This Privacy Policy is designed to assist you in understanding how we collect, use, and process personal data that we collect on behalf of our customers and their employees when they register to use our Dynamic Signal service platform.
Overview of the Platform
The Dynamic Signal service is a cloud-based Employee Communication and Engagement platform hosted and operated by DySi (the “Platform”) that enables a company or other organization (“Organization”) to communicate with you, other employees and/or individuals authorized (collectively, “Users”) by the Organization to use the Platform.
How it works? An Organization (e.g. your employer) contractually engages DySi to establish a unique instance on our Platform. The Organization’s Platform instance is accessible through a website and a mobile app where Users may view and comment on Organization-related content such as information about products, services, events and other content chosen and posted onto the Platform by the Organization (“Organization content”), and where Users may view such content and potentially share it with other Users or outside the Platform. The Organization can enable the Platform to connect your social media sites with your User account, but only with your express consent, which you may withdraw at any time.
The Organization (e.g. your employer) controls the Platform content and other information collected from you when your account is created and during use of the Service. To that end, we have signed an agreement with your Organization that defines how this information should be used and, we only will use information according to this agreement (the “customer agreement”).
Your Organization also defines the scope of the community in its unique instance of our Platform (a “Community”), and some Organizations opt to include a larger Community beyond their own employees (for example, business partners or alumni). You may request more information on what subgroups are a part of your Community from the Organization you are associated with. Only those in your Community can view other User profiles and feeds on the Organization’s instance of the Platform.
In addition to this Privacy Policy, the Organization making the Platform available to you (e.g. your employer) may provide you with an additional, more specific privacy notice and terms tailored to how our Platform is used by the Organization, their scope, as well as the Organization’s internal policies and practices. We urge you to review any such additional notices and to contact your Organization should you have any questions.
Information Collected
We collect different types of personal data from our Platform. Users and Organizations may provide personal data to us through the Platform in a number of different ways, from registration to communications, or when uploading content within and outside the Platform.
Account registration: Basic account information that you or your Organization provide to us when setting up a user account, consist of your name and corporate email address. Other information includes your language, subscription or notification preferences, privileges assigned in the platform, your role or job title within your organization and dates such as your work anniversary or birthday. Depending on how the Community is configured by the Organization, some of this information may be optional, collected or added at a later date by our organization, or not collected at all.
Other optional information: You may, optionally, choose to provide your mobile phone number (if you desire to enable SMS notifications) and add other information about yourself, such as a photo or birthday, to your profile.
Platform content: You can post, upload and share content through the Platform, comment on others’ posts, and provide other information such as when you fill out a form, respond to a survey, or use the Platform to send emails or other communications. In addition, your Organization can create communications campaigns and share content with you through the Platform. Your Organization may make your contact information available to other Users of your instance of the Platform, through a company phone directory, messaging, or other similar services.
Metrics, maintenance and analytics: When you access or use the Platform, we may collect certain information automatically about your device and your use of the Platform. This will include IP addresses, browser types, log files, and other information regarding your system and connection. We collect information about how you access and use the Platform, such as what pages are viewed, when the profile was registered and what portions of the Platform are used. We also collect metrics related to comments, total posts that you viewed, shared, and submitted, and other activities you conduct through the Platform. This information is collected automatically through the use of various commonly used information-gathering technologies, including cookies and web beacons. Some of these cookies and web beacons can be turned off through your website browser; however, on a mobile device, including our mobile apps, you may not be able to turn them off. For additional information see our Cookie section below.
Information collected from Social Networking Sites (“SNS”): Some Organizations using our Platform provide their Users with the option to link some of the Users’ SNS (e.g. Facebook, Twitter, LinkedIn, etc.) to our Platform. As a User, you will then have the option to link your SNS to our Platform. Once connected, the SNS will send us your user profile (including profile photo, handle name) and analytics information about the posts you share on their platform, such as how many people potentially see a post, the number of responses generated by your content, and information about the activity related to your post (such as the number of likes and shares, but we will not have access to the actual responses or identity of individuals who interact with such content). This information may then be viewable by the Organization. Your SNS profile photo and handle name may also be viewable by other Users in your Community. We do not collect passwords to your SNS, as that information is confirmed by the SNS separate from our Platform. Certain SNS permit sharing without linking to our platform. In these cases, the information collected may be a subset of the above.
Our Platform, by default, does not process sensitive data and you should not provide information regarding an individual’s financial, medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other legally protected sensitive or special categories of data. In specific situations, your Organization, acting in its role as the controller, may direct us to process sensitive data. For more information see our Terms of Use.
Use of Information
The Organization (e.g. your employer) controls the Platform content and other information we collect when providing you access to the Platform. Our agreement with your Organization defines how this information should be used and, we only will use it according to that agreement.
In general, DySi is the processor and your Organization is the controller, which means that our use of your personal data is based upon your Organization’s instructions or as defined in our customer agreement with the Organization. Some examples of these uses, as part of our legitimate interests to provide, operate and maintain the Platform on behalf of the Organization, include:
- To manage the Platform, system administration, and account management. The Platform’s administrative tools allow DySi’s employees involved in the support and maintenance of the Platform to view content in a network in order to troubleshoot specific issues, maintain and improve the Platform or perform other Platform-related functions, or as may be required by law. We also use third party analytics services for our web and mobile applications. We use these services for quality assurance, product interaction analysis, product improvement, and trouble-shooting.
- To process and complete transactions, including billing to a designated contact at an Organization;
- To handle Organization and Users’ inquiries and support requests, and to provide information and access to resources or services that they have requested from us;
- To compile aggregated data about the operation and use of the Platform and to better understand the preferences of Organizations and Users;
- To Conduct Quality-Assurance, and to carry out research and development to improve our products and services;
- To send Organizations and Users communications including technical alerts, reports, updates, security notifications and other service-related communications – according to their notifications preferences;
- To our relevant business contacts at your Organization, such as the Platform systems administrator or designated contact person (but not to general Users), which may also include marketing messages related to new product features, promotions or other information about our products or services; however you can opt-out of receiving these communications at any time;
- To investigate and prevent fraud, unauthorized access or use of the Platform, breaches of terms and policies, and other wrongful behavior;
- To enforce our agreements, and as required by applicable law.
When you download and use our mobile app to access the Platform, we and our service providers may track and collect app usage data, such as the date and time the app on your device accesses our servers and what information and files have been downloaded to the app based on your device number.In addition, your Organization’s specific privacy policy (if one exists) will determine how information collected through the Platform may be used.
Information We Share
We will only share and disclose your information according to the Organization’s (e.g. your employer’s) instructions or in furtherance of your request, for instance when you decide to share information within or outside the Platform. Examples include:
- With your Organization (e.g. your employer) and according to their instructions. We will share information collected with your Organization (e.g. your employer) or other entities, according to their instructions, and the customer agreement signed with us. In most instances this will include information you choose to actively provide (such as a comment to a posted article) and certain general broad-based usage analytics, if requested by your Organization. If you choose to link your SNS to our Platform your Organization will have access to your profile information and analytics related to your shares and posts.
- With other Users within and outside the Platform: if you choose to submit comments, post or upload content, you will share this content with others within your Community. You can also decide to share this information outside the Platform with a wider audience, for instance when you share this information through your Social Networking Site (SNS) – e.g. Facebook, Linkedin, Twitter, etc. When you choose to link your SNS to our Platform some information from your SNS (e.g. profile photo and handle name) will also be viewable by other Users within your Community.
- Within the DySi group of companies, for the purposes outlined in this Policy. For clarity, DySi is based in California, USA and has one wholly-owned subsidiary in the U.K, but may include other offices that may be established in the future.
- To vendors and other third-party service providers who may have access to your personal data to assist in the provision of the Platform service and other business-related functions such as cloud storage, mobile phone push data, email provisioning and usage analytics.
- To law enforcement authorities, government agencies, or judicial courts. We may be required to disclose personal data that we handle in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, in connection with the sale, transfer, merger, bankruptcy, restructuring or other reorganization of our business; to protect or defend our rights, interests or property, or that of third parties; to investigate any wrongdoing in connection with the Website, our Platform or our services; in connection with a subpoena, warrant, discovery or other legal order; or to protect the vital interests of an individual.
With your consent. We may share other information with third parties when we have your consent to do so.
Third Party Websites and Services
Our Platform may contain links to other websites and services that are outside our control and are not covered by this Policy.
There will be postings of articles and other information by your Organization or other Users on the Platform. We are not responsible for the content, security or privacy practices employed by other websites or services. If you access other websites or services using the links provided, or interact with your SNS the operators of these websites and services may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours. If you do not wish these third parties to process your personal data, please do not click on these links or access these services or contact your Organization. We are not responsible for the content, security or privacy practices employed by other websites or services.
Our Security
We are committed to process your data in a secure manner, by putting in place specific technical and organizational measures to prevent the personal data we hold being accidentally or deliberately compromised.
We conduct information risk assessments and we ensure that our staff understands the importance of protecting personal data. We include both physical security and IT security in our overall data security approach. We are diligent in selecting vendors that process personal data on our behalf so that they also ensure appropriate technical and organizational measures to protect the data. We also integrate privacy in the design of our projects that involve the use of personal data to secure the information and implement the aforementioned principles.
We will provide support to Organizations in their duty to notify Users and regulatory authorities, as required by law, when personal data has been stolen, disclosed, altered or infringed by an unauthorized person. If you have questions or concerns regarding this policy or if you are aware of a potential breach, please contact us.
Information About International Transfers
When using the platform your personal data may be stored and processed by us in the United States. To provide appropriate safeguards for personal data we receive from the European Economic Area (EEA), United Kingdom (UK), and Switzerland, we are certified under the Privacy Shield framework.
Currently our primary production data center is located in the United States. We also currently operate a data center in the Netherlands for those customers that specifically chose the use of that location. Our staff that oversee, manage, and support those data centers (including having access to the data) are located primarily in the United States.
For personal data we receive from the EEA, UK and/or Switzerland, DySi has self-certified with the U.S. Department of Commerce under the U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
DySi acknowledges its commitment to comply with the EU – U.S. and Swiss – U.S. Privacy Shield Principles (“Principles”) for all Personal Data received from the EU, UK, or Switzerland in reliance on the Privacy Shield. DySi will collect, use, and disclose Personal Data received from the EU, UK, or Switzerland only in accordance with this Privacy Policy and the Principles, or as required by law. For Purposes of Privacy Shield compliance enforcement, DySi acknowledges that it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC). DySi also complies with the Privacy Shield Principle regarding liability for onward transfers. To learn more about the Privacy Shield program, and to view DySi’s certification, please visit https://www.privacyshield.gov.
If you are one of our customers and the use of our Platform requires DySi to process personal data falling within the scope of the EU General Data Protection Regulation (GDPR), DySi’s Data Processing Addendum is available for review here.
Your Choices
If you are located in the EEA, UK, or Switzerland you have certain privacy rights recognized under the General Data Protection Regulation (GDPR), for instance the right to request access to information, rectification, or erasure.
This section explains how DySi assists your Organization (e.g. your employer) in fulfilling your privacy rights established under the General Data Protection Regulation (GDPR). We only complete the actions below when they are approved by your Organization.
Your Organization (e.g. your employer) controls the information collected when you interact with the Platform, and accordingly is the entity responsible for attending to your data privacy rights and defining the legal grounds for the processing. To that end your Organization will provide you with its specific privacy policy defining what are your choices and how you can exercise your rights. Once your Organization approves your request, we will support in completing the following actions:
Right to access and correct your personal data: You and your Organization (e.g. your employer) may access, or correct, information you have uploaded to the Platform by using the tools within the Platform. If you do not see the tools within the Platform, you should contact your Organization directly. Changes on the Platform take immediate effect on your specific network, but data will be retained by us in our backup systems for a commercially reasonable amount of time, typically 90 days.
Account closure and right of erasure: If you would like to stop using the Platform, you should contact your Organization (e.g. your employer). Similarly, if you stop working for or with the Organization, the Organization may suspend your User account and/or delete any information associated with your User account according to its privacy policy. In addition, you can also request to your Organization:
- Account closure and delete identifiable information: In general, account closure means that your name and other identifiable information (including your photo, if provided) will be deleted and not available to us, your Organization or other Users of the platform – your name will be changed to an “anonymous user”. Your comments and posts will not be deleted, but those will no longer be linked to you.
- Deletion of content: Please note that content you create and share is owned by your Organization and may remain on the Platform and be accessible even if your Organization deactivates or terminates your account. In this way, content you provide on the service is similar to other types of content (such as presentations or memos) that you may generate in the course of your work. Note that we cannot manage or delete posts or comments that you or other Users shared or published outside the Platform, using Social Network Sites.
Information viewable by Users within the Platform will be deleted within 30 days upon receiving your request, in any case complete removal of data stored on our backup systems, will happen in a commercially reasonable period of time, typically 90 days.
Right of objection and restriction: You have the opportunity to elect whether you would like to receive certain correspondences from us or opt out of DySi’s promotional emails. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your relationship, transactions, and communications related to the Platform, unless your account is deleted.
Other choices: The Platform offers different options that are initially determined by the Organization (e.g., your employer), for instance, your comments on the Platform may be first reviewed by your Organization before those are published on the Platform or the possibility to share content outside the Platform, using your Social Networking Sites (e.g. Facebook, YouTube, Twitter, Linkedin) may be active or not. Your Organization will facilitate you its privacy policy defining your different choices and rights.
Dispute Resolution Procedure
If you or your organization believes that we do are not complying with our privacy policy, or have any issue or concern you can submit a complaint with us and we will respond to you within 45 days. To that end please contact us in writing and provide your identification and contact details, name or domain of your Organization and a complete explanation of your concern.
In compliance with the Privacy Shield Principles, Dynamic Signal, Inc. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Dynamic Signal at privacy@firstup.com
Data Retention
We will retain information collected according to the Organization’s (e.g. your employer’s) instructions, and as required by applicable law.
Upon termination of our contractual relationship with your Organization, we will delete all personal data stored in our servers and backups within 90 days. If you stop working for or with the Organization, the Organization may suspend your User account and/or delete any information associated with your User account, in accordance with such Organization’s own data retention policy. See Account closure and right of erasure for more information.
California Privacy Rights
The California Consumer Privacy Act, (Cal. Civ. Code § 1789.100 et seq., “CCPA”) gives California residents certain data rights, with regard to how their personal information is collected and used. Dynamic Signal upholds the requirements of the CCPA for California residents including (and in addition to the descriptions of how we handle your data described elsewhere in this Policy) the following:
- We do not sell personal data to third parties as contemplated by the CCPA. As such, we do not provide an opt-out mechanism.
- We do not distinguish different levels of service or cost based on an individual’s exercise of their right to opt-out or delete data.
- We generally collect, use, and disclose personal information at the instruction of either the Organization or the individual themselves. All other exceptional collection, use, and disclosure is pursuant to what is permitted under the law.
- We provide you with access to and right to delete your personal information as described under Your Choices.
We are committed to collecting and processing personal data responsibly and in compliance with the applicable data protection laws in all countries in which we do business. Our goal is to apply data protection standards established on the basis of internationally accepted data protection principles supporting an effective protection of personal data we process. In addition to upholding your rights set forth under the GDPR and CCPA, we will consider other applicable data privacy laws and comply where necessary. We reserve the right to evaluate any request against the governing data privacy law.
Children
The Platform is not directed at children under the age of 18. We do not knowingly solicit or collect personal data from children under the age of 18.
Cookies
The Platform uses technologies such as cookies in order to properly function and for analytical purposes.
Cookies are small data files that are placed on your computer or mobile device when you visit a website or use online services. Cookies are widely used by website owners to make their websites and services work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner (in this case, DySi) are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.
We use first party and third-party cookies for several reasons. Some cookies are required for technical reasons for our Platform to operate, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies enable us to enhance the experience on our Platform. Third parties serve cookies through our Platform for analytics, performance and functionality. The specific types of first and third-party cookies and the purposes they perform are described in the table below:
Cookies: DySi Platform | Who Serves These Cookies | How to Refuse |
Essential cookiesThese cookies are strictly necessary to provide you with services available through our Website and Service and to use some of their features, such as the ability to sign in and access to secure areas. | DySi Platform | These cookies are strictly necessary to deliver the Website and Service so you cannot refuse them. |
Performance and functionality cookiesThese cookies are used to enhance the performance and functionality of our Service but are non-essential to their use (e.g. collecting performance and error data, enabling customer support for users, enabling localized times/dates). | Google Analytics | To refuse these cookies, please follow the instructions below this chart.For more information please click on the relevant link of each provider: https://tools.google.com/dlpage/gaoptout |
Analytics cookiesThese cookies collect information that is used either in aggregate form to help us understand how our Website and Service are being used or how effective our marketing campaigns are, or to help us improve user experience. | AdRoll Bizible Google Doubleclick Adobe Marketo Engage SAP Jam | To refuse these cookies, please follow the instructions below this chart.For more information please click on the relevant link of each provider: Adroll: https://help.adroll.com/hc/en-us/categories/360000418152-Privacy-and-Security Bizible: https://www.bizible.com/privacy-policy Google Doubleclick: https://policies.google.com/privacy?hl=en-US Adobe Marketo Engage: https://www.adobe.com/privacy/policy.html SAP Jam: https://cloudplatform.sap.com/content/sapjam/website/sap-jam-privacy-statement.html |
Social networking cookiesThese cookies are used to enable you to share pages and content that you find interesting on our Website through third party social networking and other websites. The choices of which social networks to use are solely decided by our customers. However, Facebook, Twitter, and LinkedIn are the most popular choices. | Blogger Tumblr YouTube Based on the options of a customer | To refuse these cookies, please follow the instructions below this chart.For more information please click on the relevant link of each provider: Blogger: https://www.privacypolicies.com/blog/privacy-policy-blogger-blogspot/ Facebook: https://www.facebook.com/ads/settings LinkedIn: https://www.linkedin.com/psettings/guest-controls Tumblr: https://www.tumblr.com/privacy Twitter: https://twitter.com/personalization Weibo: https://m.weibo.cn/page/647?entry=client YouTube: https://policies.google.com/privacy In addition, you can exercise advertising cookie choices by visiting any of: http://www.aboutads.info/choices/ http://www.networkadvertising.org/choices/ http://youronlinechoices.com/ |
You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences by clicking on the appropriate opt-out links provided in the cookie table above. You can set or amend your web browser controls to accept or refuse first-party and/or third-party cookies. If you choose to reject cookies, you may still use our Platform though your access to some functionality and areas of our site may be restricted.
The means by which you can refuse cookies through your web browser controls vary from browser-to-browser. Therefore, you should visit your browser’s help menu for more information. Here are the current relevant information pages for the main browsers:
- Microsoft Internet Explorer: http://www.microsoft.com/info/cookies.htm
- Google Chrome: https://support.google.com/accounts/answer/61416
- Mozilla Firefox: http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
- Apple Safari: Blocks cookies by default and accepts cookies only from your current domain. To change, click Safari, Preferences, Security, and choose your preference.
We gather certain information automatically to analyze trends in the aggregate and administer the Platform. This information may include your Internet Protocol (IP) address, device identification, your browser header (browser type, operating system and related information), and other items that correlates to your IP address, including but not limited to location, Internet service provider, and mobile carrier. We use this information to record the pages and files you view and the actions you take on the Platform. We also use this information to analyze overall usage trends and to improve the Platform.
Web Storage (aka local storage, DOM storage, Flash Cookies, website data) may be used on our website in a similar manner to cookies (for example, to enhance your experience by and storing your user preferences and settings). You can manage these settings via your browser’s settings, similar to cookies.
To communicate with our Data Protection Officer, please email privacy@firstup.com.