that a particular account is using the Services in a way that is degrading the experience for all the Services’ users. If this is discovered, we may look up personally identifiable information associated with that account in order to contact the account owner. We handle and disclose this information in the same way we handle other potentially personally identifying information as described below.
Information you provide to us directly. Certain visitors to our Services choose to interact with them in ways that may require them to provide us with personally identifying information. The amount and type of information that is provided depends on the nature of the interaction. For example, we ask visitors who sign up for our Services to provide a real name, username, and email address. Organizations and individuals who engage in financial transactions to purchase paid services are asked to provide additional information, such as the personal and financial information required to process those transactions. In each case, we only collect as much information as is necessary or appropriate given the type of interaction. We do not disclose personally identifying information other than as described below. And you can always refuse to supply personally identifying information, with the caveat that it may prevent you from engaging in certain activities.
If you send us a request, such as emailing us for support, we reserve the right to publish it (absent any personally identifying information) in order to help us clarify or respond to your request or help other users.
In the process of supporting our Services, we may discover personally identifiable information associated with your account. The only personally identifiable information we may discover during the support process without your consent includes your email address and the names of any organizations to which you belong. Any further information will not be discovered without your consent.
In the process of supporting our Services, we may need to investigate the data within your account, including data you have entered into private boards, cases, wikis, etc. If this occurs, we will always request your explicit permission before looking at the data in your account.
If you are outside the United States, you should know that any personally identifiable information you enter into the Services will be transferred out of your country and into the United States, and possibly to other countries. By using the Services, you consent to such transfer and are representing that you have the right to transfer such information outside your country.
We do not collect any personally identifiable information from children under the age of 13. If you believe that a child has provided us with personally identifiable information without the consent of his or her parent or guardian, please contact us at firstname.lastname@example.org. If we become aware that a child under age 13 has provided us with personally identifiable information, we'll delete it.
INFORMATION YOU CHOOSE TO DISPLAY PUBLICLY ON OUR SERVICES
Some users may elect to publicly post personally identifying or sensitive information about themselves in their normal use of our Services. This could occur through use of optional profile fields, in interactions on public boards, wikis, cases and forums, or if a previously private interaction is made public. Information like that, which is voluntarily posted in publicly visible parts of our Services, is considered to be public, even if it would otherwise be considered to be personally identifying or sensitive. As such, it is not subject to the protocols listed below, because we don't control it; you do. Additionally, voluntarily publicizing such information means that you lose any privacy rights you might normally have with regards to that information. It may also increase your chances of receiving unwanted communications, like spam.
Please also remember that if you choose to provide personally identifiable information using certain public features of the Services, individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in content that you create or information that you submit through our Services.
INFORMATION YOU GIVE TO OTHER PEOPLE
This Policy only applies to information collected by Fog Creek Software. It does not apply to the practices of companies that we don't own or control, or employees that we don't manage. Information on our Services’ boards, wikis, cases and forums may contain links to third party websites, and any information you provide to those sites will be covered by any privacy policies they may have. Please be sure to read the privacy policies of any third-party sites you visit. It is those sites' responsibility to protect any information you give them, so we can't be held liable for their wrongful use of your personally identifying information.
HOW WE USE INFORMATION WE COLLECT
Notice will be provided in clear and conspicuous language when you are first asked to provide us with personal information, or as soon as practicable thereafter, and we'll notify you before we use the information for something other than the purpose for which it was originally collected. If anything in this policy seems unclear, please don't hesitate to contact us at email@example.com, so we can address your question and possibly clarify this document.
Here are some of the ways we may use personal information you provide us:
- To allow you to register for our Services and to administer and process the registration
- To communicate with you about our products, services and related issues
- To evaluate the quality of our products and services, and to enhance your experience on our web sites
- To maintain and administer our web sites and comply with our legal or internal obligations and policies
- To transfer information to others as described in this policy or to satisfy our legal, regulatory, compliance, or auditing requirements
- To charge you any fees and provide you with a receipt or resolve billing issues associated with your account
Choice — Choice is all about making sure you have the ability to control how we share your personal information with others. We never share any of your personal information with non-agent third parties.
We won't share your personal information with non-agent third parties unless we are required to do so by law, or if we believe in good faith that disclosure is reasonably necessary to protect our property, rights or those of third parties or the public at large. It is possible that we may, on occasion, buy or sell assets from or to other companies. If that should occur, user information is typically one of the assets that get transferred. Similarly, if Fog Creek Software or most of its assets were acquired, or in the unlikely event that we go out of business or enter bankruptcy, user information could be transferred or acquired. You should be aware that such events can occur, and that if it does, the buyer may continue to use your personal and non-personal information, but only as set forth in this policy. Other than in these rare circumstances, Fog Creek Software will not rent or sell potentially personally identifying information to anyone.
We may from time to time request some of your financial information for the purposes of completing transactions you have initiated through the Services, enrolling you in discount, rebate, and other programs in which you elect to participate, protecting against or identify possible fraudulent transactions, and otherwise as needed to manage our business.
It's hard to imagine that we would ever consider collecting, let alone sharing, sensitive information with a non-agent third party, but if such a day should ¬come, we will first give you the opportunity to explicitly consent (opt-in) to such disclosure or to any use of the information for a purpose other than the one for which it was originally collected or previously authorized.
If you are a registered user of our Services and have supplied your email address, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with the Services. We generally use our Services to communicate this type of information, so we expect to keep this type of communication to a minimum. If we do send you information that you did not expressly request, we will provide you with a way to request that you don't get any similar notices (opt-out, unsubscribe, etc.).
Onward Transfer — Prior to providing agents with any personal information, we will obtain assurances that they will safeguard it in accordance with this policy. Examples of assurances that may be provided include:
- A commitment that they will handle the information in accordance with this policy, or will provide the same level of protection, as required by the Privacy Shield Principles;
- Privacy Shield certification by the agent, or being subject to another European Commission adequacy finding.
In the unlikely event that we should discover that an agent is using personal information in a way that conflicts with this policy, we will take all reasonable steps to stop it immediately.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Fog Creek will remain liable.
Security — All records containing personal or financial information are considered to be our property and are afforded confidential treatment at all times. We work hard to protect against the unauthorized access, use, alteration or destruction of personal or financial information. All such electronic information is stored on restricted database servers, and is generally kept until such time as you may ask us to edit or delete it, as described below. We only disclose such information to our employees, contractors or affiliates that a) need to know that information in order to process it for us or to provide other services, and b) have agreed not to disclose it to others.
All interactions with our Services use the Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol. We use a third-party, industry-accepted Payment Gateway to securely process credit card transactions.
Data Integrity — In addition to assuring you that we will protect your personal information, we also want to make sure that it is reliable, accurate, and up-to-date.
If you have any concerns or complaints about how you think we've handled your personal information, please contact firstname.lastname@example.org or our Data Protection Officer at the address below. We will work hard to investigate and resolve any complaints you might have.
HOW TO CONTACT US
If you have any questions about this policy or our site in general, please contact us at email@example.com.
Our Data Protection Officer is Jordan Harris.
In compliance with the Privacy Shield Principles, Fog Creek commits to resolve complaints about our collection or use of your personal information. Your organization being subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). The possibility, under certain conditions, for the individual to invoke binding arbitration. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Fog Creek at:
75 Broad Street, Suite 1904
New York City, NY 10004
Fog Creek has further committed to refer unresolved Privacy Shield complaints to the JAMS Foundation, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/ for more information or to file a complaint. The services of the JAMS Foundation are provided at no cost to you.
Please see the Fog Creek Security Policy, which also links to the individual security policies for each product.
EMPLOYEES' & PROSPECTIVE EMPLOYEES' INFORMATION
This section covers any ways in which personal information we collect from employees or applicants might be treated differently than user information. You can probably stop here if you are not an employee or interested in applying for a job with Fog Creek Software. But maybe you should be interested: Who wouldn't want to work with an amazingly talented team dedicated to making awesome software, especially at a company with free lunches, top-notch benefits, and a founder who has literally written the book on how to make great workplaces for building amazing software? The more I think about it, the more I think maybe you should click here after all: http://www.fogcreek.com/careers. And if you do, be sure to review the following non-comprehensive list of ways that we may use information provided to us by employees or applicants:
- Responding to inquiries in connection with prospective employment at Fog Creek Software, and processing employment applications
- Carrying out human resources functions like training, career / succession planning, administering contracts, evaluating employees, and providing benefits
- Enabling Fog Creek Software and its employees to contact each other by telephone, fax, e-mail, or "snail mail"
- Administering compensation, bonus and other employment needs
- Arranging employees' travel plans
- Maintaining building security and employee health and safety
- Running internal administrative analytics, such as staffing, headcount and statistics initiatives
- Complying with our legal obligations, policies and procedures
- Transferring personal information to others as required by our legal, regulatory, compliance and auditing needs
* Google Analytics is a registered trademark of Google, Inc.
- 2017/04/27: Added EU-U.S. and U.S. Privacy Shield Framekwork language.