Privacy and Security Policy
1. Overview and Scope
2. Types of Information We Collect
2.1 Account Information
When you create or establish an account for the Services, we collect and store information about you based on information you or your company may provide, which may include personally identifiable information, such as your name, date of birth, job title, work email address, office location, office phone number, your company department or organization, your manager’s name, a unique identifier, employment dates, profile picture, user name, password, and any other information that may identify you individually (collectively, your “Personal Information”). We use this information to set up your account, to give you the appropriate access and permissions, to communicate with you regarding your account, and otherwise for the provision of the Services. We may also use your email address to send you updates in connection with the Services or Reflektive. You may change your account information and notification settings by contacting your company administrator for the Services.
2.2 Hosted Data
When you log in to, use and interact with, the Services, we may collect and store any information or content that you post, upload, store, display, transmit, or submit on or through the Services, as a function of providing the Services (collectively, “Hosted Data”). Reflektive is a passive recipient and takes no active part in collecting or storing Hosted Data. Except in extraordinary cases or to the extent necessary to render the Services to you, Reflektive does not purposefully access any Hosted Data. For example, if you submit a review of another User, the Services passively processes and stores such User review for the purpose of rendering the Services, and Reflektive only accesses such information to the extent necessary to provide the Services and any related support for the Services. You acknowledge and agree we may collect, access, and disclose Hosted Data, which may include Personal Information disclosed by you or another User, to facilitate the provision of Services and any related support for the Services. While in some cases you can make certain information private to specific Users, by default most information is public to other Users inside your company using the Services. You are solely responsible for all information you post, upload, store, display, transmit, or submit on the Services, including Personal Information, and the consequences thereof. Reflektive is not responsible and will not be liable for the information you disclose while using the Services.
2.3 Third Party Integrations
When you integrate the Services with third party applications (e.g., Slack, Jira, etc.) (“Third Party Integrations”), we may receive, collect, and store information regarding your credentials for and use of the applicable third party application, such as your user name, your unique identifier, your information made available with permissions by such Third Party Integration (e.g., gender, age range, language, geographic region, etc.), and related metadata.
2.4 Third Party Authenticators
If you log in to the Services using a third party sign in provider to authenticate your account for the Services (e.g., Google Sign-In and OneLogin) (“Third Party Authenticators”), we may receive, collect, and store information regarding your credentials for the applicable Third Party Authenticator, such as your log-in, your user name, your email, your unique identifier, profile picture, and other information transmitted from or made available with permissions by such Third Party Authenticator.
2.5 Syncing Information
Reflektive makes other tools available to sync information with the Services, and may also develop additional features that allow you to sync information stored via third party services used by you or your company (each a “Sync Platform”). For example, the Services may allow you or your company to sync your Services account (and all information related thereto) to your company’s human capital management platform (e.g., Workday’s Human Capital Management platform, Oracle’s PeopleSoft Human Capital Management platform, etc.). If you integrate your Services account with a Sync Platform, we will receive, collect, and store information, including Personal Information, from the Sync Platform for the purpose of importing such information requested by the Customer for use on the Services.
2.6 Technical Data
Reflektive may collect and use technical data, such as information about your device, operating system, application software, and peripherals (collectively, “Technical Data”). We collect and useTechnical Data to facilitate software updates, provide support, and continuously make improvements to the Services and our business. We do not collect Personal Information with any Technical Data or relate any Technical Data to an individual User. Reflektive may also aggregate the metadata and usage data of the Services, including Hosted Data, so that the resulting data and statistics are not personally identifiable to any individual User (“Aggregated Anonymous Data”). We may collect and use Aggregated Anonymous Data (i) for our own internal statistical analysis, (ii) to develop and improve the Services, (iii) to research trends and create predictive analysis; and (iv) to create and distribute reports and other materials regarding use of the Services.
2.7 Sensitive Personal Information
Reflektive does not intentionally collect or maintain, and we request that you do not post, upload, store, display, transmit, or submit Sensitive Personal Information on or through the Services. “Sensitive Personal Information” includes, but is not limited to, government-issued identification numbers, financial account numbers, credit or debit card numbers, consumer reports, background checks, biometric data, any code or password that could be used to gain access to personal accounts, or any information specifying medical and health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of an individual. You acknowledge and agree that you will not post, upload, store, display, transmit, or submit any Sensitive Personal Information on or through the Services. You are solely responsible for all information you post, upload, store, display, transmit, or submit on the Services, including Sensitive Personal Information, and the consequences thereof. Reflektive is not responsible for and will not be liable to you or another individual for any loss or damages you or another individual may experience due to your disclosure of Sensitive Personal Information while using the Services.
3. How We Collect Information
When you use and interact with the Services, any information that you post, upload, store, display, transmit, or submit on or through the Services will be collected and stored through your direct interactions with the Services as Hosted Data. For example, we collect information when you post online comments or feedback via the Services, and this information is available to other Users accessing the Services in your company. When you contact Reflektive, by email, written correspondence, telephone calls, web based forms, or otherwise, any information that you provide in such forum may also be collected and stored in the general business practices of Reflektive and to facilitate the provision of Services and any related support for the Services.
When you use and interact with the Services, we may use “cookies” or other similar technologies to collect information related to your access to or use of the Services, which may be used to help with authentication/login, provide analytics, identify your preferences, and otherwise monitor the functionality of and improve the Services. A cookie is a small piece of information that a website can store on your device for later retrieval. We may place a cookie on your hard drive or in “local storage”, a feature of your browser, to retain information locally regarding your usage. If you do not wish to have cookies placed on your computer or in local storage, you may adjust your web browser settings accordingly. Most browsers are initially set to accept cookies. If you prefer, you can set your browser to block cookies or to alert you when cookies are sent. Please be aware that restricting cookies may impede your ability to use the Services or certain features of the Services.
3.3 Log Files
Like most web-based services, Reflektive uses log files on the server side. The data held in log files may include your IP address, browser type, e-mail application, Internet service provider (ISP), referring/exit websites, computer platform type, operating system, date/time stamp, and user activity. We use server log data to analyze trends and to administer and manage the Services. The software enabling the Services has associated log and temporary files that are stored on Reflektive controlled servers. These files may store your account information, preference settings, system notifications, and other data necessary to enable you to use the Services. Your information may also exist within regularly performed server backups.
4. How We Use and Disclose Information
4.1 Limitations of Use and Disclosure
Reflektive may, in our sole discretion, disclose your Personal Information: (1) to your company, (2) to our employees and contractors to the extent necessary to provide the Services; (3) to third parties for whom you have expressly consented to disclosure, (4) to ensure compliance with and enforce the Use Agreements and/or any other contractual or legal obligations with respect to use of the Services; (5) to ensure compliance with laws and enforce third party rights, including intellectual property rights; (6) to protect your safety and security; (7) to protect the safety and security of Reflektive, our employees, agents, and contractors, and our property; and (8) to those involved in business activities of Reflektive such as investments, mergers, acquisitions, debt financing, divestures, bankruptcy, sale or transfer of all or part of Reflektive’s assets, or any other transaction in which data could be transferred to third parties as part of Reflektive’s business assets. We may also disclose your Personal Information if required by law, such as to comply with a subpoena, court order, or other lawful process, or in response to a lawful request by public authorities to meet national security or law enforcement requirements.
4.2 International Transfer of Information Collected
4.3 Onward Transfer of Personal Information
4.4 Third Party Websites
Reflektive will retain your information, including Personal Information, for as long as your account is active, or to the extent necessary to provide your company with the Services, to comply with and enforce our agreements, or as otherwise required or permitted by law.
5. Security Measures
We take your privacy and data security very seriously and strive to maintain the security of all Personal Information. Reflektive maintains appropriate physical, technical, and administrative safeguards to protect against loss, misuse, and unauthorized access, use, disclosure, modification, or destruction of Personal Information and Hosted Data in our custody and control. However, no website or transmission of information over the internet or common carrier lines is guaranteed to be completely secure, and we cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur.
Reflektive servers are managed and located at third party Infrastructure-as-a-Service (IAAS) provider, and we have taken commercially reasonable steps to choose a qualified IAAS provider or providers who operate according to industry standard terms of service and data security protocols. Reflektive uses commercially reasonable efforts to store and encrypt Personal Information in a secure location, encrypt passwords, and utilize a minimum of 128-bit Secure Socket Layer (SSL) certificates to protect transactions to and from the Services.
You will access and use the Services via a registered user account, which is also protected by a password for your privacy and security. You are responsible and liable for safeguarding your account and password that you use to access the Services, and for all activities or actions that occur under your account. You should take measures to prevent unauthorized access to your account and your information by selecting and protecting your password appropriately and limiting access to your computer (or other device) and browser by signing off after you have finished accessing your account. If you choose to authenticate your account through a Third Party Authenticator, you understand that the security and privacy of your account is subject to the policies of such Third Party Authenticator and we have no liability for the applicable Third Party Authenticator’s security and privacy practices.
6. Access to Personal Information
7. Children and COPPA Compliance
The Services are not directed to and/or intended for children under the age of 13. Reflektive does not intentionally collect Personal Information from children under the age of 13. In the event we discover we have inadvertently collected any Personal Information from a child under 13 years of age, Reflektive will take the appropriate steps to delete this Personal Information, or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”).
8. Your California Privacy Rights.
Reflektive does not disclose Personal Information to third parties for any third parties’ direct marketing purposes, unless the Customer or User affirmatively agrees to such disclosure. Since Reflektive provides its California Users with notice of its rights as described above, pursuant to Section 1798.83(c)(2) of the California Civil Code, Reflektive is in compliance with California’s “Shine the Light” law and is not obligated to provide California Users with the names and addresses of all the third parties that received Personal Information from Reflektive for the third parties’ direct marketing purposes during the preceding calendar year.
9. EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Reflektive has further committed to refer unresolved Privacy Shield-related complaints to JAMS, an independent dispute resolution provider located in the United States. If you do not receive a timely acknowledgement of your Privacy Shield-related complaint from Reflektive, or if we have not satisfactorily resolved your complaint or addressed your concern, please contact JAMS to file your complaint, at no cost to you. To contact JAMS and/or learn more about JAMS dispute resolution services, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/eu-us-privacy-shield. Under certain limited situations, as a last resort, you may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
Personal Information in the context of the employment relationship is subject to internal human resource policies. Reflektive commits to cooperate with the panel established by the European Union data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, and comply with the advice given by such authorities with regard to human resources data transferred from the European Union member states and Switzerland in the context of an employment relationship as set forth in the Privacy Shield Principles.
12. Contact Reflektive
Reflektive can be contacted at:
123 Townsend Street, 3rd Floor
San Francisco, CA, 94107