This Privacy Policy was last updated on Jan 10, 2020.
thinkSuite LTD. ŞTİ. (“thinkSuite”, “we“, ”us“, or ”our“) is committed to the lawful, transparent, and fair handling of your personal data and your data privacy. We treat everything related to your personal data with integrity and respect. Scope and Related Policies
This Privacy Policy explains which personal data we process, how we process it, and for which purposes. It also explains your choices about how we use your data.
When we refer to “thinkSuite”, “we”, or “us” in this policy, we mean thinkSuite LTD. ŞTİ., which controls the data thinkSuite collects when you use our services. thinkSuite offers a collaborative tool, used for project management. References to our product in this policy include our self-hosted and cloud-based tool, website, mobile apps, and desktop app. Together with our support, they are referred to as Services in this policy.
The scope of this policy, along with our Terms of Service and Security Policy, determine how we process your personal data, and they also determine your rights and obligations as our users. Definitions
Personal data is any information relating to an identified or identifiable natural person (‘data subject’). In a nutshell, any data that can identify or point in the direction of a living person.
Processing is any operation or set of operations which are performed on personal data or sets of personal data, whether or not by automated means.
Under this policy, thinkSuite may be the data controller (“controller”) or the data processor (“processor”) of your personal data, depending on the context of personal data you provide.
A controller can be the natural or legal person, public authority, agency, or another body, which, alone or jointly with others, determines the purposes and means of the processing of personal data. thinkSuite is a controller when using personal data for the purposes of marketing, reporting, and incentive programs. We do this only when we have a legitimate interest, or when you’ve given us your consent.
A processor can be a natural or legal person, public authority, agency, or another body which processes personal data on behalf of the controller. thinkSuite is a Processor in cases of user authorization, providing customer support, profile, invoicing and billing functionality, and in other scenarios as defined in our Terms of Service.
User/Client Data for any personal data/information you upload, transmit, or connect while using thinkSuite services - the natural person or persons to which this data relates are data subjects, and you are the data controller. In our Terms of Service and Privacy Policy, we refer to this data as User/Client Data. Using thinkSuite to manage your data means that you have engaged thinkSuite as a data processor to carry out certain processing activities on your behalf.
End Users are users who are not direct users of our Services, meaning they are not the ones being charged for our Services, and there is an administrator or organization administering the Services to them.
Cookies are very small files that are placed on your device when you visit a website. These files usually contain data like the site’s name and a unique user ID. They can be easily viewed and deleted. Cookies are used for a variety of purposes and, since some cookies are used for identifying the user, all cookies are subject to the GDPR. Summary
Your privacy matters. That’s why our policies are all about transparency. In this Policy, we will explain how we collect, use, and share your information. We will also explain how and where we store your data and how we process it. In the next section of our Policy, we will cover these questions:
What data we collect about youWhat follows are the principles regarding the data we collect. 5.1 What personal data we collect about you
We collect your data only when you provide it to us while using our Services, and when our third-party processors, which we have appropriate contracts with that are subject to EU regulations, provide it to us. We encourage you to read below our detailed list of all the data we collect and which purposes we do it for.
Many of our features and options require some personal data (essential features and options like communication email and invoicing details), but for non-essential features, you can choose not to provide us your personal data (username, profile picture, etc.). Bear in mind that, in certain situations, providing data is required by law.
When you register for a trial account, we ask for your email only. When you switch to a paid account, we need more information for billing purposes. In both cases, we collect data for account personalization - it is optional for you to add a profile photo and other details.
We collect the content you upload while using our websites, including our social media channels. This refers to the feedback you give on our surveys, promotions, events.
When you experience a problem or need assistance, you may need to contact our Support. Whatever the context is (email, ticket, social media channels, audio/video call, chat), you will be asked to provide information related to the problem. This means providing any type of data (contact information, problem explanation, screenshots, etc.) which is necessary for troubleshooting and which may speed up the process of resolving the issue. This process is defined in our Terms of Service, and any issue-related details are necessary in order to provide you with our support services.
When you register for a paid account, we collect your payment and billing details through secure payment processing services. We collect information about you or your billing representative: billing information (name and contact information), payment address and payment details (credit card or bank account number).
Using our products (web app, desktop app, mobile apps) means uploading your content for collaboration purposes. The content you upload on your cloud account is stored on our servers, and only you can access it. In specific cases, when troubleshooting is needed, our Support may need to check your instance - with your explicit consent and login details. We don’t have any information about the content you upload on your self-hosted account since that content is uploaded to your own servers.
We collect information about you while you’re using our Services. We basically keep track of your visits and interactions with our Services. This information includes the features and add-ons you use, details about your collaborating activity, details about your device and operating system, browser type.
We and our third-party processors use cookies and other tracking technologies to recognize you across different Services and devices and to provide better experience and functionality.
We also receive data about you from third-party services. This happens when you link or integrate our Services with a third-party service, or when you give consent to other services to use your information. For example, we use third-party service for payment and billing purposes, or our advertising and market research partners provide us with information about your interests and engagements with our Services and online ads. You can see the list of all our third-party processors in section 5.5 of this policy.
Based on the purpose, here we explain how we use your data.
To provide the Services and personalize your experiencebr
We need your data so we can provide our Services to you. Basic activities include transaction processing, authentication, providing customer support, operating and maintaining the Services. For example, we use your email and the photo you provided to identify you to other users on your account. We also use your data to personalize your experience by offering you relevant features and making recommendations.
We always strive to improve our Services and integrate them better with other apps you use. That means we use data we collect about how you (and other people) use our Services to shorten the onboarding process, identify trends in user behavior, and create a map of activity patterns. This helps us pinpoint the exact areas for future improvement. Along with this data, we also use all the feedback we get for precise troubleshooting and creating a more friendly and engaging user experience. We keep relying on legitimate interest when it comes to beta testers as well, and the feedback we get from them is solely for the purpose of improving and developing our services.
There are specific purposes, not listed above, that require your consent so we can use data about you. We always ask for your permission in these cases (e.g., quoting you on our sales website, or publishing your customer story on our blog). When you give us consent to use your data for a specific purpose, you have the right to change your mind at any time, but if any processing has already taken place, it will stay unaffected.
As specified in Article 28 of the GDPR, the relationship between the controller and the processor has to be made in writing. The electronic form is also acceptable under subsection (9) of the same Article. Our Terms of Service and Privacy Policy serve as your data processing agreement. thinkSuite will process your data based on your written instructions as the data controller unless required by law to act without such instructions.
You may upload and transmit your data inside our Services. We do not view nor control such data, and we process it on behalf of you in accordance with our Terms of Service. You have the responsibility to ensure that all the data you upload and transmit has all the relevant consents or a suitable privacy policy in place to cover the transmission and processing. This means that it is also your responsibility to ensure that any private, sensitive, or confidential information you upload in connection with your use of the Services does not become available or disclosed to unauthorized or unintended viewers. We expressly disclaim any responsibility for your unauthorized or unpermitted sharing, distribution, publication, or display of any private, sensitive, or confidential information.
When we collect or process your data, our employees here at thinkSuite are in charge of handling it. Depending on the context, purpose, and data type, members of different teams are in charge. All our employees have gone through extensive and proper training programs, so they are aware of relevant privacy principles and law requirements.
We will never share your data, unless in the ways discussed below.
When you sign up and start using our Services, other users on your account will be able to see your data. Some of the collaboration features display some or all of your profile information. For example, when you comment on a task, we email subscribers to the task with the comment, your name, and your profile photo.
We work with third-party apps to make our Services more integrated and collaboration-friendly for you, our users. When you add new functionality or change the behavior of the Services by enabling third-party apps, you may give those apps access to your data, such as name, email, and any content you decide to share. What you share with those apps and on their websites is governed by their policies, not this one.
Some of our Services contain widgets and social media features. They collect your IP address, details of the page you are visiting on the Services, and they may set a cookie to enable the feature to function properly. These widgets and features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.
We will share your data in the situations when: we need to comply with any applicable law, regulation, legal process or governmental request, including meeting national security requirements; enforce our Terms of Service, Privacy Policy and other agreements; protect the security and integrity of our products and services; we believe need to respond to an emergency related to preventing someone’s death or serious injury; we need to protect thinkSuite, our customers, or the public from harm or illegal activities.
When you give us your consent, we will share your data with third parties. For example, we might share, with your consent, your name and the name of your company as part of the testimonial on our website. You can revoke your consent at any given moment, just contact us and send us your request.
If a merger, sale of company assets, financing, or acquisition of all or a portion of thinkSuite to another company happens, you will be notified via email. This will inform you about the choices you may have regarding the situation.
In the next section, we listed all the third-party processors we have contracts with. We work with them to provide website and application development, hosting, maintenance, backup, storage, payment processing, and other services for us, which may require them to access or use some data about you. When these Service Providers require to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
Sometimes we use third-party processors to process some or all of your personal data. Here we listed all of them. We made sure that we’ve signed contracts only with third-party processors who are GDPR compliant. These third-party processors have access to your personal data only to perform these tasks on our behalf, and are obligated not to disclose or use it for any other purposes.
Help Scout: our Customer Care team uses this help-desk software to stay in touch with you. This software uses only your email and name, for the purpose of us getting back to you, assisting with your requests, and resolving the issues you might have. Here you can read how Help Scout deals with privacy.
Crisp: this is a messaging platform our Customer Care team uses to chat with you. Crisp uses only your email, and we chat with you wherever you start a conversation over our website or straight from our app. The most frequent case is the need for customer support.
Stripe: this tool processes your payments to us. We use it for billing purposes only. Stripe collects your payment details (credit card or bank account number), along with your name and payment address. In case payment and billing details are different, they are both collected. Also, if you’re not the one making the payment, the mentioned data of your billing representative is collected. For more information on how Stripe deals with privacy, read this.
FastSpring: this is a cloud-based eCommerce that we use as a billing platform. Like Stripe (mentioned above), Fastspring collects your payment details (credit card or bank account number), along with your name and payment address. In case payment and billing details are different, they are both collected. Also, if you’re not the one making the payment, the mentioned data of your billing representative is collected. For more information on how FastSpring deals with privacy, read this.
Google Analytics: this is a web analytics service that tracks and reports website traffic. Google uses the collected data to track and monitor the use of our Services. It may use the data to contextualize and personalize the ads of its own advertising network. For more information about Google’s privacy practices, read this.
Google AdWords: this is a remarketing service provided by Google Inc. Here you can control the information Google uses to show you ads or make the ads more useful to you. If you want to learn more about Google’s privacy policy, follow this link.
Facebook Ads Manager: this is an advertising management tool, developed by Facebook. It’s designed for creating ads, managing when and where they’ll run, and tracking how well those advertisements are performing. Facebook can use a business’s CRM data (email, telephone number) to match it to people in their database to create a Custom Audience for advertising campaigns. Facebook Pixel Code uses cookies for advertising purposes on the Facebook advertising network.
MailChimp: we use this marketing automation platform for staying in touch with you via email. This occurs when we send you our newsletter or include you in our incentive program. This is where you can read more about MailChimp’s policy.
Google Drive: this is a service developed by Google, and we use it for file storage. This is the place where we temporarily keep your data for the purposes of reporting, customer care, feedback analysis, usability testing, marketing, incentive programs. For more information about Google’s security policy follow this link.
Zoom: this is a cloud platform we use for video calls. With your permission, sometimes we record video calls, only for the purposes of improving our customer care and sales process. Videos along with your name and number (if given) are always deleted within 2 weeks.
Skype: this software temporarily collects only your number when you leave us a message. We use that data only to get back to you and for no other reason. After a successful call, your number is deleted.
We’ve designed our platform to offer you a secure-by-default experience. When it comes to customer data security, encryption, storage, and backups, everything we do is described in our Security Policy. We encourage you to read it and contact us if you have any questions or concerns.
In case of a data breach, we will follow the implemented procedures which ensure we will inform you and respond to the data breach in a timely manner.
Where we store and process your data
Personal data collected by thinkSuite is stored and processed in the United States, Canada, France, and in Serbia, where thinkSuite’s operating facility is located. Our primary storage locations are in Canada and the USA, with an offsite backup in France. We make sure that the data we collect under this privacy statement is processed according to the provisions of this policy, our Terms of Service, and the requirements of applicable law wherever the data is located.
How we handle data transfers
We transfer, process, and store your data from your region to Serbia or wherever our third-party processors operate, only with the purpose of providing you with our Services. Serbia is not a member of the European Economic Area, but we use a variety of legal mechanisms and contracts to ensure that your rights and protections travel and apply with your data.
Deleted data
When you cancel your account, we’ll delete all of your data in the following 30 days.
Rights of data subjects
We will always make sure you’re allowed to correct, amend, delete, or limit the use of your data. You can update your data directly within your account settings section. However, if you’re unable to do that, please contact us to make the required changes. Also, if you want to exercise any of the rights listed below, contact us. Keep in mind that, if you are an end user, you may need to contact your administrator to assist with your requests first.
Right to be informed
You can ask for details about the collection and use of your data at any time. This also includes the purposes for processing your data, retention periods for that personal data, and who it will be shared with.
A right of access and rectification
A right of access is your right to access all the personal data we hold about you, and your right to obtain information about how we share, store, secure and process that data. A right of rectification is your right to request correction of any inaccurate personal data we hold about you.
Right to delete personal data and data retention This is your right to request the deletion of all personal data we hold about you. This right is subject to certain limitations under applicable law. If we fulfill your request, you might not be able to use our Services any longer. Your data will be deleted from all our storage devices and servers in the following 30 days after the fulfillment of your request.
Right to data portability This is your right to request a copy of the personal data we hold about you, in a commonly used electronic format, and the right to transmit it to another party.
Right to restrict personal data processing
This is your right to request restriction of how and why we use or process your personal data.
Right to object to processing justified on legitimate interest grounds
This is your right to object to how or why we process your personal data.
Right to withdraw consent
You have the right to withdraw your consent at any time. This action won’t affect the lawfulness of processing based on consent before its withdrawal.
Right to not be subject to Automated Decision-Making
This is your right not to be subjected to a decision based solely on automated processing, including profiling.
This right is limited and not applicable in cases when the decision is: authorized by law (e.g., for the purposes of fraud); based on your explicit consent; necessary because of the contract between an organization and you.
Right to submit complaints or report abuse for EU-based users
If you think that the processing of your personal data infringes applicable laws, you have the right to lodge a complaint with a supervisory authority in your country of residence.
If you need to report abuse, or if you have any questions about exercising the rights listed above, we strongly advise you to contact us.
Even though our website and Services are not designed for children under 16 years old, we realize that a child under the age of 16 might try to access our Website and Services. We do not knowingly collect personal data from children under the age of 16. If you are under 16 years old, don’t use or provide any data on our Website and Services. If we find out that we’ve collected or received personal data from a child who is under 16 years old, we will delete all that data within a reasonable period of time. Before we remove any data, we may ask for proof of identification to prevent malicious removal of account information. If you believe we might have information about or from a child who is under 16 years old, contact us at privacy@thinkSuite.com. You acknowledge that we don’t verify the age of our users nor do we have any liability to do so.
We may change this privacy policy from time to time, only to provide greater transparency and inform you of any changes. If a significant change happens, you’ll be notified via email, or we’ll provide prominent notice on our website. All the prior versions of this policy will be kept in an archive, for your review. You can review our privacy policy at any time, and we encourage that, so you are always up to date with our practices and your rights when it comes to protecting your privacy.
Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to privacy@thinkSuite.com. For other ways of contacting us, please visit this page on our website. Other optional elements that you should consider adding to the policy
Our Services (website and apps) contain links to other websites. We are not responsible for the content of those websites, or their privacy policies. If you visit those websites, keep in mind that any information that you disclose and/or share on them becomes public information. We strongly advise you to review privacy policies and other general terms of use of every website you visit.
thinkSuite is a collaboration tool. People want and need to know who they are working with and talking to, which is why our Services don’t respond to DNT signals. There’s a wide range of other tools to control data collection and usage. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.
If our Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the end-users and/or Service sites over which it has control. This means that you should direct your questions about data privacy to your administrator since your use of the Services is subject to that organization’s policies. Administrator organization’s security policies may be different from ours, and we are not responsible for it.
If you are a member of a team administered by an organization, or if you use an email address provided by an organization to access the Services, then the administrator of that team, or the owner of the domain associated with your organizational email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. Administrators are able to control and restrict your access and privileges within our apps. In some cases, they might even be able to edit your account information and control integrations with third-party apps. If you need any clarifications or more information, contact your organization, or learn more by reading the organization’s policies.