Last Revised & Effective May 24, 2018
- Organizing it into the sections listed in the Table of Contents below,
- Providing a series of examples that help illustrate how the policies may be implemented by Directly
- Defining and capitalizing a few terms that are used more than once for simplicity and brevity and
- Including a Frequently Asked Questions (FAQ section), which includes an explanation of Directly’s role as a “data controller” and “data processor,” and our duties with respect to new “data subject” rights under new data protection laws.
Table of Contents
- Introduction, Purpose, Application & Scope
- Data Collected
- Use and Retention
- Sharing and Disclosure
- Rights & Choices
- European Users
- California Users
- Contact Us & FAQs
1.1. Introduction to Directly. Welcome to our website, directly.com, and to our related software, mobile applications, technology and services (collectively the “Marketplace Platform”) operated by Directly Software, Inc. (“Directly,” “we ,” “our,” “us”). Directly’s Marketplace Platform enables corporate enterprise Customers (“Customers”) and their end-users, customers, partners, resellers, distributors, developers, and community members (“Customer Users”) to post questions about specific Customer products and/or services (“Requests”) for response by Customer Users who apply for or qualify as expert users (collectively Experts). Customer Users and Experts are referred to collectively as “Users”.
By accessing directly.com or submitting Personal Data through the Marketplace Platform, you consent to the processing of your Personal Data in accordance with this Policy.
If you do not agree with our Policy or Terms, do not access or use directly.com, the Marketplace Platform, any other aspect of Directly’s business, and in such case, you should (a) take the necessary steps to remove cookies from your computer after leaving our website and/or Marketplace Platform (see Section 2.3 below), and (b) discontinue any future access or use.
Our Marketplace Platform (including directly.com) is intended for adults and not for children:
Anyone under the age of 18 is not permitted to access or use directly.com or the Marketplace Platform. If you are under the age of 18 you are prohibited from registering for or using a Directly Account or submitting any Data to us.
1.3. Application. The Policy applies to your access to and use of the Marketplace Platform, as either a visitor to our directly.com or as an Expert. The Policy is a part of and incorporated into our Terms, which governs your use of the Marketplace Platform.
It’s also important to note that the Policy doesn’t apply to the following:
First, the Policy does not apply to our Customers, who license and access to the Marketplace Platform is governed by a separate legal agreement with Directly (each a “Customer Agreement”).
Second, the Policy also doesn’t apply to Customer Users who post Requests via their independent websites, helpdesk systems, and customer service channels managed by each Customer.
Third, the Policy does not apply to any third-party websites or other digital properties, applications, services, products or software (“Third Party Services”) even if they link to or from directly.com or Marketplace Platform, or any other third-party products, services or businesses such as our Customers (as described below).
Accordingly, in each of these circumstances you should review the privacy practices of those independent third-parties carefully.
2. Data Collected
2.1. Experts and Registration for a Directly Account. We collect Personal Data in different ways. For example, if you apply to become a registered Expert eligible to respond to Requests, you will need to create an account with Directly (“Directly Account”) and submit the following types of Personal Data: contact information, such as name, email address and/or mobile phone number, pseudonymous username, and a personal “headshot” picture. Directly also offers Experts the voluntary option to create a user profile containing a description why they should be considered a “team expert,” as well as top skills and language abilities.
Once registered, and if you become certified as an Expert and eligible to respond to certain specific product or service Requests (and to transfer payments for completed Requests or other activities that generate a Reward), Directly requires additional Personal Data from Experts, including: complete legal first and last name, additional contact information such as a physical or postal mailing address, birthdate, phone number, and government identification details such as a US State driver’s license or passport. In limited circumstances, such as where a Customer or applicable data protection law requires special expert certification measures, and subject to your consent, Experts may be asked to provide additional Personal Data relating to professional background.
2.2. Log and Usage Information. We also collect other types of Data, which may be construed as Personal Data in certain jurisdictions, including the following: website usage information such as how you’ve used our Marketplace Platform, IP address, and other technical data such as browser type, unique device identifiers and information, language preference, referring site and the data and time of access, operating system, and mobile network information; approximate location data (from IP address); information regarding interactions with directly.com, such as comments, poll responses; and other information you may provide such as contact form submissions.
3. Use and Retention
3.1. Personal Data Use. We and our Third Party Providers use Personal Data to: (i) provide our Marketplace Platform; (ii) promote, analyze and improve our Marketplace Platform; (iii) detect and prevent fraud, harmful or abusive conduct, or other harm to Users, each Applicable Corporate Customer, and Directly. Some examples of how we may use Personal Data include:
- Creating your Directly Account,
- Identifying you on our system, to enable you to send or respond to certain Requests,
- Responding to your inquiries, to administer and improve our Website and Marketplace Platform,
- Verifying your identity and to combat fraud,
- Informing the applicable Customer of your relevant activity on the Marketplace Platform,
- Providing technical support and respond to inquiries by Experts and Customers,
- Soliciting input and feedback to improve and customize your Expert experience,
- Informing you about new features, services, and programs on the Marketplace Platform,
- Customizing your use of the Marketplace Platform and/or content, or other material that we may send to you from time to time,
- Conducting aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and improve and report on the performance of our Marketplace Platform and business,
- For audits, regulatory purposes, or compliance with industry standards,
- For any other purpose, provided we disclose this to you at the relevant time, and provided that you agree to the proposed use of your Personal Data.
3.2. Retention. Where Directly is processing and using your Personal Data, as permitted by law or under your consent, we will store your Personal Data (i) only for as long as is required to fulfil the purposes set out below, (ii) until you object to Directly’s use of your Personal Data (where Directly has a legitimate interest in using your Personal Data), or (iii) until you withdraw your consent (where you consented to Directly using your Personal Data). However, where Directly is required by mandatory law to retain your Personal Data longer, or where your Personal Data is required for Directly to assert or defend against legal claims, we will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled. Please note that we have a variety of obligations to retain Personal Data and Other Data, you provide to us, including to ensure that rewards and associated payments can be appropriately processed consistent with applicable law and our legal obligations. Accordingly, even if you close your Directly Account, we may retain certain data to meet our obligations.
4. Sharing and Disclosure
4.1. General. Directly does not sell or rent Personal Data to marketers or unaffiliated third parties. Generally, we will share Personal Data collected by Directly with Third-Party Providers only in limited circumstances, including: (i) with your consent; (ii) to an authorized Third-Party Provider who meets our data protection standards; or (iii) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other legal process, or to enforce our Terms.
4.2. Third-Party Providers. We share data with certain Third-Party Providers who help us provide the Website and Marketplace Platform. For example, certain Third-Party Providers help us with such activities as web-hosting and data analysis. Currently, we use Amazon, for hardware, software, networking, and storage services which are necessary to operate our Website and Marketplace Platform. We also share Personal Data with Third-Party Providers, such as merchants (e.g., PayPal) and application providers (e.g., Lessonly) as necessary to process payments or operate aspects of the Marketplace Platform. Except as otherwise stated in this Policy, such Third-Party Providers are required not to use Personal Data other than to provide the specific services specified under written contract by Directly and for no other purposes. Subject to the foregoing, you expressly consent to the sharing of your Personal Data and Other Data with these Third-Party Providers for these limited purposes.
4.4. Experts. We disclose certain limited content of each Request (e.g., non-personally identifiable user or first names of Experts who respond to each Request to other Experts). We also share Other Data with Experts about their responses to Requests, or Rewards earned.
4.5. Customer Users. We disclose the content of the responses to each Request (including the first name of the Expert who responded) to each Customer User who originally sent the Request (and to any subsequent Customer Users that pose a similar Request). When an Expert responds to Requests by Customer Users posted via the Marketplace Platform, certain limited and filtered Data contained in the Response, such as non-personally identifiable user name(s), and the text of the response to Requests will be shared by us with the Customer and other Personal Data (such as an Expert’s headshot or picture) will be shared with Customer Users.
4.6. Usage Data. Directly will not use or disclose (except as expressly provided herein) User Content, except to provide the Marketplace Platform, but, except where prohibited by applicable law or legal duty, may use and disclose data about usage of the Marketplace Platform that does not identify or reasonably could be anticipated to be used to identify any individual user of the Marketplace Platform or otherwise constitute Personal Data (“De-Identified Usage Data ”). We share De-Identified Usage Data about our Website and Marketplace Platform with our business partners. We reserve the right to use and disclose Aggregate Usage Data for any purpose and to any third parties subject to the terms herein.
4.8. Legal Disclosures. We reserve the right to disclose your Other Data and Personal Data as required by law, in connection with any legal investigation, when we believe that disclosure is necessary to protect our rights (or those of other Users) and/or to comply with a judicial proceeding, court order, warrant, subpoena, or legal process served on us.
Marketplace Platform/Services-related Announcements We will send you services-related announcements when it is necessary to do so. For instance, if our services are temporarily suspended for maintenance, we might send you an email or other communications.
App Notifications We may send you notifications on your mobile device. You may disable these notifications in the settings of your device.
Customer Service Based upon the Personal Data you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your Directly Account. We will communicate with you by email or telephone, in accordance with your indicated preferences.
5. Choices and Rights
5.2. Access Rights. Individuals located in certain countries, such as the European Union or EEA, have certain statutory rights in relation to their personal data. Please read section 7.5 below carefully so you understand all your rights and how to exercise them.
The security of your Personal Data is important to us. We follow generally accepted industry standards to protect the Data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your Data, we cannot guarantee its absolute security.
We urge you to take steps to keep your Personal Data safe (including your account password), and to log-out of your account after use. If your Directly Account is hacked, this may lead to unauthorized access, so be careful to keep your account data secure. You use our Website and Marketplace Platform at your own risk, and you’re responsible for taking reasonable measures to secure your account (like using a strong password).
7. Important Information for European Users.
7.2. Safeguards for Exports from EEA. If you are located in the EEA or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of Personal Data. Directly is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework. For more, see Directly’s Privacy Shield Policy. You agree that Directly may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards when Directly transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:
- E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, Directly self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield . These frameworks were developed to enable companies to comply with data protection requirements when transferring Personal Data from the European Union and Switzerland to the United States. For more information, including the types of Information covered, see Directly’s Privacy Shield Notice To learn more about the Privacy Shield Program, please seehttp://www.privacyshield.gov/welcome.
- European Union Model Clauses. Directly offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. A copy of our standard data processing addendum, incorporating Model Clauses, is available here
7.3. Legal Basis for Processing. If you are an individual residing in the EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the specific aspects of the Marketplace Platform you use and how you use them. This means we collect and use your information only where:
- We need it to provide you with or operate the Marketplace Platform, including to provide customer support and personalized features and to protect the safety and security of the Marketplace Platform;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for anti-fraud protection or to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of Personal Data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your Personal Data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Marketplace Platform or associated services.
7.4. Identifying Data Controller and Data Processor and Different GDPR Roles. Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of data.
It is important to note that Directly acts as both as a Data Controller and as a Data Processor within the realm of GDPR compliance:
As a Data Controller, Directly is responsible for safeguarding the data of our registered expert users as they interact directly with our marketplace platform and our visitors to directly.com.
As a Data Processor, Directly is responsible for safeguarding the data of our company customers’ users as it flows through our marketplace platform.
Each of Directly’s Customers is the controller of its end users’ personal data. In this context Directly serves as the processor of such personal data under instructions from each controller. Each Customer is also responsible for making sure that their respective Customer Users’ privacy rights are protected, including responding to data subject requests. Directly will respond to such data subject requests from Customers and Customer Users as a processor; this means with respect to Personal Data of Customer Users’ we must respond as a matter of law and contract through our Customer. On the other hand, with respect to Experts, Directly serves as the controller of Expert Personal Data and will directly respond to data subject request rights from Experts.
7.5. Access Rights. Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, such individuals may have the right to request access to Information, as well as to seek to update, delete or correct this information. They also have a right to restrict or object to processing and to data portability, where applicable. We may be legally required or permitted to deny or part of your request and, if we do deny your request, we will endeavor to explain the reasons underlying our decision.
7.6. Data Protection Authority and Representative. Subject to applicable law, you may also have the right to (i) restrict Directly’s use of certain data elements that constitute your Personal Data and (ii) lodge a complaint with your local data protection authority or the Irish Data Protection Commissioner, which is Directly’s lead supervisory authority in the European Union. If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to our European GDPR representative. To find the data protection authority in your country, please refer to this contact list. Our GDPR Data Protection Representative is DPR group and can be contacted by sending an email to firstname.lastname@example.org quoting “Directly Software Inc.” in the subject line.
8. California Users – Do Not Track
Because there is no accepted standard on how to respond to Do Not Track signals, we respond to such signals.
We may periodically update this Policy. If we make any substantial changes, we may notify you by sending you an e-mail to the last e-mail address you provided to us (if any) and/or by prominently posting notice of the changes on the Website and via Marketplace Platform, so it is visible when you visit and/or log-on to the Website or Marketplace Platform for the first time after the change is posted. Your continued use of the Website or the Marketplace Platform after the changes have been posted shall constitute your acceptance of the changes. If you do not agree to the updated Policy, you must cease your access and use of the Websites and Marketplace Platform.
10. Contact Us & FAQs
How do I contact Directly about questions or issues about my privacy? Any questions about this Policy or our practices with respect to your Data should be addressed to email@example.com, or by mail to: Directly Software, Inc. Attention Privacy, 333 Bryant Street, #250, San Francisco, CA 94107, USA.
How does Directly and its Marketplace Platform Operate? As detailed in our Terms, Directly has entered into separate agreements with each Customer to govern the delivery, access and use of the Marketplace Platform including instructions for the processing of the personal data of their respective Customer Users. Each Customer licenses Directly technology and configures their help desks to enable its Customer Users to post Requests to the Marketplace Platform for routing to Experts.
What Role does Directly serve in Data Protection? It is important to note that Directly acts as both as a Data Controller and as a Data Processor within the realm of GDPR compliance: As a Data Controller, Directly is responsible for safeguarding the data of our Experts as they interact directly with our marketplace platform and our visitors to directly.com. As a Data Processor, Directly is responsible for safeguarding the data of our Customers Users as it flows through our marketplace platform.
Who is my Data Controller? If you are a visitor to Directly.com or an Expert of the Marketplace Platform your Data Controller is Directly Software Inc., 333 Bryant Street, #250, San Francisco, CA 94107 USA. If you are Customer User (i.e., an individual that posted a support Request via a Customer’s website or digital property, then the Data Controller of your personal data is your respective Customer and you should direct all questions about your Personal Data to that Customer.
What does Directly collect and do with my Personal Data? Directly will process your Personal Data as set out in this Policy. The Data we collect depends on how You use our Website and Marketplace Platform. Sometimes, we receive Data directly from you, such as when you create a Directly Account to register as Expert, complete a form, or send us an email. Other times, we collect Data by recording interactions with our Website or Marketplace Platform. The collection and use of Data from a variety of sources is essential to our ability to provide the Marketplace Platform – and to help keep it trustworthy and secure. Further information about our use of your Data and Personal Data can be found in Section 2 below.
Duration of processing of Personal Data. Where Directly is processing and using your Personal Data as permitted by law or under your consent, we will store your Personal Data (i) only for as long as is required to fulfil the purposes set out below, (ii) until you object to Directly’s use of your Personal Data (where Directly has a legitimate interest in using your Personal Data), or (iii) until you withdraw your consent (where you consented to Directly using your Personal Data). However, where Directly is required by mandatory law to retain your Personal Data longer or where your Personal Data is required for Directly to assert or defend against legal claims, we will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled. See Section 3.2, “Retention Period,” above.
Why am I required to provide Personal Data? As a general principle, your granting of any consent and your provision of any Personal Data hereunder is entirely voluntary; there are generally no detrimental effects on you if you choose not to consent or to provide Personal Data. However, there are circumstances in which we cannot take action without certain Personal Data, for example, because this Personal Data is required to process your registration or provide you with access to our Marketplace Platform. In these cases, we cannot provide you with what you request without the relevant Personal Data.
Data subjects’ rights. Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of data. Each Customer is the controller of its Customer Users’ Personal Data and in this context Directly serves as the processor of such personal data under instructions from each controller. Each Customer is also responsible for making sure that their respective customers or users’ privacy rights are protected, including responding to data subject requests. Directly will respond to such data subject requests from Customer End-Users as a processor which means that it will contact and follow the advice of the controller Company Customer with respect to such requests. With respect to Personal Data of Expert Users, Directly serves as the controller of such data and will respond to data subject request rights. Please refer to Section 5 “Choices and Rights”, above, for additional information on your rights. Experts can request information about the Personal Data Directly stores about you, and the correction or deletion of such Personal Data. Please note, however, that we can delete your Personal Data only if there is no statutory obligation or prevailing right of Directly to retain it. If you request that Directly delete your Personal Data, you will not be able to continue to use the Marketplace Platform that requires Directly’s use of your Personal Data. See Section 5, “Choices and Rights,” above.
Right to lodge a complaint. If you believe that Directly is not processing your Personal Data in accordance with the requirements set out herein or applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country in which you live or our GDPR Data Protection Representative. See Section 11 for Details.
U.S. and Swiss-U.S. Privacy Shield Policy
Effective April 12, 2018. Directly Software Inc. (“Directly”, “we”, “our” or “us”) has subscribed to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”). Directly adheres to the Privacy Shield Principles including the Supplemental Principles, (collectively, the “Privacy Shield Principles”) for Personal Data received from entities in the European Economic Area (the “EEA”) and Switzerland.
If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles as concerns the Personal Data received under the Privacy Shield, the Privacy Shield Principles shall govern to the extent of the conflict. To learn more about the Privacy Shield program visit www.privacyshield.gov, and to view our certification, please visit https://www.privacyshield.gov/list.
Privacy Shield Principles
1. Notice and Choice
If you are a Customer, Directly may act as an agent for you in relation to the Personal Data that you provide or make available to Directly. Directly usually does not have a relationship with any users or customers of our Customers and each Customer is responsible for ensuring that their users are provided with appropriate notice and choice with respect to their Personal Data.
2. Data Integrity and Purpose Limitation
We only collect Personal Data that is relevant to providing our Website and associated Marketplace Platform. We process Personal Data compatible with us providing the Marketplace Platform or as otherwise notified to you. We take reasonable steps to ensure that the Personal Data received under the Privacy Shield is needed for Directly to for its Marketplace Platform, and to ensure data is accurate, complete, and current.
3. Accountability for Onward Transfers
4. Data Security
We use reasonable and appropriate physical, electronic, and administrative safeguards to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and the risks involved in processing that information.
5. Access to Personal Data
When Directly acts on behalf of its Customers, Directly will assist Users in responding to individuals exercising their rights under the Privacy Shield Principles.
If you are a user or customer of any Directly Customer, please contact the Customer directly with your request to access or limit the use or disclosure of your Personal Data. If you contact us with the name of the Customer to which you provided your Personal Data, we will refer your request to that Customer and support them in responding to your access request.
6. Recourse, Enforcement and Dispute Resolution
If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles.
In the event we are unable to resolve your concern, you may contact JAMS, which provides an independent third-party dispute resolution body based in the United States, and they will investigate and assist you free of charge. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. Directly is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
7. Contact Information
If you have any questions regarding this Privacy Shield Policy, please contact us by email at firstname.lastname@example.org, or please write to the following address:
Directly Software, Inc.
333 Bryant Street, #250
San Francisco, CA 94107
Attention: Directly Legal
8. Changes to this Privacy Shield Policy