Privacy and Security Policy

Reflektive, Inc. (“Reflektive”) is committed to protect the privacy of individuals who visit the Reflektive websites (“Visitors”), companies that subscribe to and/or license the Reflektive Services (“Customers”), and individuals who access or use the Reflektive Services on a Customer’s account (“Users”). For purposes of this Privacy and Security Policy (“Privacy Policy”), the terms “we”, “us”, or “our” refer to Reflektive; the terms “you” and “your” refer to Visitors, Customers, and Users, individually and collectively; and the term “your company” refers to the applicable Customer with respect to a specific User.

1. Overview and Scope

Reflektive provides modern cloud-based performance management tools for businesses delivered through a web portal accessible in modern browsers. This Privacy Policy applies to any access to or use of the Reflektive website located at http://www.reflektive.com, related Reflektive websites and domains, Reflektive’s web and mobile applications, and any of the products or services owned, operated, or controlled by Reflektive, including without limitation, the Reflektive Software Suite (collectively, the “Services”). For purposes of this Privacy Policy, the “Reflektive Software Suite” consists of (1) Reflektive Real-Time Feedback and Recognition, (2) Reflektive Performance Reviews, (3) Reflektive 360 Reviews, (4) Reflektive Engagement Polling & Analytics, (5) Reflektive Goal Management & Goal Check-Ins, and (6) any other Reflektive technology whether now in existence or hereinafter devised. The Services are designed to be used by Customers and their employees, managers, and human resources administrators (each, a User) throughout the year to measure and manage performance.

This Privacy Policy describes Reflektive’s privacy practices with respect to the Services, such as what information we may collect, how we may collect this information, how we may use and disclose this information, who we might share this information with, what security measures are utilized to secure this information, and how to contact us with any inquiries related to your information. This Privacy Policy is incorporated into and subject to the terms of any Master Subscription and License Agreement or other agreement entered into between Reflektive and the Customer (collectively, the “Use Agreements”).

By visiting any of our WEBSites and/or by ACCESSING OR using our Services in any manner, you are accepting the practices described in this PRIVACY Policy and expressly consent to our collection, use, and disclosure of all information transmitted or otherwise received by us (including all personal information, AS DEFINED HEREIN) FOR THE PURPOSES AND in the manner described in this PRIVACY Policy AND THE APPLICABLE USE AGREEMENTS BETWEEN REFLEKTIVE AND YOUR COMPANY WHICH IS APPLICABLE TO YOUR USE OF THE SERVICES.

2. Types of Information We Collect

2.1 Account Information

When you create or establish an account for the Services, we collect and store information about you based on information you or your company may provide, which may include personally identifiable information, such as your name, date of birth, job title, work email address, office location, office phone number, your company department or organization, your manager’s name, a unique identifier, employment dates, profile picture, user name, password, and any other information that may identify you individually (collectively, your “Personal Information”). We use this information to set up your account, to give you the appropriate access and permissions, to communicate with you regarding your account, and otherwise for the provision of the Services. We may also use your email address to send you updates in connection with the Services or Reflektive. You may change your account information and notification settings by contacting your company administrator for the Services.

2.2 Hosted Data

When you log in to, use and interact with, the Services, we may collect and store any information or content that you post, upload, store, display, transmit, or submit on or through the Services, as a function of providing the Services (collectively, “Hosted Data”). Reflektive is a passive recipient and takes no active part in collecting or storing Hosted Data. Except in extraordinary cases or to the extent necessary to render the Services to you, Reflektive does not purposefully access any Hosted Data. For example, if you submit a review of another User, the Services passively processes and stores such User review for the purpose of rendering the Services, and Reflektive only accesses such information to the extent necessary to provide the Services and any related support for the Services. You acknowledge and agree we may collect, access, and disclose Hosted Data, which may include Personal Information disclosed by you or another User, to facilitate the provision of Services and any related support for the Services. While in some cases you can make certain information private to specific Users, by default most information is public to other Users inside your company using the Services. You are solely responsible for all information you post, upload, store, display, transmit, or submit on the Services, including Personal Information, and the consequences thereof. Reflektive is not responsible and will not be liable for the information you disclose while using the Services.

2.3 Third Party Integrations

When you integrate the Services with third party applications (e.g., Slack, Jira, etc.) (“Third Party Integrations”), we may receive, collect, and store information regarding your credentials for and use of the applicable third party application, such as your user name, your unique identifier, your information made available with permissions by such Third Party Integration (e.g., gender, age range, language, geographic region, etc.), and related metadata.

2.4 Third Party Authenticators

If you log in to the Services using a third party sign in provider to authenticate your account for the Services (e.g., Google Sign-In and OneLogin) (“Third Party Authenticators”), we may receive, collect, and store information regarding your credentials for the applicable Third Party Authenticator, such as your log-in, your user name, your email, your unique identifier, profile picture, and other information transmitted from or made available with permissions by such Third Party Authenticator.

2.5 Syncing Information

Reflektive makes other tools available to sync information with the Services, and may also develop additional features that allow you to sync information stored via third party services used by you or your company (each a “Sync Platform”). For example, the Services may allow you or your company to sync your Services account (and all information related thereto) to your company’s human capital management platform (e.g., Workday’s Human Capital Management platform, Oracle’s PeopleSoft Human Capital Management platform, etc.). If you integrate your Services account with a Sync Platform, we will receive, collect, and store information, including Personal Information, from the Sync Platform for the purpose of importing such information requested by the Customer for use on the Services.

2.6 Technical Data

Reflektive may collect and use technical data, such as information about your device, operating system, application software, and peripherals (collectively, “Technical Data”). We collect and useTechnical Data to facilitate software updates, provide support, and continuously make improvements to the Services and our business. We do not collect Personal Information with any Technical Data or relate any Technical Data to an individual User. Reflektive may also aggregate the metadata and usage data of the Services, including Hosted Data, so that the resulting data and statistics are not personally identifiable to any individual User (“Aggregated Anonymous Data”). We may collect and use Aggregated Anonymous Data (i) for our own internal statistical analysis, (ii) to develop and improve the Services, (iii) to research trends and create predictive analysis; and (iv) to create and distribute reports and other materials regarding use of the Services.

2.7 Sensitive Personal Information

Reflektive does not intentionally collect or maintain, and we request that you do not post, upload, store, display, transmit, or submit Sensitive Personal Information on or through the Services. “Sensitive Personal Information” includes, but is not limited to, government-issued identification numbers, financial account numbers, credit or debit card numbers, consumer reports, background checks, biometric data, any code or password that could be used to gain access to personal accounts, or any information specifying medical and health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of an individual. You acknowledge and agree that you will not post, upload, store, display, transmit, or submit any Sensitive Personal Information on or through the Services. You are solely responsible for all information you post, upload, store, display, transmit, or submit on the Services, including Sensitive Personal Information, and the consequences thereof. Reflektive is not responsible for and will not be liable to you or another individual for any loss or damages you or another individual may experience due to your disclosure of Sensitive Personal Information while using the Services.

3. How We Collect Information

3.1 Usage

When you use and interact with the Services, any information that you post, upload, store, display, transmit, or submit on or through the Services will be collected and stored through your direct interactions with the Services as Hosted Data. For example, we collect information when you post online comments or feedback via the Services, and this information is available to other Users accessing the Services in your company. When you contact Reflektive, by email, written correspondence, telephone calls, web based forms, or otherwise, any information that you provide in such forum may also be collected and stored in the general business practices of Reflektive and to facilitate the provision of Services and any related support for the Services.

3.2 Cookies

When you use and interact with the Services, we may use “cookies” or other similar technologies to collect information related to your access to or use of the Services, which may be used to help with authentication/login, provide analytics, identify your preferences, and otherwise monitor the functionality of and improve the Services. A cookie is a small piece of information that a website can store on your device for later retrieval. We may place a cookie on your hard drive or in “local storage”, a feature of your browser, to retain information locally regarding your usage. If you do not wish to have cookies placed on your computer or in local storage, you may adjust your web browser settings accordingly. Most browsers are initially set to accept cookies. If you prefer, you can set your browser to block cookies or to alert you when cookies are sent. Please be aware that restricting cookies may impede your ability to use the Services or certain features of the Services.

3.3 Log Files

Like most web-based services, Reflektive uses log files on the server side. The data held in log files may include your IP address, browser type, e-mail application, Internet service provider (ISP), referring/exit websites, computer platform type, operating system, date/time stamp, and user activity. We use server log data to analyze trends and to administer and manage the Services. The software enabling the Services has associated log and temporary files that are stored on Reflektive controlled servers. These files may store your account information, preference settings, system notifications, and other data necessary to enable you to use the Services. Your information may also exist within regularly performed server backups.

4. How We Use and Disclose Information

4.1 Limitations of Use and Disclosure

Reflektive will not sell or rent your Personal Information to any third party. Except as described in this Privacy Policy or the applicable Use Agreement, Reflektive will not use or disclose your Personal Information for any purpose, other than to the extent necessary to perform the Services, unless you expressly opt-in to any other use.

Reflektive may, in our sole discretion, disclose your Personal Information: (1) to your company, (2) to our employees and contractors to the extent necessary to provide the Services; (3) to third parties for whom you have expressly consented to disclosure, (4) to ensure compliance with and enforce the Use Agreements and/or any other contractual or legal obligations with respect to use of the Services; (5) to ensure compliance with laws and enforce third party rights, including intellectual property rights; (6) to protect your safety and security; (7) to protect the safety and security of Reflektive, our employees, agents, and contractors, and our property; and (8) to those involved in business activities of Reflektive such as investments, mergers, acquisitions, debt financing, divestures, bankruptcy, sale or transfer of all or part of Reflektive’s assets, or any other transaction in which data could be transferred to third parties as part of Reflektive’s business assets. We may also disclose your Personal Information if required by law, such as to comply with a subpoena, court order, or other lawful process, or in response to a lawful request by public authorities to meet national security or law enforcement requirements.

4.2 International Transfer of Information Collected

Reflektive primarily stores data in connection with the Services in the United States. However, the Services are global and all data, including Personal Information, may be stored and processed in any country where we have operations or where we engage service providers. We may transfer data, including Personal Information, to countries outside of your country of residence, which may have data protection rules that are different from those of your country. We will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Information remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.

4.3 Onward Transfer of Personal Information

Reflektive may share your Personal Information with agents, contractors, or third party service providers (e.g., email services, cloud computing services, data storage and processing facilities) to the limited extent necessary to let them perform business functions and services for us or on our behalf in connection with the provision of the Services; provided that such agents, contractors, and service providers process information in a manner consistent with this Privacy Policy and are not permitted to use such Personal Information for any other purpose. With respect to Personal Information of European Union and Swiss individuals received by Reflektive pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, Reflektive may be liable for onward transfers to third parties, unless Reflektive proves that it is not responsible for the event giving rise to the damage.

4.4 Third Party Websites

While using the Services, you may be directed to a third party website, such as Third Party Integrations, Third Party Authenticators, or other links or references, which may take you to that third party website. Once you have left the Services, this Privacy Policy will no longer apply to you or any other data collected from or provided by you, including Personal Information, and you will be subject to that third party website’s privacy policy (and such other terms and conditions). You should review such third party website’s terms to determine how your data will be used.

4.5 Retention

Reflektive will retain your information, including Personal Information, for as long as your account is active, or to the extent necessary to provide your company with the Services, to comply with and enforce our agreements, or as otherwise required or permitted by law.

5. Security Measures

We take your privacy and data security very seriously and strive to maintain the security of all Personal Information. Reflektive maintains appropriate physical, technical, and administrative safeguards to protect against loss, misuse, and unauthorized access, use, disclosure, modification, or destruction of Personal Information and Hosted Data in our custody and control. However, no website or transmission of information over the internet or common carrier lines is guaranteed to be completely secure, and we cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur.

Reflektive servers are managed and located at third party Infrastructure-as-a-Service (IAAS) provider, and we have taken commercially reasonable steps to choose a qualified IAAS provider or providers who operate according to industry standard terms of service and data security protocols. Reflektive uses commercially reasonable efforts to store and encrypt Personal Information in a secure location, encrypt passwords, and utilize a minimum of 128-bit Secure Socket Layer (SSL) certificates to protect transactions to and from the Services.

You will access and use the Services via a registered user account, which is also protected by a password for your privacy and security. You are responsible and liable for safeguarding your account and password that you use to access the Services, and for all activities or actions that occur under your account. You should take measures to prevent unauthorized access to your account and your information by selecting and protecting your password appropriately and limiting access to your computer (or other device) and browser by signing off after you have finished accessing your account. If you choose to authenticate your account through a Third Party Authenticator, you understand that the security and privacy of your account is subject to the policies of such Third Party Authenticator and we have no liability for the applicable Third Party Authenticator’s security and privacy practices.

6. Access to Personal Information

Reflektive is committed to maintain accurate information that you share with us and will use commercially reasonable efforts to allow you to access your Personal Information in order to correct or amend such data where inaccurate or incomplete. If you wish to access, modify, or delete the Personal Information you already provided, please contact us at the contact information provided below. Reflektive will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or delete Personal Information. If you consent to receiving communications from a third party, such third party may have its own privacy policy which will apply to you and you will need to communicate with them directly if you wish to access, modify, or delete the Personal Information you provided to them, or later decide that you no longer wish to receive such third party’s communications.

7. Children and COPPA Compliance

The Services are not directed to and/or intended for children under the age of 13. Reflektive does not intentionally collect Personal Information from children under the age of 13. In the event we discover we have inadvertently collected any Personal Information from a child under 13 years of age, Reflektive will take the appropriate steps to delete this Personal Information, or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”).

8. Your California Privacy Rights.

Reflektive does not disclose Personal Information to third parties for any third parties’ direct marketing purposes, unless the Customer or User affirmatively agrees to such disclosure. Since Reflektive provides its California Users with notice of its rights as described above, pursuant to Section 1798.83(c)(2) of the California Civil Code, Reflektive is in compliance with California’s "Shine the Light" law and is not obligated to provide California Users with the names and addresses of all the third parties that received Personal Information from Reflektive for the third parties' direct marketing purposes during the preceding calendar year.

9. EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Reflektive complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union member countries and Switzerland to the United States. Reflektive has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of: notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern with respect to Personal Information transferred from the European Union member countries and Switzerland to the United States. Reflektive is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, and to view our certification, please visit www.privacyshield.gov.

In compliance with the Privacy Shield Principles, Reflektive commits to investigate and attempt to resolve complaints and disputes regarding our collection, use, or disclosure of your Personal Information. European Union and Swiss individuals with questions or complaints regarding the collection, use, or disclosure of your Personal Information or this Privacy Policy should first contact Reflektive at the contact information provided below. Reflektive will respond to any such inquiries or complaints within forty-five (45) days.

Reflektive has further committed to refer unresolved Privacy Shield-related complaints to JAMS, an independent dispute resolution provider located in the United States. If you do not receive a timely acknowledgement of your Privacy Shield-related complaint from Reflektive, or if we have not satisfactorily resolved your complaint or addressed your concern, please contact JAMS to file your complaint, at no cost to you. To contact JAMS and/or learn more about JAMS dispute resolution services, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/eu-us-privacy-shield. Under certain limited situations, as a last resort, you may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

Personal Information in the context of the employment relationship is subject to internal human resource policies. Reflektive commits to cooperate with the panel established by the European Union data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, and comply with the advice given by such authorities with regard to human resources data transferred from the European Union member states and Switzerland in the context of an employment relationship as set forth in the Privacy Shield Principles.

10. Enforcement

Reflektive will actively monitor its relevant privacy and security practices to verify adherence to this Privacy Policy. Any agents, contractors, service providers, or other third party’s subject to this Privacy Policy that Reflektive determines is in violation of this Privacy Policy will be subject to disciplinary action up to and including termination of such services.

11. Changes to this Privacy Policy

Reflektive may change, modify, or update this Privacy Policy from time to time, in whole or in part, in Reflektive’s sole discretion, at any time without prior notice by posting updated versions on the Reflektive website. When we do, we will revise the “last updated” date at the bottom of this page. If and when we make such changes, we will make commercially reasonable efforts to notify you by email, through the Services, or by posting a prominent notice on our Website. We encourage you to visit this page at http://www.reflektive.com/privacy-policy to stay informed on our privacy practices and review our most current Privacy Policy. Any changes, modifications, or updates to this Privacy Policy will become effective immediately upon such posting. Your continued use of the Services constitutes your agreement to be bound by such changes to this Privacy Policy. Your only remedy, if you do not accept the terms of this Privacy Policy, is to discontinue use of the Services.

12. Contact Reflektive

We encourage you to contact us with any questions, complaints, or requests with respect to your Personal Information, this Privacy Policy, and/or our privacy practices.

Reflektive can be contacted at:

Reflektive, Inc.
Attn: Privacy Policy Agent
123 Townsend Street, 3rd Floor
San Francisco, CA, 94107
USA

Email: privacy@reflektive.com

Version 2.0
Last Updated: July 31, 2017
Revision History: v1.0

We’ll be in touch shortly to discuss how you can get started with Reflektive. Thanks for connecting!