From 92d1b826ad6a8b367a823612d753eff737b8b4dd Mon Sep 17 00:00:00 2001 From: Ladan Nasserian Date: Fri, 20 Dec 2019 15:37:55 -0800 Subject: [PATCH 1/7] Update privacy policy for 2020 Here is the older archived version: https://github.com/segmentio/segment-docs/pull/474 Need to also add a drop down to reference archived version --- src/legal/privacy.md | 1308 ++++++++++++++++++++++++++++++++---------- 1 file changed, 1016 insertions(+), 292 deletions(-) diff --git a/src/legal/privacy.md b/src/legal/privacy.md index 8f284d4cc2..23374a879d 100644 --- a/src/legal/privacy.md +++ b/src/legal/privacy.md @@ -4,353 +4,1077 @@ feedback: false hide-feedback: true --- -> Effective as of July 18th, 2018. +> Effective as of January 1, 2020.
-This Privacy Policy explains how Segment.io, Inc. ("Segment", or "we", "us" or "our") collects, uses and shares your personal information if you visit www.segment.com  (the "Site") or register to use our services, and explains your choices for how we handle your personal information. For convenience, the Site and our services are collectively referred to as the "Service." +This Privacy Policy explains how Segment.io, Inc. ("**Segment**", or +"**we**", "**us**" or "**our**") handles personal information that we +collect -Segment respects your privacy rights and is committed to transparency in how we collect, use and share your personal information. If you have any questions or concerns about your personal information or this Privacy Policy, email us at [privacy@segment.com](mailto:privacy@segment.com). +- through our website at www.segment.com (the "**Site**"); -Users in the European Economic Area should be sure to read the important information provided [here](#Additional-Information-for-European-Union). +- about users of the Segment service (the "**Service**"); -* [Segment's Service and Client User Data](#Segments-Service-and-Client-User-Data) -* [Personal Information We Collect](#Personal-Information-We-Collect) -* [How We Use Your Personal Information](#How-We-Use-Your-Personal-Information) -* [How We Share your Personal Information](#How-We-Share-Your-Personal-Information) -* [Your Choices](#Your-Choices) -* [Tracking and Targeted Advertising](#Tracking-and-Targeted-Advertising) -* [Social Media Widgets](#Social-Media-Widgets) -* [Payment Information](#Payment-Information) -* [Security](#Security) -* [International Data Use](#International-Data-Use) -* [Third Party Sites and Services](#Third-Party-Sites-and-Services) -* [User Generated Content](#User-Generated-Content) -* [Children](#Children) -* [Organization-Administered Accounts](#Organization-Administered-Accounts) -* [Changes to this Privacy Policy](#Changes-to-This-Privacy-Policy) -* [Contact Us](#Contact-Us) -* [Additional Information for European Union.](#Additional-Information-for-European-Union) +- in connection with our marketing activities; - +- at events we host; and -## Segment's Service and Client Services Data +- in other settings where we post this Privacy Policy. -Registered customers of the Service ("**Clients**") use it to collect information about how their own users use Client websites, applications, services ("Client Services") and related third-party applications ("Client Services Data"). Clients also use the Service to more efficiently route Client Services Data to their own third party applications/services and control how their own third party applications/services exchange Client Services Data. +Segment respects your privacy rights and is committed to transparency in +how we collect, use and share your personal information. If you have any +questions or concerns about your personal information or this Privacy +Policy, email us at . -Client Services Data may include, without limitation, information about the identity of Client users (such as name, postal address, e-mail address, IP address and phone number), as well as information about the pages users visit, the features they use, and the actions they take while using the Client Services. -This Privacy Policy does not apply to Client Services Data or to Client Services, and we are not responsible for our Clients' handling of Client Services Data. Our Clients have their own policies regarding the collection, use and disclosure of your personal information. To learn about how a particular Client handles your personal information, we encourage you to read the Client's privacy statement. Our use of Client Services Data provided by our Clients in connection with our Service is subject to the written agreement between Segment and Client. +- [Segment's Service and Customer + Data](https://segment.com/docs/legal/privacy/#Segments-Service-and-Client-User-Data) - +- [Personal Information We + Collect](https://segment.com/docs/legal/privacy/#Personal-Information-We-Collect) +- [How We Use Your Personal + Information](https://segment.com/docs/legal/privacy/#How-We-Use-Your-Personal-Information) -## Personal Information We Collect -We collect personal information about you in the following ways: +- [How We Share your Personal + Information](https://segment.com/docs/legal/privacy/#How-We-Share-Your-Personal-Information) -### Information you give us +- [Your Choices](https://segment.com/docs/legal/privacy/#Your-Choices) -Personal information that you may provide through the Service or otherwise communicate with us includes: +- [Security](https://segment.com/docs/legal/privacy/#Security) -* **Identity information**, such as your first name, last name, username or similar identifier, title, date of birth and gender; -* **Contact information**, such as your postal address, email address and telephone number; -* **Profile information**, such as your username and password, interests, and preferences; -* **Feedback and correspondence**, such as information you provide when you respond to surveys, participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us; -* **Payment information**, such as your credit card or other payment card details as described in the [Payment Information](#Payment-Information) section below; -* **Transaction information**, such details about purchases you make through the Service and billing details; -* **Usage information**, such as information about how you use the Service and interact with us; and -* **Marketing information**, such your preferences for receiving marketing communications and details about how you engage with them. +- [International Data + Use](https://segment.com/docs/legal/privacy/#International-Data-Use) -### Information we get from others +- [Third Party Sites and + Services](https://segment.com/docs/legal/privacy/#Third-Party-Sites-and-Services) -We may obtain additional information about you from third party sources, such as APIHub, Inc., to enrich your experience with the Service and provide you with more relevant information in the Service. +- [Children](https://segment.com/docs/legal/privacy/#Children) -### Information automatically collected +- [Organization-Administered + Accounts](https://segment.com/docs/legal/privacy/#Organization-Administered-Accounts) -Our servers may automatically record certain information about how you use the Service, such as your Internet Protocol (IP) address, device and browser type, operating system, the pages or features of the Service that you browsed and the time spent on those pages or features, the frequency with which you use the Service, search terms, the links that you click on or use, and other statistics. We collect this information in server logs and by using cookies and similar tracking technologies to analyze trends, administer the website, track users' movements around the website, gather demographic information about our user base as a whole, and deliver advertising. See our [Website Data Collection Policy](https://segment.com/docs/legal/website-data-collection-policy/) for more information. +- [Changes to this Privacy + Policy](https://segment.com/docs/legal/privacy/#Changes-to-This-Privacy-Policy) -### Sensitive personal information +- [Contact Us](https://segment.com/docs/legal/privacy/#Contact-Us) -Subject to the following paragraph, we ask that you not send or disclose to us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise. -If you send or disclose any sensitive personal information to us (such as when you submit user generated content to the Service), you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not provide it. +- Information for California residents -### Changes to your personal information +- [Information](https://segment.com/docs/legal/privacy/#Additional-Information-for-European-Union) + for individuals in Europe -It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at [privacy@segment.com](mailto:privacy@segment.com). +**[Segment's Service and Customer Data]{.underline}** - +Registered users of the Service ("**Customers**") are businesses that +use it to collect and manage information about their own users +("**Customer Data**"), including information about how they interact +with the Customer's websites, applications, services and designated +third-party partners ("**Customer Services**"). Customers also use the +Service to more efficiently route Customer Data to the other services +that they use or to third parties that they work with, and to control +how Customer Data is exchanged between these services and third parties. -## How We Use Your Personal Information -We use your personal information for the following purposes or as otherwise described to you at the time of collection: +Customer Data may include, without limitation, information about the +identity of Customer users (such as name, postal address, e-mail +address, IP address and phone number), as well as information about the +pages users visit, the features they use, and the actions they take +while using Customer Services. This Privacy Policy does not apply to +Customer Data or to Customer Services, and we are not responsible for +our Customers' handling of Customer Data. Our Customers have their own +policies regarding the collection, use and disclosure of your personal +information. To learn about how a particular Customer handles your +personal information, we encourage you to read the Customer's privacy +policy. Our use of Customer Data provided by our Customers in connection +with our Service is subject to the written agreement between Segment and +Customer. - +**[Personal Information We Collect]{.underline}** -### To provide the Service +**Information you give us.** Personal information that you may provide +through the Service or otherwise includes: -If you have a Segment account, we use your personal information: +- **Contact information**, such as your first name, last name, + professional title, organizational affiliation, postal address, + office location, email address and telephone number; -* to operate, maintain, administer and improve the Service; -* to manage and communicate with you regarding your Service account if you have one, including by sending you Service announcements, technical notices, updates, security alerts, and support and administrative messages; -* to process payments you make through the Service as described in the [Payment Information](#Payment-Information) section below; -* to better understand your needs and interests, and personalize your experience with the Service; and -* to respond to your Service-related requests, questions and feedback. +- **Profile information**, such as your username, password and + preferences; - +- **Communications**, such as information you provide when you respond + to surveys, participate in market research activities, participate + in telephone conferences with our representatives (which may be + recorded with your permission where permitted by law); report a + problem with Service, receive customer support or otherwise + communicate with us; -### To send you marketing communications +- **Transaction information,** such as the credit card or other + payment card details that you use to pay for the Service, and your + Service-related billing information and transaction history; -If you request information from us, use the Service or participate in our surveys, promotions or events, we may send you Segment-related marketing communications as permitted by law but will provide you with the ability to opt out. +- **Marketing information**, such your preferences for receiving + marketing communications and details about how you engage with them; + and - +- **Other information** that you choose to provide but is not + specifically listed here, which we will use as described in this + Privacy Policy or as otherwise disclosed at the time of collection. -### To deliver you advertising +**Information from third party sources.** We may combine personal +information we receive from you with personal information we obtain from +other sources, such as our Customers; data providers; affiliates within +our corporate group of companies; business partners, such as joint +marketing partners and event co-sponsors; and publicly accessible +sources, such as social media platforms. -We and our partners may serve you ads in the Service or third party sites, including to tailor ads based on your interests and browsing history. See the [Tracking and Targeted Advertising](#Tracking-and-Targeted-Advertising) section below for more details. +**Data collected automatically.** We, our service providers, and our +business partners may automatically log the following information about +you, your computer or mobile device, and your activity over time on the +Site and other online services: - +- **Device data**, such as your computer or mobile device operating + system type and version number, manufacturer and model, browser + type, screen resolution, IP address, unique identifiers, and general + location information such as city or town. + +- **Usage data**, such as the website you visited before browsing to + the Site, pages or screens you viewed, how long you spent on a page + or screen, navigation paths between pages or screens, information + about your activity on a page or screen, access times, and duration + of access. + +Some of our automatic collection is facilitated by: + +- **Cookies**, which are text files stored on a visitor's device to + uniquely identify the visitor's browser or to store information or + settings in the browser for the purpose of helping you navigate + between pages efficiently and remembering your preferences, enabling + functionality, helping us understand user activity and patterns, + facilitating online advertising and measuring the effectiveness of + our ads. + +- **Javascript libraries, which are snippets of code within web pages + that execute when certain actions take place.** + +- **Web beacons**, also known as pixel tags or clear GIFs, which are + typically used to demonstrate that a webpage or email was accessed + or opened, or that certain content within it was viewed or clicked, + typically to compile statistics about usage of websites and the + success of marketing campaigns. + +For more information about the use of these technologies on the Site, +see our [Website Data Collection +Policy](https://segment.com/docs/legal/website-data-collection-policy/). + +**Sensitive personal information.** We ask that you not share with us +any sensitive personal information (e.g., social security numbers, +information related to racial or ethnic origin, political opinions, +religion or other beliefs, health, biometrics or genetic +characteristics, criminal background or union membership) on or through +the Service or otherwise. If you do anyway, you must consent to our +processing and use of such sensitive personal information in accordance +with this Privacy Policy. + +**Changes to your personal information.** It is important that the +personal information we hold about you is accurate and current. Please +let us know if your personal information changes during your +relationship with us by updating your registration profile or emailing +us at . + +**[How We Use Your Personal Information]{.underline}** + +We use your personal information for the following purposes or as +otherwise described to you at the time of collection: + +**Service delivery. W**e use your personal information to: + +- provide, operate, maintain, and improve the Service; + +- communicate with you regarding the Service if you are a Customer, + including by sending you Service announcements, technical notices, + updates, security alerts, and support and administrative messages; + +- process your Service subscription transactions and process your + related payments: + +- understand your needs and interests, and personalize your experience + with the Service; and + +- provide support for the Service and respond to your requests, + questions and feedback. + +**Site operation.** We use your personal information to: + +- provide, operate, maintain and improve the Site; + +- understand your needs and interests, and personalize your experience + with the Site; and + +- provide support for the Site and respond to your requests, questions + and feedback. + +**Research and development.** We may use your personal information for +research and development purposes, including to analyze and improve the +Service and our business and develop other products and services. As +part of these activities, we may create aggregated, de-identified or +other anonymous data from personal information we collect. We make +personal information into anonymous data by removing information that +makes the data personally identifiable to you. We may use this anonymous +data and share it with third parties for our lawful business purposes, +including to analyze and improve the Service and promote our business. + +**Marketing. We and our third party advertising partners may collect and +use your personal information for marketing and advertising purposes:** + +- **Direct marketing.** If you request information from us, use the + Service or participate in our surveys, promotions or events, we may + send you Segment-related marketing communications as permitted by + law but will provide you with the ability to opt out. + +- **Interest-based advertising.** We may contract with third-party + advertising and social media companies to display ads on our Service + and other sites. These companies may use cookies and similar + technologies to collect information about you (including the device + data and online activity data described above) over time across our + Service and other sites and services or your interaction with our + emails, and use that information to serve ads that they think will + interest you. These ads are known as \"interest-based + advertisements.\" You can learn more about your choices for limiting + interest-based advertising, in the Advertising choices section + below. + +**Compliance and protection. We may use your personal information to:** + +- protect our, your or others' rights, privacy, safety or property + (including by making and defending legal claims); + +- audit our internal processes for compliance with legal and + contractual requirements and internal policies; + +- enforce our Terms of Service; + +- protect, investigate and deter against fraudulent, harmful, + unauthorized, unethical or illegal activity, including cyberattacks + and identity theft; and + +- comply with applicable laws, lawful requests and legal process, such + as to respond to subpoenas or requests from government authorities. + +**Other purposes with your consent.** In some cases we will ask for your +consent to collect, use or share your personal information for other +purposes. For example, we may ask for your consent to send you marketing +emails where required by law or to post your testimonial or endorsement. + +**[How We Share your Personal Information]{.underline}** + +We do not share the personal information that you provide us with other +organizations without your express consent, except as described in this +Privacy Policy. We may share your personal information with the +following parties and as otherwise described in this Privacy Policy or +at the time of collection: + +- **Service Providers**. We may employ companies and individuals to + help provide the Site or Service on our behalf or help us operate + our business (such as IT, customer support, hosting, website + analytics, email delivery, marketing and advertising, research, + event management). They are permitted to use your personal + information only as authorized to perform these tasks in a manner + consistent with this Privacy Policy. -### To create anonymous data +- **Payment processors**.  Any payment card information you use to + make a purchase on the Service is collected and processed directly + by our payment processor, Stripe, and we never physically receive or + store your full payment card information. Stripe commits to + complying with the Payment Card Industry Data Security Standard + (PCI-DSS) and using industry standard security. Stripe may use your + Payment Information in accordance with its own Privacy Policy + here: https://stripe.com/privacy. + +- **Advertising partners.** We work with third party advertising + companies that collect information about your activity on the Site + and other online services to help us advertise our services + (including, through interest-based advertising), and/or use hashed + customer lists that we share with them to deliver ads to them and + similar users on their platforms. + +- **Customers.** When you have an organization-administered account + your organization can access your information as described in the + Organization-Administered Accounts section below. + +- **Affiliates.** We may disclose your personal information to our + subsidiaries and corporate affiliates for use consistent with this + Privacy Policy. + +- **Professional advisors**. We may disclose your personal information + to professional advisors, such as lawyers, bankers, auditors and + insurers, where necessary in the course of the professional services + they render to us. + +- **Compliance and protection.** We may disclose your personal + information as we believe appropriate to government or law + enforcement officials or private parties (a) for the compliance and + protection purposes described above; (b) as required by law, lawful + requests or legal process, such as to respond to subpoenas or + requests from government authorities; (c) where permitted by law in + connection with any legal investigation; and (d) to prosecute or + defend legal claims. + +- **Business Transfers.** We may sell, transfer or otherwise share + some or all of our business or assets, including your personal + information, in connection with a business deal (or potential + business deal) such as a merger, consolidation, acquisition, + reorganization or sale of assets, or in the event of bankruptcy, in + which case we will make reasonable efforts to require the recipient + to honor this Privacy Policy. + +**[Your Choices]{.underline}** + +**Access, Update, Correct or Delete Your Information.** Customers may +review, update, correct or delete the personal information in their +registration profile by logging into their account or emailing us +at . + +**Access to Data Controlled by our Customers.** Segment has no direct +relationship with the individuals whose personal information is +contained within the Customer Data processed by the Service. An +individual who seeks to access, correct or delete this information +should direct their request the Customer. + +**Marketing communications.** You may opt out of marketing-related +emails by logging in and changing your account settings or by following +the opt-out prompt in the email. You may continue to receive +Service-related and other non-marketing emails. + +**Testimonials.** If you gave us consent to post a testimonial to our +site, but wish to update or delete it, please [contact +us](mailto:privacy@segment.com). + +Cookies. You may opt-out of certain cookie-based tracking activities on our Site in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. Additionally, most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser's settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + +Advertising choices. You can opt-out of data collection through our Site for interest-based advertising purposes in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. You can also limit use of your information for interest-based advertising by: +---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- + +- **Browser settings. Blocking third party cookies in your browser + settings using or ad-blocking browser plug-ins/extensions.** + +- **Mobile device settings. Using your mobile device settings to limit + use of the advertising ID associated with your mobile device for + interest-based advertising purposes.** + +- **Platform settings. Using Google's and Facebook's interest-based + advertising opt-out features:** + + - **Google: https://adssettings.google.com/** + + - **Facebook: https://www.facebook.com/about/ads** + +- **Ad industry tools. Opting out of interest-based ads from companies + participating in the following industry opt-out programs:** + + - **Network Advertising Initiative: + [[http://www.networkadvertising.org/managing/opt\_out.asp]{.underline}](http://www.networkadvertising.org/managing/opt_out.asp)** + + - **European Interactive Digital Advertising Alliance (for + European users): ** + + - **Digital Advertising Alliance:** + + - **optout.aboutads.info, which lets you opt-out of + interest-based ads on websites.** + + - **AppChoices mobile app, available at + [[https://www.youradchoices.com/appchoices]{.underline}](https://www.youradchoices.com/appchoices), + which lets you opt-out of interest-based ads in mobile + apps.** + +The opt-out preferences described above must be set on each device for +which you want them to apply. Not all companies that serve +interest-based ads participate in the ad industry opt-out programs +described above, so even after opting-out, you may still receive some +cookies and interest-based ads from other companies. If you opt-out of +interest-based advertisements, you will still see advertisements online +but they may be less relevant to you. -We may create aggregated and other anonymous data from our users' personal information. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes. +**Do Not Track.** Some Internet browsers may be configured to send "Do +Not Track" signals to the online services that you visit. We currently +do not respond to "Do Not Track" or similar signals. To find out more +about "Do Not Track," please visit +[[http://www.allaboutdnt.com]{.underline}](http://www.allaboutdnt.com). - +**Declining to provide your personal information.** If you do not +provide information indicated as required or mandatory within the +Service, or that is otherwise necessary to provide a requested service +or feature within the Service, that portion or all of the Service may be +unavailable to you and we may deactivate your account. -### For security, compliance, fraud prevention and safety +**[Security]{.underline}** -We may use your personal information as we believe appropriate to (a) investigate or prevent violation of the law or our Terms of Service; (b) secure the Service; (c) protect our, your or others' rights, privacy, safety or property; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. +The security of your personal information important to us. We take a +number of organizational, technical and physical measures designed to +protect the personal information we collect, both during transmission +and once we receive it. However, no security safeguards are 100% secure +and we cannot guarantee the security of your information. - +**[International Data Use]{.underline}** -### For compliance with law; legal claims +Segment is headquartered in the United States and has affiliates and +service providers in other countries, and your personal information may +be collected, used and stored in the United States or other locations +outside of your home country. Privacy laws in the locations where we +handle your personal information may not be as protective as the privacy +laws in your home country. -We may use your personal information as we believe appropriate to (a) comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) where permitted by law in connection with a legal investigation; and (c) to prosecute or defend legal claims. +Individuals in the European Economic Area should read the important +information +provided [here](https://segment.com/docs/legal/privacy/#Cross-Border-Data-Transfer) about +transfer of personal information outside of the European Economic Area. -### With your consent +**[Third Party Sites and Services]{.underline}** -In some cases we may ask for your consent to collect, use or share your personal information, such as when you let us post your testimonials or endorsements in the Service. +The Service may contain links to other websites and services operated by +third parties, such as social media platforms, advertising services and +other websites and applications. These links are not an endorsement of, +or representation that we are affiliated with, any third party. We do +not control third party websites, applications or services, and are not +responsible for their actions. Other websites and services follow +different rules regarding their collection, use and disclosure of your +personal information. We encourage you to read their privacy policies to +learn more. - +**[Children]{.underline}** -## How We Share your Personal Information +The Service is not directed at, and Segment does not knowingly acquire +or receive personal information from, children under the age of 16. If +we learn that any user of the Service is under the age of 16, we will +take appropriate steps to delete that individual's personal information +and restrict that individual from future access to the Service. -We do not share or sell the personal information that you provide us with other organizations without your express consent, except as described in this Privacy Policy. We may disclose personal information to third parties under the following circumstances: +**[Organization-Administered Accounts]{.underline}** -* **Affiliates.** We may disclose your personal information to our subsidiaries and corporate affiliates for use consistent with this Privacy Policy. -* **Service Providers.** We may employ third party companies and individuals to administer and provide the Service on our behalf (such as customer support, hosting, website analytics, email delivery and database management services). These third parties are permitted to use your personal information only to perform these tasks in a manner consistent with this Privacy Policy and are obligated not to disclose or use it for any other purpose. -* **Payment processors.** We may share your payment information to process your payments as described in the [Payment Information](#Payment-Information) section below. -* **Professional advisors.** We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services they render to us. -* **Compliance with Laws and Law Enforcement; Protection and Safety.** We may disclose your personal information as we believe appropriate to government or law enforcement officials or private parties (a) for the security, compliance, fraud prevention and safety purposes described above; (b) as required by law, lawful requests or legal process, such as to respond to subpoenas or requests from government authorities; (c) where permitted by law in connection with any legal investigation; and (d) to prosecute or defend legal claims. -* **Business Transfers.** We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy. +Where the Service is provided to you through your employer or another +organization, please note that your organization's administrator may be +able to: - +- require you to reset your account password; -## Your Choices +- restrict, suspend or terminate your access to the Service; -### Access, Update, Correct or Delete Your Information +- access and retain information in and about your account; -All Segment account holders may review, update, correct or delete the personal information in their registration profile by logging into their account. Segment account holders may also contact us at [privacy@segment.com](mailto:privacy@segment.com) to accomplish the foregoing or if you have additional requests or questions. +- access or retain information stored as part of your account; -### Access to Data Controlled by our Clients -Segment has no direct relationship with the individuals whose personal information is contained within the Client Services Data processed by the Service. An individual who seeks to access, correct or delete personal information provided by our Clients should direct their request the Client. Similarly, if your Service account is administered by your employer or other organization, you should direct your request regarding your account or personal information (including requests to access, correct or delete it) to the organization's administrator. See the [Organization-Administered Accounts](#Organization-Administered-Accounts) section below for details. You may also contact us at [privacy@segment.com](mailto:privacy@segment.com) if you have additional questions or concerns. +- change the email address associated with your account; -### Marketing communications +- change your information, including profile information; and -You may opt out of marketing-related emails by logging in and changing your account settings or by following the opt-out prompt in the email. You may continue to receive Service-related and other non-marketing emails. - -### Testimonials - -If you gave us consent to post a testimonial to our site, but wish to update or delete it, please [contact us](mailto:privacy@segment.com). - -### Choosing not to share your personal information - -If you do not provide information indicated as required or mandatory within the Service, or that is otherwise necessary to provide a requested service or feature within the Service, that portion or all of the Service may be unavailable to you and we may deactivate your account. - - - -## Tracking and Targeted Advertising - -We may allow service providers and other third parties to use cookies and other tracking technologies to track your browsing activity over time and across the Service and third party websites. For example, we may partner with third party advertisers to display advertising on the Site or manage our advertising on other sites. These advertisers may also provide you targeted ads based upon your interests on third party sites. We also use third party website analytics services that help us analyze users' interactions with the Site. For more details, see our [Website Data Collection Policy](https://segment.com/docs/legal/website-data-collection-policy/). You may opt out of certain tracking activities on our Site in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. In addition, some advertising networks allow you to opt out of targeted advertising. For more information, visit [http://www.aboutads.info/choices/](http://www.aboutads.info/choices/) or [http://www.youronlinechoices.com](http://www.youronlinechoices.com). - -Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to do not track or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com. - -In some of our communications, we track clicks on links in the communications to content in the Service to help us measure the effectiveness of our communications. - - - -## Social Media Widgets - -Our Service may include social media features, such as the Facebook "like" button and widgets, such as the "share this" button. These features may collect your personal information and track your use of the Service. These social media features are either hosted by a third party or hosted directly in the Service. Your interactions with these features are governed by the privacy policy of the company providing such functionality. - - - -## Payment Information - -Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processor, Stripe and we never receive or store your full payment card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with its own Privacy Policy here: [https://stripe.com/us/checkout/legal](https://stripe.com/us/checkout/legal). - - - -## Security - -The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information. - - - -## International Data Use -Segment is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be collected, used and stored in the United States or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country. - -European Union users should read the important information provided [here](#Cross-Border-Data-Transfer) about transfer of personal information outside of the European Economic Area. - - - -## Third Party Sites and Services - -The Service may contain links to other websites and services operated by third parties, such as social media platforms, advertising services and other websites and applications. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites, applications or services, and are not responsible for their actions. Other websites and services follow different rules regarding their collection, use and disclosure of your personal information. We encourage you to read their privacy policies to learn more. - - - -## User Generated Content - -We may make available in the Service, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly-disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties. - - - -## Children - -The Service is not directed at, and Segment does not knowingly acquire or receive personal information from, children under the age of 16. If we learn that any user of the Service is under the age of 16, we will take appropriate steps to delete that individual's personal information and restrict that individual from future access to the Service. - - - -## Organization-Administered Accounts - -Where the Service is provided to you through your employer or another organization, that organization is the administrator of the Service and we act only as its service provider. We are not responsible for the privacy or security practices of these organizations, which have their own privacy policies, and we encourage you to contact them with your privacy-related questions or requests to access, correct or delete your personal information. Please note that your organization's administrator may be able to: - -* require you to reset your account password; -* restrict, suspend or terminate your access to the Service; -* access information in and about your account; -* access or retain information stored as part of your account; -* change the email address associated with your account; -* change your information, including profile information; and -* restrict your ability to edit, restrict, modify or delete information. - -Please contact your organization or refer to your administrator's organizational policies for more information. - - - -## Changes to this Privacy Policy - -We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy we will notify you by email (if you have an account linked to a valid email address) or another manner through the Service that we believe is reasonably likely to reach you. - -Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes in the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any updated Privacy Policy indicates your acceptance of the update. - - - -## Contact Us - -If you have any questions or concerns about our Privacy Policy, please contact us. - -Segment.io, Inc. -100 California Street, Suite 700 -San Francisco, CA 94111 USA -Attention: Data Protection Officer - -Email: [privacy@segment.com](mailto:privacy@segment.com) - - - -## Additional Information for European Union Users - -### Personal information - -References to "personal information" in this Privacy Policy are equivalent to "personal data" governed by European data protection legislation. - -### Controller, Data Protection Officer and EU Representative -Segment.io, Inc. is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation and you can contact us and our Data Protection Officer using the contact details listed in the Contact Us section above. Our EU representative is: - -Segment Technologies Ireland, Limited -c/o Segment.io, Inc. -100 California Street, Suite 700 -San Francisco, CA 94111 USA - -Email: [privacy@segment.com](mailto:privacy@segment.com) - -### Legal bases for processing - -We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at [privacy@segment.com](mailto:privacy@segment.com). - -| Processing purpose | Legal Basis | -| ------- | --- | -| [To provide the Service](#to-provide-the-service) | You have entered a contract with us and we need to use your personal information to provide services you have requested or take steps that you request prior to providing services. | -| [To send you marketing communcations](#to-send-marketing-communications)

[To deliver you advertising](#to-deliver-you-advertising)

[To create anonymous data](#to-create-anonymous-data)

[For compliance, fraud prevention and safety](#for-compliance-fraud-prevention-and-safety)

[To prosecute or defend legal claims](#to-prosecute-or-defend-legal-claims) | These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). | -| [For compliance with law](#for-compliance-with-the-law) | Processing is necessary to comply with our legal obligations | -| [With your consent](#with-your-consent) | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at [privacy@segment.com](mailto:privacy@segment.com). | - - -### Use for new purposes - -We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis. - -### Retention - -We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. - -To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. - - - -## Your rights - -European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold: - -* **Opt-out.** Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing communications. -* **Access.** Provide you with information about our processing of your personal information and give you access to your personal information. -* **Correct.** Update or correct inaccuracies in your personal information. -* **Delete.** Delete your personal information. -* **Transfer.** Transfer a machine-readable copy of your personal information to you or a third party of your choice. -* **Restrict.** Restrict the processing of your personal information. -* **Object.** Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights. - -You can submit these requests by email to [privacy@segment.com](mailto:privacy@segment.com) or our postal address provided [above](#Contact-Us). We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator [here](http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm). - - - -## Cross-Border Data Transfer - -If we transfer your personal information out of the European Economic Area or Switzerland and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so. Such safeguards may include applying the European Commission Model contracts for the transfer of personal data to third countries described [here](https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en#international-data-transfers-using-model-contracts), or for transfers to third parties in the United States, ensuring they participate in the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework. Please [contact us](mailto:privacy@segment.com) for further information about any such transfers or the specific safeguards applied. - -Segment itself has self-certified to the EU-U.S. and Swiss-U.S. Privacy Shield. For more information, see our Privacy Shield Notice. - - - -## Privacy Shield Notice - -Effective as of July 18, 2018. - -Segment.io, Inc. ("**Segment**" or "**we**", "**us**" or "**our**") complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred to it in the United States from the European Economic Area ("**EEA**") or Switzerland, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit [www.privacyshield.gov](https://www.privacyshield.gov). - -**Scope.** Our certification of adherence to the Privacy Shield Principles applies to the personal data that (a) we collect from our customers and other visitors to our website for account management, billing or marketing purposes ("**Segment User Data**") and (b) that we process on behalf of our customers in providing online services to them under a service agreement ("**Services Data**"). - -**Data processed.** The Segment User Data that we collect, use and share is described in our Privacy Policy. While our customers decide what Services Data to submit, it typically includes information about their own users and how they use the customer's sites, applications and services and third party applications. We process Services Data as instructed by our customers and do not own or control Services Data. - -**Purposes of data processing.** We collect, use and share Segment User Data for the purposes described in our Privacy Policy. We process Services Data for the purpose of providing our online services to our customers, which may include accessing and processing the data to provide the services, to correct and address technical or service problems, to follow instructions of the customer who submitted the data, or in response to contractual requirements. - -**Inquiries and complaints.** If you believe Segment maintains your personal data within the scope of our Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield compliance to [privacy@segment.com](mailto:privacy@segment.com). If you are located in the EEA or Switzerland and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at [https://feedback-form.truste.com/watchdog/request](https://feedback-form.truste.com/watchdog/request). - -**Arbitration.** If you are located in the EEA or Switzerland and neither Segment nor our dispute resolution provider resolves your complaint, you may be entitled to invoke binding arbitration under certain conditions more fully described on the [Privacy Shield website](https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint). - -**Third parties who may receive personal data.** We share Segment User Data with third parties as described in our Privacy Policy. We may share Services Data with third parties under the following circumstances and only in accordance with the applicable customer agreements: - -* **Affiliates.** We may disclose Services Data to our subsidiaries and corporate affiliates for use consistent with this Privacy Policy. -* **Service Providers.** We may employ third party companies and individuals to administer and provide the Service on our behalf (such as customer support, hosting, website analytics, email delivery, database management services). Segment maintains contracts with these service providers restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, including the onward transfer provisions, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage. -* **Legal requirements.** We may disclose Services Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary (a) to comply with a legal obligation, (b) to protect or defend our rights, interests or property or that of third parties, (c) to prevent or investigate possible wrongdoing in connection with the services, (d) to act in urgent circumstances to protect the personal safety of customers, their users or the public; or (e) to protect against legal liability. -* **Business Transfers.** As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Services Data may be part of the transferred assets. - -In addition, we may be required to disclose any personal data that we process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. - -**Your rights to access, to limit use, and to limit disclosure.** Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have committed to respect those rights. We process Services Data only on behalf of our customers in accordance with their instructions. This means that if you wish to access Services Data and request that we correct, amend or delete it if it is inaccurate or processed in violation of Privacy Shield, you should contact that customer with your request. We will then help them to fulfill that request in accordance with their instructions. - -If your personal data includes Segment Personal Data, you can request access to that data and request that we correct amend, or delete it if it is inaccurate or processed in violation of Privacy Shield by emailing your request to [privacy@segment.com](mailto:privacy@segment.com). We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. - -**U.S. Federal Trade Commission Enforcement.** Segment's commitments under the Privacy Shield are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.   -If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence. - - -

TRUSTe
+- restrict your ability to edit, restrict, modify or delete + information. + +Please contact your organization or refer to your administrator's +organizational policies for more information. + +**[Changes to this Privacy Policy]{.underline}** + +We reserve the right to modify this Privacy Policy at any time. We +encourage you to periodically review this page for the latest +information on our privacy practices. If we make material changes to +this Privacy Policy we will notify you by email (if you have an account +linked to a valid email address) or another manner through the Service +that we believe is reasonably likely to reach you. + +Any modifications to this Privacy Policy will be effective upon our +posting of the new terms and/or upon implementation of the new changes +in the Service (or as otherwise indicated at the time of posting). In +all cases, your continued use of the Service after the posting of any +updated Privacy Policy indicates your acceptance of the update. + +**[Contact Us]{.underline}** + +If you have any questions or concerns about our Privacy Policy, please +contact us. + +Segment.io, Inc. 100 California Street, Suite 700 San Francisco, CA +94111 USA Attention: Data Protection Officer + +Email:  + +**[Important Information for California Residents]{.underline}** + +This section applies only to California residents. It describes how we +collect, use and share Personal Information of California residents in +operating our business, and their rights with respect to that Personal +Information. For purposes of this section, "**Personal Information**" +has the meaning given in the California Consumer Privacy Act of 2018 +("**CCPA**") but does not include information exempted from the scope of +the CCPA. + +Your California privacy rights. You have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. +=============================================================================================================================================================================== + +- **Information.** You can request the following information about how + we have collected and used your Personal Information during the past + 12 months: + + - The categories of Personal Information that we have collected. + + - The categories of sources from which we collected Personal + Information. + + - The business or commercial purpose for collecting and/or selling + Personal Information. + + - The categories of third parties with whom we share Personal + Information. + + - Whether we have disclosed your Personal Information for a + business purpose, and if so, the categories of Personal + Information received by each category of third party recipient. + + - Whether we've sold your Personal Information, and if so, the + categories of Personal Information received by each category of + third party recipient. + +- **Access**. You can request a copy of the Personal Information that + we have collected about you during the past 12 months. + +- **Deletion.** You can ask us to delete the Personal Information that + we have collected from you. + +- **Nondiscrimination.** You are entitled to exercise the rights + described above free from discrimination. This means that we will + not penalize you for exercising your rights by taking actions such + as denying you services; increasing the price/rate of services; + decreasing service quality; or suggesting that we may penalize you + as described above for exercising your rights. + +**How to exercise your information, access and deletion rights.** You +may submit a request to exercise your information, access or deletion +rights by visiting emailing or emailing us +toll-free at \[\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\]. We will need to +verify your identity to process your information, access and deletion +requests and we reserve the right to confirm your California residency. +Government identification may be required. If you wish to designate an +authorized agent to make a request on your behalf, we will need to +verify both your and your agent's identities and your agent must provide +valid power of attorney or other proof of authority acceptable to us in +our reasonable discretion. We cannot process your request if you do not +provide us with sufficient detail to allow us to understand and respond +to it. In certain cases, we may be required or permitted by law to deny +your request. + +**We do not sell your personal information.** Based on our current +understanding of the CCPA, we do not "sell" your personal information as +defined in the CCPA. However, like many companies online, Segment uses +services provided by Google, Facebook and other advertising companies +that track website visitor activity to help deliver interest-based ads +to those visitors. We describe this in more detail in the section above +entitled Interest-based advertising. Use of these services may +constitute a "sale" of Personal Information under the CCPA where the +user has not opted into the tracking. We no longer permit these services +to track your use of the Site for interest-based advertising unless you +opt-in, and you can always opt-out in our Website Data Collection +Preferences center. However, our past practice of allowing this tracking +on an opt-out basis may have resulted in the "sale" of your Personal +Information prior to January 1, 2020. + +**Personal information we collect, use and disclose.** The chart below +describes the categories of Personal Information we collect by reference +to the categories specified by the CCPA (California Civil Code § +1798.140(o)). + ++-------------+-------------+-------------+-------------+-------------+ +| **Statutory | **PI we | **Sources | * | **Parties | +| category of | collect\ | of the PI\ | *Business/\ | to whom we | +| personal | **(click | **(click | commercial | disclose PI | +| information | for | for | purpose for | for a | +| (PI)** | details) | details) | PI | business | +| | | | collection\ | purpose\ | +| | | | **(click | **(click | +| | | | for | for | +| | | | details)**\ | details) | +| | | | ** | | ++=============+=============+=============+=============+=============+ +| * | - | - *You* | - | - * | +| Identifiers | *Contact | | *Service | Advertising | +| (general)* | i | - *Third | | | +| | nformation* | party | delivery* | partners* | +| | | | | | +| | - | sources* | - | - | +| | *Profile | | *Research | *Service | +| | i | | & | | +| | nformation* | | d | providers* | +| | | | evelopment* | | +| | | | | | +| | | | - | | +| | | | *Marketing* | | +| | | | | | +| | | | - | | +| | | | *Compliance | | +| | | | & | | +| | | | | | +| | | | Protection* | | ++-------------+-------------+-------------+-------------+-------------+ +| *Commercial | - *Comm | - *You* | - | - | +| I | unications* | | *Service | *Service | +| nformation* | | - *Third | | | +| | - | party | delivery* | providers* | +| | *Marketing | | | | +| | I | sources* | - | | +| | nformation* | | *Research | | +| | | | & | | +| | | | d | | +| | | | evelopment* | | +| | | | | | +| | | | - | | +| | | | *Marketing* | | +| | | | | | +| | | | - | | +| | | | *Compliance | | +| | | | & | | +| | | | | | +| | | | Protection* | | ++-------------+-------------+-------------+-------------+-------------+ +| *Financial | - * | - *Our | - | - | +| I | Transaction | | *Service | *Payment | +| nformation* | i | Customers* | | | +| | nformation* | | delivery* | processors* | +| | | | | | +| | | | - | - | +| | | | *Compliance | *Service | +| | | | & | | +| | | | | providers* | +| | | | Protection* | | ++-------------+-------------+-------------+-------------+-------------+ +| * | - *Device | - *You* | - | - | +| Identifiers | data* | | *Service | *Service | +| (online)* | | - | | | +| | | *Automatic | delivery* | providers* | +| | | | | | +| | | collection* | - *Site | - * | +| | | | | Advertising | +| | | | operation* | | +| | | | | partners* | +| | | | - | | +| | | | *Research | | +| | | | & | | +| | | | d | | +| | | | evelopment* | | +| | | | | | +| | | | - | | +| | | | *Marketing* | | +| | | | | | +| | | | - | | +| | | | *Compliance | | +| | | | & | | +| | | | | | +| | | | Protection* | | ++-------------+-------------+-------------+-------------+-------------+ +| *Internet | - *Online | - | - | - * | +| or Network | | *Automatic | *Service | Advertising | +| I | activity | | | | +| nformation* | data* | collection* | delivery* | partners* | +| | | | | | +| | | | - *Site | - | +| | | | | *Service | +| | | | operation* | | +| | | | | providers* | +| | | | - | | +| | | | *Research | | +| | | | & | | +| | | | d | | +| | | | evelopment* | | +| | | | | | +| | | | - | | +| | | | *Marketing* | | +| | | | | | +| | | | - | | +| | | | *Compliance | | +| | | | & | | +| | | | | | +| | | | Protection* | | ++-------------+-------------+-------------+-------------+-------------+ +| *P | - | - *You* | - | - | +| rofessional | *Contact | | *Service | *Service | +| or | i | - *Third | | | +| Employment | nformation* | party | delivery* | providers* | +| I | | | | | +| nformation* | - | sources* | - | | +| | *Profile | | *Research | | +| | i | | & | | +| | nformation* | | d | | +| | | | evelopment* | | +| | | | | | +| | | | - | | +| | | | *Marketing* | | +| | | | | | +| | | | - | | +| | | | *Compliance | | +| | | | & | | +| | | | | | +| | | | Protection* | | ++-------------+-------------+-------------+-------------+-------------+ +| *Sensory | - *Comm | - *You* | - | - | +| I | unications* | | *Marketing* | *Service | +| nformation* | | | | | +| | | | - | providers* | +| | | | *Compliance | | +| | | | & | | +| | | | | | +| | | | Protection* | | ++-------------+-------------+-------------+-------------+-------------+ +| * | *User | - *Us* | - | - | +| Inferences* | preferences | | *Service | *Service | +| | derived | | | | +| | from any of | | delivery* | providers* | +| | the | | | | +| | information | | - *Site | | +| | listed | | | | +| | above that | | Operation* | | +| | we collect | | | | +| | from | | - | | +| | Customers* | | *Research | | +| | | | & | | +| | | | d | | +| | | | evelopment* | | +| | | | | | +| | | | - | | +| | | | *Marketing* | | +| | | | | | +| | | | - | | +| | | | *Compliance | | +| | | | & | | +| | | | | | +| | | | Protection* | | ++-------------+-------------+-------------+-------------+-------------+ +| We may | | | | | +| further | | | | | +| disclose | | | | | +| each | | | | | +| category of | | | | | +| Personal | | | | | +| Information | | | | | +| to our | | | | | +| affiliates, | | | | | +| to our | | | | | +| p | | | | | +| rofessional | | | | | +| advisors, | | | | | +| in | | | | | +| connection | | | | | +| with our | | | | | +| compliance | | | | | +| and | | | | | +| protection | | | | | +| activities | | | | | +| and in | | | | | +| connection | | | | | +| with | | | | | +| business | | | | | +| transfers | | | | | +| as | | | | | +| described | | | | | +| in the | | | | | +| section | | | | | +| above | | | | | +| entitled | | | | | +| How We | | | | | +| Share Your | | | | | +| Personal | | | | | +| I | | | | | +| nformation. | | | | | +| | | | | | +| This chart | | | | | +| describes | | | | | +| our | | | | | +| practices | | | | | +| as of, and | | | | | +| during the | | | | | +| 12 months | | | | | +| preceding, | | | | | +| the | | | | | +| effective | | | | | +| date of | | | | | +| this | | | | | +| Privacy | | | | | +| Policy. | | | | | ++-------------+-------------+-------------+-------------+-------------+ + +**[Additional Information for European Union Users]{.underline}** + +**Personal information.** References to "personal information" in this +Privacy Policy are equivalent to "personal data" governed by European +data protection legislation. + +**Controller, Data Protection Officer and EU Representative.** +Segment.io, Inc. is the controller of your personal information covered +by this Privacy Policy for purposes of European data protection +legislation and you can contact us and our Data Protection Officer using +the contact details listed in the Contact Us section above. Our EU +representative is: + +Segment Technologies Ireland, Limited c/o Segment.io, Inc. 100 +California Street, Suite 700 San Francisco, CA 94111 USA + +Email:  + +**Legal bases for processing. The legal bases on which we process your +personal information as described in this Privacy Policy will depend on +the type of personal information and the specific context in which we +process it. However, the legal bases we typically rely on are set out in +the table below. We rely on our legitimate interests as our legal basis +only where those interests are not overridden by the impact on you +(unless we have your consent or our processing is otherwise required or +permitted by law). If you have questions about the legal basis of how we +process your personal information, contact us at** +. + ++----------------------------------+----------------------------------+ +| **Processing purpose** | **Legal Basis** | ++==================================+==================================+ +| Service delivery | Processing is necessary to | +| | perform the contract governing | +| Site operation | our operation of the Site or the | +| | provision of the Services, or to | +| | take steps that you request | +| | prior to engaging our Services. | +| | Where we cannot process your | +| | personal data as required to | +| | operate the Site or Services on | +| | the grounds of contractual | +| | necessity, we process your | +| | personal information for this | +| | purpose based on our legitimate | +| | interest in providing you with | +| | the Services you access and | +| | request. | ++----------------------------------+----------------------------------+ +| Marketing | Processing is based on your | +| | consent where that consent is | +| | required by applicable law. | +| | Where we rely on your consent | +| | you have the right to withdraw | +| | it any time in the manner | +| | indicated when you consent or in | +| | the Service. Where such consent | +| | is not required by applicable | +| | law, we process your personal | +| | information for these purposes | +| | based on our legitimate | +| | interests in promoting our | +| | business. | ++----------------------------------+----------------------------------+ +| Research & Development | Processing is based on our | +| | legitimate interests in | +| | performing research and | +| | development to improve our | +| | services and develop new | +| | services. | ++----------------------------------+----------------------------------+ +| Compliance & Protection | Processing is necessary to | +| | comply with our legal | +| | obligations or based on our | +| | legitimate interests in | +| | protecting our or others' | +| | rights, privacy, safety or | +| | property. | ++----------------------------------+----------------------------------+ +| Other purposes with your consent | Processing is based on your | +| | consent. Where we rely on your | +| | consent you have the right to | +| | withdraw it anytime in the | +| | manner indicated when you | +| | consent or in the Service. | ++----------------------------------+----------------------------------+ + +**Use for new purposes.** We may use your personal information for +reasons not described in this Privacy Policy where permitted by law and +the reason is compatible with the purpose for which we collected it. If +we need to use your personal information for an unrelated purpose, we +will notify you and explain the applicable legal basis. + +**Retention.** We will only retain your personal information for as long +as necessary to fulfill the purposes we collected it for, including for +the purposes of satisfying any legal, accounting, or reporting +requirements. + +To determine the appropriate retention period for personal information, +we consider the amount, nature, and sensitivity of the personal +information, the potential risk of harm from unauthorized use or +disclosure of your personal information, the purposes for which we +process your personal information and whether we can achieve those +purposes through other means, and the applicable legal requirements. + +**Your rights.** European data protection laws give you certain rights +regarding your personal information. You may ask us to take the +following actions in relation to your personal information that we hold: + +- **Opt-out.** Stop sending you direct marketing communications. You + may continue to receive Service-related and other non-marketing + communications. + +- **Access.** Provide you with information about our processing of + your personal information and give you access to your personal + information. + +- **Correct.** Update or correct inaccuracies in your personal + information. + +- **Delete.** Delete your personal information. + +- **Transfer.** Transfer a machine-readable copy of your personal + information to you or a third party of your choice. + +- **Restrict.** Restrict the processing of your personal information. + +- **Object.** Object to our reliance on our legitimate interests as + the basis of our processing of your personal information that + impacts your rights. + +You can submit these requests by email to  or our +postal address +provided [above](https://segment.com/docs/legal/privacy/#Contact-Us). We +may request specific information from you to help us confirm your +identity and process your request. Applicable law may require or permit +us to decline your request. If we decline your request, we will tell you +why, subject to legal restrictions. If you would like to submit a +complaint about our use of your personal information or response to your +requests regarding your personal information, you may contact us or +submit a complaint to the data protection regulator in your +jurisdiction. You can find your data protection +regulator [here](http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm). + +**Cross-Border Data Transfer** + +If we transfer your personal information out of the European Economic +Area or Switzerland and are required to apply additional safeguards to +your personal information under European data protection legislation, we +will do so. Such safeguards may include applying the European Commission +Model contracts for the transfer of personal data to third countries +described [here](https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en#international-data-transfers-using-model-contracts), +or for transfers to third parties in the United States, ensuring they +participate in the EU-U.S. Privacy Shield Framework or Swiss-U.S. +Privacy Shield Framework. Please [contact +us](mailto:privacy@segment.com) for further information about any such +transfers or the specific safeguards applied. + +Segment itself has self-certified to the EU-U.S. and Swiss-U.S. Privacy +Shield. For more information, see our Privacy Shield Notice. + +**Privacy Shield Notice** + +*Effective as of July 18, 2018.* + +Segment.io, Inc. ("**Segment**" or "**we**", "**us**" or "**our**") +complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. +Privacy Shield Framework as set forth by the U.S. Department of Commerce +regarding the collection, use, and retention of personal data +transferred to it in the United States from the European Economic Area +("EEA") or Switzerland, respectively. We have certified to the +Department of Commerce that we adhere to the Privacy Shield Principles. +To learn more about the Privacy Shield program, the Privacy Shield +Principles and to view our certification, please +visit [www.privacyshield.gov](https://www.privacyshield.gov/). + +**Scope**. Our certification of adherence to the Privacy Shield +Principles applies to the personal data that (a) we collect from our +customers and other visitors to our website for account management, +billing or marketing purposes ("**Segment User Data**") and (b) that we +process on behalf of our customers in providing online services to them +under a service agreement ("**Services Data**"). + +**Data processed**. The Segment User Data that we collect, use and share +is described in our Privacy Policy. While our customers decide what +Services Data to submit, it typically includes information about their +own users and how they use the customer's sites, applications and +services and third party applications. We process Services Data as +instructed by our customers and do not own or control Services Data. + +Purposes of data processing. We collect, use and share Segment User Data +for the purposes described in our Privacy Policy. We process Services +Data for the purpose of providing our online services to our customers, +which may include accessing and processing the data to provide the +services, to correct and address technical or service problems, to +follow instructions of the customer who submitted the data, or in +response to contractual requirements. + +**Inquiries and complaints**. If you believe Segment maintains your +personal data within the scope of our Privacy Shield certification, you +may direct any inquiries or complaints concerning our Privacy Shield +compliance to . If you are located in the EEA or +Switzerland and have an unresolved privacy or data use concern that we +have not addressed satisfactorily, please contact our U.S.-based third +party dispute resolution provider (free of charge) +at . + +**Arbitration**. If you are located in the EEA or Switzerland and +neither Segment nor our dispute resolution provider resolves your +complaint, you may be entitled to invoke binding arbitration under +certain conditions more fully described on the [Privacy Shield +website](https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint). + +**Third parties who may receive personal data.** We share Segment User +Data with third parties as described in our Privacy Policy. We may share +Services Data with third parties under the following circumstances and +only in accordance with the applicable customer agreements: + +- **Affiliates.** We may disclose Services Data to our subsidiaries + and corporate affiliates for use consistent with this Privacy + Policy. + +- **Service Providers.** We may employ third party companies and + individuals to administer and provide the Service on our behalf + (such as customer support, hosting, website analytics, email + delivery, database management services). Segment maintains contracts + with these service providers restricting their access, use and + disclosure of personal data in compliance with our Privacy Shield + obligations, including the onward transfer provisions, and we may be + liable if they fail to meet those obligations and we are responsible + for the event giving rise to damage. + +- **Legal requirements.** We may disclose Services Data if required to + do so by law in order to (for example) respond to a subpoena or + request from law enforcement, a court or a government agency, or in + the good faith belief that such action is necessary (a) to comply + with a legal obligation, (b) to protect or defend our rights, + interests or property or that of third parties, (c) to prevent or + investigate possible wrongdoing in connection with the services, (d) + to act in urgent circumstances to protect the personal safety of + customers, their users or the public; or (e) to protect against + legal liability. + +- **Business Transfers.** As we develop our business, we might sell or + buy businesses or assets. In the event of a corporate sale, merger, + reorganization, dissolution or similar event, Services Data may be + part of the transferred assets. + +In addition, we may be required to disclose any personal data that we +process in response to lawful requests by public authorities, including +to meet national security or law enforcement requirements. + +**Your rights to access, to limit use, and to limit +disclosure**. Individuals in the EEA and Switzerland have rights to +access personal data about them, and to limit use and disclosure of +their personal data. With our Privacy Shield self-certification, we have +committed to respect those rights. We process Services Data only on +behalf of our customers in accordance with their instructions. This +means that if you wish to access Services Data and request that we +correct, amend or delete it if it is inaccurate or processed in +violation of Privacy Shield, you should contact that customer with your +request. We will then help them to fulfill that request in accordance +with their instructions. + +If your personal data includes Segment Personal Data, you can request +access to that data and request that we correct amend, or delete it if +it is inaccurate or processed in violation of Privacy Shield by emailing +your request to . We may request specific +information from you to help us confirm your identity and process your +request. Applicable law may require or permit us to decline your +request. If we decline your request, we will tell you why, subject to +legal restrictions. + +**U.S. Federal Trade Commission Enforcement.** Segment's commitments +under the Privacy Shield are subject to the regulatory enforcement +powers of the U.S. Federal Trade Commission.   If there is any conflict +between the terms in this Privacy Shield Notice and the Privacy Shield +Principles, the Privacy Shield Principles shall take precedence. From c02e25e813077a05ec29f407f1ac990817eb0956 Mon Sep 17 00:00:00 2001 From: Ladan Nasserian Date: Fri, 20 Dec 2019 16:32:06 -0800 Subject: [PATCH 2/7] Edit underline and links. --- src/legal/privacy.md | 188 +++++++++++++++++++++++-------------------- 1 file changed, 99 insertions(+), 89 deletions(-) diff --git a/src/legal/privacy.md b/src/legal/privacy.md index 23374a879d..55682e38c7 100644 --- a/src/legal/privacy.md +++ b/src/legal/privacy.md @@ -25,46 +25,47 @@ collect Segment respects your privacy rights and is committed to transparency in how we collect, use and share your personal information. If you have any questions or concerns about your personal information or this Privacy -Policy, email us at . +Policy, email us at [privacy@segment.com](mailto:privacy@segment.com). - [Segment's Service and Customer - Data](https://segment.com/docs/legal/privacy/#Segments-Service-and-Client-User-Data) + Data](#Segments-Service-and-Client-User-Data) - [Personal Information We - Collect](https://segment.com/docs/legal/privacy/#Personal-Information-We-Collect) + Collect](#Personal-Information-We-Collect) - [How We Use Your Personal - Information](https://segment.com/docs/legal/privacy/#How-We-Use-Your-Personal-Information) + Information](#How-We-Use-Your-Personal-Information) - [How We Share your Personal - Information](https://segment.com/docs/legal/privacy/#How-We-Share-Your-Personal-Information) + Information](#How-We-Share-Your-Personal-Information) -- [Your Choices](https://segment.com/docs/legal/privacy/#Your-Choices) +- [Your Choices](#Your-Choices) -- [Security](https://segment.com/docs/legal/privacy/#Security) +- [Security](#Security) - [International Data - Use](https://segment.com/docs/legal/privacy/#International-Data-Use) + Use](#International-Data-Use) - [Third Party Sites and - Services](https://segment.com/docs/legal/privacy/#Third-Party-Sites-and-Services) + Services](#Third-Party-Sites-and-Services) -- [Children](https://segment.com/docs/legal/privacy/#Children) +- [Children](#Children) - [Organization-Administered - Accounts](https://segment.com/docs/legal/privacy/#Organization-Administered-Accounts) + Accounts](#Organization-Administered-Accounts) - [Changes to this Privacy - Policy](https://segment.com/docs/legal/privacy/#Changes-to-This-Privacy-Policy) + Policy](#Changes-to-This-Privacy-Policy) -- [Contact Us](https://segment.com/docs/legal/privacy/#Contact-Us) +- [Contact Us](#Contact-Us) -- Information for California residents +- [Information for California residents](#Additional-Information-for-California-Residents) -- [Information](https://segment.com/docs/legal/privacy/#Additional-Information-for-European-Union) - for individuals in Europe +- [Information for individuals in Europe](#Additional-Information-for-European-Union) -**[Segment's Service and Customer Data]{.underline}** + + +##Segment's Service and Customer Data Registered users of the Service ("**Customers**") are businesses that use it to collect and manage information about their own users @@ -89,10 +90,11 @@ policy. Our use of Customer Data provided by our Customers in connection with our Service is subject to the written agreement between Segment and Customer. -**[Personal Information We Collect]{.underline}** + +##Personal Information We Collect -**Information you give us.** Personal information that you may provide -through the Service or otherwise includes: +### Information you give us. +Personal information that you may provide through the Service or otherwise includes: - **Contact information**, such as your first name, last name, professional title, organizational affiliation, postal address, @@ -120,14 +122,15 @@ through the Service or otherwise includes: specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection. -**Information from third party sources.** We may combine personal -information we receive from you with personal information we obtain from +###Information from third party sources. +We may combine personal information we receive from you with personal information we obtain from other sources, such as our Customers; data providers; affiliates within our corporate group of companies; business partners, such as joint marketing partners and event co-sponsors; and publicly accessible sources, such as social media platforms. -**Data collected automatically.** We, our service providers, and our +###Data collected automatically. +We, our service providers, and our business partners may automatically log the following information about you, your computer or mobile device, and your activity over time on the Site and other online services: @@ -153,8 +156,8 @@ Some of our automatic collection is facilitated by: facilitating online advertising and measuring the effectiveness of our ads. -- **Javascript libraries, which are snippets of code within web pages - that execute when certain actions take place.** +- **Javascript libraries**, which are snippets of code within web pages + that execute when certain actions take place. - **Web beacons**, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed @@ -166,8 +169,8 @@ For more information about the use of these technologies on the Site, see our [Website Data Collection Policy](https://segment.com/docs/legal/website-data-collection-policy/). -**Sensitive personal information.** We ask that you not share with us -any sensitive personal information (e.g., social security numbers, +###Sensitive personal information. +We ask that you not share with us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through @@ -175,18 +178,17 @@ the Service or otherwise. If you do anyway, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. -**Changes to your personal information.** It is important that the -personal information we hold about you is accurate and current. Please -let us know if your personal information changes during your -relationship with us by updating your registration profile or emailing -us at . +### Changes to your personal information. +It is important that the personal information we hold about you is accurate and current. Please +let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at [privacy@segment.com](mailto:privacy@segment.com). -**[How We Use Your Personal Information]{.underline}** + +##How We Use Your Personal Information We use your personal information for the following purposes or as otherwise described to you at the time of collection: -**Service delivery. W**e use your personal information to: +**Service delivery.** We use your personal information to: - provide, operate, maintain, and improve the Service; @@ -223,8 +225,8 @@ makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business. -**Marketing. We and our third party advertising partners may collect and -use your personal information for marketing and advertising purposes:** +**Marketing.** We and our third party advertising partners may collect and +use your personal information for marketing and advertising purposes: - **Direct marketing.** If you request information from us, use the Service or participate in our surveys, promotions or events, we may @@ -238,12 +240,12 @@ use your personal information for marketing and advertising purposes:** data and online activity data described above) over time across our Service and other sites and services or your interaction with our emails, and use that information to serve ads that they think will - interest you. These ads are known as \"interest-based - advertisements.\" You can learn more about your choices for limiting + interest you. These ads are known as "interest-based + advertisements." You can learn more about your choices for limiting interest-based advertising, in the Advertising choices section below. -**Compliance and protection. We may use your personal information to:** +**Compliance and protection.** We may use your personal information to: - protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims); @@ -265,7 +267,8 @@ consent to collect, use or share your personal information for other purposes. For example, we may ask for your consent to send you marketing emails where required by law or to post your testimonial or endorsement. -**[How We Share your Personal Information]{.underline}** + +##How We Share your Personal Information We do not share the personal information that you provide us with other organizations without your express consent, except as described in this @@ -327,7 +330,8 @@ at the time of collection: which case we will make reasonable efforts to require the recipient to honor this Privacy Policy. -**[Your Choices]{.underline}** + +##Your Choices **Access, Update, Correct or Delete Your Information.** Customers may review, update, correct or delete the personal information in their @@ -349,44 +353,41 @@ Service-related and other non-marketing emails. site, but wish to update or delete it, please [contact us](mailto:privacy@segment.com). -Cookies. You may opt-out of certain cookie-based tracking activities on our Site in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. Additionally, most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser's settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +**Cookies.** You may opt-out of certain cookie-based tracking activities on our Site in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. Additionally, most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser's settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. -Advertising choices. You can opt-out of data collection through our Site for interest-based advertising purposes in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. You can also limit use of your information for interest-based advertising by: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +**Advertising choices.** You can opt-out of data collection through our Site for interest-based advertising purposes in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. You can also limit use of your information for interest-based advertising by: -- **Browser settings. Blocking third party cookies in your browser - settings using or ad-blocking browser plug-ins/extensions.** +- **Browser settings.** Blocking third party cookies in your browser + settings using or ad-blocking browser plug-ins/extensions. -- **Mobile device settings. Using your mobile device settings to limit +- **Mobile device settings.** Using your mobile device settings to limit use of the advertising ID associated with your mobile device for - interest-based advertising purposes.** + interest-based advertising purposes. -- **Platform settings. Using Google's and Facebook's interest-based - advertising opt-out features:** +- **Platform settings.** Using Google's and Facebook's interest-based + advertising opt-out features: - - **Google: https://adssettings.google.com/** + - **Google:** https://adssettings.google.com/ - - **Facebook: https://www.facebook.com/about/ads** + - **Facebook:** https://www.facebook.com/about/ads -- **Ad industry tools. Opting out of interest-based ads from companies - participating in the following industry opt-out programs:** +- **Ad industry tools.** Opting out of interest-based ads from companies + participating in the following industry opt-out programs: - - **Network Advertising Initiative: - [[http://www.networkadvertising.org/managing/opt\_out.asp]{.underline}](http://www.networkadvertising.org/managing/opt_out.asp)** + - **Network Advertising Initiative:** http://www.networkadvertising.org/managing/opt_out.asp - - **European Interactive Digital Advertising Alliance (for - European users): ** + - **European Interactive Digital Advertising Alliance** (for + European users): http://www.youronlinechoices.eu/ - **Digital Advertising Alliance:** - - **optout.aboutads.info, which lets you opt-out of - interest-based ads on websites.** + - optout.aboutads.info, which lets you opt-out of + interest-based ads on websites. - - **AppChoices mobile app, available at - [[https://www.youradchoices.com/appchoices]{.underline}](https://www.youradchoices.com/appchoices), + - AppChoices mobile app, available at + https://www.youradchoices.com/appchoices, which lets you opt-out of interest-based ads in mobile - apps.** + apps. The opt-out preferences described above must be set on each device for which you want them to apply. Not all companies that serve @@ -399,8 +400,7 @@ but they may be less relevant to you. **Do Not Track.** Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more -about "Do Not Track," please visit -[[http://www.allaboutdnt.com]{.underline}](http://www.allaboutdnt.com). +about "Do Not Track," please visit http://www.allaboutdnt.com. **Declining to provide your personal information.** If you do not provide information indicated as required or mandatory within the @@ -408,7 +408,8 @@ Service, or that is otherwise necessary to provide a requested service or feature within the Service, that portion or all of the Service may be unavailable to you and we may deactivate your account. -**[Security]{.underline}** + +##Security The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to @@ -416,7 +417,8 @@ protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information. -**[International Data Use]{.underline}** + +##International Data Use Segment is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may @@ -430,7 +432,8 @@ information provided [here](https://segment.com/docs/legal/privacy/#Cross-Border-Data-Transfer) about transfer of personal information outside of the European Economic Area. -**[Third Party Sites and Services]{.underline}** + +##Third Party Sites and Services* The Service may contain links to other websites and services operated by third parties, such as social media platforms, advertising services and @@ -442,7 +445,8 @@ different rules regarding their collection, use and disclosure of your personal information. We encourage you to read their privacy policies to learn more. -**[Children]{.underline}** + +##Children The Service is not directed at, and Segment does not knowingly acquire or receive personal information from, children under the age of 16. If @@ -450,7 +454,8 @@ we learn that any user of the Service is under the age of 16, we will take appropriate steps to delete that individual's personal information and restrict that individual from future access to the Service. -**[Organization-Administered Accounts]{.underline}** + +##Organization-Administered Accounts Where the Service is provided to you through your employer or another organization, please note that your organization's administrator may be @@ -474,7 +479,8 @@ able to: Please contact your organization or refer to your administrator's organizational policies for more information. -**[Changes to this Privacy Policy]{.underline}** + +##Changes to this Privacy Policy We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest @@ -489,7 +495,8 @@ in the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any updated Privacy Policy indicates your acceptance of the update. -**[Contact Us]{.underline}** + +##Contact Us If you have any questions or concerns about our Privacy Policy, please contact us. @@ -499,7 +506,8 @@ Segment.io, Inc. 100 California Street, Suite 700 San Francisco, CA Email:  -**[Important Information for California Residents]{.underline}** + +##Important Information for California Residents This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in @@ -509,8 +517,7 @@ has the meaning given in the California Consumer Privacy Act of 2018 ("**CCPA**") but does not include information exempted from the scope of the CCPA. -Your California privacy rights. You have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. -=============================================================================================================================================================================== +**Your California privacy rights.** You have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. - **Information.** You can request the following information about how we have collected and used your Personal Information during the past @@ -550,8 +557,8 @@ Your California privacy rights. You have the rights listed below. However, these **How to exercise your information, access and deletion rights.** You may submit a request to exercise your information, access or deletion -rights by visiting emailing or emailing us -toll-free at \[\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\]. We will need to +rights by visiting emailing privacy@segment.com or emailing us +toll-free at . We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an @@ -800,7 +807,8 @@ to the categories specified by the CCPA (California Civil Code § | Policy. | | | | | +-------------+-------------+-------------+-------------+-------------+ -**[Additional Information for European Union Users]{.underline}** + +##Additional Information for European Union Users **Personal information.** References to "personal information" in this Privacy Policy are equivalent to "personal data" governed by European @@ -818,7 +826,7 @@ California Street, Suite 700 San Francisco, CA 94111 USA Email:  -**Legal bases for processing. The legal bases on which we process your +**Legal bases for processing.** The legal bases on which we process your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in @@ -826,8 +834,7 @@ the table below. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we -process your personal information, contact us at** -. +process your personal information, contact us at . +----------------------------------+----------------------------------+ | **Processing purpose** | **Legal Basis** | @@ -905,7 +912,10 @@ disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. -**Your rights.** European data protection laws give you certain rights + +## Your rights. + +European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold: @@ -944,7 +954,7 @@ submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator [here](http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm). -**Cross-Border Data Transfer** +###Cross-Border Data Transfer If we transfer your personal information out of the European Economic Area or Switzerland and are required to apply additional safeguards to @@ -961,7 +971,7 @@ transfers or the specific safeguards applied. Segment itself has self-certified to the EU-U.S. and Swiss-U.S. Privacy Shield. For more information, see our Privacy Shield Notice. -**Privacy Shield Notice** +###Privacy Shield Notice *Effective as of July 18, 2018.* @@ -1052,8 +1062,8 @@ In addition, we may be required to disclose any personal data that we process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. -**Your rights to access, to limit use, and to limit -disclosure**. Individuals in the EEA and Switzerland have rights to +###Your rights to access, to limit use, and to limit disclosure. +Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have committed to respect those rights. We process Services Data only on @@ -1073,8 +1083,8 @@ request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. -**U.S. Federal Trade Commission Enforcement.** Segment's commitments -under the Privacy Shield are subject to the regulatory enforcement +###U.S. Federal Trade Commission Enforcement. +Segment's commitments under the Privacy Shield are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.   If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence. From 836e50560dd0ca53aa9fc519afedd2a8bb8140c3 Mon Sep 17 00:00:00 2001 From: Ladan Nasserian Date: Fri, 20 Dec 2019 16:48:00 -0800 Subject: [PATCH 3/7] More edits --- src/legal/privacy.md | 150 ++++++++++++++++++++++++------------------- 1 file changed, 83 insertions(+), 67 deletions(-) diff --git a/src/legal/privacy.md b/src/legal/privacy.md index 55682e38c7..a28819d8ca 100644 --- a/src/legal/privacy.md +++ b/src/legal/privacy.md @@ -59,13 +59,13 @@ Policy, email us at [privacy@segment.com](mailto:privacy@segment.com). - [Contact Us](#Contact-Us) -- [Information for California residents](#Additional-Information-for-California-Residents) +- [Information for California Residents](#Additional-Information-for-California-Residents) - [Information for individuals in Europe](#Additional-Information-for-European-Union) -##Segment's Service and Customer Data +## Segment's Service and Customer Data Registered users of the Service ("**Customers**") are businesses that use it to collect and manage information about their own users @@ -91,7 +91,8 @@ with our Service is subject to the written agreement between Segment and Customer. -##Personal Information We Collect + +## Personal Information We Collect ### Information you give us. Personal information that you may provide through the Service or otherwise includes: @@ -122,14 +123,14 @@ Personal information that you may provide through the Service or otherwise inclu specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection. -###Information from third party sources. +### Information from third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as our Customers; data providers; affiliates within our corporate group of companies; business partners, such as joint marketing partners and event co-sponsors; and publicly accessible sources, such as social media platforms. -###Data collected automatically. +### Data collected automatically. We, our service providers, and our business partners may automatically log the following information about you, your computer or mobile device, and your activity over time on the @@ -169,9 +170,8 @@ For more information about the use of these technologies on the Site, see our [Website Data Collection Policy](https://segment.com/docs/legal/website-data-collection-policy/). -###Sensitive personal information. -We ask that you not share with us any sensitive personal information (e.g., social security numbers, -information related to racial or ethnic origin, political opinions, +### Sensitive personal information. +We ask that you not share with us any sensitive personal information (e.g., social security numbers,information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Service or otherwise. If you do anyway, you must consent to our @@ -183,7 +183,8 @@ It is important that the personal information we hold about you is accurate and let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at [privacy@segment.com](mailto:privacy@segment.com). -##How We Use Your Personal Information + +## How We Use Your Personal Information We use your personal information for the following purposes or as otherwise described to you at the time of collection: @@ -268,7 +269,8 @@ purposes. For example, we may ask for your consent to send you marketing emails where required by law or to post your testimonial or endorsement. -##How We Share your Personal Information + +## How We Share your Personal Information We do not share the personal information that you provide us with other organizations without your express consent, except as described in this @@ -331,31 +333,33 @@ at the time of collection: to honor this Privacy Policy. -##Your Choices -**Access, Update, Correct or Delete Your Information.** Customers may -review, update, correct or delete the personal information in their +## Your Choices + +### Access, Update, Correct or Delete Your Information. +Customers may review, update, correct or delete the personal information in their registration profile by logging into their account or emailing us -at . +at [privacy@segment.com](mailto:privacy@segment.com). -**Access to Data Controlled by our Customers.** Segment has no direct -relationship with the individuals whose personal information is +### Access to Data Controlled by our Customers. +Segment has no direct relationship with the individuals whose personal information is contained within the Customer Data processed by the Service. An individual who seeks to access, correct or delete this information should direct their request the Customer. -**Marketing communications.** You may opt out of marketing-related -emails by logging in and changing your account settings or by following -the opt-out prompt in the email. You may continue to receive +### Marketing communications. +You may opt out of marketing-related emails by logging in and changing your account settings or by following the opt-out prompt in the email. You may continue to receive Service-related and other non-marketing emails. -**Testimonials.** If you gave us consent to post a testimonial to our -site, but wish to update or delete it, please [contact -us](mailto:privacy@segment.com). +### Testimonials. +If you gave us consent to post a testimonial to our +site, but wish to update or delete it, please [contact us](mailto:privacy@segment.com). -**Cookies.** You may opt-out of certain cookie-based tracking activities on our Site in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. Additionally, most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser's settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. +### Cookies. +You may opt-out of certain cookie-based tracking activities on our Site in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. Additionally, most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser's settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. -**Advertising choices.** You can opt-out of data collection through our Site for interest-based advertising purposes in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. You can also limit use of your information for interest-based advertising by: +### Advertising choices. +You can opt-out of data collection through our Site for interest-based advertising purposes in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. You can also limit use of your information for interest-based advertising by: - **Browser settings.** Blocking third party cookies in your browser settings using or ad-blocking browser plug-ins/extensions. @@ -397,19 +401,18 @@ cookies and interest-based ads from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you. -**Do Not Track.** Some Internet browsers may be configured to send "Do -Not Track" signals to the online services that you visit. We currently -do not respond to "Do Not Track" or similar signals. To find out more -about "Do Not Track," please visit http://www.allaboutdnt.com. +### Do Not Track. +Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com. -**Declining to provide your personal information.** If you do not -provide information indicated as required or mandatory within the +### Declining to provide your personal information. +If you do not provide information indicated as required or mandatory within the Service, or that is otherwise necessary to provide a requested service or feature within the Service, that portion or all of the Service may be unavailable to you and we may deactivate your account. -##Security + +## Security The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to @@ -418,7 +421,8 @@ and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information. -##International Data Use + +## International Data Use Segment is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may @@ -428,12 +432,12 @@ handle your personal information may not be as protective as the privacy laws in your home country. Individuals in the European Economic Area should read the important -information -provided [here](https://segment.com/docs/legal/privacy/#Cross-Border-Data-Transfer) about +information provided [here](https://segment.com/docs/legal/privacy/#Cross-Border-Data-Transfer) about transfer of personal information outside of the European Economic Area. -##Third Party Sites and Services* + +## Third Party Sites and Services* The Service may contain links to other websites and services operated by third parties, such as social media platforms, advertising services and @@ -446,7 +450,8 @@ personal information. We encourage you to read their privacy policies to learn more. -##Children + +## Children The Service is not directed at, and Segment does not knowingly acquire or receive personal information from, children under the age of 16. If @@ -455,7 +460,8 @@ take appropriate steps to delete that individual's personal information and restrict that individual from future access to the Service. -##Organization-Administered Accounts + +## Organization-Administered Accounts Where the Service is provided to you through your employer or another organization, please note that your organization's administrator may be @@ -480,7 +486,8 @@ Please contact your organization or refer to your administrator's organizational policies for more information. -##Changes to this Privacy Policy + +## Changes to this Privacy Policy We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest @@ -496,7 +503,8 @@ all cases, your continued use of the Service after the posting of any updated Privacy Policy indicates your acceptance of the update. -##Contact Us + +## Contact Us If you have any questions or concerns about our Privacy Policy, please contact us. @@ -504,10 +512,11 @@ contact us. Segment.io, Inc. 100 California Street, Suite 700 San Francisco, CA 94111 USA Attention: Data Protection Officer -Email:  +Email:[privacy@segment.com](mailto:privacy@segment.com) -##Important Information for California Residents + +## Important Information for California Residents This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in @@ -517,7 +526,8 @@ has the meaning given in the California Consumer Privacy Act of 2018 ("**CCPA**") but does not include information exempted from the scope of the CCPA. -**Your California privacy rights.** You have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. +### Your California privacy rights. +You have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. - **Information.** You can request the following information about how we have collected and used your Personal Information during the past @@ -555,11 +565,9 @@ the CCPA. decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights. -**How to exercise your information, access and deletion rights.** You -may submit a request to exercise your information, access or deletion -rights by visiting emailing privacy@segment.com or emailing us -toll-free at . We will need to -verify your identity to process your information, access and deletion +### How to exercise your information, access and deletion rights. +You may submit a request to exercise your information, access or deletion +rights by visiting emailing [privacy@segment.com](mailto:privacy@segment.com) or emailing us toll-free at (866) 538-5962. We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to @@ -570,7 +578,8 @@ provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request. -**We do not sell your personal information.** Based on our current +### We do not sell your personal information. +Based on our current understanding of the CCPA, we do not "sell" your personal information as defined in the CCPA. However, like many companies online, Segment uses services provided by Google, Facebook and other advertising companies @@ -585,7 +594,8 @@ Preferences center. However, our past practice of allowing this tracking on an opt-out basis may have resulted in the "sale" of your Personal Information prior to January 1, 2020. -**Personal information we collect, use and disclose.** The chart below +### Personal information we collect, use and disclose. +The chart below describes the categories of Personal Information we collect by reference to the categories specified by the CCPA (California Civil Code § 1798.140(o)). @@ -808,7 +818,8 @@ to the categories specified by the CCPA (California Civil Code § +-------------+-------------+-------------+-------------+-------------+ -##Additional Information for European Union Users + +## Additional Information for European Union Users **Personal information.** References to "personal information" in this Privacy Policy are equivalent to "personal data" governed by European @@ -824,9 +835,10 @@ representative is: Segment Technologies Ireland, Limited c/o Segment.io, Inc. 100 California Street, Suite 700 San Francisco, CA 94111 USA -Email:  +Email: [privacy@segment.com](mailto:privacy@segment.com) -**Legal bases for processing.** The legal bases on which we process your +### Legal bases for processing. +The legal bases on which we process your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in @@ -834,7 +846,7 @@ the table below. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we -process your personal information, contact us at . +process your personal information, contact us at [privacy@segment.com](mailto:privacy@segment.com). +----------------------------------+----------------------------------+ | **Processing purpose** | **Legal Basis** | @@ -894,13 +906,15 @@ process your personal information, contact us at . | | consent or in the Service. | +----------------------------------+----------------------------------+ -**Use for new purposes.** We may use your personal information for +### Use for new purposes. +We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis. -**Retention.** We will only retain your personal information for as long +### Retention. +We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. @@ -913,6 +927,7 @@ process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. + ## Your rights. European data protection laws give you certain rights @@ -941,9 +956,9 @@ following actions in relation to your personal information that we hold: the basis of our processing of your personal information that impacts your rights. -You can submit these requests by email to  or our +You can submit these requests by email to [privacy@segment.com](mailto:privacy@segment.com) or our postal address -provided [above](https://segment.com/docs/legal/privacy/#Contact-Us). We +provided [above](#Contact-Us). We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you @@ -954,7 +969,7 @@ submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator [here](http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm). -###Cross-Border Data Transfer +### Cross-Border Data Transfer If we transfer your personal information out of the European Economic Area or Switzerland and are required to apply additional safeguards to @@ -971,7 +986,7 @@ transfers or the specific safeguards applied. Segment itself has self-certified to the EU-U.S. and Swiss-U.S. Privacy Shield. For more information, see our Privacy Shield Notice. -###Privacy Shield Notice +### Privacy Shield Notice *Effective as of July 18, 2018.* @@ -1008,23 +1023,24 @@ services, to correct and address technical or service problems, to follow instructions of the customer who submitted the data, or in response to contractual requirements. -**Inquiries and complaints**. If you believe Segment maintains your +### Inquiries and complaints.  +If you believe Segment maintains your personal data within the scope of our Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield -compliance to . If you are located in the EEA or -Switzerland and have an unresolved privacy or data use concern that we +compliance to [privacy@segment.com](mailto:privacy@segment.com). If you are located in the EEA or Switzerland and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at . -**Arbitration**. If you are located in the EEA or Switzerland and +### Arbitration.  +If you are located in the EEA or Switzerland and neither Segment nor our dispute resolution provider resolves your complaint, you may be entitled to invoke binding arbitration under certain conditions more fully described on the [Privacy Shield website](https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint). -**Third parties who may receive personal data.** We share Segment User -Data with third parties as described in our Privacy Policy. We may share +### Third parties who may receive personal data.  +We share Segment User Data with third parties as described in our Privacy Policy. We may share Services Data with third parties under the following circumstances and only in accordance with the applicable customer agreements: @@ -1062,7 +1078,7 @@ In addition, we may be required to disclose any personal data that we process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. -###Your rights to access, to limit use, and to limit disclosure. +### Your rights to access, to limit use, and to limit disclosure. Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have @@ -1083,7 +1099,7 @@ request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. -###U.S. Federal Trade Commission Enforcement. +### U.S. Federal Trade Commission Enforcement. Segment's commitments under the Privacy Shield are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.   If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield From 469008c3dce411cccc3cd9704afc97f6b83f512e Mon Sep 17 00:00:00 2001 From: Ladan Nasserian Date: Fri, 20 Dec 2019 17:00:44 -0800 Subject: [PATCH 4/7] Update Cooley links --- src/legal/privacy.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/legal/privacy.md b/src/legal/privacy.md index a28819d8ca..bcbd11d0d5 100644 --- a/src/legal/privacy.md +++ b/src/legal/privacy.md @@ -243,7 +243,7 @@ use your personal information for marketing and advertising purposes: emails, and use that information to serve ads that they think will interest you. These ads are known as "interest-based advertisements." You can learn more about your choices for limiting - interest-based advertising, in the Advertising choices section + interest-based advertising, in the [Advertising choices](#advertising-choices) section below. **Compliance and protection.** We may use your personal information to: @@ -304,7 +304,7 @@ at the time of collection: - **Customers.** When you have an organization-administered account your organization can access your information as described in the - Organization-Administered Accounts section below. + [Organization-Administered Accounts](#Organization-Administered-Accounts) section below. - **Affiliates.** We may disclose your personal information to our subsidiaries and corporate affiliates for use consistent with this @@ -358,6 +358,8 @@ site, but wish to update or delete it, please [contact us](mailto:privacy@segme ### Cookies. You may opt-out of certain cookie-based tracking activities on our Site in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. Additionally, most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser's settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. + + ### Advertising choices. You can opt-out of data collection through our Site for interest-based advertising purposes in our [Website Data Collection Preferences](https://segment.com/docs/legal/website-data-collection-policy/#how-do-we-collect-data-on-our-website-) center. You can also limit use of your information for interest-based advertising by: @@ -589,8 +591,8 @@ entitled Interest-based advertising. Use of these services may constitute a "sale" of Personal Information under the CCPA where the user has not opted into the tracking. We no longer permit these services to track your use of the Site for interest-based advertising unless you -opt-in, and you can always opt-out in our Website Data Collection -Preferences center. However, our past practice of allowing this tracking +opt-in, and you can always opt-out in our [Website Data Collection +Preferences center](https://segment.com/docs/legal/website-data-collection-policy/). However, our past practice of allowing this tracking on an opt-out basis may have resulted in the "sale" of your Personal Information prior to January 1, 2020. From 76d93a71b2d4ee7176bc51efc6712f09c9fdb0f4 Mon Sep 17 00:00:00 2001 From: Ladan Nasserian Date: Fri, 20 Dec 2019 17:02:32 -0800 Subject: [PATCH 5/7] Remove unnecessary asterik --- src/legal/privacy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/legal/privacy.md b/src/legal/privacy.md index bcbd11d0d5..3015256922 100644 --- a/src/legal/privacy.md +++ b/src/legal/privacy.md @@ -439,7 +439,7 @@ transfer of personal information outside of the European Economic Area. -## Third Party Sites and Services* +## Third Party Sites and Services The Service may contain links to other websites and services operated by third parties, such as social media platforms, advertising services and From 656d739bed342be3aa054327b4a512d9418e7d9c Mon Sep 17 00:00:00 2001 From: Ladan Nasserian Date: Fri, 20 Dec 2019 17:51:31 -0800 Subject: [PATCH 6/7] Update charts --- src/legal/privacy.md | 298 ++++--------------------------------------- 1 file changed, 23 insertions(+), 275 deletions(-) diff --git a/src/legal/privacy.md b/src/legal/privacy.md index 3015256922..7f39dec39f 100644 --- a/src/legal/privacy.md +++ b/src/legal/privacy.md @@ -597,227 +597,24 @@ on an opt-out basis may have resulted in the "sale" of your Personal Information prior to January 1, 2020. ### Personal information we collect, use and disclose. -The chart below -describes the categories of Personal Information we collect by reference +The chart below describes the categories of Personal Information we collect by reference to the categories specified by the CCPA (California Civil Code § 1798.140(o)). -+-------------+-------------+-------------+-------------+-------------+ -| **Statutory | **PI we | **Sources | * | **Parties | -| category of | collect\ | of the PI\ | *Business/\ | to whom we | -| personal | **(click | **(click | commercial | disclose PI | -| information | for | for | purpose for | for a | -| (PI)** | details) | details) | PI | business | -| | | | collection\ | purpose\ | -| | | | **(click | **(click | -| | | | for | for | -| | | | details)**\ | details) | -| | | | ** | | -+=============+=============+=============+=============+=============+ -| * | - | - *You* | - | - * | -| Identifiers | *Contact | | *Service | Advertising | -| (general)* | i | - *Third | | | -| | nformation* | party | delivery* | partners* | -| | | | | | -| | - | sources* | - | - | -| | *Profile | | *Research | *Service | -| | i | | & | | -| | nformation* | | d | providers* | -| | | | evelopment* | | -| | | | | | -| | | | - | | -| | | | *Marketing* | | -| | | | | | -| | | | - | | -| | | | *Compliance | | -| | | | & | | -| | | | | | -| | | | Protection* | | -+-------------+-------------+-------------+-------------+-------------+ -| *Commercial | - *Comm | - *You* | - | - | -| I | unications* | | *Service | *Service | -| nformation* | | - *Third | | | -| | - | party | delivery* | providers* | -| | *Marketing | | | | -| | I | sources* | - | | -| | nformation* | | *Research | | -| | | | & | | -| | | | d | | -| | | | evelopment* | | -| | | | | | -| | | | - | | -| | | | *Marketing* | | -| | | | | | -| | | | - | | -| | | | *Compliance | | -| | | | & | | -| | | | | | -| | | | Protection* | | -+-------------+-------------+-------------+-------------+-------------+ -| *Financial | - * | - *Our | - | - | -| I | Transaction | | *Service | *Payment | -| nformation* | i | Customers* | | | -| | nformation* | | delivery* | processors* | -| | | | | | -| | | | - | - | -| | | | *Compliance | *Service | -| | | | & | | -| | | | | providers* | -| | | | Protection* | | -+-------------+-------------+-------------+-------------+-------------+ -| * | - *Device | - *You* | - | - | -| Identifiers | data* | | *Service | *Service | -| (online)* | | - | | | -| | | *Automatic | delivery* | providers* | -| | | | | | -| | | collection* | - *Site | - * | -| | | | | Advertising | -| | | | operation* | | -| | | | | partners* | -| | | | - | | -| | | | *Research | | -| | | | & | | -| | | | d | | -| | | | evelopment* | | -| | | | | | -| | | | - | | -| | | | *Marketing* | | -| | | | | | -| | | | - | | -| | | | *Compliance | | -| | | | & | | -| | | | | | -| | | | Protection* | | -+-------------+-------------+-------------+-------------+-------------+ -| *Internet | - *Online | - | - | - * | -| or Network | | *Automatic | *Service | Advertising | -| I | activity | | | | -| nformation* | data* | collection* | delivery* | partners* | -| | | | | | -| | | | - *Site | - | -| | | | | *Service | -| | | | operation* | | -| | | | | providers* | -| | | | - | | -| | | | *Research | | -| | | | & | | -| | | | d | | -| | | | evelopment* | | -| | | | | | -| | | | - | | -| | | | *Marketing* | | -| | | | | | -| | | | - | | -| | | | *Compliance | | -| | | | & | | -| | | | | | -| | | | Protection* | | -+-------------+-------------+-------------+-------------+-------------+ -| *P | - | - *You* | - | - | -| rofessional | *Contact | | *Service | *Service | -| or | i | - *Third | | | -| Employment | nformation* | party | delivery* | providers* | -| I | | | | | -| nformation* | - | sources* | - | | -| | *Profile | | *Research | | -| | i | | & | | -| | nformation* | | d | | -| | | | evelopment* | | -| | | | | | -| | | | - | | -| | | | *Marketing* | | -| | | | | | -| | | | - | | -| | | | *Compliance | | -| | | | & | | -| | | | | | -| | | | Protection* | | -+-------------+-------------+-------------+-------------+-------------+ -| *Sensory | - *Comm | - *You* | - | - | -| I | unications* | | *Marketing* | *Service | -| nformation* | | | | | -| | | | - | providers* | -| | | | *Compliance | | -| | | | & | | -| | | | | | -| | | | Protection* | | -+-------------+-------------+-------------+-------------+-------------+ -| * | *User | - *Us* | - | - | -| Inferences* | preferences | | *Service | *Service | -| | derived | | | | -| | from any of | | delivery* | providers* | -| | the | | | | -| | information | | - *Site | | -| | listed | | | | -| | above that | | Operation* | | -| | we collect | | | | -| | from | | - | | -| | Customers* | | *Research | | -| | | | & | | -| | | | d | | -| | | | evelopment* | | -| | | | | | -| | | | - | | -| | | | *Marketing* | | -| | | | | | -| | | | - | | -| | | | *Compliance | | -| | | | & | | -| | | | | | -| | | | Protection* | | -+-------------+-------------+-------------+-------------+-------------+ -| We may | | | | | -| further | | | | | -| disclose | | | | | -| each | | | | | -| category of | | | | | -| Personal | | | | | -| Information | | | | | -| to our | | | | | -| affiliates, | | | | | -| to our | | | | | -| p | | | | | -| rofessional | | | | | -| advisors, | | | | | -| in | | | | | -| connection | | | | | -| with our | | | | | -| compliance | | | | | -| and | | | | | -| protection | | | | | -| activities | | | | | -| and in | | | | | -| connection | | | | | -| with | | | | | -| business | | | | | -| transfers | | | | | -| as | | | | | -| described | | | | | -| in the | | | | | -| section | | | | | -| above | | | | | -| entitled | | | | | -| How We | | | | | -| Share Your | | | | | -| Personal | | | | | -| I | | | | | -| nformation. | | | | | -| | | | | | -| This chart | | | | | -| describes | | | | | -| our | | | | | -| practices | | | | | -| as of, and | | | | | -| during the | | | | | -| 12 months | | | | | -| preceding, | | | | | -| the | | | | | -| effective | | | | | -| date of | | | | | -| this | | | | | -| Privacy | | | | | -| Policy. | | | | | -+-------------+-------------+-------------+-------------+-------------+ +| Statutory category of personal information (PI) | PI we collect ([click for details](#Personal-Information-We-Collect)) | Sources of the PI([click for details](#Personal-Information-We-Collect)) | Business/commercial purpose for PI collection ([click for details]((#How-We-Use-Your-Personal-Information))) | Parties to whom we disclose PI for a business purpose ([click for details]((#How-We-Share-Your-Personal-Information)) | +|---|---|---|---|---| +| Identifiers (general) | - Contact information
- Profile information | - You
- Third party sources | - Service delivery
- Research & development
- Marketing
- Compliance & Protection | - Advertising partners
- Service providers | +| Commercial Information | - Communications
- Marketing Information | - You
- Third party sources | - Service delivery
- Research & development
- Marketing
- Compliance & Protection | - Service providers | +| Financial Information | - Transaction information | - Our Customers | - Service delivery
- Compliance & Protection | - Payment processors
- Service providers | +| Identifiers (online) | - Device data | - You
- Automatic collection | - Service delivery
- Site operation
- Research & development
- Marketing
- Compliance & Protection | - Advertising partners
- Service providers | +| Internet or Network Information | Online activity data | Automatic collection | - Service delivery
- Site operation
- Research & development
- Marketing
- Compliance & Protection | - Advertising partners
- Service providers | +| Professional or Employment Information | - Contact information
- Profile information | - You
- Third party sources | - Service delivery
- Research & development
- Marketing
- Compliance & Protection | - Service providers | +| Sensory Information | -Communications | - You | - Marketing
- Compliance & Protection | - Service providers | +| Inferences | User preferences derived from any of the information listed above that we collect from Customers | - Us | - Service delivery
- Site Operation
- Research & development
- Marketing
- Compliance & Protection | - Service providers | + +We may further disclose each category of Personal Information to our affiliates, to our professional advisors, in connection with our compliance and protection activities and in connection with business transfers as described in the section above entitled How We Share Your Personal Information. + +This chart describes our practices as of, and during the 12 months preceding, the effective date of this Privacy Policy. @@ -850,63 +647,14 @@ only where those interests are not overridden by the impact on you permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at [privacy@segment.com](mailto:privacy@segment.com). -+----------------------------------+----------------------------------+ -| **Processing purpose** | **Legal Basis** | -+==================================+==================================+ -| Service delivery | Processing is necessary to | -| | perform the contract governing | -| Site operation | our operation of the Site or the | -| | provision of the Services, or to | -| | take steps that you request | -| | prior to engaging our Services. | -| | Where we cannot process your | -| | personal data as required to | -| | operate the Site or Services on | -| | the grounds of contractual | -| | necessity, we process your | -| | personal information for this | -| | purpose based on our legitimate | -| | interest in providing you with | -| | the Services you access and | -| | request. | -+----------------------------------+----------------------------------+ -| Marketing | Processing is based on your | -| | consent where that consent is | -| | required by applicable law. | -| | Where we rely on your consent | -| | you have the right to withdraw | -| | it any time in the manner | -| | indicated when you consent or in | -| | the Service. Where such consent | -| | is not required by applicable | -| | law, we process your personal | -| | information for these purposes | -| | based on our legitimate | -| | interests in promoting our | -| | business. | -+----------------------------------+----------------------------------+ -| Research & Development | Processing is based on our | -| | legitimate interests in | -| | performing research and | -| | development to improve our | -| | services and develop new | -| | services. | -+----------------------------------+----------------------------------+ -| Compliance & Protection | Processing is necessary to | -| | comply with our legal | -| | obligations or based on our | -| | legitimate interests in | -| | protecting our or others' | -| | rights, privacy, safety or | -| | property. | -+----------------------------------+----------------------------------+ -| Other purposes with your consent | Processing is based on your | -| | consent. Where we rely on your | -| | consent you have the right to | -| | withdraw it anytime in the | -| | manner indicated when you | -| | consent or in the Service. | -+----------------------------------+----------------------------------+ +| **Processing purpose** | **Legal Basis** | +|-------------------------|-------------------| +| Service delivery

Site operation | Processing is necessary to perform the contract governing our operation of the Site or the provision of the Services, or to take steps that you request prior to engaging our Services. Where we cannot process your personal data as required to operate the Site or Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Services you access and request. | +| Marketing | Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business. | +| Research & Development | Processing is based on our legitimate interests in performing research and development to improve our services and develop new services. | +| Compliance & Protection | Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety or property. | +| Other purposes with your consent | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when you consent or in the Service. | + ### Use for new purposes. We may use your personal information for From 7f852afc360dc4df600761590c4a527adcfb51e9 Mon Sep 17 00:00:00 2001 From: Ladan Nasserian Date: Fri, 20 Dec 2019 17:56:12 -0800 Subject: [PATCH 7/7] Add links to chart --- src/legal/privacy.md | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/src/legal/privacy.md b/src/legal/privacy.md index 7f39dec39f..570e68c2bc 100644 --- a/src/legal/privacy.md +++ b/src/legal/privacy.md @@ -189,7 +189,10 @@ let us know if your personal information changes during your relationship with u We use your personal information for the following purposes or as otherwise described to you at the time of collection: -**Service delivery.** We use your personal information to: + + +### Service delivery. +We use your personal information to: - provide, operate, maintain, and improve the Service; @@ -206,7 +209,11 @@ otherwise described to you at the time of collection: - provide support for the Service and respond to your requests, questions and feedback. -**Site operation.** We use your personal information to: + + +### Site operation. + +We use your personal information to: - provide, operate, maintain and improve the Site; @@ -215,8 +222,11 @@ otherwise described to you at the time of collection: - provide support for the Site and respond to your requests, questions and feedback. + + -**Research and development.** We may use your personal information for +### Research and development. +We may use your personal information for research and development purposes, including to analyze and improve the Service and our business and develop other products and services. As part of these activities, we may create aggregated, de-identified or @@ -226,7 +236,10 @@ makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business. -**Marketing.** We and our third party advertising partners may collect and + + +### Marketing. +We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes: - **Direct marketing.** If you request information from us, use the @@ -246,7 +259,10 @@ use your personal information for marketing and advertising purposes: interest-based advertising, in the [Advertising choices](#advertising-choices) section below. -**Compliance and protection.** We may use your personal information to: + + +### Compliance and protection. +We may use your personal information to: - protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims); @@ -263,7 +279,10 @@ use your personal information for marketing and advertising purposes: - comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities. -**Other purposes with your consent.** In some cases we will ask for your + + +### Other purposes with your consent. +In some cases we will ask for your consent to collect, use or share your personal information for other purposes. For example, we may ask for your consent to send you marketing emails where required by law or to post your testimonial or endorsement. @@ -649,11 +668,11 @@ process your personal information, contact us at [privacy@segment.com](mailto:pr | **Processing purpose** | **Legal Basis** | |-------------------------|-------------------| -| Service delivery

Site operation | Processing is necessary to perform the contract governing our operation of the Site or the provision of the Services, or to take steps that you request prior to engaging our Services. Where we cannot process your personal data as required to operate the Site or Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Services you access and request. | -| Marketing | Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business. | -| Research & Development | Processing is based on our legitimate interests in performing research and development to improve our services and develop new services. | -| Compliance & Protection | Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety or property. | -| Other purposes with your consent | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when you consent or in the Service. | +| [Service delivery](#service-delivery)
[Site operation](#site-operation) | Processing is necessary to perform the contract governing our operation of the Site or the provision of the Services, or to take steps that you request prior to engaging our Services. Where we cannot process your personal data as required to operate the Site or Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Services you access and request. | +| [Marketing](#marketing) | Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business. | +| [Research & Development](#research-and-development) | Processing is based on our legitimate interests in performing research and development to improve our services and develop new services. | +| [Compliance & Protection](#compliance-and-protection) | Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety or property. | +| [Other purposes with your consent](#other-purposes) | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when you consent or in the Service. | ### Use for new purposes.