What Information We Collect
We collect and use the following information to provide, improve and protect our Service:
Account Information. We collect, and associate with your account, information such as your name, email address, phone number, address, and payment information.
Your Content. When you use our Service, we store, process and transmit your files (including items like your videos, recordings, files, comments, other content, and so on) (“Your Content”) and information related to them. This will make it easy for you to do things like share and interact with these items.
Usage Information. In order to improve the Service, we collect information from and about the devices you use to access the Service. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Service.
Cookies and other technologies. We use technologies like cookies and pixel tags to provide, improve, protect and promote our Service. For example, cookies and other technologies help us with things like remembering your username and preferences for your next visit, understanding how you interact with our Service including things like clicks, mouse actions, text entered and other related information, and then improving the Service based on that information. You can set your browser to not accept cookies, but this will limit your ability to use the Service.
Video information. You may sometimes use the Service in connection with your participation in an activity in which your image, words, or actions are recorded by the Service. You may or may not be logged in to the Service at the time, and you consent to the use of your image, words, and actions (solely in connection with the Service), regardless of whether or not you are logged in at the time your image, words, or actions are recorded.
Sharing of information
On a limited basis, we may share information as described below in order to facilitate delivering the Service to you, but will never sell it to advertisers or other third-parties.
Other users. Our Service displays information like your name or email address to other users only in places where that information is configured to be shared. The disclosure of information from student records, particularly grades and performance information, is governed in the U.S. by the Family Educational Rights and Privacy Act (“FERPA”), and such information is shared only with your course instructor(s) or other institutional administrators as permitted by FERPA.
Organizational Administrators. If your account is associated with a GoReact Organizational Account (as defined in the User Terms), there may be an administrator in your organization that has access to and control of your GoReact account for purposes of managing the Service. Please refer to your organization’s internal policies if you have questions about this.
Legal. We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of GoReact or our users; or (d) protect GoReact’s property rights. Please contact email@example.com with any privacy questions or concerns.
How We Use and Secure Your Information
Security. We employ both an internal technical team and external security experts in order to keep your information secure and test for vulnerabilities. We also continue to work on features to keep your information safe.
Retention and right to deletion. We’ll retain information you store on our Service for as long as we need it to provide you the Service. In most cases, that means information will be kept for at least three (3) years, which most users find helpful in order to retrieve past samples of their work. If you request to delete your account, you may also request that we delete your information, and/or you may also request a copy of your data we have stored in our system. Please note: (a) there might be some latency in deleting this information from our servers and backup storage; (b) feedback you’ve provided for others will remain, and (c) we may retain certain information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
Where Information is Stored
Around the world. To provide you with the Service, we may store, process and transmit information in the United States and locations around the world – including those outside your country. Information may also be stored locally on the devices you use to access the Service.
If you are a U.S. customer, your data will only be stored and processed in the United States.
EU Provisions. GoReact offers standard EU model clauses (including GDPR updates) for information security as required for EU customers. Please contact your account representative if you are located within the EU and require these additional terms. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, GoReact is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
GoReact‘s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, GoReact remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless GoReact proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, GoReact commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact GoReact at: firstname.lastname@example.org
GoReact has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
INFORMATION RELATED TO CCPA
Categories of Information (Source, Collection, and Sharing). The CCPA requires us to list the categories of information we collect about you and the commercial or business purposes for which the categories of personal information is used. Those disclosures are made in the “What Information We Collect” section above under the categories “Account Information,” “Your Content,” and “Usage Information.” The categories of information collected and the purposes for that collection have not changed over the last twelve months.
The source of the information we receive about you is always you or the parties with whom you interact using our Service. We do not purchase any personal information about you from third parties.
Your information is only shared in accordance with the “Sharing of Information” section above. The commercial and business purposes for that sharing is also described in that section. The categories of information shared and the categories of parties with whom it is shared have not changed in the last twelve months.
Your Rights under the CCPA. If you are a California resident, you have the following rights:
- You have the right to request that we disclose the categories and the specific items of personal information about you that we collect, use, disclose, and/or sell and that personal information about you that we have collected, used, disclosed, and/or sold during the twelve months prior to your request.
- You have the right to not be subjected to any discrimination based on the fact that you have elected to opt out of the sale of your personal information or that you have submitted a request to know or a request to delete under the CCPA.
- You also have the right to have the personal information we collect about you deleted. We use a two-step process to verify your identity and to have the information deleted. Your rights to have your personal information deleted are subject to several exceptions, specifically the personal information that is necessary for us to:
- complete your transaction;
- provide you a good or service;
- perform a contract between us and you;
- protect your security and prosecute those responsible for breaching it;
- fix our system in the case of a bug;
- protect the free speech rights of you or other users;
- comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
- comply with a legal obligation; or
- make other internal and lawful uses of the information that are compatible with the context in which you provided it.
- To make any request under the CCPA, you must complete the online Data Request Form found at https://help.goreact.com/hc/en-us/requests/new. Typically, your login and password are sufficient to verify your identity, but if we require further information, we will inform you. In that event, you will be asked to give us your name, e-mail address, and any other information we reasonably require to verify your identity.
- We will respond to your request within 10 days after receipt of your request, and we will then take action to verify your identity and fulfill your request, as required by the CCPA. We will provide you with a CSV copy of your stored data within 45 days of your request, assuming we are able to verify your identity in that period and so long as you provide a correct email address for successful correspondence.
For more information about your rights under the CCPA, please direct your questions to us at email@example.com. You can also direct questions to our toll free number at 1-855-717-3499.
GoReact collects and uses certain indirect or aggregate information as a result of your use of the Service. Such information will always be anonymized and will never contain user-identifiable data such as name, email address, or other direct identifiers. Any such de-identification will comply with U.S. FERPA and HIPAA requirements as well as GDPR and the CCPA.
How You Control Your Information
Upon creation of your account in the Service, you will be expressly asked for your consent to how we will store and use your information. We will track that consent, and you will have the ability to withdraw your consent and delete your account at any time from within your user profile in the Service. In addition, while you use the Service, you’ll be able to see on any given activity who will have access to your content, and you may also change and update your information in your user profile.
Onward Transfers of Your Information
If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that transaction. We will notify you (for example, via a message to the email address associated with your account) of any such transaction and outline your choices in that event.
Have questions or concerns about GoReact, our Service and/or privacy? Contact us at firstname.lastname@example.org.
Effective: January 1, 2020