Use of the Data
Sharing of Data
GDPR compliance and Privacy Shield
Questions and contact information
We're not in the business of selling, renting out or trading your data with 3rd parties. All data collected is used to provide you with the Service only, and all your private data and intellectual property is always yours.
We collect anonymous data from every visitor of the Website and Service to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, and a timestamp for the request.
For the Service, we ask you to register an account, log in and provide certain information (such as names and email addresses of your team members, your company name and address and your credit card information) in order to be able to store your task data as well as periodically automatically bill you & charge your card (credit card numbers are never stored on Slash7 servers, but are securely transmitted and stored with our payment provider).
In order to take advantage of certain features of the Service, you may also choose to provide us with other personal information, such as your picture, but your decision to utilize these features and provide such data will always be voluntary.
Use of the Data
We only use your personal information to provide you with the Service to communicate with you about the Service or the Website. This includes both automated and manual processing of data.
With respect to any data you may choose to enter or upload to the Service, we take the privacy and confidentiality of this data seriously. Your data (in the Service) is specifically not shared between accounts (unless you specifically choose to) or with the public. We employ industry standard techniques to protect against unauthorized access of data that we store, including personal information. All off-site backups of your data are securely encrypted.
Please note that if you choose to share data (like sharing a board with a client), we are not responsible for any violation of privacy law you may be liable for.
We do not share personal information you have provided to us without your consent, unless:
- doing so is appropriate to carry out a user’s request (for example, sharing a board with a client implies that you consent to share the data in this board with that client);
- we believe it’s necessary in order to provide the highest quality of service;
- we believe it’s needed to enforce our Terms of Service, or that is legally required;
- we believe it’s needed to detect, prevent or address fraud, security or technical issues;
- otherwise protect our property, legal rights, or that of others.
The Service is operated from the United States. If you are visiting the Website from outside the U.S., you agree to any processing of any personal information you provide us according to this policy.
The Service may contact you by email. For example, we may send you promotional emails relating to the Service or communicate with you about your use of the Website and Service. If you do not want to receive email from us, please opt out of receiving emails at the bottom of any such email. Please note that for some emails (for example billing issues), there’s no option to opt-out.
Sharing of Data
We don’t share your personal information with third parties except as listed below. Other then the information outlined below, only aggregated, statistical data is periodically transmitted to external services to help us improve the Website and Service.
We listed below what data the third parties we share data with extract exactly. Feel free to check out their own Privacy Policies to find out more.
Communication when getting started with Pep, about new features, special offers relating to the service and recommendations on how to use the app:
Providing email support:
Tracking errors and measuring performance:
Transactional emails (Reports, Billing-related emails, etc.):
Provisioning of application features:
Service hosting and data backups
Additionally, Slash7 uses third party vendors that provide the necessary hardware, software, networking, storage and other technology required to run the Website and the Service. While Slash7 owns the rights to the Website and Service, you retain all rights to the data you enter into the Service.
In order to provide the Service, we also share data with services that help us track errors and bugs, keep backups of log files and identify performance issues (these are listed above).
We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.
If Slash7 is acquired or merged with an other company, or Slash7 sells the Website and Service to an other company, or if Slash7 goes out of business or enters bankruptcy, user information may be transferred to a third party. You acknowledge that such transfers may occur, and that any acquirer of Slash7 or its assets may continue to use your personal information as set forth in this policy.
GDPR compliance and Privacy Shield
For a detailed list of data sub-processors under the GDPR please see above under "Sharing of Data".
Your Data Protection Rights Under The General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have the following data protection rights:
- You can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. You can exercise these rights by emailing email@example.com.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing, please contact us by emailing firstname.lastname@example.org.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Right to Access, Correct, Update, or Request Deletion of Data
If you want to request an export or deletion of your personal data, and have an account with us, please contact us at email@example.com. Please note that we cannot delete personal data in open accounts when you’re not the account owner, as this would prevent us from providing the service the account owner is paying for (We suggest that you contact the account owner of the Pep account in question to ask them to anonymize or remove your data).
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
International data transfers
GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions we have certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (please see below for details).
Data Retention and Deletion Schedules
Application Data and Backups
In order to accommodate customers who need older data restored, we keep backups indefinitely and cannot delete personal data form them as these are stored off-site, read-only and heavily encrypted and compressed. If we do have access or restore data to our production systems or for purposes of debugging, any deletions of personal data will be applied retroactively or the personal data will be anonymized.
We store server log files for (up to) one year for the purposes of debugging errors and helping customers find out when specific data changes happened and who did them; and for preventing fraud and providing the neccessary information when fraud is suspected.
Purchase Records and Invoices for our Services and Products
We keep copies of all purchasing records for tax and auditing purposes.
We keep personal metadata, given that the user allows us to process their data, which can be controlled by going to the Privacy tab in Settings & Profile.
When a user opts-out of a type of data processing we prevent additional data from being sent to the relevant data controllers. Every quarter, we contact our data processors with a list of users who have opted out of allowing us to process their personal data in the specific manner that we use their tools.
We will respond to Data Subject Rights Requests within the appropriate amount of time
Metadata collected by 3rd-party services
Some 3rd party services collect data independently from us, and have incorporated it as part of their service.
We do not store any copies of this data, and Data Subject Requests for this data must be submitted to the 3rd party service, since we do not control the data.
Slash 7’s Internal Business Data
We keep all internal business data as long as it is relevant; internal business data may include the data listed above.
Data Processing Agreement
We do have a Standard Data Processing Addendum (DPA), which meets with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us). We offer this DPA to our customers that operate in the EU. The DPA offers contractual terms that meet GDPR requirements and reflect our data privacy and security commitments to our clients. To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. We're a small team so we can't offer individual changes to the DPA since we do not have a legal team on staff. Any changes to the standard DPA would require legal counsel that would be cost prohibitive, increase our prices and would put an undue burden on our other customers. The DPA is a part of our Terms of Service. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Slash7 is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Slash7 complies with the Privacy Shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Slash7 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Slash7 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Slash7 LLC has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint (free of charge). To facilitate fast and convenient resolution of complaints, you agree to participate in on-line dispute resolution through JAMS Online Mediation (Endispute).
Under certain conditions, Privacy Shield provides the right to invoke binding arbitration when other dispute resolution procedures have not provided resolution. This is described in Annex I to the Privacy Shield.
Questions and contact information
Should you have any question or concern, please write to firstname.lastname@example.org, or write to:
PO Box 411
Pipersville, PA 18947
If you need to contact a data privacy officer, please use the contact information above.